/How To Use The Foundation Passport Batch 2 To Secure, Mix Your Bitcoin

How To Use The Foundation Passport Batch 2 To Secure, Mix Your Bitcoin

Join us at Bitcoin 2023, the world's largest Bitcoin conference, May 18-20! Experience three days in Miami Beach with the brightest minds in Bitcoin.Join us at Bitcoin 2023, the world's largest Bitcoin conference, May 18-20! Experience three days in Miami Beach with the brightest minds in Bitcoin.

The Passport Batch 2 is the second-generation Bitcoin hardware wallet from Foundation Devices. Passport is built in the U.S., air gapped and utilizes open-source code. In this guide, you will see how simple self custody can be with a device like this, the differences between the Founder’s Edition and Batch 2 of the wallet and a walkthrough of select, advanced features.

unboxing09unboxing09

Self Custody Made Simple

“Self custody” means that you are in control of your private keys: this is how you maintain unrestricted access to your bitcoin. By extension, unrestricted access to your bitcoin means that you can send or receive bitcoin with anyone in the world for any reason at any time. You don’t need anyone’s permission, you won’t be held against any financial institution’s moral standards and nobody can stop you from making the transactions that you want to make.

With great power comes great responsibility, however, and self custody also means that you are taking radical responsibility for your bitcoin. You and you alone are responsible for managing your private keys in a way that allows you to access them, but not your adversaries. There is no 1-800 help line, there is no reversing of transactions and there is no one who can help you recover lost or forgotten information. This may sound intimidating or complicated, but tools like Foundation’s Passport make self custody very simple and relatively easy to manage.

Passport makes it possible to self custody your bitcoin on a cold-storage device; this way, your private key is kept on a device that never makes a connection to the internet. Through the use of QR codes to sign transactions and the accompanying Envoy app, using the Passport to receive, secure and send bitcoin is easy and intuitive, even without an internet connection directly to the device.

Unboxing

Passport is shipped in a nondescript white box. There will be a shipping label (peeled off for privacy reasons in this demonstration) and a blue, tamper-evident seal on the outside of the box. The tamper-evident seal will be placed over the opening flap of the box and the seal will have a number on it that starts with “B799,” “B862” or “B863.” The full-length unique numbers are not saved by Foundation Devices, but the prefix is used to identify the production batch that the device was manufactured in. You can find a maintained list of these prefixes here.

Privacy tip: Consider using a P.O. Box and an alias to avoid connecting your personally-identifiable information to Bitcoin-related items.

Security Tip: If the security seal shows any signs of tampering, contact hello@foundationdevices.com.

Inside the shipping box is the device box, it should be wrapped in bubble packaging.

Inside the device box you will find:

  • A Passport Batch 2 Bitcoin hardware wallet
  • 8 gigabyte (GB), industrial-grade micro SD card
  • USB-C-to-USB-C charging cable
  • Micro-SD-to-Android port adaptor
  • Micro-SD-to-iPhone port adaptor
  • “Getting started” literature
  • Seed phrase and backup code card
  • Foundation stickers

Downloading Envoy

Envoy is an open-source companion app for Passport. This app is available for iPhone or Android and enables a secure, guided setup experience for your Passport. While it makes for a convenient companion app, it is not required to use the Passport. You can use any wallet you want to monitor balances, build transactions or generate receive addresses.

With Envoy, you can also install the latest firmware updates from your mobile device using the included micro SD adapters. The security validation to ensure that your Passport has not been tampered with in transit can also be completed from the Envoy app. There is a beginner-friendly Bitcoin wallet built into Envoy that enables you to easily receive bitcoin to your Passport. You can also create transactions in Envoy, ready to sign with your Passport using the QR code communications, all while your private keys remain secured on the Passport. Envoy connects to the internet via Tor by default.

This guide will cover how to download Envoy from the F-Droid repository on an Android mobile device. The cool thing about F-Droid is that you can get apps from it without the need for a Google Play store account. The F-Droid security model enforces that all apps have a valid signature over the entire contents of the Android package (APK file), so you know you are getting the app intended for you by the developers who control the signing key of the repository you are using.

