Secure Bitcoin Services
Transcript of Secure Bitcoin Services
-
7/27/2019 Secure Bitcoin Services
1/23
Secure
Is it
possible?
Maciej
Trbacz
Bitalo.com
x
What ismultisig
wallet?
Bitcoin
services
using multisigwallets
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
2/23
DEMO!
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
3/23
A littlebackground
Who I am and why I am able
to talk about this stuff.
f[
I
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
4/23
The basics
I come from Poland. Where the girls are beautiful and the alcohol will kill you.
Programmer with passion, not out of necessity. Started with QBasic in late 90s.
Saw the web when it
was just forming.
Worked with PHP andjavascript since 2001.
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
5/23
Bitcoin era
Learned about Bitcoin in early 2011. The price was around $0.9.
Thought it was genius.
Immediately started working
on some ideas.
http://bc.x14.eu
This didnt get much traction.
niedziela, 29 wrzenia 13
http://bc.x14.eu/http://bc.x14.eu/ -
7/27/2019 Secure Bitcoin Services
6/23
!
Take two
A Brilliant idea
If Bitcoin itself is decentralized, why do you need to trust
one entity to handle both your fiat and Bitcoins. Also, this
helped escape potential regulations.
!
Peer to peer market
People should handle money transfers between themselves.
We should only hold they Bitcoins in escrow for disputeresolution.
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
7/23
Bitmarket.eu is born
Launched in April 2011.
30,000 users registered.
2,000 - 3,000 BTC weekly.
Ended up badly.
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
8/23
!
Thirds time the charm
Another Brilliant idea
If Bitcoin itself is basically trustless, why you should trust
operators of your exchange to hold your Bitcoins for you?
n
Theres gotta be a way...
... to store Bitcoins securely, with not lowering its utility at
the same time.
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
9/23
Bitcoin
securityIs... non-trivial.
nIII
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
10/23
Is it needed?
To date, around 300,000 BTC were stolen or otherwise lost.
That is a big pile of coins.
To put in context, its 2.5% of
the whole Bitcoin economy.
Why there are so many eventslike this?
*
* Source: https://bitcointalk.org/index.php?topic=83794.0
niedziela, 29 wrzenia 13
https://bitcointalk.org/index.php?topic=83794.0https://bitcointalk.org/index.php?topic=83794.0 -
7/27/2019 Secure Bitcoin Services
11/23
Home storage
Thefts from
personal computers
by hackers using
malicious software
hot wallets
Online services
storing too much
funds in hot wallets
site admins
Service
administrators steal
or lose coins.
# " L
Challenges
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
12/23
Only two solutions?
on your computer or offline
Your computer can be hacked. Offline copies can become
unreadable over time.
w
In online wallet service
You have to trust website operator that he secured the
coins and will not steal them himself.
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
13/23
Multisignature
transactions
Used in practice, not only
in theory
V
III
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
14/23
gather
unspent
outputs
createtransaction
draft
signtransaction
inputs
previousoutputsused asinputs
broadcasttransaction
How does it work?
This is the critical part. One private key to unlock your funds is a single point failure.
If it gets stolen or lost, your funds are gone.
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
15/23
Part 1: Create multisig address
Get two or more Bitcoin addressees.
Combine them usingaddmultisigaddressJSON-RPC command
As a result, you will get a special Bitcoin address starting with 3.
The resulting Bitcoin address is fully functional and can receive coins.
You can create different combinations of M-of-N addresses. It means that you canspecify how many private keys are needed to spend the coins.
This enables some interesting applications...
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
16/23
secure storage
Several private keys
guarding one
Bitcoin address,
that can be stored
independentally.
safe escrow
Buyer, seller and
anescrow servicecreate a multisig
address used for
eventual disputes.
Hybrid wallets
Online service
operator holds one
private key, you
hold the other.
Advantages of both.
" ! #
Possible applications
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
17/23
If theyre so great, why doesnt anyone use them?
The client support is still lacking. While you can in most cases send coins toamultisignature address, you cant create them, or watch them from the GUI.To learn how they work and how to use them, you need to invest substantial amountsof time.
In order to create certain online services utilizing multisig addresses, aside from serverbackend you also have to create a secure javascript utilizing encryption, Bitcoin address
generation, transaction handling, and more. This is... non-trivial.
Even the command line usage isnt very straightforward...
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
18/23
Part 2: Spending coins from multisig wallet
Create a transaction draft using createrawtransactionJSON-RPC command
Sign the resulting transaction data with one of private keys, utilizingsignrawtransactioncommand
You need to provide it with correct details, which may include: public key andredeem script (say what?)
Pass partially signed transaction data to other party, which repeats this process.
Finally, you broadcast the transaction to the network (usingsendrawtransactionor another means)
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
19/23
DEMO!
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
20/23
$
The future of Bitcoin, available now
Developers
Make apps and services you create support multisignature
transactions. You could be the first one!
!
Users
Ask your service provider about the multisig support to
encourage them to implement that!
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
21/23
Its already working
After the BitMarket.eu fiasco earlier this year I knew the only way to make aprofitable service is to make something really unique in terms of technology.
Enter Bitalo
Online exchange andwallet service utilizing
multisig addresses.
Malware-proof 2-factorauthentication.
Launching next week.*
* invite-only beta first
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
22/23
Any
QUESTIONS?
No, I dont know wheres Waldo.
R
% Give me your best shot
niedziela, 29 wrzenia 13
-
7/27/2019 Secure Bitcoin Services
23/23
YOUfor listening
&
THANK
Check us out at: www.bitalo.com
http://www.bitalo.com/http://www.bitalo.com/