Store and Use Bitcoins

How to store and use Bitcoins

• To spend a Bitcoin need to know two main things
– Some information stored on the public blockchain
• identity of the coins
– Secret key of the owner of the Bitcoin
• Is it true?
– If bitcoins are stored in wallets, if you copied in your wallet then you’d
own double the number of bitcoins
– Acutally, you are cloning your Private keys not the bitcoins
• Which one stored in blockchain: Bitcoin or Ownership of bitcoin
– Ownership of bitcoin: Storing the bitcoin is nothing but storing keys
• Important preconditions to use Bitcoins:
– Availability: Able to spend your own money when you want to
– Security: Nobody else can spend your money
– convenience: Process must be relatively simple and don't cost too
much
 Possible approaches to store the keys
• Digital Wallet
– Store the keys on a local device, such as a computer, a phone
• + convenience: the money could be accessible just pushing a
button
• - availability: if the device crashes or you lose it, the money is lost
with it
• - security: if someone manages to break into the device the
security is broken. It's just as safe as carrying money in the pocket.
• Paper Wallet: Store your keys in the paper
• How will you solve these issues?
– Use Wallets: Software wallets or Hardware wallets
 Software Wallet
• + convenience:
– Keeps track of the money
– provides a nice user interface.
– Higher level of anonymity or privacy - Using a whole bunch of different
keys and addresses.
– Automatically store and manage them
– To receive money - Provide the third party an address belonging to
your wallet through a string or a QR Code.
• + availability:
– Possible to connect from every device with the personal account
• + security:
– If someone is able to break into the system, all the money can be
stolen.
– Typically more secure than a personal device.
 Types of Wallets: Software and
Hardware
• Software Wallets
– Create new Bitcoin addresses and store their corresponding private
keys
– Display your addresses to someone who wants to send you a payment
– Display how many bitcoins are in your addresses
– Make Bitcoin payments. Ex: Blockchain.info, Electrum, Jaxx and
Breadwallet
• Hardware Wallets
– Bitcoin wallets with hardware component wherein the private keys are
stored in chips on small handheld devices
– Only respond to certain pre-programmed requests
• For example, Sign this transaction request
– Private key is stored on hardware that is not connected to the internet
– Can communicate with the outside world only via a limited set of pre-
programmed interfaces. Ex: Trezor and Ledger Nano
 Software Wallets
• Address Creation
– Step 1: Generate some randomness and use it to pick a
number from 1 to 2256-1 (private key).
– Step 2: Do some maths on it to generate a public key.
– Step 3: Hash public key twice to create Bitcoin address.
– Step 4: Save the private key and its corresponding address.
• Address Display
– When someone wants to send you bitcoins, you need to
tell them your address
• Encoded String: Ex:
1LfSBaySpe6UBw4NoH9VLSGmnPvujmhFXV
• QR code: Nothing but text, encoded in a visual way that
makes it easy for QR code scanners to read the code
and convert it back into text
 Software Wallets
• Account Balance
– Needs all the transactions going in and out of the addresses
– full node wallet
• storing the entire blockchain and keeping it up to date
• constantly connected over the internet to other Bitcoin nodes
– lightweight wallet
• connecting to a node elsewhere which does the heavy lifting
• Bitcoin Payments
– Wallets have the capability to know the account balances as well as
make payments
– Generates a bundle of data called a ‘transaction,’ which includes
• references to the coins that are going to be spent (transaction
inputs consisting of unspent outputs of previous transactions),
and
• Identity of the accounts the coins will be sent to (new outputs).
 Other features of Software Wallet
• Good wallet software has more functionality, including the ability to back up private keys
(encrypted with a passphrase) either to a user’s hard drive or to a cloud storage server
• Generate one-time use addresses for privacy
• Hold addresses and private keys for multiple cryptocurrencies
• Integrated with exchanges to allow users to convert between one cryptocurrency and
another directly from within the wallet software
• m of n ‘sharding’ or ‘splitting’ of a private key
– Allow you to split keys or set up addresses that require multiple digital signatures to
spend from
– 2-of-3 sharding where a private key is split into 3 parts, any 2 of which can be combined
to regenerate the original key
• Shamir’s secret sharing algorithm
• m of n ‘multi-sig’ addresses
– addresses that require multiple digital signatures to make payments from them
– multiple people need to sign or approve a transaction
 Hardware Wallets
• Bitcoin wallets with a hardware component where private keys are stored in
chips on small handheld devices
• User interface software for this hardware component is run on an online
machine.
• When it comes to the critical part of the transaction (the signing), the
unsigned transaction is sent to the hardware wallet, which returns the signed
transaction without revealing the private key
 Storage of Keys: Cold or Hot Storage
• Wallets are software which are used to create and share the addresses
with which the account balance and payments can be made.
– However, they need some storage to manage data such as private keys and addresses
• It may be either local storage in your PC or mobile phone or an online storage.

