JohnathanCorganCorganLabsJune2014

Copyright2014CorganLabs

IntroductiontoBitcoinWalletSoftware

June2014 2

TheBitcoinblockchainisledgeroftitletransfers

Titletonewlycreatedbitcoinisissuedtoasuccessfulminerasarewardforsecuringtheledger

Titletospecifiedamountscanthenbesignedovertootherbitcoinparticipantsthroughtransactionoutputs

Thesigning/transferprocess,inthesimplestcase,usestheprivatehalfofacryptographickeypairtoprovecontrolofapublicaddress

PossessionoftheseprivatekeysisallthatdecidesBTCownership

BitcoinADistributedLedger

25BTCCoinbaseTransaction 1FXLG...

Address

L3UhL...PrivateKey

15bZB...

Address

L16HZ... PrivateKey

10.1BTC

1LGck...

L3omo...PrivateKey

Address

14.9BTC

June2014 3

BitcoinATrustlessProtocol

HowdoesaBitcoinnodeknowthehistoryofacoin?

Every(full)nodeinBitcoinverifiestheintegrityandveracityofeverypieceofdatareceivedwithalocalcopyoftheblockchain

Rulesareenforcedbyignoringanythingthatfails

Thisisonekeytodistributedconsensus,withnocentralauthority(theotherbeingproofofwork)

Bitcoinlitenodescanuselowerresourceslocallybyhavingsometrustinthirdpartiesinthenetwork

Blockchain

Blockchain

Blockchain

June2014 4

SimplifiedPaymentVerification TheSPVtrustmodelallowsverificationoftransactions

usingamuchsmallersubsetoflocallystoreddata

Tradeoffisincreasedtrustinconnectednodes

Somepossiblelossoftransactionprivacy

SPVusesdownloadedcopiesofblockchainheadersandtransactiondatatoverifytransactionwasacceptedbybitcoinnetworksufficientlylongago

Resultsindramaticallysmallerlocaldatabase(hundredsofMBvs.tensofGB)

Basicallyassumesnetworkconnectionisnotcontrolledbyanattacker

SincetransactionsmustbequeriedbySPVnode,othernodescanlearnwhichtransactionsbelongtoit

June2014 5

WalletSoftwareFunctions

Generateandsecurecryptographickeypairs

ParticipateinBitcoinnetwork

Detect,verify,andprocessincomingtransactions

Create,sign,andbroadcastoutgoingtransactions

Maintainlocalinformationaboutstateofnetwork

Providebackupandrecoveryofkeys

Maintainaccountinginformationabouttransactions

Addressbookandlabels

Provideofflinestoragecapabilitiescoldwallets

June2014 6

BitcoinWalletTypes BitcoinFullNodes

BitcoinCore(BitcoinQT)

WalletOnly(Requiresfullnodeforinformation)

Armory

LiteNodes,usingSimplifiedPaymentVerification

Electrum

MultiBit

Mycelium

BitcoinWalletasaService(WebWallets)

Hybridservices(Blockchain.info)

Multisigbased(BitGo,GAit)

Purehosted(Coinbase,CoinKite)

June2014 7

ThingstoConsider

Wherearemyprivatekeysgenerated?

Wherearemyprivatekeysstored?

WhoorwhatdoIneedtotrust?

WhatresourcesdoIneedtousethiswalletsoftware/service?

Howeasyisitformetoseparatelongandshorttermbitcoin(i.e.,Savingsvs.Checking)?

Whathappensifthesoftwareauthororwebsitegoesaway?

Whathappensifthewebsiteiscompromised?

Whathappensiftheauthor/websiteisascammer?

