离线比特币签名工作原理步骤详解

离线比特币签名工作原理步骤详解
How Does Offline Bitcoin Signing Work Step by Step

原始链接: https://frozensecurity.com/blog/how-offline-bitcoin-signing-works/

## 离线比特币签名：安全深度解析离线比特币签名通过将您的私钥完全隔离于互联网来最大化安全性。该过程将交易*创建*（在线，使用仅观看钱包）与交易*签名*（离线，在安全设备上）分离。这通过使用**PSBT（部分签名比特币交易）**实现——通过气隙（SD卡、二维码）在设备之间传输的文件。主要好处是消除了可能危及连接到互联网的设备上密钥的在线威胁，例如恶意软件。虽然像Coldcard这样的硬件钱包提供强大的气隙隔离，但其他钱包（Ledger、Trezor）需要有意的设置。或者，可以使用专用的离线计算机。然而，即使有气隙隔离，仍然存在漏洞。最近的**Dark Skippy攻击**表明，受损的固件可以通过签名提取密钥。大多数系统都维护一个“静态密钥”——一个随着时间推移容易受到攻击的存储密钥。新兴的解决方案，如**Frozen Security**，完全消除了“静态密钥”，在*签名期间*派生和丢弃密钥，从而提供潜在的更高安全级别。**BIP-39、BIP-32、BIP-174和BIP-370**等标准支撑这些流程，确保互操作性和功能性。

对不起。

Offline Bitcoin signing means creating a valid transaction signature on a device that has zero internet connection — no Wi-Fi, no Bluetooth, no USB data channel.

The private key never touches a networked machine. Ever.

Here’s exactly how it works.

What Is Offline Bitcoin Signing?

When you send Bitcoin, the network requires a cryptographic signature proving you own the coins. That signature comes from your private key.

The offline bitcoin signing workflow separates two things that are usually combined:

Building the transaction — done on a networked computer
Signing the transaction — done on an isolated device with no internet

The private key only exists on the offline device. The networked machine never sees it.

Why Sign Bitcoin Offline?

A private key on a machine connected to the internet is exposed to every online threat on that machine: malware, keyloggers, clipboard hijackers, remote exploits.

Offline signing eliminates that exposure and provides enhanced security by shrinking the attack surface to physical access only.

This is why serious long-term holders, corporate treasuries, and institutional funds use offline signing for large positions.

How to Sign Bitcoin Offline: Step by Step

Step 1 — Creating the unsigned transaction online

A watch-only wallet runs on your networked computer. It holds your public key (xpub) but not your private key. It tracks your balance and constructs transactions — but it cannot sign them.

You specify the inputs and outputs: who to pay, how much, and what fee. The watch-only wallet packages this transaction data into a PSBT file — a Partially Signed Bitcoin Transaction — ready for the signing process.

Step 2 — Move the PSBT to the offline device

The unsigned PSBT file moves across the “air gap” via:

A microSD card
A QR code (displayed on screen, scanned by the offline device)
An NFC tap

No internet connection. No Bluetooth. Physical transfer only.

Step 3 — Review and sign offline

The offline signing hardware wallet reads the PSBT and displays the transaction details on its own screen:

Destination address
Amount
Fee

You verify these on the device’s screen — not on your computer screen, which could be manipulated.

You confirm. The device signs the transaction using your private key. The signature is added back to the PSBT file, producing a signed Bitcoin transaction PSBT ready for broadcast.

Step 4 — Move the signed PSBT back online

The signed PSBT travels back across the air gap the same way it came — SD card or QR code.

Your watch-only wallet on the networked computer receives it, finalizes the transaction format, and prepares it for broadcast.

Step 5 — Broadcast to the Bitcoin network

The networked computer submits the signed transaction to the Bitcoin network.

The signing device never connected to the internet. The private key never touched a networked machine.

What Is a PSBT (Partially Signed Bitcoin Transaction)?

PSBT — Partially Signed Bitcoin Transaction — is a standardized format defined in BIP-174 (also written as BIP 174).

BIP-174 explained simply: it is a file format that carries everything required for the offline signing process in one self-contained package:

The unsigned transaction with all inputs and outputs
The transaction data the signer needs to verify authenticity
Metadata for key derivation paths and redeem scripts
Empty fields where signatures are added

PSBT files make offline transactions practical. The offline signing device gets everything it needs without querying the blockchain — it can operate in complete isolation.