Cold Storage Hot Storage

Offline ( not connected to Online (connected to
internet) internet)
Similar to keep the money in Similar to keep the money in
safe wallet
Low availability High availability
Low convenience High Convenience
Hot
storage Cold storage

online offline

Available & archival but safer

convenient but risky
separate
keys
 Hot
storage Cold storage

online offline

hot secret key(s) payments cold secret key(s)

cold address(es) hot address(es)

 Hot
storage Cold storage

online

hot secret key(s) payments

cold address(es)

offline
 Storage of Keys: Cold or Hot Storage
• Is it possible to manage Bitcoins only with a cold storage?
– No! But it can be used together with a hot one to store the majority of
Bitcoins
– If you use both Hot and cold storage together:
• Keep separate addresses and keys for each
– BENEFIT: Coins in the cold storage will be safe even if the hot
storage is compromised
 Moving Bitcoins between hot and cold storage

• Each side knows its own secret key and the receiving address of the other side
• Even if the cold storage is offline most of the time, it sometimes needs to connect
– To transfer money and to check if its balance is changed.
• Scenario-1: Hot storage is operating whereas the cold storage is offline
– If the amount in the hot storage becomes too high:
• Move some coins from hot storage to cold storage using their own addresses
– If the amount in the hot storage becomes too low:
• Move some coins from cold storage to hot storage but how?
• Cold storage is offline
• Is there any real-world facility allows even if you are offline?
– Gmail generates a list of codes, take the printout and use these codes to login.
– Cold storage needs to go online, generate a list of addresses and transfer it to
Hot storage.
– Hot storage uses these addresses of cold storage to transfer money from it.
– Last two steps were done by Hierarchical Wallet.
 Hierarchical Wallet
• Allows the cold storage side to have an unbounded number of addresses and the hot side
knows these addresses vi a short, one time communication between the both sides.
• IMPORTANT - Regular key generate (generateKey) creates a public key (address) and a secret
key but with the key generation info it is possible to create a sequences of addresses instead
of just one without leaking the information regarding private keys
– address generation info
• apply genAddr operation to the address generation info and integer i, obtaining the ith address
– private key generation info
• apply genKey operation to the key generation info and integer i, obtaining the ith private key
– This split up enables the address generation in the Hot side and the private key generation in the
cold side
– ECDSA supports hierarchical key generation
• As long as the hot and cold side know the right sequence number, you can generate
addresses from the hot side and private keys on the cold side.
Hierarchical Wallet
• At the beginning the cold side does
the generateKeysHier operation
obtaining both the address and key
generation info.
• Then it pass the address generation
info to the hot side.
• So, now they're connected and
the two sides can generate
addresses or keys when
needed.
 How to store the key or a key generation info
in cold storage ?
• Digital Wallet
– Save it in phone or tablet
• If the device is stolen or broken, the keys get lost
• Brain Wallet
– encrypt the information with a password that we
must remember
• subject to all possible attacks against passwords
• Paper Wallet
– print the information and lock it up in a safe as 2D
barcode, QR code or a string in base 58 notations
• It can be stolen
 Split and share keys

• So far different ways of storing the private keys in a single place were discussed
– Problem: Single point of failure
– Solution: split and share keys to have more security.
• Secret Sharing – Split and Share the keys
– split the key in N pieces such that,
• given any K of those pieces, is possible to reconstruct the key.
• given fewer than K pieces, it is impossible to know anything about the original key.
– Example: N=2, K=2
• Step:1 – Choose the following
– large prime number P
– S is the secret and has to be in the range [0,P-1]
– R a random value, which is also in the range [0,P-1]
• Step:2 – Split the secret S as shown below
– X1 = (S+R) mod P
– X2= (S+2R) mod P
• Step:3 – Reconstruct S If both X1 and X2 are known:
– (2X1 - X2) mod P = (2S+2R-S-2R) mod P = S mod P = S
• How to increase N, with K=2
– take the 2D plane with X and Y
axis
– choose a random value R
– draw a line with slope R and
passing through the point (0,S)
– the shares will be the points on
the line (1, S+R), (2, S+2R), (3,
S+3R), ...
– Clearly it is possible to choose as
many shares as wanted, since
there's an infinite number of
points on the line
– Given any two points on a line, it
is possible to retrieve its
equations using the
interpolation, so K=2.
– Given just one point, it's
impossible to retrieve any
information about the line
– If we do this operation using the
arithmetic modulo a large prime
P, all we have said is still
applicable.
• How to increase K?
– To increase K, use functions that require more than two points to be defined
• Ex: For K=3, use a Quadratic function Y = R2 X2 + R1 X + S which requires two random
parameters R1 and R2
• Ex: K=4, use a Cubic function (increase a polynomial degree)
• Advantages of secret sharing
– Adversary
• needs to retrieve K shares in order to get back the secret key
• needs to break the security of different places K times
• Disadvantages of secret sharing
– To sign a transaction, we need to reconstruct the key bringing the shares
together
– If an attack happens at that time, it is easy get the secret key
• Using Multi-signature
– able to sign transactions without
needing to recontruct a single key
– possible to keep the shares apart
and sign the transactions using K
of those shares separately
• Example: Andrew, Arvind, Ed, and
Joseph are cofounders of a company
which owns a lot of Bitcoins. To
protect their storage they can
decide to use a multi-signature 3
out of 4 for their cold storage.
– Advantages
• the four key are kept separately and
with a different security. So that it is
quite difficult for an attacker to
retrieve 3 of them
• if one or two employees go rogue,
they're still not able to take
ownership of the money. The
majority is necessary to manage it
• in addition if one loses the key it is
still possible to manage the cold
storage and transfer the money to a
new place.