bitcoin | Talkera

Private keys are used to spend transactions on the bitcoin blockchain. If they are not kept secure, an attacker can spend your bitcoins. It is nearly impossible to guess a private key or to bruteforce a private key (due to lack of computation power). Theft of bitcoin private keys have occured in the past usually by malware. What can be done against this? (scroll to bottom for a scientific paper)

Bitcoin uses a system called the Elliptic Curve Digital Signature Algorithm, also known as ECDSA, to sign a transactions. A bitcoin address is in fact the hash of a ECDSA public key. A public key is generated from a bitcoin private key, a private key usually being a 256-bit random number. Transactions can be signed with a bitcoin private key.

Multisig was proposed as one of the solutions to make the bitcoin system more secure. If you are unfamiliar with Multisig, read about it here. There is another proposal by a group from Princeton: they propose a threshold signature-based system which they argue could dramatically improve bitcoin security. The scheme is said to be compatible with Bitcoin’s ECDSA signatures and can be used for:

shared control of a wallet
secure bookkeeping, a Bitcoin-specic form of accountability
secure delegation of authority
two-factor security for personal wallets

Essentially it is a modified ECDSA signature generation scheme. The start and end of the algorithm remains the same, making usage of the scheme “invisible” from traditional bitcoin transactions. There is no source code released yet.

Paper link: http://www.cs.princeton.edu/~stevenag/bitcoin_threshold_signatures.pdf

Case: Multi-sig hardware bitcoin wallet

Money as a content type, stenography in practice

Transaction signing via audio modem tones

Enhanced security: Bitcoin private key splitter

Case is a multi-sig hardware bitcoin wallet made in the US. Their official website is http://choosecase.com/ beware there are some impostor sites out there trying to steal your bitcoins. The wallet aims to improve usability compared to the mobile bitcoin wallets, particularly the number of steps. The Case wallet has only three steps:

detects and reads the QR code
the screen shows you the amount and address
asking you to swipe your finger to confirm the transaction.

It take less time than swiping a credit card in the real world but for some online payments you would need to generate the QR code in case only the bitcoin address is shown.

The wallet is a 2-of-3 multi-sig wallet meaning you need 2 keys of 3 to initate a transaction. A good article on multisig is here. Multisig improves the security of the bitcoin system overall. A bitcoin private key is a very large number, which is impossible to guess because computers are very slow to try all of them. A private key is usually a 256-bit number, that’s 2^256 (~ 10^77). Some newer wallets may have numbers as large as 2*2²⁵⁶. One of the keys is embedded in the device. The second key is stored server-side, and is used if the fingerprint scan that was send with the swipe is a match. Fingerprints or biometrics are by no means an ideal security measure, as a security expert put it “Your fingerprint isn’t a secret; you leave it everywhere you touch”. Probably the device would have your fingerprints on them, but we think server-side there are some additional security measures. There’s always a trade-off between convenience and security, this seems reasonable. In case you lose the wallet, there is a third key (2-of-3 Multisig).

The device doesn’t piggy back off your phone for Internet access. It has a dedicated GSM chip and a multi-IMSI embedded SIM card that allows us to hop from carrier to carrier without roaming fees. That means you can carry the device around and make transactions anywhere near a telephone network.

A screenshot of the device internals was posted by the authors of the device: