Episode Transcript
[00:00:00] The seed phrase has been a barrier to self custody since day one. It's what scares normies away from keeping their own bitcoin. And it's a legitimate reason why people accept the counterparty risk of exchanges and custodial apps.
[00:00:15] The best in Bitcoin made Audible. I am Guy Swan and this is Bitcoin Audible.
[00:00:32] Foreign.
[00:00:38] What is up guys? Welcome back to Bitcoin Audible. I am Guy Swan, the guy who has read more about bitcoin than anybody else you know. We got a new roundtable. It will be dropping this Thursday so keep an eye out for that. I am going to have Matt Hill on this show tomorrow. Today's Monday.
[00:00:55] I'm not sure when this episode will drop, but I'm recording this on Monday and we'll have Matt Hill. I am super stoked. We're gonna have Svetsky back. We got a lot to unpack with Svetsky. Some really cool things happening over there. And the roundtable episode was so cool. There's so much happened with mining. Stay tuned for that and a couple of good reads on the way. And I am still vibe coding day in and day out and working. I'm back in contact with a couple of developers that I've been working with. They've been getting spotty connections so I've been able to update and work. Amazingly, most of them have still been working on things behind the scenes. And what's really cool actually about the whole Pear Drive and Paradrop stuff that we're working on is that they're now building without with insanely unreliable Internet access. So they're having, they're, they've focused on building tools and ways to use this without Internet, which is great because it's a perfect environment to actually test it in. So really cool to see that. And I will catch you guys at BitBlock. Boom. For anybody who is going, I will be there in Dallas Fort Worth on the 9th, April 9th to 12th. So get your tickets if you haven't. I hope, hope to have some really fun stuff to share. I'll be giving a short talk, I think, I think I, I will be giving a talk at that one and hopefully have some really, really fun stuff to show off about what we're building. And this episode, this read is all about that. It's not about pair, drive or peer to peer stuff. It is about the tools that make it easier to build tools. Breeze SDK has been something that I have been watched, I have been watching extremely closely. I'm a huge fan of Roy. Everybody knows I'VE read so many things that he has written and everything that the Breeze team has been building. I really just think they have had their finger on the pulse for how lightning is evolving and how to build it to reach the everyday user. And they have such a great SDK that I have been exploring and is right now is undeniably the one that I am intending on implementing into what we're building. We're just not at that stage yet because we have to make the things, the underlying stuff function. But I'm really excited and this this article is about one huge and very important thing that I have been considering and looking at how to safely vibe code and get security audits for and Breeze SD went ahead and did it for me. Roy and the crew over there already built it so now I don't even have to think about it and that makes me ecstatic and I want to dig into it on this show with an article from Bitcoin Magazine and my boy Juan Gault. So without further ado we will go ahead and get right into it.
[00:03:46] Actually, some further ado. Don't forget to check out my affiliate links and discount codes and a bunch of stuff that we have right down in the show notes a bunch of different services and products and things that I use. This is a great way to actually support the show. That's free. In fact, a lot of them are discounts for you. So if you do that, that's actually a huge benefit to both of us. And thank you for everyone who does. But with that, let's get into today's read and it's titled Breeze SDK Launches Passkey Login for Seedless Bitcoin Wallets by Juan Galt Breeze, a lightning service provider and bitcoin software lab, has introduced passkey login into its Breeze SDK. The feature allows developers to build self custodial wallets that use passkeys for authentication and key derivation, eliminating the traditional seed phrase requirement during normal use.
[00:04:49] Seed phrase support remains available for users who prefer it, keeping backwards compatibility with industry standards but removing the speed bump in bitcoin wallets, which prompts users to back up their 12 words.
[00:05:02] Breeze explained the rationale behind this new feature in a press release shared with Bitcoin.
[00:05:08] The seed phrase has been a barrier to self custody since day one. It's what scares normies away from keeping their own bitcoin, and it's a legitimate reason why people accept the counterparty risk of exchanges and custodial apps.
[00:05:20] Adding that passkey login doesn't eliminate the trade offs of self custody, but it reframes them around something people already understand and use, namely the same biometric authentication that protects their banking app and their password manager. For most users, that's a much more intuitive security model than a piece of paper in a drawer.
[00:05:42] Per Site Key pairs in modern hardware passkeys, A fairly new security standard that is gaining broad adoption online are cryptographic credentials Based on the FIDO 2 web auth standard jointly promoted by Apple, Google, Microsoft and the FIDO alliance since 2022.
