ZCLIP 001 RFC: loadwallet & unloadwallet & dm-crypt/veracrypt logic flow for FULL wallet encryption integration #101
Description
ZCLIP 001 RFC: loadwallet & unloadwallet & cryptsetup/veracrypt logic flow for FULL wallet encryption integration
Overview
Before implementing full wallet encryption via dm-crypt/VeraCrypt, we must first backport loadwallet/unloadwallet RPC functionality from Bitcoin Core to enable dynamic wallet mounting.
i am working on this now, before working on the zclassic full node dm-crypt/veracrypt funcitons/RPC calls
Phased Implementation
Phase 1: Wallet Load/Unload (Current Scope)
- Reference: Bitcoin Core v0.17.0 (earliest stable implementation of multi-wallet load/unload)
- Scope Reduction: Single wallet support only (no multi-wallet complexity)
- Functions:
loadwalletandunloadwalletRPC commands - Security Benefit: Minimizes wallet memory exposure time
Phase 2: Full Wallet Encryption Integration
Once Phase 1 is complete:
- Linux: 5-layer dm-crypt cascade: Serpent → Twofish → AES → Camellia → Blowfish
- Windows/macOS: VeraCrypt 3-cipher cascade: AES(Twofish(Serpent))
- Encryption Hash: Whirlpool for all platforms
- Integration: Symlink
wallet.datfrom mounted encrypted volume to datadir - UX Enhancement: All encryption operations integrated into
zcl-cliwrapper commands - Attack Surface Reduction: Wallet encrypted at rest; only decrypted when actively loaded
Cryptographic Parameters
Linux: 5-Layer dm-crypt Cascade
Cipher Stack (outer → inner):
- Serpent-XTS (outermost) - 256-bit key, 32 rounds, highest security margin
- Twofish-XTS - 256-bit key, 16 rounds, Schneier-designed Feistel cipher
- AES-XTS - 256-bit key, 14 rounds, hardware-accelerated (AES-NI)
- Camellia-XTS - 256-bit key, 24 rounds, NTT/Mitsubishi design (international diversity)
- Blowfish-XTS (innermost) - 448-bit key, 16 rounds, Schneier design (maximum key length)
Rationale for 5-Layer Cascade:
- Maximum paranoia for high-value cryptocurrency cold storage
- Maximum compatibility: All ciphers available on standard Linux kernels (modprobe if needed)
- Algorithm diversity: Western (AES, Twofish, Serpent, Blowfish), Japanese (Camellia)
- Design diversity: Feistel (Twofish, Blowfish), SPN (AES, Serpent, Camellia)
- Failure resilience: Breaking requires compromise of ALL five ciphers independently
- Geographic trust distribution: Algorithms from USA, Japan, UK design teams
- Performance: Kernel-level dm-crypt faster than user-space VeraCrypt even with 5 layers
- Extended key length: Blowfish supports up to 448-bit keys (longest in cascade)
Security Property: An attacker must:
- Break Serpent-256 (32 rounds, no practical attacks)
- AND break Twofish-256 (key-dependent S-boxes)
- AND break AES-256 (NIST standard, hardware-accelerated)
- AND break Camellia-256 (ISO/IEC 18033-3 standard)
- AND break Blowfish-448 (16 rounds, 448-bit key = largest keyspace in cascade)
XTS Mode: Each cipher layer uses XTS mode (IEEE P1619) for disk encryption:
- Serpent/Twofish/AES/Camellia: 512-bit effective key (256-bit encryption + 256-bit tweak)
- Blowfish: 896-bit effective key (448-bit encryption + 448-bit tweak)
- No IV reuse across sectors
- Resistant to block manipulation attacks
Windows/macOS: 3-Layer VeraCrypt Cascade
Cipher Stack: AES(Twofish(Serpent))
- Serpent (Inner): 256-bit key, 32 rounds, conservative design
- Twofish (Middle): 256-bit key, 16 rounds, key-dependent S-boxes
- AES (Outer): 256-bit key, 14 rounds, hardware-accelerated
Rationale: VeraCrypt maximum supported cascade (3 ciphers). Linux provides superior 5-layer protection.
Hash Algorithm: Whirlpool (All Platforms)
Whirlpool Advantages:
- ✅ 512-bit output (double SHA-256)
- ✅ Designed by Rijmen/Barreto (Rijmen co-designed AES)
- ✅ Based on modified AES block cipher (well-understood primitives)
- ✅ No length-extension attacks (unlike SHA-2 family)
- ✅ Larger internal state (512-bit vs SHA-512's 256-bit)
- ✅ ISO/IEC 10118-3 standard
- ✅ No known collision attacks
- ✅ Resistance to multi-collision attacks
Decision: Whirlpool for maximum cryptographic conservatism in long-term cold storage scenario.
