Topic: Electrum / some new things I've not experienced before + some extra questions. (Read 156 times)

You are telling the truth. I should make very specific questions on dedicated threads.
My last post is far too big and off putting.

A. AFAIK v26.0 doesn't have a scan QR Code option so you'll have to do Option B.
B. Yes, you can open the signed transaction ".txn" file as text and the contents should be compatible with sendrawtransaction command.

I don't know why you need to unplug to test that small amount but
If you do not want to actually send it but just to test if it'll be accepted with your node's policy (standards) and consensus rules, use testmempoolaccept instead.
e.g.: testmempoolaccept "[\"your_signed_transaction_hex\"]"

Yes.

Honestly, compounding too many questions that are unrelated to each other will cause members to skip your thread and may also confuse readers.
Try to open new separate topics containing each related questions.

Thanks very much for the time spent explaining.

I just would like to be sure of a couple of points.

Where ranochigo kindly post the image of the inputs and outputs for the transaction.

I see the inputs addresses are the same as the change address. This is because the watch only wallet was created from a single address not with an xpub? Or because you chose to uncheck use new change address? Or another reason?

If security is not decreased so much and privacy is the main worry I will maybe just chose to always return the change to the same sending address. This is because I really want to do this..

1. Form the psbt with watch only electrum wallet
2. Sign the psbt and produce the signed.txn in cold airgapped electrum wallet.
3. Find exactly how to extract the raw text from the signed.txn and broadcast with btc console with my full node synced up.

I dont know if the change addresses electrum makes up on the airgapped wallet will always be inside bitcoin core in the future if I went back to using core only one day. Perhaps  core would always know what these new addresses that airgapped electrum makes up but I'm not 100% sure. Also if i was a hacker, a good way to trick someone maybe to retain the correct recipient address, but sneakily make a new change address that I control and hope the sender does not check it is one of his own change addresses. Then all of his change which is usually all the coins left on that address would go to the hacker?


 * 2 *  maybe a problem keeping fully airgapped because the QR can not contain enough information. This produces the yellow warning triangle in the air gapped wallet saying fees on non segwit addresses could be maliciously altered to far greater than expected.) So I may have to use a usb stick.
So it wont be fully airgapped any longer. The only saving grace to this could be that I never need to extract anything from the airgapped machine other than a signed.txn, and perhaps even in the form of a qr code. So nothing on usb ever leaves the air gapped machine.



When nc50lc helps explains this part.


1. It's about PSBT so it's not applicable to a "signed.txn" file.
For signed transaction, Electrum exports it in RAW Transaction format which isn't PSBT, so you'll have to use sendrawtransaction command if you want to broadcast it via Bitcoin Core.

2. For unsigned transactions, it should be in PSBT (Partially Signed Bitcoin Transaction) format which is a ".psbt" file when exported as file.
In Bitcoin-qt (GUI), you can load a PSBT in the menu "File->Load PSBT from ", then you can sign it if it has the necessary keys


For part 1 taking signed.txn out of airgapped electrum and broadcasting with a bitcoin core or console

Can you then

A.  Simply enter the qt code that electrum produces containing the signed.txn into bitcoin core ? Does the most recent core wallet have a qr code scanner built in?  Or if not possible then


B. Take the signed.txn and open inside notepad.
Then open bitcoin console command line inside bitcoin core. Type in sendrawtransaction then paste the content from notepad and it will work?
Can I unplug the ethernet and try this on bitcoin core also with a small amount before plug the ethernet back in.

But this part I dont understand.

I have my signed.txn in notepad in a usb drive.
I download bitcoin the entire 700gb with the bitcoin core qt

What kind of wallet should I make with bitcoin core to simply broadcast these signed.txn files in raw text format?
I see options with descriptor, no keys contained or make a normal new wallet that has it's own new different keys inside?


Does anyone know of a step by step little guide to try this out?

Why do people make an electrum server and join that to bitcoin core if it is possible to just copy the raw text from the electrum signed.txn and send via core direct with sendrawtx commands or even just a qr code?  

It seems a good idea if not already available for core to have a qr scanner for raw text signed.txn files from electrum.


For part2

Do you mean you can make a psbt file on electrum and load that into bitcoin core as simple as you describe?
I guess this way though it is hard to make an airgapped process.

Unless you can do this process.

Make psbt on electrum watch only. Copy psbt electrum generated file to offline airgapped bitcoin core and sign this. Then somehow save the signed tx from airgapped bitxcoin core and take the usb drive with the signed tx that airgapped core signed  to another machine with bitcoin core fully synced up but has no private keys and broadcast it?

