This page describes how you can store Bitcoin securely on paper.
- Set up an offline computer.
- Acquire Bitcoin software. Install it on the offline computer.
- Generate a private key.
- Derive a Bitcoin address from the private key.
- Send a small amount of bitcoin to this address.
- On the offline computer, construct a transaction that transfers this bitcoin to another address. Copy the transaction to an online computer and broadcast it. When this transaction is mined, you can be certain that you will always be able to retrieve bitcoin from this address.
- Transfer a larger amount of bitcoin to this address for long-term storage.
- Write down the private key on paper.
- Brief Summary
- Bitcoin software
- Working safely with private keys
- Creating a private key
- Generating a Bitcoin address
- Testing a Bitcoin address
- Storing private keys
- More information
If you want to know why it is worth considering how to store bitcoin, please see the following page:
Why to buy and store bitcoin
If you do not own any bitcoin, and wish to acquire some, please see the following page:
How to buy bitcoin
Please note that if you store your bitcoin with other people, you now hold human promises instead of mathematical / game-theoretic promises. There are some situations in which this is reasonable. The following page examines this issue in more detail:
Storing bitcoin with other people
You will need:
- Some dice (e.g. 5)
- An offline computer
- Bitcoin software
- Pen and paper
- Two sealed waterproof containers
Before setting up an offline computer, you can use an online computer to test this entire approach using a small amount of bitcoin.
The offline computer must have Python 2.7.x installed. The current code tools have been developed under Python 2.7.13 running on Mac OS X 10.6.8 (Snow Leopard), and should run successfully on other versions of Python 2.7.
Please visit the following page to see equipment combinations that Edgecase has successfully used to store bitcoin.
Equipment for storing bitcoin
Edgecase suggests that you use a Raspberry Pi Model B+ as your offline computer. It is small, portable, and does not have built-in WiFi.
Edgecase has published a recipe for using the Raspberry Pi Model B+ to store bitcoin.
Recipe for storing bitcoin on paper using a Raspberry Pi
Edgecase is a supplier of Bitcoin software.
All Edgecase software items are stored as assets of articles published on Edgecase Datafeed. All Edgecase Datafeed articles have been digitally signed and timestamped on the Bitcoin blockchain, forming an unalterable record. Edgecase Datafeed may publish updates but can never alter previously published articles and assets.
Edgecase operates a subscription system in order to charge for access to particular articles and digital assets published on Edgecase Datafeed. Please see the following page in order to learn how to subscribe to Edgecase Datafeed.
How to subscribe to Edgecase Datafeed
Please see the following pages to find out how to verify an article or an asset. These recipes will allow you to be certain that items downloaded from Edgecase Datafeed have not been altered since their publication.
- How to verify a datafeed article
- How to verify a checkpoint article
- How to verify a signed article
- How to verify an article
- How to verify an asset
Working safely with private keys
The only thing that matters in Bitcoin is knowledge of private keys, as these grant complete control over any bitcoin in the corresponding Bitcoin addresses. If someone discovers one of your private keys and transfers the corresponding bitcoin to one of their addresses, this transaction will not be reversible.
A photograph of a private key is as good as the private key itself (notably, this is not the case with gold). If you store bitcoin yourself, you must take into account the fact that it could be stolen using a camera. Examples:
- Your mobile phone could be attacked using a zero-day vulnerability, allowing the integrated camera to be hijacked.
- A long-range camera could be used to take a picture of your workplace through a window.
A private key must never be stored, however temporarily, on an online computer. Any human or program that can gain access to this computer could discover the private key. For this reason, all cryptographic operations that require the use of a private key (e.g. signing a Bitcoin transaction) should be performed on an offline computer.
You may wish to connect a computer to the Internet in order to download and install necessary software, but once you have done so you should never connect it to the Internet again. Ideally, this computer should not have any wireless communication capability (i.e. no WiFi or Bluetooth chip installed).
Since it is difficult to be certain that a private key no longer exists on a computer (e.g. in some temporary archival section of the filesystem), any computer used to store a private key, however temporarily, must never be later connected to the Internet. If you no longer wish to keep this computer, you should destroy it.
Creating a private key
A Bitcoin private key controls the bitcoin that is stored in a particular address. Private keys should be as difficult as possible for an adversary to guess.
Example Bitcoin private key (64 hex characters, 32 bytes):
To learn how to create a private key, please go to the following page:
How to create a Bitcoin private key
Generating a Bitcoin address
Bitcoin is stored in Bitcoin addresses. An address is generated from a private key. You can use the private key you created earlier to generate a Bitcoin address.
Example Bitcoin address (34 characters):
To learn how to generate an address, please go to the following page:
How to generate a Bitcoin address
Once you have generated an address, bitcoin can now be transferred into it.
Note: No matter how much analysis is performed, it is always possible that there may be an error / bug in the code + hardware stack that generates the Bitcoin address from the private key. If such an error exists, and an address is incorrectly calculated from a private key, and bitcoin is transferred to this address, it will not be possible to retrieve this bitcoin. It will now be controlled by an unknown private key. If you wish to avoid the possibility of this outcome and be certain that you can retrieve bitcoin from a particular address, please read the next section "Testing a Bitcoin address".
When you wish to transfer bitcoin out of your address, you must create a transaction that authorises this transfer. Signing a transaction requires the use of private keys, so signatures should only be made on an offline computer. To learn how to create and sign a Bitcoin transaction, please see the following page:
How to create and sign a Bitcoin transaction
Testing a Bitcoin address
The only way to be certain that bitcoin can be transferred out of an address is to test it. To test an address, move a small amount of bitcoin into and then out of it.
Once an address has been tested, a larger amount of bitcoin can now be moved into this address and the owner can be certain that it can be retrieved. Even if the owner later constructs a new transaction that turns out to be invalid, and discovers that the cause was an error in the code + hardware stack used to create and sign a transaction, he/she knows that eventually this error could be fixed and a valid transaction could be created. The owner would only risk a temporary lack of access to the bitcoin stored in this address, not its permanent loss.
To learn how to test an address, please go to the following page:
How to test a Bitcoin address
Once you have tested an address, you can store a large amount of bitcoin on it, and know for certain that you will be able to retrieve it in the future.
Storing private keys
You should make backup copies of your private keys, in case any one copy is lost, damaged, or destroyed.
Any cryptographic operation that involves private keys should be performed on an offline computer. You should store this offline computer as safely as you store the private keys, and perhaps prepare a duplicate computer in case the first one stops working.
- Storing the offline computer in some hidden, secure place.
- Writing down the private keys on high-quality paper.
- Storing two copies of the private keys together in a sealed waterproof container. Two copies are protection against any damage to one copy. A sealed waterproof container protects the private keys against flood, rain, and damp.
- Storing an additional two copies in a second sealed waterproof container and storing this container in a second separate location. This is protection against the risk of fire in the first location.
If you are concerned that someone else may accidentally generate a private key that matches one of your private keys, you may be interested in reading this analysis:
- Browse to the article Using a transaction to validate a Bitcoin address. Go to the Thoughts section. Read the part "What is the chance of two people independently generating the same Bitcoin address?".