Cold Storage for MobileCoin

Let’s discuss how we might manage funds controlled by master key that lives on an air gapped computer.

To level set on background, identity and ownership in MobileCoin are equivalent to knowledge of the private keys – either the view and spend keys themselves or the master key/root entropy and the derivation algorithm that generates the view and spend keys. Let’s assume we use a master key and we really don’t want to ever put our 32 byte secret on a computer or phone that is connected to the internet. We would say that the funds controlled by this master key are in cold storage.

It’s actually pretty easy to move funds into cold storage. You get a computer, install mobilecoind using a usb thumbdrive, generate a brand new master key and create a payment request code for it. You then take the payment request code off the air gapped machine and pay funds into it from another mobilecoin account.

Withdrawals are more difficult but not impossible.

Step 1 is to get enough of the ledger on to the airgapped computer. This can be done with a USB stick after downloading the ledger and verifying it on your networked machine.

Step 2 would be to prepare a transaction using the cold storage master key. The mobilecoind api currently supports sending a payment in stages:

A call to “GenerateTx” returns a “TxProposal”:

Step 3 would be to move the TxProposal to your networked machine and submit the transaction from there.

So cold storage is possible but not super easy today. When we (or somebody else!) releases a full desktop wallet it should be possible to clean things up for a “cold storage mode” and deliver a better user experience.


A second concern is when you don’t just want to use an air gapped computer as your cold storage solution, but you also want to keep the 32 byte root entropy/master key in a more secure computing environment, like an HSM or a hardware crypto wallet.

In both cases, the challenge is essentially to perform the work of the mobilecoind api call “GenerateTx” completely on the secure hardware platform. For most crypto wallets, this means compiling our rust code for an ARM target at a minimum. If the hardware platform has to also be NIST certified, we invite a bunch of non-technical challenges because the government doesn’t like it when people use ed25519.

We’ve had some requests to find a way to do something like “GenerateTx” but with a NIST certified platform. This basically means we have to wrap our ed25519 math in another layer of math that NIST likes. It’s not impossible to do this and we think we might even be able to do it in a way that allows the cold storage transactions in the blockchain to look exactly like regular transactions. This is on our roadmap but less important than some of the other inventive work that we need to do to support safe use of MobileCoin on mobile phones. I’m hoping we can work on it before the end of the year.