I was previously told that I would need to use a site like electrum43 to decode the electrum generated psbt before bitcoin core could understand it, but downloading more things or visiting more sites seems to introduce elements of risk.


Hopefully in the future bitcoin.core wallet can make the psbt very easy for unskilled technical people to use like electrum does now.
The only thing I dont like about electrum is how malicous servers can or could send you fake update messages, store your private information and sell it, and even show you fake balance or refuse to relay your tx. These are a bit inconvenient to me.

But I like how electrun deals with psbt. Very simple and easy to understand.

Be really great if they had a tab where you select use the spv version or choose download full blockchain and then have bitcoin core full nodenpower and privacy, but electrum nice features that novice users and those not quite so smart enough to learn how to type and understand coding commands into bitcoin console or making tx on notepad from scratch.

I looked at the descriptors procedure with bitcoin core psbt or even making my own raw tx from scratch just using inputs and outputs. But experts said dont even think about that unless you want to burn your coins. Just one mistake with a squiggle bracket or straight bracket entire thing is not going to work. Some said get a hardware wallet. But conflicting advice says hardware wallet producer knows where to post the package, and can I open the hardware and inspect the wires and computer chips inside or even the private keys it generates are they already known for some future date already to them?
 I suppose this is true.

The best procedure  you can trust is a legit copy of bitcoin core I suppose because if those guys go rogue then I suppose the bitcoin party will be far less exciting . So I will stick with making the private keys with bitcoin core. Then import them to cold wallet on electrum and sign with airgapped electrum wallet to broadcast with electrum watch only or if I can figure it out broadcast with bitcoin core full node.  . Seems the safest way. I mean if a top expert can be scammed like with luke jr then a normal person has to take all possible care to avoid losing his bitcoin.

Just the broadcasting part I am still researching. This is the most critical stage.
Ideally I want to do it with bitcoin core.

Mpp
I was thinking with the RBF if the signer can only make changes. If a secondary security could be put into bitcoin broadcasting.
So say a malware sneakily puts in a new recipient address, and you click send and dont notice.

Then maybe with something like RBF you can get an option after the first confirmation that says
Hey are you sure you want to send xxxx to xxxxxxxxxxxx address for sure?
Then you notice whoops this is the wrong address or wrong amount. Then you could click NO and put a new address and spend lots more fees to put in a new correct recipient address?

You think that feature could be sensible idea?

Or perhaps  that is already how it works and that is why that person who used RBF saw 1 confirm to his correct recipient address then it actually went off to another recipient address?

Actually I would like to know how to do that.

So use RBF  with low fee to allow plenty of time to look if all is correct on a block explorer and malware didnt swap the recipient  address, ( even though my console was showing the correct address but damn it was really sending to his own address)  If a malware did swap the address somehow, then look how to use RBF on a different machine ( not malware infected) to spend more fees to change the recipient address back to the correct one.?

Would that work?

Actually using RBF could be another security step. Use a lower fee initially  to allow more time to verify on block explorer it was submitted correctly. If not correct then have another machine ready to use RBF to change to the correct address with a higher fee?
Could that actually work?

Clearly this will work only against malware that could swap addresses and stuff not that knows the private key.



Maybe for some people the spot etf is quite a safe way to invest in bitcoin. Have half in self custody and half etf.
For technical experts then 100% self custody is the correct choice to stop single entities owning all the btc even if you have some paper saying they will promise you can sell you share and have fiat if you wish at some stage.

Thanks again. I find this all very interesting and actually vital to not making mistakes.

Quite accurate, but just a slight correction and a little bit more technical. Bitcoin addresses are RIPEMD160(SHA256(PublicKey)) which means that the actual security would be 160 bits instead of 256 bits. Bruteforcing for any private key that evaluates to a hash which fulfils the spending conditions would be sufficient, even if its a different key. Since Bitcoin evaluates for the scriptsig, if you can meet the spending conditions of your UXTO, then it's ok.

Now, just to clear up the confusion from the technical portion. We are probably a decade or two away from any quantum computers that can crack ECDSA. If it exists, then you have better things to worry about.

It's about PSBT so it's not applicable to a "signed.txn" file.
For signed transaction, Electrum exports it in RAW Transaction format which isn't PSBT, so you'll have to use sendrawtransaction command if you want to broadcast it via Bitcoin Core.

For unsigned transactions, it should be in PSBT (Partially Signed Bitcoin Transaction) format which is a ".psbt" file when exported as file.
In Bitcoin-qt (GUI), you can load a PSBT in the menu "File->Load PSBT from ", then you can sign it if it has the necessary keys.

