Air-Gapped: The Fortified Vault for Your Bitcoin 

The term “air-gapped” stems from the concept of having an “air gap” (some volume of air) between the device and any other network or communication medium. This means it’s entirely disconnected and isolated from online networks, serving as a robust security measure for storing Bitcoin. 

In this article, you’ll delve deeper into the air-gapped security method and discover why it’s an essential tool for protecting your BTC assets.

What is Air Gapped?

Before delving into how air-gapped Bitcoin wallets function, it’s crucial to recognize that “air-gapped” refers to an overarching technology system. This system ensures that a computer or network remains physically separated from other networks, especially the Internet. Consequently, it lacks any form of external connectivity, including Wi-Fi. Such isolation prohibits any communication or data transfer between the air-gapped system and external networks, offering an added layer of security against cyber threats.

The primary purpose of this system is to eliminate any connections to unsecured or compromised networks and malicious entities. As a result, the system remains shielded from remote attacks, malware, and other intrusion methods since it operates offline.

To compromise a truly air-gapped system, an attacker would need direct physical access to the device, which is very difficult, or use complex and unlikely methods, such as acoustic attacks, where attackers try to capture data through sound frequency.

As in the example below:

But don’t worry; the likelihood of an attack at this level is virtually zero.

How Does Air-Gapping Work?

Air-gapping is frequently employed in scenarios where security is paramount, including government systems, critical infrastructure, and the secure storage of tangible assets and hard money, like Bitcoin.

In the context of Bitcoin, “air-gapped” denotes a security approach where a wallet (a device or system that stores Bitcoin’s private keys) remains entirely isolated from unsecured networks, particularly the Internet. At its core, an air-gapped wallet lacks any connection to external networks, thus preventing any type of potential remote cyberattack.

Consequently, air-gapped wallets are viewed as one of the most secure methods for storing significant quantities of Bitcoin over extended periods.

Within the Bitcoin community, a common method to establish an air-gapped environment involves using hardware wallets (examples include ColdCard MK4, Jade, and Keystone 3 Pro). Alternatively, one can store private keys on devices that never interface with networks (like WiFi, Bluetooth, and other online connections). This can be done using computers, older model mobile phones, or even in physical formats like a paper wallet (though this is not a recommended best practice).

Who Developed the Air-Gapped System?

The concept of “air-gapping” wasn’t the brainchild of a single individual or specific entity. In fact, it mirrors Bitcoin, lacking a central figurehead. 

Instead, air-gapping is a fundamental cybersecurity principle that emerged organically over time. As computer systems and networks advanced, they became an effective protective measure against malicious hackers.

The practice of using “air gaps” can be traced back to the early days of computing. Prior to the widespread adoption of the internet and local area networks, many systems inherently functioned as air-gapped because there were simply no connections to other devices. However, as interconnectivity grew more prevalent, the deliberate act of isolating systems for security reasons naturally followed. Hence, when there’s a pressing need to safeguard critical data, it makes sense to use the air-gapped method.

So, rather than crediting a single innovator, the idea of “air-gapping” is best perceived as a natural progression of security measures, evolving in tandem with the rise in connectivity options and the corresponding threats they introduced.

Bitcoin Improvement Proposal 174 (PSBT)

An Update to Bitcoin named BIP174, commonly referred to as PSBT (Partially Signed Bitcoin Transaction) Format was carried out in 2018. To this day it still plays a pivotal role in securely signing transactions.

The relationship between the air-gapped methodology and Bitcoin’s PSBT format can be distilled into two main points:

PSBT (Partial Signed Bitcoin Transaction) Format – BIP174

The PSBT format proposes a standardized procedure for signing Bitcoin transactions, especially in scenarios necessitating multiple signatures, such as multisig setups, or when a transaction is constructed and signed across varied environments or devices.

Air-Gapping and PSBT

With the advent of PSBT, it’s feasible to construct a transaction in an online environment, relay that transaction (in PSBT format) to a disconnected (air-gapped) device for fortified signing, and subsequently send the signed transaction back to the connected environment to be broadcasted on the Bitcoin network. 

This entire sequence unfolds in a fully protected mode, devoid of any direct linkage of the device to the internet or other systems.

Such “offline signing” capitalizes on the isolation provided by air-gapping, ensuring the private keys used to sign the transaction remain impervious to potential online threats.

Air-Gapped Wallets

1. Paper Wallet

One of the most straightforward and tangible methods for storing Bitcoin private keys is through a paper wallet. At its core, it’s a sheet of paper bearing both the private key and public address, typically depicted as QR codes. Yet, being paper-based, it is very susceptible to damage.

The air-gapped philosophy seamlessly aligns with this type of wallet. Once formulated and printed, it remains devoid of any connection to the internet or other networks. Its primary Achilles’ heel is its vulnerability to physical harm, be it from water, fire, or simply misplacing the paper.

