Designing Secure Bitcoin Wallets with

Multi-Signature Transactions

Johann Barbie

mail@johba.dewww.37coins.com

The Speaker

IBM, 5 years● Consultant,

Security & Scaling

- Johann Barbie Engineer

Tree Planet, 1 year ● Team Leader,

Web Development

37 Coins, Since 2013● Co-Founder

Agenda

BITCOIN

1 2 3 4 5the

Inventionthe

Currencyon

Androidthe

Technologyon

SMS

Byzantine General Problem

● Byzantium very rich!● greedy neighbours● Neighbours wish to invade

Byzantium● non strong enough by itself● Generals can send

unlimited messengers● Generals can not trust any

other general● How to agree on an attack

strategy?

G1G2

G3

G4G5

G6

● 2008 published paper○ based on torrent protocol○ based on pub key encryption○ use proof of work to

create network consensus● 2009 published open source software

○ birth of blockchain● 2010 last post in december

Bitcoin is not organization or company Bitcoin is a protocol based on mathematical rules

Satoshi Nakamoto

Blockchain

private key

public key

Transaction

Wallet

sign with private key

Icons by Olivier Guin from The Noun Project

In 1993, the cartoon below appeared with the caption,

"On the Internet, no one knows you're a dog,"

and was widely circulated.

An Invention like the Internet

Trust and Access

World Financial System

BitcoinVS

Access to Banking

1.7 Bn

7 Bn

Icons by Olivier Guin from The Noun Project

Free Currency

Free Currency

Free Currency

● Fee depends on size in kb● No government controls

Bitcoin is the money of the people

Only people?

"On the blockchain, no one knows you're a fridge"by @jonwaller

Price Development 2013

Bitcoin on Android

taken from Andreas Schildbach’s https://play.google.com/store/apps/details?id=de.schildbach.wallet

In App Payment

In-App Payments?

● Purchase of app content● Purchase of app features● Donations

Alternative to Google Play, Flattr, PayPal, ...

taken from Andreas Schildbach’s http://schildbach.de/talks/bitcoin-inapp-payments/

Sending the Request

class de.schildbach.wallet.integration.android.BitcoinIntegration

/*

* Request specific amount of Bitcoins from user,

* without feedback from the app.

*/

static void request(Context context, String address, long amount);

/*

* Request specific amount of Bitcoins from user,

* with feedback from the app.

*/

static void requestForResult(Activity activity, int requestCode, String address, long amount);

taken from Andreas Schildbach’s http://schildbach.de/talks/bitcoin-inapp-payments/

Behind the Scenes

Intent sent to Bitcoin app action = android.intent.action.VIEW data = bitcoin:1PZmMahjbfsTy6DsaRyfStzoWTPppWwDnZ?amount=0.1

URL formatted to BIP21 standard (BIP = Bitcoin Improvement Proposal)

Result returned to calling app resultCode = OK|CANCELED extras[transaction_hash] = c8a9e036ecbbe75c...

taken from Andreas Schildbach’s http://schildbach.de/talks/bitcoin-inapp-payments/

Get the Code

● git clone https://code.google.com/p/bitcoin-wallet/

● Cd to integration-android subproject.

● mvn clean install

● or just copy & paste the BitcoinIntegration class to your project.

Also have a look at sample-integration-android demo app.taken from Andreas Schildbach’s http://schildbach.de/talks/bitcoin-inapp-payments/

ePOSEscrowCustomer Rewards

Android, ScalableCustomer Service IntegrationExchange API IntegrationMulti-factor AuthentificationMulti-signature Transactions

Internet Cellular Network

Gateway Merchant

37Coins - Gateway and ePOS

Multi-Signature Transaction

pay to address:

Icons by Olivier Guin from The Noun Project

1 unique key

1 key to unlock

pay to script:

m unique key

n key to unlock

System Overview

Q&A

Thank you!Contact:

@johbamail@johba.de

https://www.37coins.comhttps://bitfinger.org