Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/satsigner/satsigner/llms.txt

Use this file to discover all available pages before exploring further.

Privacy & Security Tools

SatSigner is designed with privacy as a fundamental principle. The wallet includes comprehensive privacy and security features to protect your financial sovereignty and prevent surveillance.

Core Privacy Principles

No Tracking

SatSigner implements zero telemetry:
  • No analytics: No usage statistics collected
  • No crash reports: No automatic error reporting
  • No phone home: No connections to tracking servers
  • No third-party SDKs: No advertising or analytics libraries
  • Open source: All code is auditable
App Configuration (apps/mobile/app.config.ts:8): 
export default ({ config }: ConfigContext): ExpoConfig => ({
  name: 'satsigner',
  slug: 'satsigner',
  description: 'Privacy-first Bitcoin signer with complete UTXO control',
  // No analytics or tracking plugins
  // No remote config services
  // No cloud dependencies
})

Local-First Architecture

All sensitive data stays on your device:
  • Keys: Encrypted in secure storage
  • Transactions: Built locally
  • Labels: Stored in local database
  • History: Cached on device
No Cloud Sync (except opt-in Nostr labels):
  • No iCloud backup of keys
  • No server-side wallet state
  • No centralized services

Network Privacy

Minimize network leakage:
  • Direct node connection: Connect to your own node
  • No address reuse: HD wallet path derivation
  • Batched queries: Reduce information leakage
  • Tor support: Optional onion routing (coming soon)

Complete UTXO Control

Manual Coin Selection

Choose exactly which UTXOs to spend: 
type UTXO = {
  txid: string           // Transaction ID
  vout: number           // Output index
  value: number          // Amount in satoshis
  address: string        // Address
  scriptPubKey: string   // Locking script
  confirmed: boolean     // Confirmation status
  height?: number        // Block height
  label?: string         // User label
}
Benefits:
  • Prevent address linkage
  • Optimize fee efficiency
  • Maintain separate coin sets
  • Control privacy leakage

Coin Labeling

Organize UTXOs with labels: BIP-329 Compatible Labels 
[
  {
    "type": "tx",
    "ref": "f91d0a8a78462bc59398f2c5d7a84fcff491c26ba54c4833478b202796c8aafd",
    "label": "Transaction from Alice"
  },
  {
    "type": "addr",
    "ref": "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh",
    "label": "Exchange deposit address"
  },
  {
    "type": "output",
    "ref": "f91d0a8a78462bc59398f2c5d7a84fcff491c26ba54c4833478b202796c8aafd:1",
    "label": "Change output"
  }
]
Label Management:
  • Import/export labels as JSON
  • Sync labels via Nostr (encrypted)
  • Share with co-signers in multisig
  • Backup with wallet export

UTXO Freeze

Mark UTXOs as unspendable: 
type UTXOStatus = 'available' | 'frozen' | 'pending'

function freezeUTXO(utxo: UTXO) {
  utxo.status = 'frozen'
  // Excluded from coin selection
  // Prevents accidental spending
  // Useful for long-term holds
}
Use Cases:
  • Separate cold storage coins
  • Preserve specific UTXOs
  • Prevent dust consolidation
  • Maintain plausible deniability sets

Address Management

HD Wallet Privacy

Hierarchical Deterministic wallets prevent address reuse: 
m / purpose' / coin_type' / account' / change / address_index
BIP-84 (Native SegWit): 
m / 84' / 0' / 0' / 0 / 0  → First receiving address
m / 84' / 0' / 0' / 0 / 1  → Second receiving address
m / 84' / 0' / 0' / 1 / 0  → First change address
Automatic Derivation:
  • New address for each payment
  • Change to new addresses
  • Gap limit management
  • Address index tracking

Address Types

Support for multiple address formats: Native SegWit (bc1q…)
  • Lowest fees
  • Best privacy
  • Recommended default
Nested SegWit (3…)
  • Backward compatibility
  • Medium fees
  • Wide support
Taproot (bc1p…)
  • Enhanced privacy
  • Script flexibility
  • Future-proof
Legacy (1…)
  • Maximum compatibility
  • Highest fees
  • Avoid if possible