[00:06:02] Each passkey consists of a unique public private key pair generated for a specific website or application.
[00:06:10] The private key remains stored in the secure element or similar hardware on the user's device, such as Apple's Secure Enclave, Android's Titan chip, Windows tpm, external security keys like Yubikey, or the user's password manager. Normal online passkeys resemble the original Bitcoin Wallet dat file introduced by Satoshi Nakamoto in his earlier releases of the Bitcoin client, where private keys are stored locally to the user's device while public keys are shared with third parties.
[00:06:42] However, the FIDO 2 standard implements this private public key idea in a more standardized and modern way.
[00:06:49] Websites send a challenge to the user, referencing the user's known public key for that account. The challenge message is signed by the user's private key, authenticating their identity in a privacy preserving way.
[00:07:01] Each service gets a different public key for the same user, so data compromised on one website does not leak data that can be used to access other websites, nor does it contain any user identifying data.
[00:07:15] FIDO2 is now widely adopted. It leverages device secure elements, integrates with password managers e.g. iCloud keychain, Google password Manager browsers and the World Wide Web Consortium. The W3C WebAuthn API authentication occurs via challenge response, signing with the private key bound to the domain to resist phishing.
[00:07:40] Passkeys support biometric unlock, face id, fingerprint and pin and sync across devices within an ecosystem, for example via iCloud or Google. Over a billion activations reported by the Fido alliance as of mid2025. With support on major platforms and many top websites, FIDO2 was not good enough for Bitcoin wallets.
[00:08:06] Standard passkeys excel at authentication proving identity to a service, but we're missing key functionality needed by the modern bitcoin industry.
[00:08:16] Bitcoin's self custody typically relies on a single source of entropy seed phrase to generate all addresses and keys in a deterministic way via standards like BIP 39.
[00:08:29] Users expect those 12 words alone to be enough to recover all balances and accounts on a Bitcoin wallet. The Passkey standard needed to be extended to support this use case.
[00:08:44] Leveraging the PRF extension Breeze addresses this by using the pseudo random function. The PRF extension in WebAuthn Level 3 PRF enables a passkey to produce a deterministic cryptographic output for any given input during authentication, as described in Breeze's announcement materials.
[00:09:06] That's what the PRF extension of Webauthn solves. It's the key ingredient in Passkey login. PRF is a newer capability, part of the WebAuthn Level 3 spec, that lets your passkey produce a deterministic cryptographic output for any given input. Same passkey, same input, same output always the passkey never leaves your device's secure enclave.
[00:09:34] Device loss and Recovery if a device is lost, recovery depends on the platform used to store the passkey. Synced passkeys via iCloud, Keychain, Google Password Manager, etc. Restore on a new device after regaining access to the associated account.
[00:09:54] Breez provides an optional backwards compatible path. Users can export a normal 12 word bip 39 mnemonic for their wallet so they can recover their account in other Bitcoin wallets following industry standards. The press release adds that passkeys also aren't fully interoperable across platforms yet. If you ever need to move to a platform or wallet that doesn't support passkeys, you can you have a standard seed phrase to fall back on.
[00:10:22] The full technical specification for Passkey login is public and a reference app called Glow demonstrates the feature. Breeze positions this as a step toward making Bitcoin self custody by aligning with familiar biometric authentication used in banking and password managers while preserving non custodial control.
[00:10:43] Developers integrating the Breeze SDK can now offer onboarding without the traditional write down these words step for supported environments. The full technical specification for passkey login is public and our reference app Glow is already running it and it's now available for all the Breeze SDK devs to use.
[00:11:06] So this is what I've talked about quite a bit on this show and a super critical consideration that I think we'll be using and I'm pretty certain we're going to be using the Breeze SDK anyway for Pear Drive and kind of our ecosystem that we're the collection of things that we're building around it. But this is the sort of thing that I think is lost on so many bitcoiners and specifically developers in the space and hopefully maybe we're beginning to realize where and how we need to deal with the various trade offs. But we have got to meet the users where they are and realize how vast of an improvement it is for someone to be self custody in a way that's not perfectly cypherpunk sovereign secure than it is for them to be custodial with some trusted intermediary.
