Empowering Employees through Active Engagement with Corgan - Webinar Slides
Bitcoin Wallets by Johnathan Corgan
description
Transcript of Bitcoin Wallets by Johnathan Corgan
-
JohnathanCorganCorganLabsJune2014
Copyright2014CorganLabs
IntroductiontoBitcoinWalletSoftware
-
June2014 2
TheBitcoinblockchainisledgeroftitletransfers
Titletonewlycreatedbitcoinisissuedtoasuccessfulminerasarewardforsecuringtheledger
Titletospecifiedamountscanthenbesignedovertootherbitcoinparticipantsthroughtransactionoutputs
Thesigning/transferprocess,inthesimplestcase,usestheprivatehalfofacryptographickeypairtoprovecontrolofapublicaddress
PossessionoftheseprivatekeysisallthatdecidesBTCownership
BitcoinADistributedLedger
25BTCCoinbaseTransaction 1FXLG...
Address
L3UhL...PrivateKey
15bZB...
Address
L16HZ... PrivateKey
10.1BTC
1LGck...
L3omo...PrivateKey
Address
14.9BTC
-
June2014 3
BitcoinATrustlessProtocol
HowdoesaBitcoinnodeknowthehistoryofacoin?
Every(full)nodeinBitcoinverifiestheintegrityandveracityofeverypieceofdatareceivedwithalocalcopyoftheblockchain
Rulesareenforcedbyignoringanythingthatfails
Thisisonekeytodistributedconsensus,withnocentralauthority(theotherbeingproofofwork)
Bitcoinlitenodescanuselowerresourceslocallybyhavingsometrustinthirdpartiesinthenetwork
Blockchain
Blockchain
Blockchain
-
June2014 4
SimplifiedPaymentVerification TheSPVtrustmodelallowsverificationoftransactions
usingamuchsmallersubsetoflocallystoreddata
Tradeoffisincreasedtrustinconnectednodes
Somepossiblelossoftransactionprivacy
SPVusesdownloadedcopiesofblockchainheadersandtransactiondatatoverifytransactionwasacceptedbybitcoinnetworksufficientlylongago
Resultsindramaticallysmallerlocaldatabase(hundredsofMBvs.tensofGB)
Basicallyassumesnetworkconnectionisnotcontrolledbyanattacker
SincetransactionsmustbequeriedbySPVnode,othernodescanlearnwhichtransactionsbelongtoit
-
June2014 5
WalletSoftwareFunctions
Generateandsecurecryptographickeypairs
ParticipateinBitcoinnetwork
Detect,verify,andprocessincomingtransactions
Create,sign,andbroadcastoutgoingtransactions
Maintainlocalinformationaboutstateofnetwork
Providebackupandrecoveryofkeys
Maintainaccountinginformationabouttransactions
Addressbookandlabels
Provideofflinestoragecapabilitiescoldwallets
-
June2014 6
BitcoinWalletTypes BitcoinFullNodes
BitcoinCore(BitcoinQT)
WalletOnly(Requiresfullnodeforinformation)
Armory
LiteNodes,usingSimplifiedPaymentVerification
Electrum
MultiBit
Mycelium
BitcoinWalletasaService(WebWallets)
Hybridservices(Blockchain.info)
Multisigbased(BitGo,GAit)
Purehosted(Coinbase,CoinKite)
-
June2014 7
ThingstoConsider
Wherearemyprivatekeysgenerated?
Wherearemyprivatekeysstored?
WhoorwhatdoIneedtotrust?
WhatresourcesdoIneedtousethiswalletsoftware/service?
Howeasyisitformetoseparatelongandshorttermbitcoin(i.e.,Savingsvs.Checking)?
Whathappensifthesoftwareauthororwebsitegoesaway?
Whathappensifthewebsiteiscompromised?
Whathappensiftheauthor/websiteisascammer?