• Yes, the owner (nobody else) can replace the recipient if the client has a way to do it (e.g.: in Electrum, the "cancel" option),
  Otherwise, it has to be manually created and broadcasted before the transaction is confirmed.
  
  
• There's no point in turning it off since it's not an security issue and some nodes and miners now accept replacement even without that flag.
  The mentioned concern about rbf is if you're the recipient since you can't do anything to stop the sender to replace the transaction's output to send back to his own wallet.
  Obviously, not finalizing a deal until the payment has 1~6 confirmations is the easiest way to mitigate that concern, unconfirmed txns aren't final.

This is quite true if he's talking about the difficulty to compute from Public key to Private key, specifically: ECDLP (Elliptic Curve Discrete Logarithm Problem).
"Quite true" because it's not a form "encryption" but the level of security.
More info: https://bitcointalksearch.org/topic/bitcoins-public-key-security-level-2859033

You see, once you spent from an address, it's public key is revealed in the transaction so,
with the public key, an attacker can perform that attack, a full range private key has 128bit level of security against it which is still relatively safe.
but if your address isn't used to send yet, the only attack vector is to bruteforce its private key which has a 256bit size (minus a few figures).
That is one of the reason why address reuse is bad (aside from privacy), in case a mythical Quantum computer that can trivialize that attack surfaced in the future.

The PSBT file is not in a JSON format and it would appear to be a bunch of gibberish.

It's fine. The Electrum on your cold wallet will show a preview and you can validate everything there.
You should use change address unless you want to be tracked with ease. Change address mixes in some uncertainty and should be used to enhance your privacy.

I was slightly confused about your question and I might've given a confusing and inaccurate answer. On the cold wallet, when you are signing, you should be able to see the following.

The change address is always highlighted in green and you should verify that your change is going there. On the cold wallet, you can also press on "Add to history" on the transaction preview. This allows your transaction to be saved on your offline wallet as well.


No and yes.

That is inaccurate. If that's the case, then my address would've been cracked years ago. Knowing the public key does not diminish the security by any measurable amount at all, ie. it is equally secure if you're using a fresh or a used address.

You don't want to use the same address for every transaction. Remember, Bitcoin works with a public ledger. Everyone who knows your address, knows exactly how much bitcoin is on it. I guess you wouldn't be comfortable walking around with half a million dollars in your backpack, right? Using the same address is potentially even worse. People won't know by looking at your backpack what's in it. They know exactly what your address holds by looking at the data on a blockchain explorer.
 
Not much. They can broadcast it for you using an online wallet. Not sure why they would, though. Perhaps, if the transaction is meant to go to them.

Because there is a chance that the person sending the transaction will attempt to double-spend it and send those coins elsewhere and not to you (if you are the original recipient of the non-RBF transaction). Always wait for the transaction to confirm, RBF-enabled or not. Miners have financial incentives to include transactions paying more fees. That's why the original transaction can be replaced and double-spent with one paying a higher mining fee.

Thanks this makes more sense now especially about when you see the amount sent to recipient and the amount going to the change address the rest is the fee.


Just whatever you are signing. You have to ensure that whatever you are signing is verified by you and that there is nothing out of the ordinary. A visual check of the transaction details will do

Do you mean I should look inside the psbt file in notepad and see or just look at the preview in the airgapped machine?

Someone who is super cautious actually has other laptops running other versions of electrum that airgapped on other machine to verify the qr codes on those first. To make sure he hasnt signed something nasty.


You will, but what is stopping the adversary from tampering with your transaction preview before you broadcast it


Yes this is true. Shame there is no human readable way to look inside the signed.txn file and read it like on notepad to check all is well.

You can. To do so, just increase the gap_limit from electrum console.

You should be referring to the receiving address, and not the change address in this case. Change addresses are generated and are automatically used in the transaction by the wallet

Sorry this bit I wasnt sure about.

Did you mean I can simply untick use new change address when creating the tx so that change will come back to the same address that is spending? I see this option there I think. Or maybe it will use an old change address not the spending address.
It is different when you make a watch only with a single address not xpub because all change is sent back to the single address you send from.

Is increase gap limit a tick box somewhere and does that provide new change addresses to view in the cold wallet so you can be sure the change address is one you control. As yet there has been no occasion I see a change address on the transaction I can not also see in the cold wallet. But eventually if I made further transactions and it always wants to use a new change address then it will make one in the transaction that I can not see in my list of addresses on the cold wallet.