  • With your mobile device, scan the QR code on the included notecard and it will take you to the Foundation Devices start page.
  • Click on the device you are setting up. In this case, Passport Batch 2.
download_01download_01
  • This will bring you to the Foundation Devices startup guide, which features helpful and detailed step-by-step instructions and videos.
  • Scroll down to the “Downloading Envoy” section and click on the “Envoy Download Links” link.
  • Then click on the F-Droid icon. 
download_02download_02
  • You will be brought to the instruction page for downloading Envoy from F-Droid.
  • Scroll down to step two under the QR code and click the link there.
  • This will bring you to the summary page of the Foundation Devices F-Droid repository. Copy the link on this summary page.
  • Then, open your F-Droid app, click on “Settings” in the lower right-hand corner, then click on “Add additional sources of apps” under “Repositories” near the top of the menu. 
download_03download_03
  • You will be presented with a list of your currently available repositories. Click on the “+” sign in the upper right-hand corner.
  • Then paste the link you copied previously. The fingerprint is optional and can be verified at any time against the repository summary page. Then click on “ADD.”
  • Once the repository is added, you can use the search function in F-Droid from the magnifying glass icon on either the “Latest” tab or the “Categories” tab to then search for Envoy. Once found, click on the download icon.
  • Once downloading is complete, click on “INSTALL.” 
download_04download_04
  • Once installed, the Android system will ask you if you want to install this app, click on “INSTALL.”
  • Then you should be able to find the Envoy app in your app tray and you can click and hold to drag it onto your home screen if you want. Then you can open it.
  • You will be greeted with the introduction message.
download_05download_05

Supply Chain Validation

The first step is to complete the supply chain validation. This ensures that your device has been delivered to you as the manufacturer intended, authentic and unmodified.

  • Open the Envoy app on your mobile device.
  • Select “Set up a new Passport.”
  • Review and accept the terms of use.
  • Select “Next.” You should see an animated QR code start cycling.
verify_01verify_01
  • Power on your Passport.
  • When prompted for how you would like to set up your Passport, select “Envoy App.”
  • Then select “Continue on Envoy.”
  • Select the “>” arrow to initiate the Passport camera.
  • Then scan the animated QR code on your mobile device. You should see the Passport start counting the percentage completed until 100% of the information is received. 
verify_02verify_02
  • In the Envoy app, select “Next.”
  • On the Passport, select “>” for next and a QR code should appear.
  • In the Envoy app, select “Continue” to initiate your mobile device’s camera.
  • Scan the QR code on the Passport with your mobile device.
  • You should receive a notification in the Envoy app that your Passport is secure. If your device fails the supply chain validation, it may have been tampered with or swapped out with a malicious device while in transit to you. In the unlikely event of a failure, contact the Foundation team via email at hello@foundationdevices.com. If your Passport supply chain validation was successful, then select “Continue” in the Envoy app.
  • On the Passport, select “Passed.” 
verify_03verify_03

PIN Code

A PIN code on the Passport can be between six digits and 12 digits in length. Using a PIN that is easy to guess is not recommended. There is no way to recover a lost PIN. In the event that an incorrect PIN is entered into the Passport Batch 2 21 times, the device will self destruct and become permanently useless. If that occurs, your bitcoin is still safe, so long as you have your seed phrase (covered in the next section), it just means the device itself is ruined.

You can also enable security words which add a layer of protection in the event that your device is ever tampered with. If you enable security words, you will enter your PIN in two parts, a prefix and suffix. After entering the prefix, you will be presented with two English words, for example “moment auction.” Because of the way that these words are generated, if anything has been tampered with on your Passport hardware or software, then these words will be different than the ones you were expecting. If the words are the ones you were expecting, then you enter your PIN suffix and complete the login process.