[00:12:06] I've always felt that we have this hyper focus on getting the end all be all getting this like supposed perfect end game in every single thing and if we can't get it then we simply basically leave everybody, like just throw them to the wolves and somehow like you know, let's say, let's say from the context of like someone using a banking app and using a trusted custodial fintech service and using fiat money in a permissioned ecosystem that if they went fully sovereign, hold their own keys, hardware wallet outside of their phone device or their mobile device or their Mac or their, their laptop or whatever it is, keys totally offline, running their own lightning node, the whole, the whole setup, right, that you're 100x improvement, there's a hundred different ways and 100 different important ways in which you are more sovereign, more in control and more responsible for those funds and their security than you are in fiat land. But somehow for some subset of, of the culture, the space or the mentality around this, is it like a 10x or a 50x improvement?
[00:13:36] It's just not even worth entertaining. It's like learn to have you learn to use a hardware wallet or nothing or just, just use the Coinbase wallet. There's no middle ground, there's no reason for stair stepping progress. There's no reason for just like making it a little bit better. You should just use fiat and be fully permissioned. If you're not going to run your own lightning node and have your own key and have your own, you know, sovereign banking. Start nine device in your house. Your 24 words written down, you know, you know, stamped into steel and you know, all cameras and electronics turned off when you write down the seed words. And then doing a hard reset of all of your devices after you write down the seed phrase so there's no compromise. Do a full zero out of all of your drives twice.
[00:14:23] Run a super powerful magnet across all of your internal cameras and throw them in the trash and then buy an entirely new security system. And you know what, just throw away your computers too and then get all new computers. And now, now you have a sovereign and secure bitcoin wallet. And it's like, well, what if you could have a way to safely put a set of keys into a password manager? That's not great, that's not a perfect setup. But for the typical user and few thousand dollars worth, it's actually achievable, it's far more accessible and it's probably good enough for that amount of value. And as it becomes more important, you just stress to upgrade your security to change, to consider the amount of value and the risk that you are taking at each stage. But you meet them where they are. If you are trying to introduce, if we're still trying to onboard people into Bitcoin into an ecosystem where they can use it, we need to lower all the barriers. Especially when we're talking about maybe they're going to receive a couple of dollars worth of zaps from other users. This is not the time to be talking about 24 word seed phrases. They're exploring. The barriers need to be low. You need to give them the best of what is available.
[00:15:44] That will give them no barrier. And what's crazy is how good of a security system this is, like how much better this is from what is typically gotten for, for an average user that you could just allow a passkey login and they're actually self custodying with a relatively secure key that's actually accessible from all the devices in their platform. And for anybody who wants to be sovereign, for anybody who wants to go that next level, you can still very easily do that. You can upgrade everybody, please, everybody out there listening to this, who is building Bitcoin apps.
[00:16:26] Make this an option.
[00:16:28] Make it an option.
[00:16:30] Don't force your user to care about the things that you care about. You want to give them an experience that solves a problem that is important to them and you want to make that experience accessible in the best, best way that that is possible within their environment, within their, their zone of familiarity. And a login with Apple or login with your passkey is something that the overwhelming majority of users can accomplish. And you know what? Now you don't even have to design it yourself. You don't have to worry about dealing with the security implications of trying to build this from scratch. You can use the Breeze SDK. You know, I was talking to Roy, Roy Scheinfeld from Breeze and we were talking about kind of like how far the Breeze SDK has come and my own thinking about how to implement this into Pear Drive and he said he was working with it might have been glow. I don't even know what the app was, I can't remember anymore. It might even be in our conversation. But he was talking about how, you know, at the beginning it took, you know, a handful of days, maybe even like a week or more to implement.
[00:17:40] And they just recently had someone like from the point of this conversation, which was a couple of weeks ago, maybe a month or so ago, that they had had somebody go that same day from morning to afternoon in a matter of hours.
[00:18:00] They went from we have decided we want to implement the Breeze SDK to a production implementation that was safe and perfectly like perfectly reasonable to just have in production and actual use because of the continuous progress and adjustments they've made to the SDK. So the implementing it just doesn't. You don't have to consider like all of the security and all of the back end and all of the function of this thing is handled in the back end and basically you're just like sticking a front end on it and making sure the buttons call the right APIs and it simply does the job for you. That is amazing. That is amazing. There is no reason for anyone out there now to be building an app without, without this in it, without some sort of lightning or bitcoin integration when it can actually be done that quickly, especially in the age of AI. And this is what Roy has talked about is that it's not about everybody having thousands of lightning apps, it's about having lightning in every app and what it can do when you have these things available.