Bitcoin Core doesn't accept .txn file. You would have to use Bitcoin Core console to do so

Can bitcoin core read the qr code that the airgapped electrum can sign?
I'm guessing not because that is just the .txn file made into a picture.

Is the console just that part of core where you type in commands like importprivkey?
Or this is a totally different program that controls bitcoin singing and broadcasting.

Incorrect. Security is not decreased by spending from an address

Sorry I mean to say spending from an address where the change always goes back to that same address.
Like making a electrum wallet from a singlepriv key from bitcoin core.

I understand now that all addresses inside a bitcoin core wallet.dat  are not linked together so when the change is moved to a new address inside your wallet.dat other persons dont know the public key for that private key.

I meant to say when a person knows a public key for a private key it makes that priv key less secure.

Is that correct ?

Thanks for all your help. So far today I have acquired more info than for weeks.

Not impossible, but highly unlikely. If you are executing anything other than the verified Electrum executable, then there is no guarantees.
Just whatever you are signing. You have to ensure that whatever you are signing is verified by you and that there is nothing out of the ordinary. A visual check of the transaction details will do. For example, if you are signing a transaction with two inputs, you should be sure about the amount that you're spending from the two inputs into your destination and change address. Anything that is not sent to those addresses are used as fees.
You will, but what is stopping the adversary from tampering with your transaction preview before you broadcast it?
You can. To do so, just increase the gap_limit from electrum console.

You should be referring to the receiving address, and not the change address in this case. Change addresses are generated and are automatically used in the transaction by the wallet.

You would still have to run an Electrum server.
Bitcoin Core doesn't accept .txn file. You would have to use Bitcoin Core console to do so.
Confirmed transactions are unlikely to be changed, unless they have a competing transaction on another fork. In that case, the competing transaction must be in a longer chain. They can be replaced by another transaction, but it would require another signed transaction. The attacker can't do anything without a signed, valid transaction from you.
No.

Incorrect. Security is not decreased by spending from an address.

Thanks for the detailed information.

Just a couple of queries.

Yeah, there is a bit of a space compromise when dealing with QR code and thus your computer only sees the partial transactions from the QR code PSBT. Hence, without the actual transactions, there is a risk of the user accidentally burning the fees should a malicious attacker modify the PBST



Okay thanks, I will try with usb stick. One way to the airgapped machine and try with qr code back to the watching wallet.

1.  Am I correct in thinking that even if a key logger got to the airgapped machine then if you never export anything from that machine other than the qr code for electrum then it is impossible to lose coins.

2. With the issue with the warning and fees could be adapted to a much higher than expected amount. Does that mean that the worst damage would be the entire amount you are sending could be used as fees.  Or worse that your wallet could be drained in fees?

3. When you import the signed.txn back to the watching wallet would you not spot the increased fees before you broadcast or is there a reason you couldn't see that.


That's untrue. Bitcoin addresses are meant to be a one-use address only, and using the same addresses repeatedly by sending change and other funds into the same address will compromise your privacy. The server can still deduce your identity when you are using the same addresses over and over again




While I can see in the air gapped address that the new change address is one of my own addresses I'm not worried.
However if it ran out of new addresses and made up a new one I could not see in there I would be concerned that is some hackers address.  So can I do

a/ click the tool box icon in electrum when making the tx and uncheck use new change address. So that it will return funds to my own known address.

b/ go to the airgapped machine and do something to generate more addresses until I see that new change address appear.


think those that are quite well known would be quite difficult to run on Windows. If you are using a server, then possibly Electrs is good: https://github.com/romanz/electrs. Read the usage column. If you are running Bitcoin Core on your current computer, then you should probably just use Bitcoin core

I could put bitcoin core on the same machine as my electrum watch only machine. Do you mean there is in this case a way to connect the watch only wallet to send via core without putting electrum server between them. ?



That's one of the warnings added to Electrum, specifically when the transaction is spending a non-SegWit/non-Taproot output that's not in the transaction history (e.g. offline).

It's part of "_check_risk_of_burning_coins_as_fees" function.
Here's the code for reference

If I transfer the psbt with a usb rather than qr code I hope this would avoid this problem.
If this warning still flashes up after using a usb can I

A  check the tx before I press submit on the hot wallet to ensure it is the correct amount of fees

B. Assume that worse case the entire send could be absorbed as fees not all of the btc in my wallet.  

Both Electrum and Bitcoin Core's PSBT are interchangeable, you can export from Electrum, sign in Bitcoin Core and vice-versa.
That's if you're not using an older version of Electrum

This is very interesting to me. So I can take the signed.txn file via qr code and scan it with bitcoin core or maybe load the signed.txn and load it into bitcoin core and broadcast it?