Technical Workflow
┌───────────────────────────────────────────────────────────────────────────┐
│ FULL WALLET ENCRYPTION WORKFLOW (Post-Implementation) │
│ (5-Layer dm-crypt / 3-Layer VeraCrypt via zcl-cli) │
│ │
│ Linux: Serpent→Twofish→AES→Camellia→Blowfish + Whirlpool (5 CIPHERS!) │
│ Win/Mac: AES(Twofish(Serpent)) + Whirlpool (3 CIPHERS) │
└───────────────────────────────────────────────────────────────────────────┘
[User Command: zcl-cli encryptedwallet create]
│
├─────────────────────────┬──────────────────────────┐
│ │ │
┌──────▼──────┐ ┌───────▼────────┐ ┌───────▼────────┐
│ LINUX │ │ WINDOWS │ │ macOS │
│ (5-LAYER) │ │ (3-LAYER) │ │ (3-LAYER) │
└──────┬──────┘ └───────┬────────┘ └───────┬────────┘
│ │ │
│ zcl-cli orchestrates: │ zcl-cli calls: │ zcl-cli calls:
│ │ veracrypt --create │ veracrypt --create
│ [Layer 5 - Blowfish] │ wallet. tc │ wallet.tc
│ cryptsetup luksFormat │ --encryption= │ --encryption=
│ --cipher blowfish-xts- │ AES-Twofish-Serpent │ AES-Twofish-Serpent
│ plain64 --key-size 896 │ --hash=Whirlpool │ --hash=Whirlpool
│ wallet_layer5.luks │ --filesystem=NTFS │ --filesystem=exFAT
│ │ --pim=485 │ --pim=485
│ [Layer 4 - Camellia] │ --size=100M │ --size=100M
│ cryptsetup luksFormat │ │
│ --cipher camellia-xts- │ │
│ plain64 --key-size 512 │ │
│ /dev/mapper/layer5 │ │
│ │ │
│ [Layer 3 - AES] │ │
│ cryptsetup luksFormat │ │
│ --cipher aes-xts- │ │
│ plain64 --key-size 512 │ │
│ /dev/mapper/layer4 │ │
│ │ │
│ [Layer 2 - Twofish] │ │
│ cryptsetup luksFormat │ │
│ --cipher twofish-xts- │ │
│ plain64 --key-size 512 │ │
│ /dev/mapper/layer3 │ │
│ │ │
│ [Layer 1 - Serpent] │ │
│ cryptsetup luksFormat │ │
│ --cipher serpent-xts- │ │
│ plain64 --key-size 512 │ │
│ /dev/mapper/layer2 │ │
│ │ │
│ mkfs.ext4 │ │
│ /dev/mapper/layer1 │ │
│ │ │
│ [5-cipher cascade created: Serpent→Twofish→AES→ │
│ Camellia→Blowfish(448-bit), all with Whirlpool] │
│ │ │
└─────────────────────────┴─────────────────────────┘
[User Command: zcl-cli encryptedwallet mount]
│
├─────────────────────────┬──────────────────────────┐
│ │ │
┌──────▼──────┐ ┌───────▼────────┐ ┌───────▼────────┐
│ LINUX │ │ WINDOWS │ │ macOS │
│ (5-LAYER) │ │ (3-LAYER) │ │ (3-LAYER) │
└──────┬──────┘ └───────┬────────┘ └───────┬────────┘
│ │ │
│ zcl-cli ONE PASSWORD │ zcl-cli executes: │ zcl-cli executes:
│ unlocks ALL 5 layers: │ veracrypt --mount │ veracrypt --mount
│ │ wallet.tc /l W │ wallet.tc
│ cryptsetup open │ --pim=485 │ --pim=485
│ wallet_layer5.luks │ │
│ layer5 (Blowfish-448) │ [Decrypt: AES→Twofish→ │ [Decrypt cascade]
│ [Password: user input] │ Serpent layers] │
│ │ │
│ cryptsetup open │ │
│ /dev/mapper/layer5 │ │
│ layer4 (Camellia-256) │ │
│ [Password: DERIVED] │ │
│ │ │
│ cryptsetup open │ │
│ /dev/mapper/layer4 │ │
│ layer3 (AES-256) │ │
│ [Password: DERIVED] │ │
│ │ │
│ cryptsetup open │ │
│ /dev/mapper/layer3 │ │
│ layer2 (Twofish-256) │ │
│ [Password: DERIVED] │ │
│ │ │
│ cryptsetup open │ │
│ /dev/mapper/layer2 │ │
│ layer1 (Serpent-256) │ │
│ [Password: DERIVED] │ │
│ │ │
│ mount /dev/mapper/ │ │
│ layer1 /mnt/zcl_wallet │ │
│ │ │
▼ ▼ ▼
/mnt/zcl_wallet/ W:\wallet.dat /Volumes/VERACRYPT1/
wallet. dat wallet.dat
│ │ │
│ zcl-cli auto-creates symlink: │
│ ln -s <mount>/wallet.dat ~/. zclassic/wallet.dat │
│ │ │
└─────────────────────────┴─────────────────────────┘
│
▼
┌──────────────────────┐
│ Symlink Created: │
│ ~/.zclassic/ │
│ wallet.dat ──────►│ (points to encrypted vol)
└──────────┬───────────┘
│
│ [AUTOMATIC by mount command]
│
│ zcl-cli loadwallet "wallet.dat"
▼
┌──────────────────────┐
│ zclassicd Process │
│ • Validate symlink │
│ • Load wallet. dat │
│ • Decrypt with │
│ wallet passphrase │
│ • Hold in RAM │
└──────────┬───────────┘
│
[Active Wallet]
[Shielded Ops]
[JoinSplit Proofs]
│
│
[User Command: zcl-cli encryptedwallet unmount]
│
▼
┌──────────────────────┐
│ zcl-cli executes: │
│ 1. unloadwallet │
│ (zero memory) │
│ 2. Platform-specific│
│ dismount │
└──────────┬───────────┘
│
┌─────────────────────────┼─────────────────────────┐
│ │ │
┌──────▼──────┐ ┌───────▼────────┐ ┌──────▼───────┐
│ LINUX │ │ WINDOWS │ │ macOS │
│ (5-LAYER) │ │ (3-LAYER) │ │ (3-LAYER) │
└──────┬──────┘ └───────┬────────┘ └──────┬───────┘
│ │ │
│ zcl-cli calls: │ zcl-cli calls: │ zcl-cli calls:
│ unloadwallet │ unloadwallet │ unloadwallet
│ │ veracrypt --dismount W │ veracrypt
│ umount /mnt/zcl_wallet │ │ --dismount
│ │ [Locks all 3 ciphers] │ /Volumes/VERACRYPT1
│ cryptsetup close layer1 │ │
│ (Serpent LOCKED) │ │
│ │ │
│ cryptsetup close layer2 │ │
│ (Twofish LOCKED) │ │
│ │ │
│ cryptsetup close layer3 │ │
│ (AES LOCKED) │ │
│ │ │
│ cryptsetup close layer4 │ │
│ (Camellia LOCKED) │ │
│ │ │
│ cryptsetup close layer5 │ │
│ (Blowfish-448 LOCKED) │ │
│ │ │
└─────────────────────────┴─────────────────────────┘
│
▼
┌──────────────────────┐
│ Encrypted Container │
│ [LOCKED STATE] │
│ • Linux: 5 ciphers │
│ • Win/Mac: 3 ciphers│
│ • Whirlpool KDF │
│ • Attack surface: 0 │
│ • Cold storage mode │
└──────────────────────┘
Platform-Specific Security Considerations
Linux (5-Layer dm-crypt/LUKS Cascade)
- ✅ MAXIMUM SECURITY: 5 independent cipher layers
- ✅ MAXIMUM COMPATIBILITY: All ciphers universally available
- ✅ Kernel-level encryption (battle-tested, high performance)
- ✅ LUKS2 supports Argon2id key derivation (anti-GPU brute-force)
- ✅ Whirlpool hash support via