  • On the Envoy app, you can just select “Continue” when you see the prompt to enter a six- to 12-digit PIN. The actual PIN setup will be carried out on the Passport. 
pin_01pin_01
  • On the Passport, use the “>” arrow when you see the prompt to set up your PIN, which should be the first prompt you get after the supply chain validation procedure.
  • Using the “>” arrow, acknowledge that there is no way to recover a lost PIN. You may want to consider writing your PIN down on paper or stamping it into metal and then storing it in a safe and secure location.
  • Using the “>” arrow, acknowledge the warning to record your PIN somewhere safe.
  • Then, using the numeric keys, enter your desired PIN number.
  • Then enter it again to confirm. 
pin_02pin_02
  • Next, the Passport will cycle through “Setting initial PIN,” “Logging in” and, finally, you will receive a notice that the PIN was set successfully. 
pin_03pin_03

Next time you turn on your Passport, you should be prompted for your PIN before being able to use the device.

Seed Phrase

The seed phrase is a human-readable representation of the initial entropy used to generate your Bitcoin private keys. Most commonly, seed phrases will be a list of 12 or 24 words. Backing up your seed phrase in a safe and secure way will enable you to access your bitcoin in the event your wallet is lost, stolen, destroyed, etc. So long as you have your seed phrase, you have access to your bitcoin. That also means that anyone else who gains access to your seed phrase has access to your bitcoin.

Take precautions to ensure you save your seed phrase in a safe and secure way. There are several methods, ranging from encrypted micro SD cards, to paper backups, to QR codes to steel plates or washers. Whichever method you choose, your seed phrase will work with a wide range of Bitcoin wallets. Many industry participants have implemented the BIP39 standard, which defines how seed phrases work. This allows users to recover their bitcoin on a number of mobile, desktop or hardware wallets, regardless of which wallet they used to generate the seed phrase. Taking a picture or screenshot of your seed phrase is not recommended.

  • Picking up where you left off, you will probably be at the prompt on your Passport asking you to upgrade the firmware. Since the Passport has not been connected to the Envoy app yet, this step will be skipped at this point and will be revisited after the seed phrase is created. You can update the firmware using the micro SD card at this point if you would like to do so before continuing on to create your seed phrase.
  • If you skipped the firmware update for now, then select “Create New Seed” on the Passport.
  • You will be asked if you want to generate a new seed phrase now, select the check mark.
  • You should see the Passport save the seed and then you will be notified that the new seed has been created and saved. 
seed_01seed_01
  • Next, Passport will create an encrypted backup of your seed phrase and prepare to save it to the included micro SD card. Select the “>” arrow.
  • Part of having an encrypted backup is having the code to decrypt it. Passport will generate this code and it will be required to to open your backup file in the future. Select the “>” arrow.
  • Your Passport came with a perforated notecard, — on one side of the perforation is space to write down your seed words and, on the other side, is space to write down your code for the encrypted backup. Foundation recommends writing down the backup code on this notecard and it is considered a safe procedure because physical access to the micro SD card is required. Consider storing the notecard and the microSD card in separate locations. Select the “>” arrow.

For a more in-depth article on encrypted backups, check out this resource.

seed_02seed_02
  • Your backup code will be displayed. Copy this down on your notecard. Double check your work then select the check mark.
  • Passport will ask that you confirm that your backup code was written down correctly by having you re-enter it. Select the check mark.
  • Enter your code in the blank spaces using the numeric keypad.
  • Once entered, select the check mark.
  • You should receive confirmation that your backup code was entered correctly. If not, try again. 
  • If you haven’t done so already, insert your included micro SD card into the Passport. It never hurts to look at the micro SD card on a desktop file explorer to ensure it is empty first. The Passport will alert you to insert the micro SD card if you have not already done so.
  • Select the cycle symbol if necessary and then the Passport will write the backup to the micro SD card.
  • Then you will receive a notification that the backup is complete. 
seed_05seed_05

Now you have an encrypted backup of your seed phrase to keep safe and secure in case you need to recover your wallet on another Passport in the future. Ensure that you keep the backup code safe and secure as well because it is required to decrypt your backup. The encrypted backup also includes all device settings, accounts, account labels, etc. You can see all of the details here.

