Building Better Bitcoin Security

Imagine you just bought $100,000 worth of bitcoin.  How would you store it?

You could keep it in a hosted wallet, like CoinBase.  But hosted wallets are giant honeypots for hackers, and have been hacked dozens of times.  Until someone reputable offers insured deposits, hosted wallets are dangerous.

You could store your coins on your local machine.  But then any malware that compromises your computer can steal them.  And given the financial incentives, we can expect more such malware in the future.

Now imagine you’re a business, and you receive bitcoins and pay vendors in bitcoins.  How can you let Janet from accounting pay invoices, without exposing all you coins to theft from some inside job?

There are various techniques to mitigate these dangers, such offline transaction signing computers.  But these approaches have some shortcomings:

  • They involve single points of failure (i.e., someone with access to your offline machine can steal all your funds).
  • They are inconvenient (you need to dedicate a separate computer, and physically move a USB drive between devices to sign and then broadcast a transaction).
  • They don’t allow the flexibility needed for a multi-user business wallet, with various roles and policies.

My co-founder, Lucas Ryan, and I spent time thinking about how to build secure wallets for various use cases.  And we found that many approaches become easy to implement if there exists some third party that you can trust with signing transactions that fulfill certain policy conditions.

For instance, if you have a large personal stash of bitcoins, you might want a policy that states “let me spend up to 0.1 BTC per day.  If I try to spend more, alert me and allow 24 hours to cancel the transaction”.

Or if you’re a business, you might want a policy of “delay all transactions by 72 hours, and compile a report of pending transactions that I (the CEO) can review”.

The way a transaction works with a third party cosigner is you (the client) would initiate a transaction (partially signed with your key), and send it to the cosigner.  The cosigner takes whatever steps the policy logic dictates (such as alerting people and waiting a certain number of hours).  If all looks good, the cosigner will complete signing the transaction and then broadcast it.

This approach provides a distribution of trust.  For many security needs, it’s beneficial to keep some trusted information with a third party, to ensure you don’t lose everything if your own security credentials are compromised.

This idea — of a third party offering transaction cosigning as a service — was the inspiration behind TrustedCoin.

What’s cool is we can increase security directly in the block chain with multisig P2SH addresses.  We can’t steal anyone’s funds — all we do is sign transactions.

So if you’re looking to build secure wallet solutions, please look at our API documentation to see if we can help.  And don’t hesitate to  let us know what else we can do to make our service more useful.