--hash whirlpool - ✅ Algorithm diversity: Western + Japanese designs
- ✅ Design diversity: Feistel (Twofish, Blowfish) + SPN (AES, Serpent, Camellia)
- ✅ Extended key length: Blowfish 448-bit key (longest in cascade)
- ✅ XTS mode per layer (no IV reuse, sector-level tweaking)
- ✅ User-friendly: Single password unlocks all 5 layers (key derivation)
- ✅ Detached headers possible (plausible deniability)
- ✅ Performance: Kernel-level faster than user-space VeraCrypt despite 5 layers
⚠️ Requires root/sudo for cryptsetup operations (zcl-cli will prompt)⚠️ Camellia may require:modprobe camellia_generic(zcl-cli auto-loads)⚠️ Consider using --allow-discards for SSD TRIM (metadata leakage vs wear)
Windows (VeraCrypt 3-Layer Cascade)
- ✅ AES(Twofish(Serpent)) cascade fully supported
- ✅ Whirlpool hash fully supported
- ✅ PIM (Personal Iterations Multiplier) for KDF strengthening
- ✅ Plausible deniability (hidden volumes)
- ✅ Portable mode (no admin required after driver install)
⚠️ User-space implementation (vs kernel-level on Linux)⚠️ Limited to 3-cipher cascade (VeraCrypt maximum)⚠️ Initial driver installation requires admin privileges⚠️ NTFS filesystem overhead
macOS (VeraCrypt 3-Layer Cascade)
- ✅ AES(Twofish(Serpent)) cascade fully supported
- ✅ Whirlpool hash fully supported
- ✅ Hidden volume support (plausible deniability)
- ✅ exFAT recommended for macOS compatibility (vs NTFS)
- ✅ Cross-platform container portability (same . tc file works on all OS)
⚠️ Requires macFUSE installation (dependency on third-party kernel extension)⚠️ Limited to 3-cipher cascade (VeraCrypt maximum)⚠️ macOS Gatekeeper/SIP may require explicit permission grants⚠️ Apple Silicon: macFUSE requires Reduced Security mode in Recovery⚠️ VeraCrypt updates may lag behind macOS version releases
Security Properties
- Linux: 5-cipher cascade - Requires breaking Serpent AND Twofish AND AES AND Camellia AND Blowfish-448 simultaneously
- Windows/macOS: 3-cipher cascade - Requires breaking AES AND Twofish AND Serpent simultaneously
- Whirlpool KDF: No length-extension attacks, larger state than SHA-512
- Single password UX: Linux derives 5 layer keys from one master password
- Extended keyspace: Blowfish 448-bit key provides 2^448 keyspace on innermost layer
- Wallet only decrypted when actively loaded in memory
- Two-layer security: disk encryption + wallet passphrase
- Cold storage compatible (mount read-only)
- Memory wiped on unloadwallet (zeroing implementation required)
- Resistant to offline attacks on wallet. dat
- Symlink validates mount state before load
- UX Security: Automated workflow reduces user error in encryption operations
- Long-term security: Conservative multi-cipher choice for decades-long cold storage
- Geographic trust distribution (Linux): Algorithms from USA, Japan, UK
Threat Model Mitigations
| Threat | Mitigation |
|---|---|
| AES cryptanalysis breakthrough | ✅ Linux: 4 fallback ciphers; Win/Mac: 2 fallback ciphers |
| Single-cipher side-channel attacks | ✅ Cascade masks timing/power characteristics |
| Algorithm backdoors (trust issues) | ✅ Linux: 5 algorithms from different nations/teams |
| Filesystem forensics | ✅ Linux: 5-cipher encryption; Win/Mac: 3-cipher encryption |
| Memory dumps (post-use) | ✅ unloadwallet zeros sensitive data |
| Unauthorized disk access | ✅ Whirlpool KDF (500k iterations) + Argon2id |
| Wallet. dat theft | ✅ Encrypted at rest (requires container password) |
| Evil maid attacks | ✅ PIM adds entropy; keyfiles on separate device |
| User operational errors | ✅ zcl-cli automates mount/unmount/load/unload sequence |
| SHA-2 length-extension | ✅ Whirlpool structurally immune |
| Brute-force attacks | ✅ Linux: Blowfish 448-bit key = 2^448 keyspace (innermost layer) |
| Quantum computing (future) | |
| Rubber-hose cryptanalysis | ❌ Out of scope; consider duress passwords/hidden volumes |
New zcl-cli Commands (Phase 2)
zcl-cli encryptedwallet create [options]
Creates a new encrypted wallet container using platform-appropriate encryption.
Options:
--size=<MB>- Container size in megabytes (default: 100)--keyfile=<path>- Optional keyfile path for additional security--pim=<number>- VeraCrypt PIM value (default: 485, Windows/macOS only)--iterations=<number>- LUKS Argon2id iterations (default: 4, Linux only)--hash=<algorithm>- Hash algorithm (default:Whirlpool)
Example:
# Linux (5-layer cascade)
zcl-cli encryptedwallet create --size=500 --keyfile=/secure/usb/key.dat --iterations=6
# Windows/macOS (3-layer cascade)
zcl-cli encryptedwallet create --size=500 --keyfile=/secure/usb/key.dat --pim=650Behavior:
- Linux: Creates 5-layer LUKS2 cascade at
~/.zclassic/wallet_encrypted/- Outer layer:
wallet_layer5.luks(Blowfish-XTS-PLAIN64, 448-bit key) - Automatically stacks all 5 layers
- Single password encrypts all layers (derived keys)
- Auto-loads kernel modules if needed (
modprobe camellia_generic)
- Outer layer:
- Windows: Creates VeraCrypt container at
%APPDATA%\ZClassic\wallet_encrypted. tc - macOS: Creates VeraCrypt container at
~/Library/Application Support/ZClassic/wallet_encrypted.tc - Prompts for container password (with confirmation)
- Validates password strength (minimum 20 characters recommended)
- Automatically formats container and creates initial
wallet.dat - Displays security parameters confirmation
Security Output (Linux):
Creating encrypted wallet container (5-LAYER CASCADE)...