Bitcoin Core added full PSBT support in version 0.17. Today it is the standard interchange format across all serious wallet software.

BIP-370 (PSBT version 2) extended the format to handle more complex transactions — cases where inputs and outputs are added interactively rather than fixed at creation, such as CoinJoin.

Offline Signing Hardware Wallet Comparison

Coldcard

Built specifically for air-gapped use. The offline bitcoin signing workflow is PSBT-native via microSD card. The Coldcard Q model adds a QR scanner for fully contactless signing. You can permanently cut the PCB trace that enables USB data — making the air gap physical and irreversible.

Ledger and Trezor

Private keys are isolated inside the device hardware, but communication with the host computer runs over USB or Bluetooth. These are not fully air-gapped. They can be configured for offline transactions — paired with an offline computer, PSBT files moved via SD card — but this requires deliberate setup beyond the default workflow.

Air-gapped computer (Electrum or Sparrow)

A laptop with networking permanently disabled runs wallet software with the full private key. Partially signed transactions move via USB drive or SD card to and from a watch-only wallet on the networked machine. No proprietary firmware involved — but you are trusting the OS and the wallet software completely.

The Security Assumptions Behind Offline Signing

Every offline signing setup rests on three assumptions:

The signing device firmware is genuine and unmodified
You verify the transaction details on the signing device’s screen before confirming
The seed was generated with sufficient randomness

Where it breaks down: Dark Skippy (2024)

In August 2024, researchers published the Dark Skippy attack. Compromised firmware on any offline signing hardware wallet can embed seed data into the signature nonces. An attacker who sees just two of your signed transactions on-chain can reconstruct your full private key.

The attack uses the signatures themselves as the exfiltration channel. Air-gapping does not stop it, because the signed transaction must cross the air gap to be broadcast.

The mitigation is an anti-exfiltration (anti-exfil) protocol — the host provides random data that gets mixed into the nonce, preventing the device from choosing nonces freely. BitBox and Blockstream Jade implement this. Most hardware wallets do not.

What “Key at Rest” Means

Your private key is “at rest” whenever it exists in storage but is not actively part of the signing process.

For a hardware wallet, that is almost always. The key sits inside the secure element between signing events — encrypted, protected, but present.

This matters because most attacks happen at rest, not during signing. The key is in storage for months or years. That is the exposure window.

All conventional offline signing methods maintain a key at rest. The security model is: protect the stored key as well as possible.

The structural limit of this model is that no stored secret can be guaranteed secure indefinitely. Hardware gets extracted. Firmware gets compromised. Protection schemes have a finite lifespan.

The Alternative: No Key at Rest

Some custody systems eliminate the stored key entirely.

Instead of storing the private key and protecting it, the key is derived at signing time from a physical object and immediately discarded. It does not exist before the signing process. It does not exist after.

This is the model Frozen Security is built on. The private key is a physical artifact — never stored digitally. At the moment of signing, the device reads the physical key, derives the private key transiently in volatile memory, signs the transaction, and clears all memory.

There is no key at rest to protect because there is no key at rest.

This changes the security question from how well is the key protected to does a persistent key exist at all.

Bitcoin Standards Referenced

Standard	What It Does
BIP-39	Generates a 12–24 word mnemonic from entropy; converts it to a 512-bit seed
BIP-32	Hierarchical deterministic key derivation — all keys from one seed
BIP-174	PSBT version 0 — the standardized format for offline signing workflows
BIP-370	PSBT version 2 — supports complex transactions built interactively
SLIP-0010	Extends BIP-32 derivation to additional curves (ed25519, NIST P-256)

Summary

Offline Bitcoin signing keeps your private key on a device that is never connected to the internet. Transactions are built online as PSBT files, moved to the offline device for signing, then moved back for broadcast.

The standard offline bitcoin signing workflow uses BIP-174 PSBT files and a physical transfer channel — SD card or QR code — as the air gap crossing mechanism.

Offline signing hardware wallets implement this with varying degrees of isolation. Wallet software on dedicated offline machines offers a firmware-free alternative. Both models maintain a private key in storage at all times.

The next step beyond offline signing is a model where no private key is stored at all — where the key only exists as a transient derivation at the exact moment it is needed.

That is what Frozen Security builds.

Frozen Security — Physically Governed Digital Asset Custody
frozensecurity.com