June2014 8

BitcoinCore(BitcoinQT)

Original,referenceclientforBitcoinnetwork,desktopbased,opensource(C++)(Windows,Mac,Linux)

Implementsallnodefunctionsandprovidesbackboneofnetwork

Fullymaintainslocalblockchaincopy

Maintainsrandomlygeneratedcryptographickeypool

June2014 9

BitcoinArmory

Opensource(Python),desktopbasedwalletonlyusingblockchaincreatedbyBitcoinCore(Windows,Mac,Linux)

Providesdeterministickeygeneration,simplifyingbackup

Manyadvancedfeaturesforstorageandretrievalofkeys

Supportsoffline/onlinepairedoperation

June2014 10

ElectrumClient

Opensource(Python),desktopbasedlitenodeusing3rdpartyserversandSPVtrustmodel(Windows,Mac,Linux)

Verylightsoftwarefootprint

Supportsdeterministickeygenerationforeasierbackup

Supportsoffline/onlinepairedmode

June2014 11

MultiBitClient

Fullfeaturedopensource(Java)desktopbasedlitenodeusingSPVtrustmodel(Window,MacOS,Linux)

Usesrandomkeygeneration,deterministicindevelopment

Internallyusesbitcoinj,writtenbyMikeHearn

June2014 12

MyceliumClient

Opensource,mobilewalletusingSPVtrustmodel(Android)

Privatekeysarestoredonthephone,withencryptedbackupandoptionalPINbasedaccess

UsescryptographicprimitivesfromAndroidOSweakpoint

Convenientforholdingsmallamountsofspendingmoney

Notrecommendedforlongtermstorage

June2014 13

WalletasaService(WebWallets)

AllofthesefeaturesomedivisionoflaborbetweenalocalbrowserandanInternethostedwalletservice

Requiresvaryingdegreesoftrustintheowners/operatorsofservice

Sometimes,theseareoutrightscams

Importanttodeterminewhogeneratestheprivatekeys,whohascontroloverthem,andwhatvulnerabilitiesexistintheirimplementation

Thatsaid,thisisanarearipeforinnovationandmanynewcompaniesareforminginthisspace

Allowsfornewtypesofwallets(multisignature)andvalueaddedservices(e.g.,transactionlimits,accounting)

June2014 14

Blockchain.info

HybridservicethatusesdownloadedJavascripttogenerateprivatekeysandperformlocalsigningoftransactions

Hostsiteonlyhasaccesstoencryptedformofprivatekeys

AllotherfunctionsofthewalletaretrustedtobedonebyBlockchain.info'sservernetwork

Vulnerabletoserverandlocalbrowsercompromise

Easytouseoneitherdesktopormobile

June2014 15

GreenAddress.it

UsesBitcoinmultisignaturefeaturetoprovide2of2signaturereceivingaddressesgeneratedfromtwoprivatekeysonekeystoredonwebsite,oneinlocalwallet

Transactionsrequirebothkeysinordertosigntransfers

Futuretimelockedrefundtransactionssenttoclienttoallowrecoveryoffundsifwebsite/servicegoesaway

June2014 16

BitGo

Uses2of3multisignatureaddressesonekeyonserver,onekeyinclient,andonesafelystoredoffline

Normaltransactionscanbedonewithserverkeyandclientkey,but:

Ifservergoesaway,clientcanuselocalkeyandofflinestoredkeytorecoverfunds

Iflocalclient(e.g.,phone)islost,canuseserverkeyandofflinestoredkeytorecoverfunds

June2014 17

PureHostedServices

ServiceproviderssuchasCoinbaseandCoinKiteprovideahostedwalletwhereonecanpurchasebitcointhoughtransfersfromabankaccount

Withtheseservicetypes,youdonotownthebitcoininvolved.

Instead,youownaliabilityentryinthecompany'sbalancesheet,similartotraditionalbanking

Thisis,ofcourse,fineformanypeople...

...butwhyusebitcointhewayyou'duseatraditionalbank?

June2014 18

Summary

Bitcoinallowsyoutostoremoneyandtransactglobally,withno3rdpartyfinancialsystem

Goodnews:Thisallowsyoutomanageyourmoney

Badnews:Thisrequiresyoutomanageyourmoney

CreationandstorageofBitcoinprivatekeysistheheartofwalletsoftwarefunctionality

Possessionis100%ofthelaw

Choiceofwalletsoftwareisatradeoffbetweensecurity,trust,andconvenience

Fullnodevs.litenodevs.webhostedwalletvs.bitcoinbank

Thanksforyourtime!

June2014 19

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19