BitLox Ltd is now shipping the BitLox bitcoin hardware wallet. The company claims that it is indestructible and calls it “the most advanced and secure hardware Bitcoin wallet ever developed.” We talked to Dana L. Coe, Director of BitLox Ltd (HK), to learn how the new BitLox could make sure that your Bitcoin transactions are never subjected to scrutiny.

What is BitLox

BitLox is a device the size of a credit card; 4 mm thin, with a large 2" epaper screen with a full alphanumeric keypad on board. It works with your iPhone and has a five year guarantee. It can be powered via a micro USB cable for desktop use, and this also charges the on-board battery for mobile use. Under normal use conditions, it lasts the whole day, and recharges in around 45 minutes.

The user creates a Bitcoin wallet on the device and the private key stays on the device. “It can display the public receiving address as a scannable QR code on the screen for getting funds into it”, explains Coe. “In order to spend funds, one connects the BitLox to the computer (USB) or the smarphone (via Bluetooth) to build the transaction. Then the app sends the unsigned transaction to the device. The device parses the transaction and displays who gets paid what. You approve/disapprove each output including change. If you approve all of them, it signs the transaction and returns the signature to the app”.

Then the app may either send the signed transaction to the network (standard mode) or present the user the signed transaction in hex code (expert mode). That way it is possible to check the output with an independent tool, such as bitcoind or any decode tool on the various block explorer sites. “Once you are satisfied it is correct, you can transmit it to the network from the app or any other way you like such as bitcoind sendrawtransaction", remarks Coe.

Security and privacy

The company says that such privacy and security features have never been seen before – hidden Bitcoin wallet support, duress PIN, AEM and quad password protection to name a few. It uses a so-called “defence-in-depth approach”, when the BitLox hardware and the users’ wallets are secured by a series of configurable PINs.

“There is a device pin, each wallet has a pin, and even to approve each transaction the user can set a pin. All pins may be up to 20 characters in length alphanumeric, such as ‘gfhhF648AJ6weo’. When powered on, you must input the device pin before it even will turn on the communications stack. The pins are entered directly on the BitLox keypad, not a computer or mobile”, explains Coe.

Once the device pin is entered, the apps may query the BitLox to list the available wallets. Each wallet has its own pin. If a wallet is initialized in expert mode, one may even set an additional transaction pin that must be entered on every transaction with that wallet. When creating wallets, one may choose from standard/advanced/expert mode. Standard mode creates a numeric pin, user selectable in length 4-8 long.

BitLox is configurable to be usable from basic security up to ultra levels. There are a lot of features, but most are optional. In the most basic form, one would only need a device pin. It is possible to create a wallet with no pin, but Coe doesn’t recommend it.

Preservation of wealth

In the event of a loss of wallet, Coe claims that the user’s wealth is well preserved. He illustrates that all wallets, upon creation, display a mnemonic phrase list, configurable at 12/18/24 words. These are BIP32/39 compatible, so one could recover everything by creating a new wallet, recovery wallet, on another BitLox or with an open source tool such as bip32.org.

Apart from that, during wallet creation the user may choose to have the wallet "hidden". This wallet will not show up in the listings as only the encrypted part of the wallet is written to the storage. “BitLox can hold up to 100 wallets (50 regular and 50 hidden ones), each with its own seed and completely independent of the others”, clarifies Coe.

BitLox is not absolutely independent

However, Coe says that the device has no network capability of its own, that it can only communicate with the apps. The apps (Chrome/web/iOS/Android) are open source and available on github in essence, BitLox does not work independently.

“To assemble a transaction you need data from the blockchain”, he explains. “The data that goes into building a transaction is all "public" in the sense it comes from the public data of previous transactions. What BitLox does is it puts the "private" part of the transaction building (the signing) on the dedicated hardware device. So the BitLox only responds to a very specific set of commands.”

BitLox is not yet open source, and this may turn away some prospective buyers. On the other hand, Ledger is not completely open source either. What veteran users of hardware wallets may appreciate in BitLox are its advanced features available when using Expert mode and the ability to use Tor and i2p.