[00:19:05] So just a shout out to their constant rethinking and adjustments and understanding where and how to meet the user. I think this is a huge deal and everybody building tooling and like wallet development kits and all of this stuff should be thinking about this exact thing.
[00:19:23] I personally think this is really important piece of the puzzle and that's, that's also why we are making this decision. Like obviously I don't know everything and maybe I'm completely wrong, but this feels like the solution, this feels like the direction things need to go is how do you find that middle ground where you can give self custody but you don't have to intimidate or put the user in an unfamiliar place. Because all of this is about trust. And if they have to do something they've never done before, they're not going to trust it. It doesn't matter if it's more secure. They don't understand how to judge whether it's trustworthy or not. That is the thing is that because you understand it is trustworthy, they then just have to trust you, all of this is about trust. And trust is personal. You have to understand what the user can trust, how they know the degree of trust, like whatever the situation and the conditions and tools that they are familiar with and that they use. And you have to go within that environment and say, how do I give them the most trustworthy setup that they know and understand?
[00:20:27] Then you can begin to extend their familiarity and extend their ability to add on top of that. But you don't just, you don't just turn that on. It is a very slow and very low layer shift to actually build trust in new, in new mechanisms, in new workflows, in new, in new systems, in new tools. All of these things, especially when you're attaching to it a new money. Money is about as low of a trust system as it gets. We are stacking the deck against ourselves when we then make the tools unfamiliar and we require them to do additional things that they're not used to. They're already having to take a gamble with this thing they've never heard about, this crazy magic Internet money that just happens to give them some sort of a feature or experience that they've never had before. And it's like, okay, maybe, maybe this is worth looking into. Well, write down your 24 word, your 24 word seed phrase or you're going to lose all of your funds. You're not going to be able to get this into any other app. If you open up a new app, you're going to have a totally different wallet. You have to write down another 24 seed phrase. Oh my, oh my God, I'm done. I'm done. I'm out. I'm out. That is what most people run into. That is how most people feel about it. And that is enough of a barrier to get them to just be like, no, I'm not doing it. I can't tell you how many simple things have been barriers for me just because I don't want to deal with it. This is somebody who does all of this stuff. I am literally a masochist when it comes to all of my computer related relationships. My insistence on trying to figure out how to use Linux for any and everything that I can could not be a better example. I spent almost a decade with my main machine being a hackintosh where I took completely off the shelf hardware, built a custom computer, and then tried to get Macintosh to work on top of it. That is masochism incarnate. I have so many bitcoin wallets and, and hardware wallets and Software, wallets and every other damn thing. And still, you know what I kind of just want to do with most of my stuff? To get a bitcoin integration, I would just use login with passkey. I really would, most of the time. And whenever that series, whenever that collection of apps that I'm using in my icloud or Apple ecosystem, whatever it is, got a little bit too much money, I would just withdraw. I would just withdraw to, you know, my nunchuck multi sig, or honestly just my Phoenix wallet because that's non custodial. I'm just using an lsp. Then when it got a little bit too much, I would offload to my own Lightning wallet or to my nunchuck multisig.
[00:23:00] Risk and sovereignty are proportionally important and have variable weight depending on the amount of value being secured and accessed. And people who cannot remember that have lost the plot.
[00:23:21] A good example is on Nostr, people talk about, you know, 90% of payments or something like that are from custodial wallets. And they're like, this is a total failure. Lightning is a failure. When my question is what's the average balance of those custodial wallets? That's my question as to whether or not it's a failure. If it's thousands and thousands of dollars, then we do potentially have a problem.
[00:23:48] If it's less than 100, then 90% of payments being on custodial wallets is of no great concern.
[00:23:56] And I would love to compare, I would love to ask, what's the ratio of balances in that 90% versus the remaining 10%?
[00:24:05] What's, what are people willing to have? What amount of value are people willing to hold into a non custodial lightning wallet or non custodial lightning node versus their custodial account? I think it's as important a distinction as people who compare Bitcoin's energy cost per the amount of transactions on the base layer. When, you know, somebody like Hillary Clinton, for Christ's sake, said that, you know every single. Oh no, not, not Hillary Clinton, Senator Warren said that every bitcoin transaction costs a house worth of electricity. Like these things have nothing to do with each other. This is not the concern. The electricity is not about sending the cost and the proof of work is not about sending transactions. It's about securing value.
