What is BitNote?

Bitnote allows you to store encrypted text notes directly on the blockchain.

Why did we create it?

We created BitNote because we ran into an annoying problem: where do you store your seedphrase?

The traditional advice is to etch your seedphrase into steel and store it in a fireproof safe that is bolted to the ground in a secret place in your house. That’s great advice if you’re Batman. Unfortunately, for the rest of us that kind of physical security is not really feasible. 

Some people use safety deposit boxes at banks. But given how banks feel about crypto, this approach seems unwise.

Many people turn to centralized password managers like 1Password and Lastpass. Unfortunately, these can have security issues and are generally not open source, so you never quite know what’s going on with your data.

We’ve seen people store seedphrases in their Apple, Google, or Microsoft accounts (only sometimes encrypted), but what happens when they randomly decide to ban you?

We’ve even seen people concoct crazy “security” practices like this poor soul, who split his seedphrase between four excel files only to lose the data in a harddrive crash.

Even Bitcoin core developers can have questionable security practices leading to hacks and lost funds.

So we searched for decentralized, trustless, permissionless, open source, permanent storage that is highly secure but easily usable and accessible. 

And we didn’t find it. So we built it.

What can you store in a BitNote?

The note can store any text data (UTF-8).

What are the use cases?

BitNote is best used to store sensitive text information, like seedphrases. In general it’s probably too cumbersome to be a replacement for traditional note apps for non-sensitive information.

Some ideas of how you could use BitNote:

How does it work?

After connecting your wallet to the site, you can “Create” a note. 

Notes are locally encrypted with a password of your choice, and are recorded to the blockchain after you pay the gas fee. 

Your data is not recorded by us in any way. Your data is securely encrypted before it ever leaves your computer to be submitted on-chain. The BitNote website communicates directly with the smart contract, there is no intermediary or backend. We do not have any analytics or third party trackers on BitNote whatsoever.

To access your encrypted notes, just enter your public address manually or connect your wallet on the homepage. Then tap “View” on a particular note and enter the password you created.

Can you edit a note after it’s published?

Yes. Notes can be edited by the wallet that created them. You would just need to pay a gas fee to do so, as you are making an on-chain change.

What blockchains are supported?

At launch we’ll support Ethereum, but we intend to expand to almost every EVM chain.

How much does it cost?

It varies depending on what the current gas fee of the blockchain is. Additionally, we charge a small percentage of the gas fee for every note that is published, which goes back to BitNote. But a great benefit of this approach is you only pay once for your note. No subscriptions or ongoing fees. It does not cost anything to view a note.

How does the encryption work?

We take a randomly generated 16-byte salt and a user-defined password to create a SHA512 hash to put through PBKDF2 (set to 1 million iterations) to derive a private key. We pass that private key and the plaintext to AES-GCM 256 to encrypt it.

Is BitNote open source?

Yes. BitNote is fully open source.

What happens if BitNote disappears?

BitNote is fully open source, anyone can run a front end website that communicates to the immutable smart contract that lives forever on-chain. If the BitNote website goes down, you can either communicate directly with the smart contract, or use an alternative front end website to access your notes.

How important is it to choose a strong password?

Very, very important. Your data is stored encrypted, but publicly. It will exist not only on a public blockchain, but also archival nodes and even blockchain explorers like Etherscan. Which is great for redundancy. There will be many copies of your encrypted data. But the downside is if you choose a weak password the encryption can be broken, and your data will be compromised. So please choose a strong password.

How safe is BitNote?

Very safe. If you trust encrypted money, you should trust encrypted passwords. We are using incredibly strong encryption (“military grade,” “bank level,” “zero knowledge encryption,” “insert your favorite marketing buzzword”).

But any system is only as secure as its trust assumptions. BitNote is safe assuming:

  1. You choose a strong password
  2. You store and access your password safely
  3. The device you’re using BitNote on isn’t compromised

There are additional long tail risks to be aware of:

  1. The blockchain you are storing data on doesn’t disappear
  2. The method you’re using to access BitNote (like the front end website) isn’t compromised
  3. There isn’t a flaw in the BitNote system
  4. AES-256 encryption doesn’t get cracked

Aren’t quantum computers going to wreck encryption? 

AES-256 is considered quantum resistant as long as your password contains at least 256 bits of entropy. Of course no one can exactly predict the future, but there are good reasons to believe AES-256 will not be defeated for many decades, if ever.