-
June2014 8
BitcoinCore(BitcoinQT)
Original,referenceclientforBitcoinnetwork,desktopbased,opensource(C++)(Windows,Mac,Linux)
Implementsallnodefunctionsandprovidesbackboneofnetwork
Fullymaintainslocalblockchaincopy
Maintainsrandomlygeneratedcryptographickeypool
-
June2014 9
BitcoinArmory
Opensource(Python),desktopbasedwalletonlyusingblockchaincreatedbyBitcoinCore(Windows,Mac,Linux)
Providesdeterministickeygeneration,simplifyingbackup
Manyadvancedfeaturesforstorageandretrievalofkeys
Supportsoffline/onlinepairedoperation
-
June2014 10
ElectrumClient
Opensource(Python),desktopbasedlitenodeusing3rdpartyserversandSPVtrustmodel(Windows,Mac,Linux)
Verylightsoftwarefootprint
Supportsdeterministickeygenerationforeasierbackup
Supportsoffline/onlinepairedmode
-
June2014 11
MultiBitClient
Fullfeaturedopensource(Java)desktopbasedlitenodeusingSPVtrustmodel(Window,MacOS,Linux)
Usesrandomkeygeneration,deterministicindevelopment
Internallyusesbitcoinj,writtenbyMikeHearn
-
June2014 12
MyceliumClient
Opensource,mobilewalletusingSPVtrustmodel(Android)
Privatekeysarestoredonthephone,withencryptedbackupandoptionalPINbasedaccess
UsescryptographicprimitivesfromAndroidOSweakpoint
Convenientforholdingsmallamountsofspendingmoney
Notrecommendedforlongtermstorage
-
June2014 13
WalletasaService(WebWallets)
AllofthesefeaturesomedivisionoflaborbetweenalocalbrowserandanInternethostedwalletservice
Requiresvaryingdegreesoftrustintheowners/operatorsofservice
Sometimes,theseareoutrightscams
Importanttodeterminewhogeneratestheprivatekeys,whohascontroloverthem,andwhatvulnerabilitiesexistintheirimplementation
Thatsaid,thisisanarearipeforinnovationandmanynewcompaniesareforminginthisspace
Allowsfornewtypesofwallets(multisignature)andvalueaddedservices(e.g.,transactionlimits,accounting)
-
June2014 14
Blockchain.info
HybridservicethatusesdownloadedJavascripttogenerateprivatekeysandperformlocalsigningoftransactions
Hostsiteonlyhasaccesstoencryptedformofprivatekeys
AllotherfunctionsofthewalletaretrustedtobedonebyBlockchain.info'sservernetwork
Vulnerabletoserverandlocalbrowsercompromise
Easytouseoneitherdesktopormobile
-
June2014 15
GreenAddress.it
UsesBitcoinmultisignaturefeaturetoprovide2of2signaturereceivingaddressesgeneratedfromtwoprivatekeysonekeystoredonwebsite,oneinlocalwallet
Transactionsrequirebothkeysinordertosigntransfers
Futuretimelockedrefundtransactionssenttoclienttoallowrecoveryoffundsifwebsite/servicegoesaway
-
June2014 16
BitGo
Uses2of3multisignatureaddressesonekeyonserver,onekeyinclient,andonesafelystoredoffline
Normaltransactionscanbedonewithserverkeyandclientkey,but:
Ifservergoesaway,clientcanuselocalkeyandofflinestoredkeytorecoverfunds
Iflocalclient(e.g.,phone)islost,canuseserverkeyandofflinestoredkeytorecoverfunds
-
June2014 17
PureHostedServices
ServiceproviderssuchasCoinbaseandCoinKiteprovideahostedwalletwhereonecanpurchasebitcointhoughtransfersfromabankaccount
Withtheseservicetypes,youdonotownthebitcoininvolved.
Instead,youownaliabilityentryinthecompany'sbalancesheet,similartotraditionalbanking
Thisis,ofcourse,fineformanypeople...
...butwhyusebitcointhewayyou'duseatraditionalbank?
-
June2014 18
Summary
Bitcoinallowsyoutostoremoneyandtransactglobally,withno3rdpartyfinancialsystem
Goodnews:Thisallowsyoutomanageyourmoney
Badnews:Thisrequiresyoutomanageyourmoney
CreationandstorageofBitcoinprivatekeysistheheartofwalletsoftwarefunctionality
Possessionis100%ofthelaw
Choiceofwalletsoftwareisatradeoffbetweensecurity,trust,andconvenience
Fullnodevs.litenodevs.webhostedwalletvs.bitcoinbank
Thanksforyourtime!
-
June2014 19
Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19