Secure Bitcoin Services

7/27/2019 Secure Bitcoin Services

1/23

Secure

Is it

possible?

Maciej

Trbacz

Bitalo.com

x

What ismultisig

wallet?

Bitcoin

services

using multisigwallets

niedziela, 29 wrzenia 13


2/23

DEMO!



3/23

A littlebackground

Who I am and why I am able

to talk about this stuff.

f[

I



4/23

The basics

I come from Poland. Where the girls are beautiful and the alcohol will kill you.

Programmer with passion, not out of necessity. Started with QBasic in late 90s.

Saw the web when it

was just forming.

Worked with PHP andjavascript since 2001.



5/23

Bitcoin era

Learned about Bitcoin in early 2011. The price was around $0.9.

Thought it was genius.

Immediately started working

on some ideas.

http://bc.x14.eu

This didnt get much traction.

http://bc.x14.eu/http://bc.x14.eu/


6/23

!

Take two

A Brilliant idea

If Bitcoin itself is decentralized, why do you need to trust

one entity to handle both your fiat and Bitcoins. Also, this

helped escape potential regulations.

!

Peer to peer market

People should handle money transfers between themselves.

We should only hold they Bitcoins in escrow for disputeresolution.



7/23

Bitmarket.eu is born

Launched in April 2011.

30,000 users registered.

2,000 - 3,000 BTC weekly.

Ended up badly.



8/23

!

Thirds time the charm

Another Brilliant idea

If Bitcoin itself is basically trustless, why you should trust

operators of your exchange to hold your Bitcoins for you?

n

Theres gotta be a way...

... to store Bitcoins securely, with not lowering its utility at

the same time.



9/23

Bitcoin

securityIs... non-trivial.

nIII



10/23

Is it needed?

To date, around 300,000 BTC were stolen or otherwise lost.

That is a big pile of coins.

To put in context, its 2.5% of

the whole Bitcoin economy.

Why there are so many eventslike this?

*

* Source: https://bitcointalk.org/index.php?topic=83794.0

https://bitcointalk.org/index.php?topic=83794.0https://bitcointalk.org/index.php?topic=83794.0


11/23

Home storage

Thefts from

personal computers

by hackers using

malicious software

hot wallets

Online services

storing too much

funds in hot wallets

site admins

Service

administrators steal

or lose coins.

# " L

Challenges



12/23

Only two solutions?

on your computer or offline

Your computer can be hacked. Offline copies can become

unreadable over time.

w

In online wallet service

You have to trust website operator that he secured the

coins and will not steal them himself.



13/23

Multisignature

transactions

Used in practice, not only

in theory

V

III



14/23

gather

unspent

outputs

createtransaction

draft

signtransaction

inputs

previousoutputsused asinputs

broadcasttransaction

How does it work?

This is the critical part. One private key to unlock your funds is a single point failure.

If it gets stolen or lost, your funds are gone.



15/23

Part 1: Create multisig address

Get two or more Bitcoin addressees.

Combine them usingaddmultisigaddressJSON-RPC command

As a result, you will get a special Bitcoin address starting with 3.

The resulting Bitcoin address is fully functional and can receive coins.

You can create different combinations of M-of-N addresses. It means that you canspecify how many private keys are needed to spend the coins.

This enables some interesting applications...



16/23

secure storage

Several private keys

guarding one

Bitcoin address,

that can be stored

independentally.

safe escrow

Buyer, seller and

anescrow servicecreate a multisig

address used for

eventual disputes.

Hybrid wallets

Online service

operator holds one

private key, you

hold the other.

Advantages of both.

" ! #

Possible applications



17/23

If theyre so great, why doesnt anyone use them?

The client support is still lacking. While you can in most cases send coins toamultisignature address, you cant create them, or watch them from the GUI.To learn how they work and how to use them, you need to invest substantial amountsof time.

In order to create certain online services utilizing multisig addresses, aside from serverbackend you also have to create a secure javascript utilizing encryption, Bitcoin address

generation, transaction handling, and more. This is... non-trivial.

Even the command line usage isnt very straightforward...



18/23

Part 2: Spending coins from multisig wallet

Create a transaction draft using createrawtransactionJSON-RPC command

Sign the resulting transaction data with one of private keys, utilizingsignrawtransactioncommand

You need to provide it with correct details, which may include: public key andredeem script (say what?)

Pass partially signed transaction data to other party, which repeats this process.

Finally, you broadcast the transaction to the network (usingsendrawtransactionor another means)



19/23

DEMO!



20/23

$

The future of Bitcoin, available now

Developers

Make apps and services you create support multisignature

transactions. You could be the first one!

!

Users

Ask your service provider about the multisig support to

encourage them to implement that!



21/23

Its already working

After the BitMarket.eu fiasco earlier this year I knew the only way to make aprofitable service is to make something really unique in terms of technology.

Enter Bitalo

Online exchange andwallet service utilizing

multisig addresses.

Malware-proof 2-factorauthentication.

Launching next week.*

* invite-only beta first



22/23

Any

QUESTIONS?

No, I dont know wheres Waldo.

R

% Give me your best shot



23/23

YOUfor listening

&

THANK

Check us out at: www.bitalo.com
http://www.bitalo.com/http://www.bitalo.com/

Secure Bitcoin Services

Documents

Transcript of Secure Bitcoin Services