Checking kernel crypto support...
✓ serpent available
✓ twofish available
✓ aes available
⚙ Loading camellia module... ✓
✓ blowfish available
Layer 5 (outer): Blowfish-XTS-PLAIN64 (448-bit key)
Layer 4: Camellia-XTS-PLAIN64 (256-bit key)
Layer 3: AES-XTS-PLAIN64 (256-bit key)
Layer 2: Twofish-XTS-PLAIN64 (256-bit key)
Layer 1 (inner): Serpent-XTS-PLAIN64 (256-bit key)
Hash: Whirlpool
Key Derivation: Argon2id (iterations=4, 1GB memory)
Container size: 500 MB
Enter container password (20+ characters): **********************
Confirm password: **********************
[██████████████████████████████] 100% - Layer 5 (Blowfish-448) created
[██████████████████████████████] 100% - Layer 4 (Camellia-256) created
[██████████████████████████████] 100% - Layer 3 (AES-256) created
[██████████████████████████████] 100% - Layer 2 (Twofish-256) created
[██████████████████████████████] 100% - Layer 1 (Serpent-256) created
[██████████████████████████████] 100% - Filesystem created
Container created: ~/.zclassic/wallet_encrypted/
Security level: MAXIMUM (5 ciphers, 448-bit max key)
Security verification: PASS
Security Output (Windows/macOS):
Creating encrypted wallet container (3-LAYER CASCADE)...
Encryption: AES(Twofish(Serpent)) cascade
Hash: Whirlpool
Key Derivation: PBKDF2-Whirlpool with PIM=650 (325,000 iterations)
Container size: 500 MB
Enter container password (20+ characters): **********************
Confirm password: **********************
[██████████████████████████████] 100% - Generating random data
Container created: ~/Library/Application Support/ZClassic/wallet_encrypted.tc
Security level: HIGH (3 ciphers)
Security verification: PASS
zcl-cli encryptedwallet mount
Mounts encrypted wallet container and loads wallet into zclassicd.
Example:
zcl-cli encryptedwallet mountBehavior:
- Detects platform (Linux/Windows/macOS)
- Prompts for container password (ONCE for all layers on Linux)
- Linux: Derives 5 keys from master password, opens all layers sequentially
- Windows/macOS: Calls VeraCrypt with
--encryption=AES-Twofish-Serpent --hash=Whirlpool - Mounts encrypted container to platform-specific location
- Creates/validates symlink:
~/.zclassic/wallet.dat→ mounted container - Automatically calls
loadwallet "wallet.dat" - Returns wallet status and shielded address count
Security:
- Validates container integrity before mount
- Checks for existing mounts (prevents double-mount)
- Linux: Verifies all 5 cipher layers are configured correctly
- Linux: Auto-loads kernel modules if needed
- Windows/macOS: Verifies cipher cascade and hash algorithm match expected values
- Verifies symlink target before loading wallet
- Linux-specific: Uses
sudofor cryptsetup operations (prompts for password)
Output (Linux):
Mounting encrypted wallet (5-LAYER CASCADE)...
Container: ~/.zclassic/wallet_encrypted/
Enter container password: **********************
[Decrypting layer 5: Blowfish-448] ✓
[Decrypting layer 4: Camellia-256] ✓
[Decrypting layer 3: AES-256] ✓
[Decrypting layer 2: Twofish-256] ✓
[Decrypting layer 1: Serpent-256] ✓
Mounted: /mnt/zcl_wallet
Symlink created: ~/.zclassic/wallet.dat → /mnt/zcl_wallet/wallet.dat
Loading wallet...
Wallet loaded successfully.
Shielded addresses: 5
Transparent addresses: 2
Security: 5-CIPHER CASCADE ACTIVE (max key: 448-bit)
Output (Windows/macOS):
Mounting encrypted wallet (3-LAYER CASCADE)...
Container: ~/Library/Application Support/ZClassic/wallet_encrypted. tc
Encryption: AES(Twofish(Serpent)) ✓
Hash: Whirlpool ✓
Enter container password: **********************
[Decrypting layers: AES → Twofish → Serpent]
Mounted: /Volumes/VERACRYPT1
Symlink created: ~/.zclassic/wallet.dat → /Volumes/VERACRYPT1/wallet. dat
Loading wallet...
Wallet loaded successfully.
Shielded addresses: 5
Transparent addresses: 2
Security: 3-CIPHER CASCADE ACTIVE
zcl-cli encryptedwallet unmount
Securely unloads wallet and dismounts encrypted container.
Example:
zcl-cli encryptedwallet unmountBehavior:
- Calls
unloadwallet "wallet.dat"(zeros memory withOPENSSL_cleanse) - Waits for file handle closure (prevents premature dismount)
- Linux: Closes all 5 dm-crypt layers in reverse order
- Windows/macOS: Dismounts VeraCrypt container
- Validates container is fully locked
- Returns success confirmation
Security:
- Refuses to unmount if wallet has pending transactions
- Flushes wallet. dat to disk before unmount
- Scrubs sensitive data from memory (wallet keys, passphrases)
- Linux: Verifies all 5 cipher layers are re-locked
- Windows/macOS: Verifies all 3 cipher layers are re-locked
- Linux-specific: Uses
sudofor cryptsetup close operations
Output (Linux):
Unloading wallet...
Wallet unloaded ✓ (memory scrubbed)
Unmounting encrypted container (5-LAYER CASCADE)...
Closing layer 1 (Serpent-256) ✓ LOCKED
Closing layer 2 (Twofish-256) ✓ LOCKED
Closing layer 3 (AES-256) ✓ LOCKED
Closing layer 4 (Camellia-256) ✓ LOCKED
Closing layer 5 (Blowfish-448) ✓ LOCKED
Container fully locked ✓
Security status:
Blowfish-448 layer: LOCKED
Camellia-256 layer: LOCKED
AES-256 layer: LOCKED
Twofish-256 layer: LOCKED
Serpent-256 layer: LOCKED
Output (Windows/macOS):
Unloading wallet...