It's only to those who consider any unconfirmed transaction as "already received" since with RBF, the unconfirmed transaction can still be replaced with another output.

For those accounts that a confirmed transactions can change recipient (probably not RBF-related, can you share one?),
It may have just been a clipboard malware with integrated "vanity address" generator that can create a quite similar address with same first and/or last few characters


Do you mean even the recipients address can be change with RBF until confirmed?

If you are sure you are sending enough fees then should RBF turned off for max security?

I am going to search my reddit browsing history to see if I can find this example and post here.

Thank you for all information. Very helpful.


One further enquiry is

I see that someone said once you spend from an address you actually lower the encryption from 256bit to 128bit.
Does that mean that every time you spend again and again it goes down further so next it is 64bit ?

Or was this person not correct in stating this ?

That's one of the warnings added to Electrum, specifically when the transaction is spending a non-SegWit/non-Taproot output that's not in the transaction history (e.g. offline).

It's part of "_check_risk_of_burning_coins_as_fees" function.
Here's the code for reference: github.com/spesmilo/electrum/blob/master/electrum/wallet.py#L3085-L3127

It's only to those who consider any unconfirmed transaction as "already received" since with RBF, the unconfirmed transaction can still be replaced with another output.

For those accounts that a confirmed transactions can change recipient (probably not RBF-related, can you share one?),
It may have just been a clipboard malware with integrated "vanity address" generator that can create a quite similar address with same first and/or last few characters.
Generating such address can only take a second, even with dated processors.
Users who are only checking the first and last four characters are susceptible to such malware and may think that they've sent it to the correct address until a thorough check.

Yeah, there is a bit of a space compromise when dealing with QR code and thus your computer only sees the partial transactions from the QR code PSBT. Hence, without the actual transactions, there is a risk of the user accidentally burning the fees should a malicious attacker modify the PBST.

That's untrue. Bitcoin addresses are meant to be a one-use address only, and using the same addresses repeatedly by sending change and other funds into the same address will compromise your privacy. The server can still deduce your identity when you are using the same addresses over and over again.
I think those that are quite well known would be quite difficult to run on Windows. If you are using a server, then possibly Electrs is good: https://github.com/romanz/electrs. Read the usage column. If you are running Bitcoin Core on your current computer, then you should probably just use Bitcoin Core.
Someone else can broadcast it. Do not sign any transactions that you are not intending to send.
It's called a repeated nonce. Wallets have safe guards against these, the nonce is now deterministically random.
PSBT is supported by Bitcoin Core. For the simplicity, I recommend just sticking with either or.
It's not.
TX shouldn't leak the private key. It is rare for block reorganization to happen, but if it happens and there is a competing transaction on the other chain, then another transaction could possibly be confirmed.

Hi,

I have a few queries, I wonder if any persons can help answer please.

1  .  I tried the watch only wallet and cold wallet psbt process and tried qr code scanning not the usb as that seems to be regarded as safer.

I have this warning appear with a little yellow triangle  _  the fee could not be verified. Signing non segwit inputs is risky if this transaction was maliciously modified it could be changed different to what is displayed. ?

Is this because the qr code could not fit in the information because I see some warning that the qr code couldn't fit the data inside in the watching wallet when I made it?

Or because the cold wallet can not verify it because it is offline?

Or some other reason I dont understand.



2  .  When making a watch only wallet is it not best to use a single address not xpub
Two main reasons I say this. The first is that I always have to spend a long time checking if the change address is one which is in my wallet. If you simply use 1 address to make the watch only address the change goes back to that same address.
Also it will not reveal to the electrum server your other addresses.

Was bitcoin not mean to spend and get change on the same


3. Is there an easy guide for noobies with windows only skills to connect their full bitcoin node to electrum server so they can be their own server for electrum desktop.  

4. What is the worst someone can do if they got a signed but not broadcast psbt QR code or file?

5. Why do some people say by looking at several of the signed tx before submitting if you see any string of repeated numbers then your private key can be discovered. I didnt think this was possible.

6. It's a shame the psbt formation and signing could not happen in electrum but broadcast on core wallet.

Thank you for any input.

Oh yes..

7. Why do some say RBF is risky ?

I read a strange account of someone sending to correct destination address it got 1 confirm. Then somehow it went off somewhere else to a different address. Other people couldn't answer how this happened.  Other people said maybe RBF could be a factor or somehow the tx leaked some of his private key. Because it was strange how it got 1 confirmation.