Storing the micro SD card and the backup code in the same location kind of defeats the purpose, since if they are found then an adversary could steal your bitcoin. If you want to save a plain-text copy of your seed phrase so that you have the option to recover your wallet using the BIP39 word entry on a number of other wallets, you can fill it in on the included notecard as well.

  • From the Passport home screen, navigate to the left for the settings menu. Then navigate to “Advanced,” then “View Seed Words” and then acknowledge the warning prompting that you are about to display sensitive information.

Connecting To Envoy

Having your Passport connected to your Envoy app enables you to retrieve the latest firmware, watch your account balances, connect to your own instance of an Electrum server, communicate over Tor and more. Your private key information never leaves the Passport, only the public information is shared with the Envoy app so that it can calculate receive addresses and monitor balances.

  • On your mobile device, in the Envoy app, select “Connect an existing Passport.”
  • On the next screen, select “Get Started.”
  • On the next screen, select “Continue” and then your mobile device’s camera should be initiated. 
connect_01connect_01
  • On the Passport, you should be at the prompt that says “Now, let’s connect Passport with Envoy” after saving your backup. Select the check mark.
  • On the next screen, select the check mark to generate the QR code.
  • Then scan the QR code using your mobile device. 
connect_02connect_02
  • In the Envoy app, you should receive a confirmation that the connection was made successfully. Select “Validate receive address.”
  • Then the Envoy app will display the first Bitcoin receive address so that you can confirm everything worked. Once scanned with the Passport and confirmed, select “Continue.”
  • When finished with the steps below on the Passport, you can select “Continue” in the Envoy app to confirm the address is valid and return to the home screen. 
connect_03connect_03
  • On the Passport, select the “>” arrow to continue.
  • On the next screen, select the “>” arrow to display the receive address.
  • Using the Passport, scan the address QR code displayed on your mobile device.
  • The Passport will search for the address and check if it is one that belongs to your seed. You should receive the large check mark symbol indicating that this is an address belonging to you. Select the small check mark.
  • This completes the connection. Select the check mark.
  • Next, you will receive a notification that the Passport has been configured successfully. Select the check mark to be brought to the home screen. 
connect_04connect_04

Firmware

Keeping the firmware up to date ensures that your Passport has the latest bug fixes, improvements, features and security patches. However, updating the firmware is not mandatory, your Passport will still work but just won’t have any updates.

There are a few different ways to get the latest firmware, from the Foundation website, from its GitHub repository or from the Envoy app. This guide will demonstrate the Envoy app method.

As a security precaution, the Passport will only install firmware signed by two out of four possible Foundation developer keys. Whichever method you choose, you will be saving the firmware file to the micro SD card and loading the update onto your Passport from there. This helps keep the device air gapped.

Make sure you have your micro SD card and included adaptor ready to plug into your mobile device. Also, you can always double check which firmware version your Passport has currently installed when you power the device on, it will show the firmware version number at the bottom of the screen during boot up.

  • Insert the micro SD card into the appropriate adaptor for your mobile device.
  • Insert the adaptor into your mobile device.
  • A blue light should start flashing on the adaptor.
  • Open the Envoy app, you should see the latest firmware version number in the lower right-hand corner of the Passport card on the home screen. Press that firmware version number.
  • On the next screen, press “Continue” to confirm you want to update the firmware.
  • On the next screen press “Continue” to confirm you have connected the micro SD card.
  • Then Envoy will ask you where you would like to save the firmware. Navigate to the micro SD card folder location.
  • Then press “Save.” Be sure to give your Android device a moment to finish writing to the micro SD card. If you have issues with the firmware file not being written in its entirety, delete the damaged file from the micro SD card, save the firmware file again, then after pressing “Save,” manually eject the micro SD card from the notifications drop-down menu to force Android to flush to disk.
  • That should save the firmware file to your micro SD card and bring you back to the Envoy app. Press “Finished” to return to the homepage. 
  • Next, power on your Passport. Enter your PIN to unlock it.
  • Insert the micro SD card.
  • Navigate to the settings page and scroll down to “Firmware.”
  • On the next screen, select “Update Firmware.”
  • On the next screen, scroll down to the firmware “.bin” file and select the check mark.
  • Passport Batch 2 will ask you to confirm you want to install the firmware update and display the version number. Confirm by selecting the check mark.
  • Passport Batch 2 will cycle through the update and then reboot itself. 
firmware_03firmware_03