Wallet unloaded ✓ (memory scrubbed)
Unmounting encrypted container (3-LAYER CASCADE)...
Dismounted: /Volumes/VERACRYPT1
Container locked ✓
Security status:
AES layer: LOCKED
Twofish layer: LOCKED
Serpent layer: LOCKED
zcl-cli encryptedwallet status
Reports encrypted wallet mount status and security state.
Example:
zcl-cli encryptedwallet statusOutput (Linux):
{
"encrypted": true,
"container_type": "dm-crypt-cascade",
"container_path": "~/.zclassic/wallet_encrypted/",
"mounted": true,
"mount_point": "/mnt/zcl_wallet",
"wallet_loaded": true,
"symlink_valid": true,
"cipher_layers": 5,
"ciphers": [
"Blowfish-XTS-PLAIN64 (448-bit key, outer)",
"Camellia-XTS-PLAIN64 (256-bit key)",
"AES-XTS-PLAIN64 (256-bit key)",
"Twofish-XTS-PLAIN64 (256-bit key)",
"Serpent-XTS-PLAIN64 (256-bit key, inner)"
],
"max_key_length": 448,
"hash": "Whirlpool",
"kdf": "Argon2id",
"kdf_iterations": 4,
"filesystem": "ext4",
"readonly": false,
"keyfile_in_use": true,
"security_level": "MAXIMUM (5-cipher cascade, 448-bit max key)"
}Output (Windows/macOS):
{
"encrypted": true,
"container_type": "veracrypt",
"container_path": "~/Library/Application Support/ZClassic/wallet_encrypted.tc",
"mounted": true,
"mount_point": "/Volumes/VERACRYPT1",
"wallet_loaded": true,
"symlink_valid": true,
"cipher_layers": 3,
"encryption": "AES(Twofish(Serpent))",
"hash": "Whirlpool",
"pim": 650,
"kdf_iterations": 325000,
"filesystem": "exFAT",
"readonly": false,
"keyfile_in_use": true,
"security_level": "HIGH (3-cipher cascade)"
}zcl-cli encryptedwallet backup <destination>
Creates encrypted backup of wallet container.
Example:
# Linux
zcl-cli encryptedwallet backup /media/usb/wallet_backup_2025/
# Windows/macOS
zcl-cli encryptedwallet backup /media/usb/wallet_backup_2025. tcBehavior:
- Unmounts wallet if currently mounted
- Linux: Copies all 5 LUKS layer files
- Windows/macOS: Copies encrypted . tc container
- Verifies backup integrity (SHA-512 checksums)
- Optionally re-mounts original container
- Critical: Backup is already multi-cipher encrypted (safe for offsite storage)
Output (Linux):
Creating encrypted backup (5-LAYER CASCADE)...
Source: ~/.zclassic/wallet_encrypted/
Destination: /media/usb/wallet_backup_2025/
[██████████████████████████████] 100% - wallet_layer5.luks (Blowfish-448)
[██████████████████████████████] 100% - Layer 4 container (Camellia-256)
[██████████████████████████████] 100% - Layer 3 container (AES-256)
[██████████████████████████████] 100% - Layer 2 container (Twofish-256)
[██████████████████████████████] 100% - Layer 1 container (Serpent-256)
Verifying backup integrity...
SHA-512 checksums: ALL MATCH ✓
Backup created successfully.
Encryption preserved: 5-cipher cascade (Serpent→Twofish→AES→Camellia→Blowfish-448)
Store in secure, offsite location.
Operational Security Workflow (Simplified UX)
First-Time Setup
Linux (5-cipher cascade):
# 1. Create encrypted wallet container
zcl-cli encryptedwallet create --size=500 --keyfile=/secure/usb/key.dat --iterations=6
# Prompts: Enter container password (20+ chars recommended)
# Output: Container created with 5-cipher cascade (Blowfish-448 max key)
# 2. Mount and initialize wallet (SINGLE PASSWORD for all 5 layers!)
zcl-cli encryptedwallet mount
# Prompts: Enter container password
# Output: [Decrypts all 5 layers automatically]
# Wallet loaded successfully. Shielded addresses: 0Windows/macOS (3-cipher cascade):
# 1. Create encrypted wallet container
zcl-cli encryptedwallet create --size=500 --keyfile=/secure/usb/key.dat --pim=650
# Prompts: Enter container password (20+ chars recommended)
# Output: Container created with AES(Twofish(Serpent)) + Whirlpool
# 2. Mount and initialize wallet
zcl-cli encryptedwallet mount
# Prompts: Enter container password
# Output: Wallet loaded successfully. Shielded addresses: 0Daily Usage
# Mount encrypted wallet (single password unlocks all layers)
zcl-cli encryptedwallet mount
# Linux: [Decrypting 5 layers... Blowfish-448 → Camellia → AES → Twofish → Serpent]
# Win/Mac: [Decrypting 3 layers... AES → Twofish → Serpent]
# Perform transactions
zcl-cli z_sendmany "t1address" '[{"address":"zcaddress","amount":10}]'