Address Gap Limit

Control address generation: 
const GAP_LIMIT = 20  // Standard gap limit

// Generate addresses until gap limit reached
for (let i = 0; i < GAP_LIMIT; i++) {
  const address = deriveAddress(account, 0, lastUsedIndex + i)
  if (hasTransactions(address)) {
    lastUsedIndex = lastUsedIndex + i
    i = 0  // Reset counter
  }
}
Purpose:
  • Recover all used addresses
  • Balance convenience vs privacy
  • Prevent address loss

Network Privacy

Node Connection

Connect to Your Own Node (Recommended) Electrum: 
electrum://your-node.com:50002
Esplora: 
https://your-node.com:3000
Benefits:
  • Zero information leakage
  • Complete privacy
  • No third-party trust
  • Enhanced security

Tor Integration (Coming Soon)

Route connections through Tor network: 
type TorConfig = {
  enabled: boolean
  socksProxy: string  // 127.0.0.1:9050
  isolateStreams: boolean
}
Privacy Benefits:
  • Hide IP address
  • Prevent network surveillance
  • Access censored services
  • Enhance location privacy
Planned Features:
  • Automatic Tor detection
  • Onion service support
  • Per-connection isolation
  • Bridge support

Query Batching

Minimize information leakage: 
// Instead of querying each address separately
const txs1 = await getTransactions(address1)  // ❌ Leaks address linkage
const txs2 = await getTransactions(address2)  // ❌ Leaks address linkage

// Batch query multiple addresses
const allTxs = await getTransactions([       // ✅ Better privacy
  address1,
  address2,
  address3,
  // Add decoy addresses
  decoyAddress1,
  decoyAddress2
])
Techniques:
  • Batch address queries
  • Add decoy addresses
  • Random query timing
  • Connection rotation

Transaction Privacy

CoinJoin Support (Coming Soon)

Collaborative transaction privacy: 
type CoinJoinRound = {
  inputs: UTXO[]           // Participant inputs
  outputs: Output[]        // Mixed outputs
  coordinatorFee: number   // Round fee
  participants: number     // Round size
  mixLevel: number        // Anonymity set
}
Benefits:
  • Break transaction graph
  • Increase anonymity set
  • Obfuscate ownership
  • Forward privacy

PayJoin Support (Planned)

P2P transaction privacy: 
type PayJoinTransaction = {
  senderInputs: UTXO[]     // Sender UTXOs
  receiverInputs: UTXO[]   // Receiver adds input
  outputs: Output[]        // Combined outputs
  savingsFee: number       // Fee savings
}
Advantages:
  • Breaks common input heuristic
  • Looks like normal transaction
  • No coordinator required
  • Both parties save on fees

Custom Fee Selection

Control fee rate for privacy: 
type FeeRate = {
  priority: 'high' | 'medium' | 'low' | 'custom'
  satsPerVByte: number
  totalFee: number
  confirmationTarget: number  // Blocks
}
Privacy Considerations:
  • Avoid unique fee rates
  • Use common fee levels
  • Consider time preferences
  • Balance speed vs cost

Metadata Privacy

No Address Reuse

Never reuse addresses: 
// Track used addresses
const usedAddresses = new Set<string>()

function getReceiveAddress(): string {
  const address = deriveNextAddress()
  
  // Never reuse
  if (usedAddresses.has(address)) {
    return getReceiveAddress()  // Get next
  }
  
  return address
}
Why it matters:
  • Prevents transaction linkage
  • Protects recipient privacy
  • Reduces fingerprinting
  • Best practice

Label Privacy

Protect label information: Encrypted Nostr Sync:
  • Labels encrypted end-to-end
  • Only trusted devices can decrypt
  • Relays cannot read contents
  • Forward secrecy
Local Export:
  • Encrypt before backup
  • Never share unencrypted
  • Use strong passwords
  • Store securely

Transaction Timing

Obscure transaction patterns: 
// Add random delay before broadcasting
const randomDelay = Math.random() * 60000  // 0-60 seconds
await sleep(randomDelay)
await broadcastTransaction(tx)
Timing Analysis Mitigation:
  • Random broadcast delays
  • Avoid predictable patterns
  • Use different times
  • Consider timezone leakage

Multisig Privacy

Script Privacy

Taproot Multisig (Best Privacy):
  • Looks like single-sig
  • No script revelation
  • Hidden spending conditions
  • Future-proof
Native SegWit Multisig:
  • Visible script type
  • Clear multisig indicator
  • Still good privacy
  • Wide support