This completes the initial set up for your Passport. From here, there are a number of features and configurations you can make that suit your unique needs best. The following section will compare the differences between the Passport Founder’s Edition and Passport Batch 2. Then the final section will demonstrate select advanced features.

Comparing The Founder’s Edition And Batch 2

The Passport Batch 2 offers many upgrades over the Passport Founder’s Edition. The following section describes these upgrades:

Dimensions

The Passport Founder’s Edition measures 100 millimeters (mm) long by 35 mm wide by 23 mm thick. The Passport Batch 2 measures 110 mm long by 39 mm wide by 19 mm thick.

Ports

The Passport Founder’s Edition features a single port, the micro SD card port. The Passport Batch 2 features a micro SD card plus a USB-C port to charge the battery. The USB-C port is power-only and cannot transmit data. The micro SD card port in the Passport Batch 2 has more depth so that the micro SD card can be inserted further, whereas the micro SD card port on the Passport Founder’s Edition leaves roughly half of the micro SD card sticking out. 

compare_03compare_03

Keypads And Screens

The keypads on both Passports are similar in that they both feature alphanumeric keys. However, the Passport Founder’s Edition keys have more of an oval shape and the keys on the Passport Batch 2 version have more of a rectangular shape.

The navigation keys on the Passport Batch 2 are copper in color, rectangular for the power and select controls, and square for the up/down/left/right controls. Whereas on the Passport Founder’s Edition, the power button shares the same key as the delete button. The key to the left of the up/down/left/right controls is dedicated to the shutdown function. The navigation controls on the Passport Founder’s Edition are more rounded in shape.

The screen on the Passport Batch 2 is a high-resolution, color, IPS display, bounded to ultra-strong glass. The display on the Passport Founder’s Edition has a plastic screen and it is not a color display. The brightness can be adjusted on both Passports. The display when measured diagonally is 43 mm on the Passport Founder’s Edition and 50 mm on the Passport Batch 2.

compare_04compare_04

Batteries

The Passport Batch 2 features a rechargeable and removable lithium-ion battery with a 1,200 milliamp hour (mAh) rating. The Passport Founder’s Edition features two AAA batteries. The lithium-ion battery has a much greater battery life and an industry standard form factor known as “BL-5C” and it can be obtained from many different online vendors for less than $10. Both Passports feature a removable magnetic back piece to quickly access the batteries. 

Cameras

Both Passports use the Omnivision CameraCube but the camera housing is a little different between the two. The Founder’s Edition is pictured on the left and the Batch 2 is pictured on the right.

compare_07compare_07

Software

Most of the menu options available on the Passport Founder’s Edition version 1.1.0 are also available on Passport Batch 2. Some of the folder configurations are a little different but most of the options are there with the exception of signing a text file. Passport Batch 2 also introduces extensions for Casa and Whirlpool, which add additional accounts in Passport that you can connect to. Both Passports can be connected to the Envoy app to make monitoring balances, generating receive addresses and building transactions easier. The next firmware release for the Founder’s Edition will be identical to the Batch 2 firmware.

This completes the comparisons section. In the next section, you will see how to use select features of the Passport.