# Check encryption status
zcl-cli encryptedwallet status
# Linux output: "security_level": "MAXIMUM (5-cipher cascade, 448-bit max key)"
# Win/Mac output: "security_level": "HIGH (3-cipher cascade)"
# Unmount when done
zcl-cli encryptedwallet unmount
# Linux: [Locking all 5 cipher layers...]
# Win/Mac: [Locking all 3 cipher layers...]Cold Storage Backup
# Create encrypted backup to USB drive
zcl-cli encryptedwallet backup /media/usb/zclassic_cold_storage_2025
# Linux: Copies all 5 LUKS containers
# Win/Mac: Copies VeraCrypt . tc file
# Output: Backup created successfully (SHA-512: abc123...)
# Encryption preservedImplementation Checklist
Phase 1 (loadwallet/unloadwallet)
- Backport Bitcoin Core 0.17.0 wallet loading logic
- Implement CWallet lifecycle management (init/shutdown)
- Add RPC commands:
loadwallet,unloadwallet - Implement secure memory zeroing (
OPENSSL_cleanseon keys) - Add wallet lock file to prevent concurrent access
- Test symlink resolution and validation
- Audit for null pointer dereferences post-unload
Phase 2 (zcl-cli Encryption Integration)
Cross-Platform
- Implement platform detection (Linux/Windows/macOS)
- Add dependency checks (cryptsetup on Linux, VeraCrypt on Win/Mac)
- Password strength validation (entropy calculation)
- Keyfile support and validation
- Implement
encryptedwallet statuscommand - Implement
encryptedwallet backupcommand - Add comprehensive error handling
- Security audit: timing attacks, error message leakage
- Documentation: User guide with platform-specific instructions
- Documentation: Security best practices guide
Linux-Specific (5-Layer Cascade)
- Implement
encryptedwallet createfor Linux- Kernel crypto module detection (
/proc/cryptoparsing) - Auto-load missing modules (
modprobe camellia_genericetc.) - Create 5 nested LUKS2 containers (Blowfish→Camellia→AES→Twofish→Serpent)
- Layer 5 (outer): Blowfish-XTS-PLAIN64, 448-bit key (896-bit with XTS tweak)
- Layers 4-1: 256-bit keys (512-bit with XTS tweak)
- Each layer: Whirlpool hash, Argon2id KDF
- Master password → derived keys for all 5 layers (HKDF-Whirlpool)
- Automated loop device management
- Create ext4 filesystem on innermost layer
- Verify cascade integrity post-creation
- Kernel crypto module detection (
- Implement
encryptedwallet mountfor Linux- Single password input (user-friendly!)
- Derive 5 layer keys from master password (HKDF-Whirlpool)
- Auto-load kernel modules if needed
- Open layers sequentially: layer5→layer4→layer3→layer2→layer1
- Mount innermost layer to
/mnt/zcl_wallet - Handle
sudoprompts gracefully - Validate all 5 layers before declaring success
- Implement
encryptedwallet unmountfor Linux- Close layers in reverse: layer1→layer2→layer3→layer4→layer5
- Verify each layer closes successfully
- Secure cleanup (zero derived keys from memory)
- Error handling
- Missing cipher support in kernel (suggest modprobe)
- Permission errors (sudo failures)
- Corrupted layer detection
- Partial unmount recovery
- Module loading failures
Windows/macOS-Specific (3-Layer VeraCrypt)
- Implement
encryptedwallet createfor Win/Mac- VeraCrypt with AES(Twofish(Serpent)) + Whirlpool
- PIM configuration (default: 485, range: 485-2000)
- Verify cipher cascade and hash in container header
- Implement
encryptedwallet mountfor Win/Mac- VeraCrypt mount with explicit cipher/hash verification
- Automatic symlink creation/validation
- Validate all 3 cipher layers are active
- Implement
encryptedwallet unmountfor Win/Mac- VeraCrypt dismount
- Verify all 3 cipher layers are locked
- Error handling
- VeraCrypt not installed
- macFUSE not installed (macOS)
- Wrong cipher/hash configuration detected
- Mount failures (wrong password, already mounted)
Testing
- Unit tests for each platform
- Linux: Test all 5 cipher combinations independently
- Linux: Test Blowfish 448-bit key derivation
- Linux: Test key derivation (master → 5 layer keys, HKDF-Whirlpool)
- Linux: Test partial failure recovery (e.g., layer 3 fails to open)
- Linux: Test kernel module auto-loading (unload camellia, verify auto-load)
- Win/Mac: Test VeraCrypt cascade verification
- Integration tests (end-to-end workflows)
- Cross-platform container portability (Win ↔ Mac for VeraCrypt)
- Linux: Cannot port to Win/Mac (different formats)
- Keyfile functionality (creation, validation, usage)
- Failure scenarios (wrong password, missing keyfile, container corruption)
- Concurrent access prevention (attempt double-mount)
- Memory leak detection (valgrind on Linux, instruments on macOS)
- Memory scrubbing verification (dump process memory, search for keys/passwords)
- Linux: 1000-iteration mount/unmount cycle (all 5 layers)
- Win/Mac: 1000-iteration mount/unmount cycle
- Linux: Performance benchmark (5-layer vs 1-layer throughput)
Phase 3 (Advanced Features)
- Auto-unmount timeout (configurable, default: 30min idle)
- Linux: Support for detached LUKS headers (plausible deniability)
- Win/Mac: Support for VeraCrypt hidden volumes (plausible deniability)
- Encrypted wallet migration tool (plaintext → encrypted)
- Keyfile management utilities (generation, validation)
- Emergency backup recovery procedures
- Win/Mac: Duress password support (opens decoy wallet)
- Benchmark tool (measure cascade performance on user's hardware)
- Linux: Custom cipher order selection (advanced users)
- Linux: Optional 6th layer (add user-selected cipher)
Critical Implementation Notes
Security Requirements
unloadwalletMUST securely zero wallet encryption keys from memory (OPENSSL_cleanse)- Symlink validation prevents TOCTOU attacks (verify readlink target exists on mounted volume)
- Container passphrase ≠ wallet passphrase (defense in depth)
- All password prompts MUST disable terminal echo
- Error messages MUST NOT leak sensitive information (e.g., which layer failed, cipher config)
- Linux key derivation: Use HKDF-Whirlpool to derive 5 independent layer keys from master password
layer5_key = HKDF-Whirlpool(master_password, salt, "ZCL-LAYER5-BLOWFISH")(448-bit output)layer4_key = HKDF-Whirlpool(master_password, salt, "ZCL-LAYER4-CAMELLIA")(256-bit output)layer3_key = HKDF-Whirlpool(master_password, salt, "ZCL-LAYER3-AES")(256-bit output)layer2_key = HKDF-Whirlpool(master_password, salt, "ZCL-LAYER2-TWOFISH")(256-bit output)layer1_key = HKDF-Whirlpool(master_password, salt, "ZCL-LAYER1-SERPENT")(256-bit output)
- Linux: Store salt in metadata file
~/.zclassic/wallet_encrypted/salt(not secret, but needed) - PIM enforcement (Win/Mac): Minimum PIM=485 (reject lower values)
Platform-Specific Requirements
Linux (5-Layer dm-crypt):
- cryptsetup 2.3.0+ (LUKS2, Argon2id support)
- Kernel crypto API support for:
