Securing your Bitcoin wallet
1 like736 views
The document outlines the principles and technologies behind securing a Bitcoin wallet, including public key cryptography and blockchain technology. It explains how private and public keys function within Bitcoin transactions and discusses various methods for securing these keys, emphasizing the risks associated with internet-connected storage. It also introduces concepts like deterministic wallets, secret sharing, and multisignature wallets as strategies to enhance security.
Securing your Bitcoin wallet
- 1. Securing your Bitcoin Wallet Ron Reiter
- 2. Bitcoin TL;DR ● Decentralized economy based on public key cryptography ● The revolutionary technology behind cryptocurrency is called the blockchain ● A blockchain is a distributed ledger (list of entries) built in such a way that no single node can change the history ● Every new row on the ledger is essentially permanent ● Bitcoin is cool, but Ethereum is cooler, since it allows adding rows to the blockchain which can programmatically react to transactions.
- 3. Public Key Cryptography ● Allows everyone an ability to encrypt a message so that only the key holder can decrypt it ● Also allows someone to sign a digital item using a private key and have everyone with the public key verify it (underlying technology behind SSL certificates) ● RSA is an algorithm invented by Ron Rivest, Adi Shamir and Leonard Adleman in 1978 ● ECC is another algorithm invented by Neal Koblitz and Victor S. Miller in 1985 (independently)
- 4. RSA Algorithm (just for fun) ● We calculate two numbers e and d such that: ○ e * d = 1 (mod φ(N)) → e * d = 1 + k*φ(N) ● Euler’s theorem states that: ○ aφ(N) = 1 (mod N) (where φ(N) is the Euler’s totient function counting sum of numbers coprime to N) ● So we can say that ○ m e * d (mod N) = m 1 + k*φ(N) (mod N) = m * m k*φ(N) (mod N) = m * 1 (mod N) = m (mod N) ● So m e * d can be broken down to the ciphertext c = me and the decrypted message d = cd ● You want to find an N such that calculating φ(N) is easy for you and hard for everyone else ● To do that, we can pick two primes p and q so that N = p*q, and φ(N) = φ(p)*φ(q) = (p-1)*(q-1) ● Therefore, the strength of RSA is hidden in the difficulty of finding p and q given p*q. This is called the factorization problem. The assumption is that it is not NP-hard but still no one knows an efficient algorithm to do it.
- 5. RSA Example (just for fun) ● Select two primes: p = 17, q = 11 ● Compute n = p * q = 17 * 11 = 187 ● Compute φ(n) = (p-1)*(q-1)=160 ● Choose any e so it will be a coprime to φ(n) (gcd(e, φ(n)) = 1) ○ gcd(7,160)=1 so e=7 ● Compute d so that d*e = 1 mod φ(n) → 23*7=161=1 mod 160 → d=23 ● Public key = { e = 7, n = 187 }, Private key = { d = 23, n = 187 } ● m = 137, c = (m ^ e) % n = (137 ^ e) % 187 = 69, d = 69, m = (c ^ d) % n = (69 ^ 23) % 187 = 137
- 6. Elliptic Curve Cryptography ● Involves finding intersections on an elliptic curve ● Strength based on the “Elliptic Curve Discrete Logarithm Problem” ● ECC is MUCH stronger than RSA (ECC 256 bit ~ RSA 2048 bit) which means private keys can be very short
- 7. How does Bitcoin use Cryptography? ● Bitcoin uses a private key to sign a transaction to send money out of a wallet, and add it to the distributed ledger, a.k.a the blockchain ● Only the holder of the private key can sign a transaction for the wallet but everyone with the wallet’s public key can verify it ● Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) to sign and verify transactions ● The network continuously verifies transactions using the public key to build one large ledger of verified transactions. Invalid transactions don’t go into the ledger
- 8. What is a wallet? ● A Bitcoin wallet is simply an ECDSA public/private keypair, usually 256 bit ● Private key allows sending money out of the wallet ○ Example: 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf ● Public key allows receiving money to the wallet and is also considered as the “wallet address” ○ Example: 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH ● Transactions can be viewed on the blockchain using the public key: ○ https://blockchain.info/address/1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH
- 9. Sending and receiving money ● Sending is done using your private key (which is stored inside a file on your computer) and a Bitcoin application which connects to the network ● Receiving money does not involve any action - only giving out your public key (wallet address) ● You can also have an online wallet and use a website to send bitcoins and get your wallet address.
- 10. “Deterministic wallet” is a neat and secure way to generate a public/private keypair out of a human readable seed. Luckily Bitcoin is based on Elliptic curve cryptography which means seeds can be both short and secure. Deterministic Wallets constant forest adore false green weave stop guy fur freeze giggle clock 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH Seed (12 words x 11 bits = 132 bits of entropy) Private key Public key
- 11. How hard is it to secure your wallet? It all comes down to having a safe place to store your seed, which you can derive your public/private keypair from it. So the problem of securing your wallet can be reduced to the problem of securing 12 words in English. constant forest adore false green weave stop guy fur freeze giggle clock
- 12. Securing your money ● Your seed / private key needs to be stored somewhere. Where should it be stored? Internet Personal Computer Offline Storage PaperSmartphone Hardware Wallet Less Secure More Secure
- 13. Securing your money - Internet Pros Cons Simple Hackers can mass-target websites Very durable Hackers can steal your money without accessing your computer Two-factor authentication Websites credit your account instead of holding your money, which means you don’t actually hold bitcoins but believe the website they will give you some when you withdraw.
