Community Backups

Securing your Bitcoin used to be as simple as writing down a 12-word phrase. But as Bitcoin adoption grew, so did the challenges of safeguarding those words:

• What if you lose them?
• What if they’re stolen?
• What if you’re extorted?

To address these challenges, advanced solutions like multi-signature and miniscript wallets emerged. However, these solutions often introduced new problems, such as:

• The need to digitally back up wallet setup information, which often requires storing backups on USB drives or external storage that must be checked and updated regularly, or relying on cloud services.
• Managing inheritance becomes complex, as ensuring your loved ones can access your back ups without compromising security, which requires additional planning.
• A growing reliance on centralized services or subscription fees that handle back ups for you, which can add long-term costs and dependencies.

RewindBitcoin solves these challenges by simplifying the process: you only need to secure your Recovery Phrase (the "password") eliminating the need for external backups, encryption tools, or ongoing subscriptions. This removes a significant pain point for users and ensures your Bitcoin remains secure and accessible.

Introducing Community Backups

RewindBitcoin’s Community Backups eliminate these worries by leveraging decentralized peer-to-peer (P2P) technology, ensuring your backups remain secure, private, and accessible. Even if RewindBitcoin ceases to operate.

The Rewind community collaboratively maintains the service. It’s absurdly easy. If you already run your own Bitcoin node, you’ll find this as easy, if not easier. Just open a console in your machine and type this:

npm install -g pear
pear run pear://tfmrcaj767puaha9idsgfgfeij8t3iaia1j8nbjw41u9wkmx8b5y

This will install and run a P2P blockchain storing encrypted backups from Rewind users.

With this setup, you take control of your backups and those of the community, contributing to the decentralized Rewind network.

Keep reading to understand how it works, but be confident it’s as easy as the lines above.

Participation is optional, and you can contribute only if you choose to. Rest assured, there are already many peers ensuring the security and resilience of the network and your data.

How It Works

Vault Encryption

When you create a vault, it undergoes several security steps to ensure robust protection:

• Compression and Encryption:

  • The vault is compressed and encrypted using a cipher key derived from your Recovery Phrase.
  • The encryption key is created by signing the message "Satoshi Nakamoto" with the vault’s private key, then hashing the resulting signature using sha256. This ensures compatibility with hardware wallets.

• Hierarchical Deterministic Method:

  • Vaults and their descriptors follow a hierarchically deterministic (HD) method. Each vault is associated with a unique derivation path: m/1073/<network>/0/<index>. This derivation path is used to obtain the key required to sign the "Satoshi Nakamoto" message, as explained earlier, and subsequently derive the cipher key for encryption.
  • The value 1073 is the "purpose" proposed by RewindBitcoin to identify vaults.
  • The <network> value is 0 for mainnet and 1 for testing networks like regtest, tape, or testnet.
  • The index starts from zero and increments by 1 for each vault created. This allows efficient querying of the P2P network for existing vaults, mirroring the Account Discovery process in BIP44.

These combined steps ensure that only you can decrypt and access the contents of your vault.

P2P Backups

Each time a vault is created, it is compressed and encrypted locally on your device and securely uploaded to the P2P network, powered by Pears. Key features include:

• Read-Only Network: All peers except the designated writer have read-only access. This prevents spam and ensures network integrity.
• One-Time Fee: A one-time fee is required to upload a backup. This model ensures that only valid vaults and data are stored, effectively preventing spam. Much like paying a miner fee for a Bitcoin transaction, this approach eliminates ongoing subscription costs while maintaining the network's integrity.

Decentralized Restoration

Restoring your vault is straightforward:

• Re-enter your Recovery Phrase on another device.
• The RewindBitcoin app will fetch and decrypt your vaults from the P2P network automatically.

Technical Features

• No Centralized Servers: The backup data is distributed across peers, ensuring there is no single point of failure.
• Read-Only P2P Network: Only one designated writer can add backups, maintaining network integrity and preventing spam.
• One-Time Fee: A single payment is required to upload your backup, ensuring sustainability without ongoing subscription fees.
• Encrypted Security: All vault data is encrypted with XChaCha20-Poly1305, a modern encryption algorithm also used in TLS.
• Open Source: The implementation is open-source for transparency and community trust. Explore the Community Backups repository.

Relevant Files for Implementation

For those interested in the technical details, the following files in the repository are key:

• vaults.js: Implements the HD derivation method and cipher key generation.

• cipher.js: Handles decryption of vault data.

For Advanced Users

Running Your Own Peer

If you’d like to contribute to the network or maintain greater control, you can run your own Community Backups peer:

npm install -g pear
pear run pear://tfmrcaj767puaha9idsgfgfeij8t3iaia1j8nbjw41u9wkmx8b5y

Seeding the Program

Seeding ensures that the "program" itself remains decentralized. When you seed, the application is distributed through the P2P network instead of relying on centralized servers. This guarantees that the program remains available even if the original sources go offline.

To seed the program, run the following command:

pear seed pear://tfmrcaj767puaha9idsgfgfeij8t3iaia1j8nbjw41u9wkmx8b5y

Seeding is highly encouraged to help maintain the resilience and accessibility of the Community Backups system.

Inspecting the Code

To verify the integrity of the program, you can inspect its source code:

pear dump pear://tfmrcaj767puaha9idsgfgfeij8t3iaia1j8nbjw41u9wkmx8b5y <folder>

For additional technical details, visit our GitHub repository.

Interactive Mode and REST API

The Community Backups peer supports:

• Interactive Mode: Use your Recovery Phrase to locate and restore vaults interactively.
• REST API: Query vault data programmatically to check or retrieve backups.

pear run pear://tfmrcaj767puaha9idsgfgfeij8t3iaia1j8nbjw41u9wkmx8b5y --enable-api --port 8080
pear run pear://tfmrcaj767puaha9idsgfgfeij8t3iaia1j8nbjw41u9wkmx8b5y --interactive

Configuring Your Node in the App

If you run your own node and want to enhance your privacy, you can configure the Rewind app to fetch vault data directly from your node. Here's how you can set it up:

• Run the Peer with REST API Enabled:
  Start your Community Backups peer with the REST API enabled by running the following command:

  pear run pear://tfmrcaj767puaha9idsgfgfeij8t3iaia1j8nbjw41u9wkmx8b5y --enable-api --port 8080
  

  This exposes the REST API on your local machine, making it accessible for the Rewind app.

• Set the URL in the App Settings:
  Open the Settings menu in the Rewind app and update the "Community Backups" field with the URL of your running peer. For example, if the peer is running locally, the URL would be:

  http://<your-computer-ip>:8080
  

By connecting the app to your node, you gain full control over your data while benefiting from the privacy provided by the decentralized Community Backups network.

RewindBitcoin’s Community Backups embody the decentralized ethos of Bitcoin, empowering you to secure your assets without reliance on third-party services. Learn more by visiting our GitHub repository.