blowfishmodule (universal)camelliamodule (may need:modprobe camellia_generic)aesmodule (built-in on most kernels)twofishmodule (universal)serpentmodule (universal)xtsmodule (XTS mode support, built-in)whirlpoolmodule (hash, may need:modprobe wp512)
- Check module availability:
cat /proc/crypto | grep -i <cipher_name> - Auto-load modules: zcl-cli should execute
modprobe camellia_generic wp512if missing sudoaccess for cryptsetup operations- Loop device support (for nested containers)
- Example 5-layer creation script logic:
# Layer 5 (outermost - Blowfish-448) dd if=/dev/urandom of=wallet_layer5.luks bs=1M count=500 cryptsetup luksFormat --type luks2 --cipher blowfish-xts-plain64 \ --key-size 896 --hash whirlpool --pbkdf argon2id \ --pbkdf-memory 1048576 --pbkdf-parallel 4 wallet_layer5.luks cryptsetup open wallet_layer5.luks layer5 # Layer 4 (Camellia-256) - created INSIDE layer5 dd if=/dev/urandom of=/dev/mapper/layer5 bs=1M count=400 cryptsetup luksFormat --type luks2 --cipher camellia-xts-plain64 \ --key-size 512 --hash whirlpool --pbkdf argon2id \ /dev/mapper/layer5 cryptsetup open /dev/mapper/layer5 layer4 # ... repeat for AES, Twofish, Serpent ... # Final filesystem on innermost layer mkfs. ext4 -L ZCL_WALLET /dev/mapper/layer1
Windows (VeraCrypt):
- VeraCrypt 1.25. 9 or later (latest stable recommended)
- AES(Twofish(Serpent)) cascade support verified
- Whirlpool hash support verified
- Command-line interface available
- VeraCrypt driver installed (requires one-time admin install)
- NTFS or exFAT filesystem (exFAT for cross-platform compatibility)
- UAC prompts may appear on first use
- Example VeraCrypt create command:
veracrypt --text --create wallet. tc ^ --volume-type=normal ^ --encryption=AES-Twofish-Serpent ^ --hash=Whirlpool ^ --filesystem=exFAT ^ --size=524288000 ^ --password="user_passphrase" ^ --pim=485 ^ --keyfiles=C:\secure\keyfile.dat ^ --random-source=\Device\Null
macOS (VeraCrypt):
- CRITICAL: macFUSE must be installed BEFORE VeraCrypt
- macFUSE download: https://osxfuse.github.io/
- Apple Silicon (M1/M2/M3/M4): Requires Reduced Security mode
- Boot to Recovery (hold power button)
- Security Policy → Reduced Security
- Allow kernel extensions from "Benjamin Fleischer" (macFUSE developer)
- VeraCrypt 1.25.9+ (compiled for Apple Silicon)
- exFAT filesystem recommended (native macOS support)
- First mount may require explicit Security & Privacy approval
- Example VeraCrypt create command:
veracrypt --text --create wallet.tc \ --volume-type=normal \ --encryption=AES-Twofish-Serpent \ --hash=Whirlpool \ --filesystem=exFAT \ --size=524288000 \ --password="user_passphrase" \ --pim=485 \ --keyfiles=/Volumes/USB/keyfile.dat \ --random-source=/dev/urandom
Cryptographic Implementation Details
Linux 5-Layer Cascade (dm-crypt):
- Each layer is a LUKS2 container
- XTS mode per layer: each sector encrypted with sector-specific tweak
- Key derivation chain:
User password → Argon2id → Master key (512-bit) Master key → HKDF-Whirlpool → layer5_key (448-bit, Blowfish-XTS → 896-bit with tweak) Master key → HKDF-Whirlpool → layer4_key (256-bit, Camellia-XTS → 512-bit with tweak) Master key → HKDF-Whirlpool → layer3_key (256-bit, AES-XTS → 512-bit with tweak) Master key → HKDF-Whirlpool → layer2_key (256-bit, Twofish-XTS → 512-bit with tweak) Master key → HKDF-Whirlpool → layer1_key (256-bit, Serpent-XTS → 512-bit with tweak) - Total effective keyspace: Blowfish 2^448 × Camellia 2^256 × AES 2^256 × Twofish 2^256 × Serpent 2^256
- Data flow (write operation):
Plaintext → Serpent-XTS → Twofish-XTS → AES-XTS → Camellia-XTS → Blowfish-XTS → Ciphertext on disk
Blowfish XTS Key Size Note:
- Blowfish supports 32-448 bit keys (variable length)
- XTS mode doubles effective key material: 448-bit encryption + 448-bit tweak = 896-bit total
- cryptsetup
--key-size 896specifies total XTS key material - Actual Blowfish cipher uses 448 bits for encryption
Windows/macOS (VeraCrypt):
- Each plaintext block processed through: Serpent → Twofish → AES
- Each cipher uses independent 256-bit key (768 bits total key material)
- Master key (derived via Whirlpool PBKDF2) split into three 256-bit subkeys
- No cipher sees plaintext from another cipher (intermediate ciphertext only)
Key Derivation (All Platforms):
- Linux: Argon2id (memory-hard, GPU-resistant) → HKDF-Whirlpool for layer keys
- Default: 4 iterations, 1GB memory, 4 parallel threads
- Adjustable via
--iterationsflag
- Windows/macOS: PBKDF2-Whirlpool with PIM multiplier
- Base iterations: 500,000
- With PIM=485: 500,000 iterations (baseline)
- With PIM=650: ~670,103 iterations
- Salt: 64 random bytes (generated during container creation)
Performance Expectations:
- Linux 5-layer:
- Container creation: 60-120 seconds (5 LUKS headers + random data)
- Mount time: 10-15 seconds (Argon2id + 5 layer key derivations)
- Runtime overhead: ~5-7x vs single AES (still acceptable, kernel-level fast)
- Hardware AES-NI: Reduces overhead on layer 3 (AES)
- Throughput: ~200-400 MB/s on modern hardware (SSD bottleneck, not crypto)
- Blowfish (no hardware accel) is slowest layer, but acceptable for wallet ops
- Windows/macOS 3-layer:
- Container creation: 30-60 seconds
- Mount time: 2-5 seconds (PBKDF2 + cascade decryption)
- Runtime overhead: ~3x vs AES-only
- Hardware AES-NI: Reduces overhead to ~2x
Testing Strategy
Unit Tests
- Password strength validator (entropy, length, character classes)
- Symlink creation/validation logic
- Container path resolution (cross-platform)
- Linux: HKDF-Whirlpool key derivation (test vectors, 448-bit for Blowfish)
- Linux: Cipher module availability checker
- Linux: Blowfish 448-bit key size validation
- Error message sanitization (no info leaks)
Integration Tests
- Linux: End-to-end 5-layer: create → mount → load → transact → unload → unmount
- Win/Mac: End-to-end 3-layer: create → mount → load → transact → unload → unmount
- Keyfile functionality (creation, validation, usage)
- Linux: Argon2id iteration variation (test 1, 4, 8 iterations)
- Win/Mac: PIM variation (test range 485-2000)
- Failure scenarios (wrong password, missing keyfile, container corruption)
- Linux: Partial layer failure (e.g., layer 3 corrupted, recovery)
- Linux: Missing kernel module handling (unload camellia, verify auto-load)
- Concurrent access prevention (attempt double-mount)
- Memory leak detection (valgrind on Linux, instruments on macOS)
Security Tests
- Memory scrubbing verification (dump process memory post-unload, search for keys/passwords)
- Timing attack resistance (constant-time password comparison)
- Linux: 5-layer cascade integrity (modify each layer individually, verify mount failure)
- Win/Mac: 3-layer cascade integrity (modify container, verify mount failure)
- TOCTOU attack simulation (symlink race conditions)
- Error message information leakage audit (which layer failed?)