[00:24:54] The right comparison is how much electricity, how much energy does it cost to secure, how much value is being moved on average per block that could be in one transaction. It has nothing to do with the number of transactions. I think the Lightning relationship to the number of payments and the amount of value locked on. Lightning is the exact same Disconnect is the exact same fallacy. We are concerned about how much value is locked in custodians versus non custodial, how much each user has at risk with custodians versus how much they hold in self custody. If users are risking 20 to $50, up to $100 in custodial wallets to get a little bit of convenience so that they can zap easy or that they can have the same wallet across a couple different apps, that okay, that is not that big of a deal. That is literally a sub$100 total risk for that user. It it requires or it demands sub$100 worth of concern. If they have thousands of dollars in those apps with custodial services just so they can zap some people a few cent every couple of hours.
[00:26:06] That is reckless. That is foolish. They need to move most of that to self custody. They need better security practices. But you know what they could do to upgrade that quite a bit? They could use login with passkey and they could use self custody by using a seed phrase that is stored or their private key that is stored inside their secure enclave.
[00:26:29] That is a significant improvement. And if you can onboard new users this way without having any other setup, without them even seeing anything outside of what looks like a normal login experience, and give them self custody across multiple apps and immediately send or receive Bitcoin as payment, that is a freaking win.
[00:26:54] That is a huge win. And I think we drastically discount how important that is for the user that doesn't understand this stuff. So use it, build with it. Check it out. If you're a vibe coder, do it. This a perfect thing to vibe code because then you don't have to worry about the security really. You're. You're offloading that to people who have spent years and years trying to perfect this and make this work and make this easy to build with vibe code, make the app you want to make. This is a huge leap forward. This is important stuff that is getting us the last mile. This is putting the trim and the paint on the actual building so that normal people can look at it and be like, oh shit, that's actually pretty. It's not just like a naked thing with a bunch of sticks. They go, they look at it and they go, that's a house. That's a house. That's gorgeous. It's hard to do that. It might be the same thing and it might be 90% done. But if you don't have Sheetrock trim and paint and, you know, fixtures, all of the little things onto. On that last, that last mile of stuff up, a lot of people can't imagine what it will look like and a lot of people just see how much work is needed to actually get it to the thing that they wanted in the first place.
[00:28:10] This login with passkey, this type of additional feature that can just be implemented and built on top of and spread across multiple apps with the same back end of lightning with no onboarding.
[00:28:25] This.
[00:28:26] This is a move in ready house. This is a move in ready house with furniture. Use it anyway.
[00:28:33] Thank you guys for listening.
[00:28:36] Don't forget to check out the Pear drive. We got a lot of things coming. I'm hoping I'll be a bit block boom. And I'm going to be demonstrating one of the apps that I have, even if I'm like ready to actually release it. Well, I mean, we have like a crappy version of it already available for Pair Drop, but I'll be kind of showing off like some of my ideas and things that I think are really important in how we're building.
[00:29:03] And I encourage you, if you don't have tickets yet, I think the, the prices go up in like a day or two and it'll be the final price increase. So I hope to see you guys there. Also, don't forget to check out. I have a bunch of affiliate links. I've got a river referral link. I've got. I think I've still got my Swan referral link down there. I've got a hold up, I've got a discount for you guys. I have a discount for Coin Kite. I still have a discount code for those guys, discount code for bitbox, all sorts of stuff. I'll try to have as much as I can down. These are great ways that you can literally just get stuff. Jade, another great one. A lot of ways that you can actually get your own set up. Get services that I really, really love and products that I use.
[00:29:45] You can get discounts or you can support my show for free. It's a great way to help out the show and basically have a list of resources that I just know I can confidently say this is going to work, you're going to be fine. These are great services, these are great products. So check them out and thank you all who support the show. Shout out to the Audionauts and also everybody who's checking out Paradrive and starting to play with it while it's still in a really complicated NPM install confusing way to use it. And a shout out to Roy and Juan Galt for this article for breaking this down, and to Roy Scheinfeld and the Breeze SDK for their incredible work and the the framing that I think is so important and how they've evolved and thought about Bitcoin and building the tools for the tool builders throughout all of this. A shout out. And with that I will catch you on the next episode of Bitcoin Audible. And until then guys, that is my two sats.
[00:31:01] Tell the truth. If you tell the truth all the time, you don't have to worry three months down the line about what you said three months earlier. Truth is always the truth. You won't have to complicate your life by trying to cover it up.
[00:31:15] Benjamin Carson.