Passport And Whirlpool

Whirlpool is a zero-link CoinJoin implementation supported by Samourai Wallet on Android mobile devices and by Sparrow Wallet on Linux, Mac and Windows desktops. Zero-link CoinJoin means that there are no deterministic links between the inputs and outputs of the CoinJoin transaction. Because multiple entities are involved with each CoinJoin, there cannot be any certainty as to which entity owns which transaction output. CoinJoins can be used as a technique to gain anonymity on a public blockchain, putting the decision to selectively reveal details about yourself back in your hands, thus giving you a layer of privacy separating your real-world identity from the transactions on a public ledger.

Passport supports Whirlpool accounts and this section will demonstrate how to setu p and use this feature on Bitcoin’s testnet. All the steps are the same for Bitcoin’s mainnet. There will be two wallets used in this demonstration; the first is Sparrow Wallet, acting as the hot wallet which is the wallet where the CoinJoin transactions will originate from, and the second is Passport, acting as the cold wallet where the outputs from the hot wallet CoinJoins will be deposited.

Using this technique offers a couple benefits. First, each deposit to the Passport will look like every other CoinJoin output to external observers on chain and, therefore, no one except for you will know that those unspent transaction outputs (UTXOs) are now in cold storage. So, as other CoinJoin participants continue mixing the other UTXOs from your CoinJoin transactions, the forward-looking anonymity set of your UTXOs in cold storage continues to grow.

Another benefit is that the Whirlpool account on Passport was designed in such a way that you can import it to a hot wallet at any time in the future and continue mixing those UTXOs as free-riders in Whirlpool, thus saving yourself from paying the coordinator fees a second time. Additionally, you won’t pay any additional miners fees when importing this account to a hot wallet in the future as opposed to sweeping UTXOs. Understand, though, that importing the Whirlpool account to a hot wallet exposes the seed to an internet-connected device and therefore it is recommended to use a separate seed on your Passport for any accounts you plan on doing this with.

Hot Wallet

This guide assumes you have already installed Sparrow Wallet on your preferred desktop. If you haven’t done so already, navigate to the Sparrow download page for detailed instructions. Consider your options for connecting to a public node, your own Bitcoin Core node or your own private Electrum server carefully.

Once you have your Sparrow Wallet application installed, open it and navigate to “File,” then “New Wallet”:

whirlpool_01whirlpool_01

Then, name your new wallet and click on “Create Wallet”:

whirlpool_02whirlpool_02

Next, you will have the opportunity to adjust a few settings. Unless you have a good reason to change these settings and you know exactly what you are doing, then it is probably a good idea to just leave the policy type, script type and script policy descriptor in their defaults, as demonstrated here. Then, click on “New or Imported Software Wallet”:

whirlpool_03whirlpool_03

A window will pop up, — click on the drop-down menu in the upper right-hand corner to select the number of words you want to use for your hot wallet’s seed phrase (also known as the “mnemonic phrase”):

whirlpool_04whirlpool_04

A 12-word seed phrase was chosen for this demonstration. Once you have made your selection, the corresponding number of blank boxes will appear in the pop-up window. Click on “Generate New” and Sparrow Wallet will generate a random seed phrase:

You can add a passphrase or leave that field blank. This is kind of like having a 13th or 25th word added to your seed phrase that only you know. There is no way to recover a lost or forgotten passphrase and this will be necessary to access your bitcoin going forward if you decide to use it.

Make sure to write down your seed phrase words in order and keep them safe. Also write down your passphrase if you decided to use one. Consider keeping your seed phrase and passphrase separate from each other to help prevent loss of funds in the event that your secrets are discovered. Writing this information down in a notebook or stamping it into metal to protect it against environmental hazards are common ways that Bitcoiners keep their backups safe and secure. Anyone who gains access to this information will be able to steal your bitcoin, so make sure you keep it safe. Double checking your backup information is a good way to ensure you have copied it all down correctly.

