# How It Works **Bold protects your Bitcoin by splitting control across your own devices β€” with no seed phrase, no servers, and no company in the middle.** *** ## Think in β€œlocks”, not keys πŸ” Most Bitcoin wallets give you **one secret**. If that secret is: * stolen β†’ Bitcoin gone * lost β†’ Bitcoin gone Bold works differently. Instead of one secret, Bold creates a **lock that needs multiple devices to open**. *** ## Seedless by design β€” where your wallet really lives Bold uses **Threshold Signature Schemes (TSS)**. That means: * no seed phrase * no master private key * no single point to steal or lose Each device holds a **key share**.\ The full private key **never exists anywhere**, not even during signing. ``` Traditional Wallet ------------------ [ Single Private Key ] | Spend Bold Wallet (TSS) ----------------- [ Device A ] [ Device B ] [ Device C ] | | | +---------- cooperate ----------+ | Spend ``` On-chain, the result looks like a **normal single-signature Bitcoin transaction** β€” no multisig fingerprint, no privacy leak. ``` ❌ No Seed Phrase ❌ No Master Key ❌ No Reconstruction Point [ Share A ] + [ Share B ] (+ [ Share C ]) ↓ Threshold Signature ↓ Valid Bitcoin Tx ``` *** ## Backups without compromise 🧠 Because Bold is **seedless**: * each device holds its own key share * each key share can be backed up **independently** * backups can be stored in **different physical locations** ``` Backups (Independent & Encrypted) --------------------------------- [ Device A Backup ] β†’ Location A (SD card) [ Device B Backup ] β†’ Location B (Signal App) [ Device C Backup ] β†’ Location C (cloud/inbox) No single backup can restore the wallet ``` Stealing one device or one backup: * cannot reconstruct the wallet * cannot spend funds * does not expose the full key Security comes from **separation**, not secrecy. *** ## Choose how many devices protect you ### Option A β€” 2 devices (2-of-2) * both devices are always required * permanent loss of one device β†’ funds are unrecoverable ``` 2-of-2 Setup ------------ [ Phone ] + [ Tablet ] | | +---- sign ----+ | Spend Loss of one device = funds locked forever ``` **Pros** * maximum control * no recovery paths **Cons** * no forgiveness for loss *** ### Option B β€” 3 devices (2-of-3) ⭐ Recommended * any two devices can approve * one device can be lost or destroyed * funds remain fully accessible ``` 2-of-3 Setup ------------ [ Phone ] [ Tablet ] [ Laptop ] | | | +----- any two cooperate ----+ | Spend One device lost β†’ wallet still usable ``` **Pros** * no single point of failure * no custodian * real-world resilience **Cons** * extra device needed for the setup *** ## How devices communicate 🌍 Bold devices communicate **directly and bidirectionally**. They use: * **Nostr relays** (public or self-hosted) * **NIP-44 end-to-end encryption** * **multiple relays in parallel** (NIP-44 encrypted, bidirectional) ``` Encrypted, Bidirectional Messaging ---------------------------------- Relay 1 β†— β†˜ [ Device A ] Relay 2 [ Device B ] β†˜ β†— Relay 3 β€’ NIP-44 encrypted β€’ Multiple relays β€’ Relays = transport only ``` ### Why this matters * messages flow both ways * no single relay can block signing * relays never see keys or transactions * you can run your **own private Nostr relay** Relays are **transport only**, not trusted parties. *** ## Signing paths: online, local, and air-gapped ### Online signing * devices coordinate over Nostr * messages sent over multiple relays in parallel * resilient across networks and borders ``` Online Signing -------------- [ Device A ] ⇄ Nostr ⇄ [ Device B ] | Threshold Signing | Final Tx ``` ### Local signing * devices connect over **local Wi-Fi / hotspot** * no internet required * ideal for nearby devices ``` Local Network Signing --------------------- [ Device A ] ⇄ Local Wi-Fi / Hotspot ⇄ [ Device B ] | Threshold Signing | Final Tx β€’ No internet β€’ Same security model β€’ Same TSS guarantees ``` *** ### Air-gapped capability - signing (PSBT via QR) Air-gap applies to **PSBT workflows**, not device coordination. 1. Transaction created in a watch-only wallet 2. PSBT shown as **animated QR** 3. Bold scans and signs offline 4. Signed PSBT returned via QR ``` Air-Gapped Flow --------------- [ Watch-Only Wallet ] | PSBT (QR) ↓ [ Bold Signer ] ← offline | Signed PSBT (QR) ↓ [ Broadcaster ] ``` Signing still happens using: * local device cooperation * no internet * no servers *** ## Seeing your balance β€” no company backend Bold does **not** run wallet infrastructure. You choose how blockchain data is fetched: * public `mempool.space` * your **self-hosted mempool** * a mempool connected to your **Bitcoin node** ``` Balance & UTXO Sources --------------------- [ Bold Wallet ] | +── Public mempool.space +── Self-hosted mempool +── Private mempool β†’ Bitcoin Node Switch anytime. No dependency. ``` If a service disappears: * switch endpoints * wallet keeps working * funds remain safe *** ## Signer-only mode (advanced users) Bold can act as a **pure TSS signer**. * wallet exported as **watch-only** using output descriptors * PSBT created in Sparrow, Electrum, or BlueWallet * Bold signs β€” nothing else ``` Advanced Setup -------------- [ Sparrow / Electrum ] | Create PSBT | [ Bold TSS Signer ] | Signed PSBT | Broadcast Anywhere ``` This enables: * cold storage * audits * infrastructure separation *** ## What Bold deliberately avoids 🚫 Bold does **not**: * generate seed phrases * store master keys * hold recovery secrets * run signing servers * depend on one relay * rely on unverifiable hardware ## If Bold vanishes tomorrow, nothing breaks. > **Bold is software β€” not a service.** * βœ… **Your wallet still works**\ There are no Bold-operated servers, accounts, or backend dependencies. * βœ… **Your Bitcoin remains yours**\ Funds are controlled exclusively by your devices using threshold signatures (TSS). * βœ… **Fully open-source**\ The entire Bold codebase is public, auditable, and verifiable on GitHub. * βœ… **Decentralized app distribution**\ The Bold APK is not tied to a single store and is available via: * GitHub Releases * F-Droid * OpenAPK * ZapStore * Community mirrors and more others * βœ… **No app store or vendor lock-in**\ You don’t need Google Play, Apple services, or Bold infrastructure to install or run the wallet. * βœ… **Alternative recovery path**\ A CLI binaries are provided, enabling advanced users to: * Restore device key shares * Reconstruct signing capability * Create and sign transactions without the mobile app UI > **If Bold disappears tomorrow, nothing breaks.** This is **anti-fragile self-custody** by design: * No backend that can be shut down * No company key that can be revoked * No permission that can be taken away Bold doesn’t ask for your trust β€”\ **it removes itself from the trust model entirely.** πŸ§ πŸ›‘οΈ *** ## The honest truth Bold gives you **real sovereignty**, not convenience theater. * 2-of-2 β†’ absolute control, zero forgiveness * 2-of-3 β†’ resilience without trust No magic recovery.\ No hidden safety net. Only: * your devices * math * open-source code *** ## Final mental model 🧠 Bold says: > **Your full sovereignty - no one else** **Bold isn’t an upgrade β€” it’s the exit!** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.boldbitcoinwallet.com/hiw.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.