Generate & Easily Restore Temporary Wallets for Privacy

[trymeouteh]

To make privacy easier in AirGap Wallet when using non-private cryptos (Which are most cryptos out there) I would like to suggest the ability to easily create new wallets within a wallet. There are a few ways this could be done but I think this is the best and most user friendly approach

How it works

Lets say you have two wallets...

• First wallet is a 12 word phrase wallet with a passphrase of "mypassphrase123" and this wallet is named "Wallet 1".
• Second wallet is a 24 word phrase wallet with no passphrase and this wallet is named "Wallet 2".

Inside "Wallet 1" and "Wallet 2" you have Bitcoin for enabled coins. On any coin you can generate a new subwallet, select a subwallet or browse subwallets. Subwallets will use the 12/24 word phrase but have a passphrase which will be the date and time of the subwallet creation.

• For example "Wallet 1" Bitcoin subwallet will be the 12 word phrase with a passphrase of "mypassphrase123_SUBWALLET:2021-09-22-17-24-39".
• For example "Wallet 2" Bitcoin subwallet will be the 24 word phrase with a passphrase of "SUBWALLET:2021-09-22-17-24-39".

I am not sure if there is a length limit on passphrases, if there is a limit should be set in AirGap Wallet/Vault when you create or restore a wallet. If AirGap Wallet/Vault detects your passphrase to be too long when your creating and restoring your wallet, it will have a warning message saying "Your passphrase needs to be less than ## characters long in order to be able to use the subwallets feature". If your passphrase for your wallet is too long the subwallet feature will not be available for your wallet.

When you browse your subwallets for a certain coin you have these options on managing subwallets.

• Rename the subwallet (Give the subwallet a label). If no label is set it will set the label to the date and time of the subwallet creation
• Show/Hide subwallet
• Delete Subwallet (Will have warning messages and require password to delete subwallet)

Subwallet Files

In the apps setting you will choose a directory on the device on where subwallets data will be stored. And this directory will save the subwallets for each wallet.

• For example with Wallet 1" and "Wallet 2", there will be a file named "Wallet 1.txt" and "Wallet 2.txt" in the directory.

Subwallet File Contents

This is what a wallet txt file will look like. In the example below it first has the subwallet date and time which is the passphrase. the subwallet name/label and then it labels what coins the subwallet is for.

2021-09-22-17-24-39	"McDonands, 12 Street New York"	BTC
2021-09-23-22-11-56	"KFC"	DASH

Also the wallet.txt files could be encrypted using the wallets 12/24 word phrase as the encrypted password of the file to prevent other apps from reading it and preventing others from read the plain text of the file.

Import/Export

In the app settings you will also be able to import/export your subwallets for a certain wallet. This can allow one to export a plain text version or a encrypted version of the file which will require the 12/24 word phrase to read the file. This will be needed to backup and restore subwallets when switching to another device.

Third Party Backups/Syncing

Another important feature to this will be syncing/backups of the subwallets. I strongly suggest having a directory that the user can choose where the subwallet files are stored which gives the users options on how to backup the wallet files. The user can setup their cloud storage app such as Nextcloud, FileN, etc to do automatic backups of their subwallet files. Users can also use Syncthing to backup and sync the subwallet files between devices.

AirGap Wallet Syncing

AirGap Wallet could also implement a syncing feature within their app which will sync their subwallet files between devices. If AirGap Wallet does add this feature I will highly suggest it is P2P with no subwallets being stored on any servers and the connection during the syncing process is E2EE.

Syncing will be optional and the settings for syncing will be the following...

• Enable Sync (On/Off)
• Sync Wallet in background (Sync wallet when app is closed)
• Syncing Intervals (In Minutes/Hours)
• Devices (Manage what devices are synced)
  • Phone (On/Off)
    • "Wallet 1" (On/Off)
    • "Wallet 2" (On/Off)
  • WorkPhone (On/Off)
    • "Wallet 1" (On/Off)
    • "Wallet 2" (On/Off)
  • Tablet (On/Off)
    • "Wallet 1" (On/Off)
    • "Wallet 2" (On/Off)

It should never have any conflicts with the date and time passphrase, there maybe conflicts with the subwallet names which may need a way to be managed.

Conclusion

This is a big feature request but a powerful one for any crypto wallet. AirGap Wallet is the most secure fully open source wallet on the market. Most cryptocurrencies are not private due to the traceability of the coins on the transparent blockchains. This feature when used will allow users to use transparent non-private cryptos such as Bitcoin, Litecoin, Ethereum, etc with privacy. To transfer your coins from your main Bitcoin wallet to one of your Bitcoin subwallets, you do not just send it from "Wallet 1" Bitcoin main to "Wallet 1" Bitcoin subwallet, you swap from "Wallet 1" Bitcoin to a privacy coin like Monero and then swap Monero to "Wallet 1" Bitcoin subwallet and then send it out from there.

This feature would benefit with more privacy coins being added to AirGap wallet such as Monero and having swaps within the app that support all coins to be exchanged for privacy coins and vice-verse.

This feature also shares many similarities to the Offline Transaction Notes. If the Offline Transaction Notes comes to be, it would be amazing to also have offline transaction notes for subwallet transactions.
#46

[AndreasGassmann]

I am not sure I understand the use case of this feature. Is it only related to privacy?

It sounds to me like the same level of privacy can be achieved by using a different derivation path.

The derivation path, according to BIP44, uses the following format:

m / purpose' / coin_type' / account' / change / address_index

In AirGap, the default derivation path is m/84'/0'/0'/0/0. The last 2 elements will change every time you do a transaction to avoid address re-use. But first part, m/84'/0'/0', will always stay the same for your account. So if you want to create a new account, you can simply increase the "account" index by one, eg. m/84'/0'/1'. This will give you a new set of addresses and it is not possible to link those addresses to the other account. Alternatively, you can also just add an index to your passphrase to generate a completely different account. Another alternative would be to derive a BIP85 child mnemonic from your seed.

The main issue I see with this feature is that if you lose your "sub-wallet backup", you basically have to brute-force your sub-wallet passphrase to re-gain access to it. I also don't see the benefit of having such a complex generated passphrase instead of just increasing the account index, which is a feature that was basically added exactly for this use-case.

So in summary, unless there is a use-case I'm not seeing, this feature would be very complex to implement, "incompatible" with other wallets and add the risk of losing funds if the backup file is lost.

A "Wallet Syncing Service" outside of this context is definitely something that would be interesting, because that could also be used for exchanging multisig transactions.

[trymeouteh]

How many addresses can you generate by changing the last 2 elements in the derivation path? Can you generate millions of addresses?

This feature is for privacy only to reduce tracking someones coins and transactions on the blockchain.

It will require a sub-wallet file which will need to be backed up and the users should be notified with a notification about keeping backups of the file.

It maybe better to do the derivation path instead of passphrases, I suggested passphrases since you can easily set the passphrase to the data and time of when the sub wallet is created, making it so really unlimited amount of wallets can be generated by using date and time. If your able to generate millions of addresses using the derivation path, this would work too and probably be better for recovery if the file gets losts since it will be easy to regenerate the derivation paths of a wallet over brute forcing the passphrase that would be various date and times.

If the derivation path method is used instead of passphrases, then Coin Control would also need to be enabled or be a setting that can be enabled within the wallet to prevent one from sending an outgoing transactions with two or more outputs.

[trymeouteh]

Turns out you can generate millions of addresses by changing the last number in the dervided path, closing this issue and opening a new one explaining how to implement this feature for increased privacy.
#131