Once you are ready, click on “Confirm Backup…,” then you will be asked if you have written this information down. When you click on “Re-enter Words…” you will then prove you have written your seed phrase down correctly by entering the words in order.

whirlpool_07whirlpool_07

If you make a spelling mistake while entering your words, the dialog box will turn red to get your attention, for example, “word #9” below should be “metal”:

whirlpool_08whirlpool_08

Once everything looks good and you see the green check mark indicating a valid checksum, then click on “Create Keystore”:

whirlpool_09whirlpool_09

Then click on “Import Keystore” in the upper right-hand corner:

whirlpool_10whirlpool_10

Then you will be presented with a summary of your new wallet’s settings. If you used a passphrase, make sure you write down the master fingerprint along with your passphrase so you can confirm that you entered it correctly in the future. If everything looks good, then click on “Apply.”

whirlpool_11whirlpool_11

You will then be asked if you want to add a password. This password is optional but it will encrypt your wallet file so that if anyone gains access to your desktop computer and they attempt to open your wallet file, then they will need this password.

whirlpool_12whirlpool_12

Now that you have your hot wallet created, the Whirlpool accounts will automatically be added once you initiate your first CoinJoin. Alternatively, you can initiate the Whirlpool accounts manually from the settings tab where it says “Add Account…”:

whirlpool_13whirlpool_13

You will be presented with a list of accounts you can add; at the bottom of that list select “Whirlpool Accounts”:

whirlpool_14whirlpool_14

Then select “OK”:

whirlpool_15whirlpool_15

You will notice now that several tabs have appeared along the left-hand side of the user interface. These are the four accounts used to make Whirlpool work. The first one is the deposit account where you will want to send bitcoin that you want to CoinJoin. From the deposit tab, you can click on the receive sub-tab to display a QR code for one of your receiving addresses and you can send bitcoin to it.

whirlpool_16whirlpool_16

Once you have made one or more deposits to your hot wallet, you can click on the UTXOs sub-tab to see your available outputs. Select the ones you want to CoinJoin or use the “Select All” option to use them all. Just keep in mind that selecting all will link all of these UTXOs together on chain in the next step, prior to them being CoinJoined. If you don’t want them linked on chain, then just mix one at a time.

whirlpool_17whirlpool_17

Once you have your selection made, click on “Mix Selected”:

whirlpool_18whirlpool_18

A window will pop up and, if you have an SCODE for reduced coordinator fees, then you can enter it here. Then you can select your transaction priority or, in other words, the amount you are willing to spend on mining fees. Once you have these options set, click on “Next”:

whirlpool_19whirlpool_19

Then you can choose the pool size you want to join. There are four sizes to choose from, the 100,000 sat pool size was used in this demonstration which will create 20 UTXOs that are all 100,000 sats each. The coordinator fee for this is 5,000 sats. Click on “Preview Premix” once ready:

whirlpool_20whirlpool_20

Then you will see a summary of the transaction you just constructed. This transaction is called “tx0” and you will notice that all of the selected inputs of various sizes and from various addresses are consumed in this transaction and 20 like-sized outputs are created. These like-sized outputs from tx0 will be used as eligible inputs to Whirlpool CoinJoin transactions. There are three other outputs in a tx0 as well; the coordinator fee, the toxic change and the miners’ fee. If everything looks good, then click on “Broadcast Premix Transaction”:

whirlpool_21whirlpool_21

Then your wallet will send your transaction to the Bitcoin network:

whirlpool_22whirlpool_22

From the deposit tab and the transactions sub-tab, you will be able to see that the bitcoin you deposited to this account has been sent out:

whirlpool_23whirlpool_23

Then, if you click on the premix tab and the transactions sub-tab, you will see the bitcoin from your deposit account is now in your premix account:

whirlpool_24whirlpool_24

So long as your wallet is connected to the internet, then your available like-sized outputs in your premix account will be registered as eligible inputs for the coordinator to use in CoinJoin rounds. As more participants add liquidity, more of your premix outputs will be CoinJoined. After going through a CoinJoin round, each UTXO will appear in your post-mix account, which you can view from the post-mix tab and the transactions sub-tab. So long as you leave your wallet open and connected, the UTXOs in your post-mix account will remain available as eligible inputs to CoinJoin rounds as free-riders, where they get mixed again and again with no added fees to you:

whirlpool_25whirlpool_25

The toxic change from tx0 is sent to your “badbank” account, which you can view from the badbank tab and transactions sub-tab. You want to be cautious about how you handle these outputs because they are linked on chain to any inputs used in the related tx0 they came from. For example, don’t send some Whirlpool outputs and some toxic change to the same address because that would undo the anonymity benefits gained by using Whirlpool.

