What are Paper Wallets?
When storing Bitcoin and other cryptocurrencies, one can either use a hot wallet or a cold wallet. A hot wallet is one that is connected to the internet. They generate and store private keys and broadcast the signed transaction to the network.
Cold wallets are ones that aren’t connected to the internet. Any transaction initiated online is temporarily transferred to an offline wallet kept on a device where it is digitally signed before transmitting it to the online network.
(Read about Hot Wallets vs Cold Wallets)
Paper wallets are offline wallets in which you can store cryptocurrency. The difference between paper wallets and other cold storages is that the private keys are printed on a paper instead of storing them on a physical device like an external hard-drive or an offline computer. This method has some drawbacks where you may risk losing your remaining balance.
Two Consideration when using Paper Wallets
I. Once Private Key is online, spend everything from the Paper Wallet
There are two considerations to keep in mind when spending from a paper wallet. First, if you built a paper wallet securely, you did so on a computer that was offline and isolated from the internet. And when you are spending part of the funds on that wallet, most of the time this means that you have either typed or scanned or swept the key to a wallet that is online to create a transaction. When you put the private key online, it is better to make sure that you spend everything from that paper wallet. In the worst case, you can simply make the required payment and send the rest to a brand-new paper wallet that you have created offline.
What you don’t want to do is believe that you still have a secure paper wallet even though the private key has now been on an online system. Your paper wallet won’t be as secure as it was before the private key was used in an online system.
II. When spending less, the change goes to a different address
The other concern is that many wallets use change addresses in the background. The private key and the UTXO that’s in that private key on the paper wallet is a single UTXO (unspent transaction output). When you spend from that – and if you spend less – your wallet will generate change. The change doesn’t go back to the private key on the paper wallet but it goes to a different address, and that different address is probably a wallet address.
Effectively, you have just moved the money from the paper wallet to the wallet you used to spend part of the amount. If you didn’t send the change on purpose to a new paper wallet, you’ve effectively moved the rest of the money to a key controlled by an online wallet. You are no longer operating cold storage but have turned it into a hot wallet.
Only use the Private Key from a Paper Wallet once to move everything
So, it is best to spend all of it and direct any change, explicitly and deliberately, to another paper wallet if you want to keep it secure. Only use the private key from a paper wallet once to move everything. As a result of these complexities and how difficult it is to create and manage paper wallet securely – paper wallets are not as good as hardware wallets for the vast majority of users.
Someone who is very technically sophisticated, with a very good understanding of the security implications can create a very secure paper wallet. In fact, a paper wallet can be more secure than a hardware wallet if generated correctly.
The problem is that the vast majority of users who are likely to try, do not understand the technology well enough. They do not have the necessary skills to implement a paper wallet securely and correctly. They will end up doing something far less secure.
Paper Wallets are just keys printed on paper – A private key is 256-bit random number
Generating paper wallet offline is easy. Paper wallets are basically just keys printed on paper, and the keys themselves are just numbers. You create private keys by simply picking, or having your computer pick, a number at random. You don’t need to be online in order to produce keys. No information is exchanged between you and the world in order to produce these random numbers. So, a private key is a 256-bit random number. You could then feed that number to a computer program, produce a public key and bitcoin address, and now you have a key that has never been online.
Use an “Air-Gapped Machine” while generating a Paper Wallet
One of the difficulties with generating paper wallets is that for them to be secure, you need to generate them on a computer that does not touch or has never touched the internet, i.e. an air-gapped machine. Then you must use a printer that has no memory and has never touched the internet either. This is an almost impossible task for the vast majority of users, which makes it very difficult to implement paper wallets in practice.
Primarily use a Hardware Wallet, and use a Paper Wallet as backup
What kind of computer has never been online and can generate keys for you? A hardware wallet. If the instructions for making a paper wallet starts with “build your own hardware wallet”, which is basically what we say when we say “create a computer that has never been online – an air-gapped computer” – what we’re asking people to do is to build their own hardware wallet.
2-step method to ensure complete security
Step 01 – Buy your own hardware wallet
Step 02 – Write down the seed that appears on screen and that’s your paper backup
Storing cryptocurrency primarily on paper wallets have largely been considered as an unsafe and obsolete method of storing Bitcoin, and was popular between 2011 and 2016. They are considered unsafe because loss or damage to the paper wallet can result in your funds being stuck. However, successfully storing generating your private keys on a paper wallet using an air-gapped machine can ensure your funds being extremely safe from cyber-attacks, malware, etc.
What do you think about paper wallets? Do you think they are secure enough? Would you store your cryptocurrencies in a paper wallet address? Let us know is the comments below.
This article is a transcription of Andreas Antonopoulos’ explanation using paper wallets.