Link Search Menu Expand Document

Architecture

The BitBoxBase integrates seamlessly with the BitBoxApp, which functions as control center for all node functionality, and supported hardware wallets. The two components discover each other within a local network without manual configuration and can then reconnect after initial pairing using different connection methods.

See dedicated documentation sections on the left for additional details.

User interface

The BitBoxBase runs as a headless appliance with a minimal status display. It is used and managed through the free and open-source BitBoxApp. Having the user interface in a seperate application simplifies many things, allowing for automatic network discovery, a setup wizard and secure remote management. This apporach also reduces the attack surface significantly, as no webserver needs to be exposed and port-forwarding can be avoided completely.

The BitBoxApp is hosted in a seperate GitHub repository: https://github.com/digitalbitbox/bitbox-wallet-app

Hardware

Building a solution platform that focuses on security and performance, the BitBoxBase uses an ARM-based board with enough processing power to enable additional features in the future.

  • Pine64 ROCKPro64 with fast 4GB memory and an internal 1TB SSD
  • BitBox secure element: adapted BitBox 02 that drives trusted screen and buttons

Operating system

The operating system is a custom-built Armbian image, with minimal functionality, running in read-only mode and allowing atomic updates with fallback.

  • Armbian: custom built Linux operating system, mounted as read-only with tmpfs overlayfs from eMMC storage
  • Mender.io: Over-the-air update management solution, enabling atomic full diskimage updates, using dual partitions for fallback

Applications

The following key applications are used:

  • Bitcoin Core: full Bitcoin node, communicating directly with the peer-to-peer network, validating and broadcasting transactions
  • c-lightning: Lightning Network client specifically built for backend usage
  • electrs: Electrum Server to provide blockchain data to software wallets

The following services are exposed:

  • NGINX: reverse proxy to handle all incoming traffic
  • Base Middleware: custom middleware managing encrypted communication between BitBoxBase and App

Additional noteworthy components on the BitBoxBase:

  • Base Supervisor: custom daemon for operational monitoring and control, providing system health information and node configuration
  • Tor: external network connections exclusively use the privacy-focused Tor network
  • Redis: in-memory key/value datastore, acting as central configuration repository
  • Prometheus: monitoring of system and software components
  • Grafana: visualization of system and network performance metrics

Networking

Connectivity from the Bitcoin wallet application to the node backend is a challenge. We provide the following complementary options to allow for privacy and ease-of-use:

  1. Local network: automatic detection using mDNS within the local network.
  2. Tor network: private connectivity without any router configuration, needs Tor installed on client device.
  3. Shift Connect: zero-knowledge Tor/Web proxy for use with any client device

Overall, we strive to make using our BitBox products as simple as possible.