2. Jade Hardware Wallet

This hardware wallet, crafted by Blockstream, is renowned for its durability and security. It boasts an intuitive interface, ensuring the safekeeping of the private keys that unlock your Bitcoin. 

Users can securely sign transactions in a wholly offline setting via QR codes, ensuring private keys remain untouched by online threats, a testament to the air-gapped principle.

3. Keystone 3 Pro

This hardware wallet prioritizes security above all. Fully air-gapped, eliminating any form of wireless connectivity, relying on QR codes for transactional purposes. This guarantees that private keys never interface with an internet-connected device.

The Keystone 3 Pro’s hallmark is its air-gapped design. Conceived from inception to function without USB or Bluetooth links, it exclusively employs QR codes for secure communication between the wallet and external devices.

4. Coldcard MK4

A stalwart in the Bitcoin ecosystem, particularly among the bitcoiner community, the ColdCard MK4 hardware wallet is tailored for those who prioritize utmost security. It offers a plethora of advanced features and champions a transparent, open-source approach for Bitcoin custody.

ColdCard truly embodies the air-gapped philosophy. Unlike some of its peers that permit connectivity, ColdCard is focused on not allowing direct USB transactions with online environments. 

Instead, it leverages an SD card to transfer transaction data between the wallet and an online device. This ensures there’s never a need to directly link to a potentially vulnerable computer or device, ensuring that private keys remain isolated and secure.

A standout feature is its capability to execute partially signed transactions, like PSBTs, seamlessly integrating with a range of Bitcoin software tools, including the Blue Wallet. Furthermore, ColdCard introduces myriad security facets, such as the option to set a decoy password that unveils a “decoy” wallet under duress, underscoring its commitment to user security.

Step by Step: How to Use Air-Gapped Bitcoin Wallets

Preparing the Transaction

On your computer or mobile device, open your Bitcoin wallet software. This could be an app on your phone or a program on your computer. Initiate a new transaction by entering details like the recipient’s address and the amount of bitcoin.

Signing the Transaction

Paper Wallet:

There’s no user interface. You’ll need wallet software to import the private key from the paper wallet and sign the transaction. 

*In fact, this is one of the reasons why we do not recommend paper wallets.

Jade & Keystone 3 Pro:

1. After preparing the transaction, a QR code will appear. This code contains the transaction details that need signing. 
2. Using your Jade or Keystone 3 Pro device, scan the QR code. 
3. The device will verify the transaction and then sign it internally.

Transmitting the Transaction

Paper Wallet:

Once the transaction is signed using the wallet software, it’s ready to be sent to the network.

Jade & Keystone 3 Pro:

1. After signing, the device (either Jade or Keystone 3 Pro) will generate a new QR code, which represents the signed transaction. 
2. Using the wallet software on your computer or mobile device, scan this QR code. 
3. The software now holds the signed transaction and can send it to the Bitcoin network.

Completing the Transaction

1. In the wallet software on your internet-connected device, confirm and broadcast the signed transaction to the Bitcoin network. 
2. Wait for confirmation from the network, and the transaction will be finalized.

Comments

1. It’s important to note that much of the wallet software process occurs on an internet-connected device. However, the critical signing step is done offline.
2. When using air-gapped wallets, especially with QR codes, ensure the environment is secure (no cameras or prying eyes) to prevent someone from capturing your QR code.
3. Always familiarize yourself with any security device or software before storing large amounts of Bitcoin. Start with small amounts.

Transaction with Coldcard MK4 Wallet using Memory Card

Operation

The Coldcard MK4 needs a direct power connection. Connecting it to another device, like a computer, would compromise its main air-gapped functionality. 

With the Coldcard,, you will need to insert the microSD card into your computer or source device to perform the initial operation.

Security

If needed, format the microSD card to ensure it is clean and ready to use.

Creating the Transaction

1. In a software wallet that supports Coldcard integration, like Electrum, create the transaction, by entering the destination address and amount. 
2. Instead of sending the transaction, choose the “Save transaction to file” option. 
3. Save this unsigned transaction to the microSD card.

Offline Signing

1. Safely eject the microSD card from your computer and insert it into your Coldcard wallet. 
2. In the Coldcard menu, navigate to the option to sign transactions. 
3. Select the transaction you saved on the microSD card. 
4. Coldcard will display the transaction details for verification. 
5. Confirm they’re correct, then sign the transaction. Coldcard will save the signed transaction back to the microSD card.

Transaction

1. Remove the microSD card from Coldcard and put it back into the source computer or device. 
2. Open your software wallet and choose the “send transaction from file” option. 
3. Send the signed transaction from the microSD card. 

Once this is done, you can broadcast the transaction to the Bitcoin network, and the funds transfer will begin. 

All this happens without needing to connect the Coldcard MK4 to a computer.

Is Air Gapped Bitcoin Wallet Safe?

If you aim to protect your Bitcoin with the highest security level, regardless of the amount, an air-gapped wallet offers superior protection compared to a Hot Wallet, such as Blue Wallet, Electrum, or Green Wallet.