whirlpool_26whirlpool_26

Cold Wallet

Now that you have your hot wallet established and some bitcoin being CoinJoined in Whirlpool, you can set up the cold wallet extension on your Passport. This will be the account you are sending your CoinJoined outputs to for long-term cold storage. Using a separate seed from your primary cold storage seed for this process is recommended. If you want to import it to a hot wallet at any time in the future and continue mixing those UTXOs as free-riders, it will expose the seed to an internet connected device.

  • Power on your Passport and log into it.
  • From the main menu, navigate to “Extensions.”
  • Then toggle on “Postmix.”
  • With the right arrow control, navigate over to the newly-added post-mix account and scroll down to “Connect Wallet.”
whirlpool_27whirlpool_27
  • From the list of available wallets, select your choice (Sparrow Wallet in this case).
  • Select the “Single-sig” signature type.
  • Select “QR Code.”
  • Follow the prompt telling you this is going to display a QR code by selecting the “>” arrow.
  • Then an animated QR code will start flashing. 
whirlpool_28whirlpool_28

Now you are ready to initiate the connection process in Sparrow Wallet.

  • Select “File,” then “New Wallet”:
whirlpool_29whirlpool_29
  • Then name your new wallet and click on “Create Wallet”: 
whirlpool_30whirlpool_30
  • Next, you can leave the defaults for the policy type and script type but select “Airgapped Hardware Wallet” for the “Keystore 1” selection: 
whirlpool_31whirlpool_31
  • A pop-up window will appear, select the “Scan…” option on the Passport line:
whirlpool_32whirlpool_32
  • Sparrow Wallet will launch your webcam, then you should hold the animated QR code from your Passport in front of your webcam:
whirlpool_33whirlpool_33
  • Once all the information is captured, Sparrow Wallet will display a summary of the watch-only wallet you are importing. If all the details look correct, then select “Apply.” You will be prompted for a password if you want to optionally encrypt this wallet file on your computer. You have the option to verify an address with your Passport for extra assurance. 
whirlpool_34whirlpool_34

Now, with both your hot wallet and watch-only wallet open in Sparrow Wallet, you can navigate back over to your hot wallet tab and point it to your watch-only wallet so it sends Whirlpool outputs there.

  • In your hot wallet, navigate to the “Postmix” tab and “UTXOs” subtab.
  • At the bottom of the screen, select “Mix to…”:
whirlpool_35whirlpool_35
  • A pop-up dialog will appear, select your watch-only wallet as the mix-to wallet and then set the minimum number of mixes you desire each UTXO to receive before it is sent to cold storage:
whirlpool_36whirlpool_36

Once your UTXOs have gone through some CoinJoin rounds, they will start showing up in your watch-only wallet as they are deposited to cold storage. Make sure to leave your hot wallet open and connected to the internet to get continuous CoinJoin rounds.

whirlpool_37whirlpool_37

You can also monitor your Passport post-mix account from the Envoy app. Just like with connecting your primary wallet, simply select “Connect Wallet” from the post-mix account page on your Passport and then go through the animated QR code connection process using your Envoy app.

whirlpool_38whirlpool_38

You can create transactions to spend from your Postmix account using the Envoy app and then you can sign those transactions using the QR code method.

This concludes the selected features section.

In this guide you were introduced to Passport and shown the unboxing, supply chain validation, how to download the Envoy companion app, how to update the firmware, initial setup of your Passport, comparisons between the Passport Founder’s Edition and the Passport Batch 2, and how to use the Whirlpool feature to CoinJoin directly to your cold storage device.

This is a guest post by Econoalchemist. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.