- Side-channel analysis (power/timing during mount/unmount)
- Linux: Key derivation independence test (same password, different salts = different layer keys)
- Linux: Blowfish 448-bit key strength test (entropy analysis)
Platform-Specific Tests
- Linux: 5-layer mount/unmount cycle (1000 iterations, all layers)
- Linux: Kernel module auto-loading (unload modules, verify zcl-cli loads them)
- Linux: Loop device exhaustion handling (open many containers)
- Linux: Blowfish performance benchmark (vs AES on same data)
- Windows: UAC interaction, drive letter assignment
- macOS: macFUSE interaction, Apple Silicon compatibility, SIP/Gatekeeper
- macOS: Reduced Security mode verification
Performance Benchmarks
- Linux: Measure throughput (MB/s) for 1-cipher vs 5-cipher cascade
- Linux: Identify bottleneck cipher (likely Blowfish or Camellia)
- Win/Mac: Measure throughput for 3-cipher cascade
- Linux: Mount time scaling (test on slow vs fast hardware)
- All: Memory usage during mount (measure resident set size)
User Documentation Outline
Quick Start Guide
Linux (5-Cipher Maximum Security):
- Verify kernel crypto support:
zcl-cli encryptedwallet check-deps - Create encrypted wallet:
zcl-cli encryptedwallet create --size=500- Auto-loads Camellia module if needed
- Mount wallet:
zcl-cli encryptedwallet mount(single password!) - Unmount wallet:
zcl-cli encryptedwallet unmount
Windows/macOS (3-Cipher High Security):
- Install VeraCrypt: https://www.veracrypt.fr/
- (macOS only) Install macFUSE: https://osxfuse.github. io/
- Create encrypted wallet:
zcl-cli encryptedwallet create --size=500 - Mount wallet:
zcl-cli encryptedwallet mount - Unmount wallet:
zcl-cli encryptedwallet unmount
Security Best Practices
- Use 20+ character passphrase (diceware recommended: https://theworld.com/~reinhold/diceware.html)
- Store keyfile on separate USB device (airgapped from computer)
- Linux: Set Argon2id iterations ≥ 6 for long-term cold storage (slower mount, better security)
- Win/Mac: Set PIM ≥ 650 for long-term cold storage
- Backup encrypted container to offsite location (already encrypted, safe to store)
- Never store container password digitally (paper/metal backup only)
- Linux advantage: 5-cipher cascade + Blowfish 448-bit key provides maximum paranoia
- Win/Mac: Consider VeraCrypt hidden volumes for plausible deniability
Cryptography Rationale
Why 5 ciphers on Linux?
- dm-crypt allows unlimited stacking
- Algorithm diversity: Blowfish (USA/Schneier), Camellia (Japan/NTT), AES (Belgium/USA), Twofish (USA/Schneier), Serpent (UK/Israel/Norway)
- Design diversity: Feistel networks (Twofish, Blowfish) + SPN (AES, Serpent, Camellia)
- Extended keyspace: Blowfish 448-bit key (longest available in standard crypto)
- Trust distribution: No single government or organization designed all ciphers
- Breaking requires compromising ALL 5 ciphers independently
- User-friendly: SINGLE PASSWORD unlocks all layers (key derivation)
Why Blowfish for innermost layer?
- Supports up to 448-bit keys (longest in cascade)
- 2^448 keyspace provides maximum brute-force resistance
- Well-analyzed since 1993 (Schneier design)
- No practical attacks despite 30+ years of cryptanalysis
- Slower than AES (no hardware accel) but acceptable for wallet operations
- Innermost position: attacker must break 4 other ciphers first
Why only 3 ciphers on Windows/macOS?
- VeraCrypt limitation (maximum 3-cipher cascade)
- VeraCrypt doesn't support Blowfish in cascade mode
- Still provides strong defense-in-depth
- Cross-platform container portability (Win ↔ Mac)
**Why Whirlpool? **
- No length-extension attacks (unlike SHA-2)
- Larger internal state (512-bit vs SHA-512's 256-bit)
- Conservative design for decades-long cold storage
Quantum resistance:
- AES/Serpent/Twofish/Camellia 256-bit keys: ~128-bit post-quantum security
- Blowfish 448-bit key: ~224-bit post-quantum security
- Grover's algorithm: quantum speedup sqrt(keyspace)
- 224-bit quantum security considered safe beyond 2100
Troubleshooting
Linux:
- "Cipher module not found": Auto-loading failed, manual:
sudo modprobe camellia_generic wp512 blowfish - "Device busy": Check for open file handles:
lsof | grep mapper - "Operation not permitted": Run with sudo:
sudo zcl-cli encryptedwallet mount