- 14. Securing your money - Personal Computer Pros Cons Much safer than websites Your computer can get hacked because it’s connected to the internet You are in control of your money Your hard drive can get corrupted, stolen or lost, so you can lose your key forever Complicated
- 15. Securing your money - Smartphone Pros Cons Safer than a computer since smartphones are known to have less attack surface Same as a laptop
- 16. Securing your money - Offline Storage Pros Cons Hackers can’t access it, at least until you connect it to an internet connected device Eventually you will need to connect it to an internet connected device Can get corrupted Can get lost Can get stolen
- 17. Securing your money - Paper Pros Cons Hackers can’t access it at all since paper doesn’t have a USB port You’ll need to type it in a computer eventually Paper can get lost stolen Paper degrades over time, unless you laminate it People in your house can identify it and take a photo of it
- 18. Securing your money - Hardware Wallet Pros Cons You never ever have to have the private key exposed to hackers on an internet-connected device It can still get lost, stolen or broken You can encrypt it using a password If hardware wallets will be common in the future then the device can be an easy target for thieves
- 19. Hackers! ● Always assume that hackers can steal files from your computer and log in to your account ● If they can log in to any account, then just don’t use an online wallet. ● You need to encrypt your offline wallet using a password, so if it gets stolen then the key will not be usable! ✓×
- 20. Is it enough to encrypt your wallet? Apparently, no. Hackers can still find your password. Password reuse attacks Keyloggers on your device Brute-force using personal information
- 21. Intermediate conclusions Don’t store your private key on an internet-connected device, even if it is encrypted. Don’t store your bitcoin (either using a key or credits) in an online wallet.
- 22. But... ● Offline storage is inconvenient ● Password protecting and obfuscation also have some more disadvantages: ○ You can actually forget passwords ○ If something happens to you, your relatives can’t figure out where the money is We don’t want to lose the money. So what can we do?
- 23. Hybrid approach ● The money that needs to be kept safe should be stored offline ● The wallet you use on a daily basis can be stored on an internet connected device and password encrypted, or on a website ● You can have a “view-only wallet” that just shows you how much money you have in your offline storage, and just send money to it ● Or just use a hardware wallet that keeps your key safe and allows transactions on an internet-connected device 5% 95%
- 24. Your offline storage ● It’s OK to have your online storage lost / stolen / etc. ● Your offline storage is the most important asset you need to protect, which means ○ Don’t let anyone have unauthorized access to it ○ Don’t lose it ● It’s OK if it will be super hard to retrieve the private key
- 25. Back to Deterministic Wallets ● Seeds of deterministic wallets are great to print out on paper alongside a digital wallet, so if you forget your password or lose your computer, you can find the seed of the wallet and recreate the wallet. ● The more seeds your print: ○ The safer the wallet is ○ The more vulnerable you are to theft ● Maybe just put it in a safe in a bank? Paper? Are we back to the prehistoric era?
- 26. ● Can we benefit from both worlds? ○ Save the wallet online ○ Not risk a hacker taking your money Safe Online Storage?
- 27. ● Let’s just take the private key and send it to 3 different people’s GMail accounts. Let’s split the private key! constant forest adore false green weave stop guy fur freeze giggle clock constant forest adore false green weave stop guy fur freeze giggle clock
- 28. ● If we lose one of the 3 then we lose all of it and we are then unable to restore the key ● We can brute force on 44 bits of data (2048 options * 4 words), but that would still suck But what happens if we lose one? constant forest adore false ? ? ? ? fur freeze giggle clock constant forest adore false fur freeze giggle clock
- 29. ● Some wallets support splitting a secret into n phrases, which you only need k phrases to recover the secret s. So you can spread secrets online in such a way that they are useless apart and work together ● Adi Shamir does it again with Shamir’s secret sharing scheme ● The idea is to find several linearly dependent polynomials which encode the same data such that every subset of shares will be sufficient to decode the data Secret Sharing to the rescue! constant forest adore false green weave stop guy fur freeze giggle clock Secret 1 Secret 2 Secret 3 Secret 4 Secret 5 constant forest adore false green weave stop guy fur freeze giggle clock
- 31. Multisignature Wallets An alternative to the hot wallet / cold wallet approach is to use multisig wallets. Bitcoin supports wallets that require M of N people to sign a transaction for it to work Advantage: VERY secure as the private keys are generated separately and only public keys are shared Disadvantage: Requires several wallets to sign every transaction which is not convenient for everyday use From 123 → To 555 Wallet 123 Wallet 456 Wallet 789 Wallet 555 Transaction 218937897 2 of 3
- 32. 1. Use the hot-wallet / cold-wallet approach - don’t have your important wallet on an internet-connected device, even if it is encrypted. 2. The best way to store your unencrypted seed is to split it using secret sharing, and distribute it to your relatives. They should store it online and unencrypted in such a way that it will never get lost and will always be readable. 3. There are solutions which do not involve holding unencrypted seeds and/or private keys called multisig wallets, which are wallets that require several signatures to sign a transaction. 4. Needless to say, your seed should never ever be stored unencrypted on an internet-connected device, or pasted into a website. Final conclusion