Co-signer Coordination

Encrypted Communication:
  • Use Nostr for PSBT sharing
  • End-to-end encryption
  • No metadata leakage
  • Decentralized
PSBT Privacy:
  • Minimize PSBT sharing
  • Remove unnecessary fields
  • Use finalized transactions
  • Verify signatures

Secure Key Management

Key Storage

Secure Enclave (iOS): 
import * as SecureStore from 'expo-secure-store'

await SecureStore.setItemAsync('seed', encryptedSeed, {
  keychainAccessible: SecureStore.WHEN_UNLOCKED_THIS_DEVICE_ONLY
})
Keystore (Android): 
await SecureStore.setItemAsync('seed', encryptedSeed, {
  keychainAccessible: SecureStore.WHEN_UNLOCKED_THIS_DEVICE_ONLY
})
Properties:
  • Hardware-backed encryption
  • Biometric protection
  • Secure deletion
  • Tamper detection

Passphrase Support

BIP-39 Passphrase (25th word): 
type Wallet = {
  mnemonic: string[]      // 12 or 24 words
  passphrase?: string     // Optional 25th word
}

// Derive seed with passphrase
const seed = mnemonicToSeed(mnemonic, passphrase)
Benefits:
  • Plausible deniability
  • Additional security layer
  • Multiple wallets from one seed
  • Duress protection

Backup Security

Seed Phrase Backup:
  • Write on paper (never digital)
  • Use metal for fire/water resistance
  • Split storage (never together)
  • Test recovery process
Never:
  • Screenshot seed phrase
  • Store in cloud
  • Share electronically
  • Store in plain text

Operational Security

Device Security

Basics:
  • Use strong device password
  • Enable biometric auth
  • Keep OS updated
  • Avoid jailbreak/root
Advanced:
  • Dedicated device for Bitcoin
  • No untrusted apps
  • Regular security audits
  • Hardware security keys

App Permissions

Required:
  • Camera (for QR codes)
  • Biometric (for authentication)
Never Required:
  • Location
  • Contacts
  • Microphone (except for development)
  • Background data

Network Security

Best Practices:
  • Use VPN or Tor
  • Avoid public WiFi for sensitive operations
  • Verify SSL certificates
  • Monitor network traffic
Threat Model:
  • ISP surveillance
  • Network packet analysis
  • MITM attacks
  • Traffic correlation

Privacy Checklist

High Privacy Setup

  • Connect to your own node
  • Enable Tor (when available)
  • Use Taproot addresses
  • Enable manual coin control
  • Label all addresses/transactions
  • Never reuse addresses
  • Use unique fee rates
  • Add random delays
  • Batch transactions when possible
  • Review privacy before broadcast

OpSec Guidelines

  • Use strong device password
  • Enable biometric authentication
  • Backup seed phrase securely
  • Test recovery process
  • Update app regularly
  • Review app permissions
  • Monitor for suspicious activity
  • Compartmentalize wallets
  • Use passphrase for sensitive accounts
  • Practice operational security

Privacy Resources

Privacy Tools

  • CoinJoin: WabiSabi, Whirlpool
  • PayJoin: BTCPay Server, JoinMarket
  • Tor: Tor Browser, Orbot
  • VPN: Mullvad, IVPN

Community

Future Privacy Features

Planned enhancements:
  • Native Tor Support: Integrated Tor client
  • CoinJoin Integration: Automated collaborative transactions
  • PayJoin Support: P2P payment privacy
  • Silent Payments: BIP-352 implementation
  • Stealth Addresses: Hidden payment addresses
  • Dust Management: Privacy-preserving dust handling
  • UTXO Consolidation: Privacy-aware coin merging

Implementation Reference

App Config: apps/mobile/app.config.ts:1 UTXO Management: apps/mobile/types/models/Address.ts:1 Label Export: apps/mobile/app/(authenticated)/(tabs)/(signer,explorer,converter)/signer/bitcoin/account/[id]/settings/export/labels.tsx:1 Nostr Sync: apps/mobile/app/(authenticated)/(tabs)/(signer,explorer,converter)/signer/bitcoin/account/[id]/settings/nostr/index.tsx:1