Let’s explore the pros and cons of an air-gapped wallet:

Benefits

Offline mode

An air-gapped wallet is kept physically isolated from unsecured networks, especially the Internet. This means it’s immune to online cyberattacks such as hacks and malware.

As we can see in the following image from Coldcard:

Private key protection

These are crucial for accessing and spending funds, so they’re never exposed to online environments. This reduces the risk of unauthorized access.

Greater security for storage:

For those storing significant Bitcoin amounts for a long period of time, wallets with an air-gapped system are recommended due to their robustness in terms of security.

Disadvantages

Usability

Air-gapped wallets are less convenient than hot wallets due to the need for physical data transfer, like QR Codes or storage devices.

Physical risks

While resistant to online threats, they’re vulnerable to physical dangers like theft or damage from fire or water. It’s essential to have backups and store the device safely. However, it is worth highlighting that this risk is also inherent to any physical Bitcoin wallet.

Advanced threats

There are rare but existing techniques that could potentially compromise air-gapped systems, including acoustic, electromagnetic, and thermal attacks. However, these require significant resources and sophistication, making them impractical for most attackers.

Comparison: Air-Gapped vs. Traditional Wallets

Criteria	Air-Gapped	Traditional Wallet
Internet Connection	No, offline only.	Need to connect to the internet
Security against Remote Attacks	Highly resistant to online attacks	Susceptible to malware and online attacks
Convenience	Less convenient as it requires additional steps to sign and transmit transactions	Fewer steps and more convenient for frequent transactions
Transaction Signing	Performed on an offline device or paper	The attacker needs direct physical access to compromise funds
Risk of Compromise	Attacker needs direct physical access to compromise funds	Potentially vulnerable to remote attacks and exploits
Examples	Jade, Keystone, Paper Wallet	Ledger, Trezor e Hot Wallets

Lightning Network and The Air-Gapped Model 

Now that you understand how air-gapped Bitcoin wallets work, you may be wondering: how does this system work with lightning-enabled wallets?

The Lightning Network isn’t compatible with the air-gapped model due to the online nature and communication demands of the Lightning Network. The Lightning Network is designed for everyday use, while the air-gapped model is designed for rare use, and is more focused on functioning as the digital equivalent of a physical safe.

Here are some considerations:

Payment Channels

The Lightning Network operates through payment channels. For a channel to work efficiently, both parties need to be online simultaneously, at least when the channel is opened or closed. This is antithetical to the air-gapped principle of staying offline.

Channel Monitoring

Once a Lightning channel is open, it’s vital to monitor the network to prevent fraudulent attempts to close it with an outdated state. While watchtower services can monitor, the need for constant vigilance is in stark contrast with the air-gapped approach.

Complexity

Adding the air-gapped model to a Lightning wallet would add an additional layer of complexity to an already complex technology.

Future Scenario

The Bitcoin landscape is always evolving. While there are challenges in merging the Lightning Network with air gapping, future innovations might overcome them. 

The constant need for robust security drives innovation in this field.

Interesting Facts on the Air-Gapped Model and Bitcoin

The air-gapped concept in relation to Bitcoin brings some interesting facts:

Bunker Bitcoin

There are Bitcoin investors and owners who have gone to the extreme with the concept, of storing their private keys in underground bunkers, old military installations, and even mountains.

Lost Treasures

While they offer superior security, there have also been cases where people have lost access to their wallets and therefore their Bitcoins. If the device (or paper) containing the private key is lost or damaged and there is no backup, the stored Bitcoins are essentially lost forever.

Related topic: How many Bitcoins are lost forever?

Adoption by Large Investors

Due to its security, the practice of using air-gapped wallets has been adopted not only by individual enthusiasts but also by large investors and institutions that hold large amounts of Bitcoin and want to ensure the maximum possible protection against all possible scenarios.

These are just a few interesting facts about Bitcoin and air-gapped technology.

Conclusion

In summary, the air-gapped concept reveals itself as an innovative approach to ensuring security in the Bitcoin universe, merging physical and digital precautions in its structure. However, like all technology, it has its strengths and limitations. Its effective use is guided by the specific demands and contexts of each Bitcoin holder.

If you want to delve deeper into the layers of protection offered by wallets such as Coldcard MK4 or Keystone and learn in practice how to make transactions with an air-gapped wallet, I invite you to check out our Bitcoin custody training. You will have access to various theoretical and practical classes to store your Bitcoin safely and correctly.

Finally, it is worth highlighting that many solutions based on the air-gapped model are open source and available for community review and contribution on GitHub, which reinforces the transparency and reliability of their operation.

Share on your social networks:

Written by

Area Bitcoin

Area Bitcoin is an educational Bitcoin school that aims to accelerate the financial and intellectual sovereignty of all individuals.

Enjoyed this article? Donate some sats so we can grab a cup of coffee and keep writing. ☕