@ -1,34 +1,35 @@
[[ch11]]
== Bitcoin Security
Securing bitcoin is challenging because bitcoin is not an abstract
reference to value, like a balance in a bank account. Bitcoin is very
Securing your bitcoins is challenging because bitcoins are
are not like a balance in a bank account. Your bitcoins are very
much like digital cash or gold. You've probably heard the expression,
"Possession is nine-tenths of the law." Well, in b itcoin, possession is
ten-tenths of the law. Possession of the keys to unlock the bitcoin is
"Possession is nine-tenths of the law." Well, in B itcoin, possession is
ten-tenths of the law. Possession of the keys to spend certain bitcoins is
equivalent to possession of cash or a chunk of precious metal. You can
lose it, misplace it, have it stolen, or accidentally give the wrong
amount to someone. In every one of these cases, users have no recourse,
just as if they dropped cash on a public sidewalk.
However, bitcoin has capabilities that cash, gold, and bank accounts do
not. A b itcoin wallet, containing your keys, can be backed up like any
However, the Bitcoin system has capabilities that cash, gold, and bank accounts do
not. A B itcoin wallet, containing your keys, can be backed up like any
file. It can be stored in multiple copies, even printed on paper for
hard-copy backup. You can't "back up" cash, gold, or bank accounts.
Bitcoin is different enough from anything that has come before that we
need to think about bitcoin security in a novel way too.
need to think about securing your bitcoins in a novel way too.
=== Security Principles
((("security", "security principles", id="Sprinc11")))((("decentralized
systems", "security of")))The core principle in b itcoin is
systems", "security of")))The core principle in B itcoin is
decentralization and it has important implications for security. A
centralized model, such as a traditional bank or payment network,
depends on access control and vetting to keep bad actors out of the
system. By comparison, a decentralized system like bitcoin pushes the
responsibility and control to the users. Because security of the network
is based on Proof-of-Work, not access control, the network can be open
and no encryption is required for bitcoin traffic.
system. By comparison, a decentralized system like Bitcoin pushes the
responsibility and control to the users. Because the security of the network
is based on independent verification, the network can be open
and no encryption is required for Bitcoin traffic (although encryption
can still be useful).
On a traditional payment network, such as a credit card system, the
payment is open-ended because it contains the user's private identifier
@ -43,61 +44,50 @@ when customer data is compromised, the customers are exposed to identity
theft and must take action to prevent fraudulent use of the compromised
accounts.
Bitcoin is dramatically different. A b itcoin transaction authorizes only
a specific value to a specific recipient and cannot be forged or
modified. It does not reveal any private information, such as the
Bitcoin is dramatically different. A B itcoin transaction authorizes only
a specific value to a specific recipient and cannot be forged.
It does not reveal any private information, such as the
identities of the parties, and cannot be used to authorize additional
payments. Therefore, a b itcoin payment network does not need to be
payments. Therefore, a B itcoin payment network does not need to be
encrypted or protected from eavesdropping. In fact, you can broadcast
bitcoin transactions over an open public channel, such as unsecured WiFi
or Bluetooth, with no loss of security.
Bitcoin's decentralized security model puts a lot of power in the hands
of the users. With that power comes responsibility for maintaining the
secrecy of the keys. For most users that is not easy to do, especially
secrecy of their keys. For most users that is not easy to do, especially
on general-purpose computing devices such as internet-connected
smartphones or laptops. Although b itcoin's decentralized model prevents
smartphones or laptops. Although B itcoin's decentralized model prevents
the type of mass compromise seen with credit cards, many users are not
able to adequately secure their keys and get hacked, one by one.
==== Developing Bitcoin Systems Securely
((("decentralized systems", "bitcoin as")))The most important principle
for b itcoin developers is decentralization. Most developers will be
for B itcoin developers is decentralization. Most developers will be
familiar with centralized security models and might be tempted to apply
these models to their b itcoin applications, with disastrous results.
these models to their B itcoin applications, with disastrous results.
Bitcoin's security relies on decentralized control over keys and on
independent transaction validation by min ers. If you want to leverage
b itcoin's security, you need to ensure that you remain within the
b itcoin security model. In simple terms: don't take control of keys away
from users and don't take transactions off the blockchai n.
independent transaction validation by us ers. If you want to leverage
B itcoin's security, you need to ensure that you remain within the
B itcoin security model. In simple terms: don't take control of keys away
from users and don't outsource validatio n.
For example, many early b itcoin exchanges concentrated all user funds in
For example, many early B itcoin exchanges concentrated all user funds in
a single "hot" wallet with keys stored on a single server. Such a design
removes control from users and centralizes control over keys in a single
system. Many such systems have been hacked, with disastrous consequences
for their customers.
((("transactions", "off blockchain")))((("off-blockchain
transactions")))Another common mistake is to take transactions "off
blockchain" in a misguided effort to reduce transaction fees or
accelerate transaction processing. An "off blockchain" system will
record transactions on an internal, centralized ledger and only
occasionally synchronize them to the Bitcoin blockchain. This practice,
again, substitutes decentralized bitcoin security with a proprietary and
centralized approach. When transactions are off blockchain, improperly
secured centralized ledgers can be falsified, diverting funds and
depleting reserves, unnoticed.
Unless you are prepared to invest heavily in operational security,
multiple layers of access control, and audits (as the traditional banks
do) you should think very carefully before taking funds outside of
b itcoin's decentralized security context. Even if you have the funds and
Bitcoin's decentralized security context. Even if you have the funds and
discipline to implement a robust security model, such a design merely
replicates the fragile model of traditional financial networks, plagued
by identity theft, corruption, and embezzlement. To take advantage of
b itcoin's unique decentralized security model, you have to avoid the
Bitcoin's unique decentralized security model, you have to avoid the
temptation of centralized architectures that might feel familiar but
ultimately subvert bitcoin's security.
@ -123,12 +113,12 @@ operating system to higher-level system services, and finally across
many servers layered in concentric circles of diminishing trust.
((("mining and consensus", "security and consensus")))Bitcoin security
architecture is different. In b itcoin, the consensus system creates a
architecture is different. In B itcoin, the consensus system creates a
trusted public ledger that is completely decentralized. A correctly
validated blockchain uses the genesis block as the root of trust,
building a chain of trust up to the current block. Bitcoin systems can
and should use the blockchain as their root of trust. When designing a
complex b itcoin application that consists of services on many different
complex B itcoin application that consists of services on many different
systems, you should carefully examine the security architecture in order
to ascertain where trust is being placed. Ultimately, the only thing
that should be explicitly trusted is a fully validated blockchain. If
@ -141,12 +131,12 @@ under the control of a malicious actor. Take each component of your
application, in turn, and assess the impacts on the overall security if
that component is compromised. If your application is no longer secure
when components are compromised, that shows you have misplaced trust in
those components. A b itcoin application without vulnerabilities should
be vulnerable only to a compromise of the b itcoin consensus mechanism,
those components. A B itcoin application without vulnerabilities should
be vulnerable only to a compromise of the B itcoin consensus mechanism,
meaning that its root of trust is based on the strongest part of the
b itcoin security architecture.
B itcoin security architecture.
The numerous examples of hacked b itcoin exchanges serve to underscore
The numerous examples of hacked B itcoin exchanges serve to underscore
this point because their security architecture and design fails even
under the most casual scrutiny. These centralized implementations had
invested trust explicitly in numerous components outside the Bitcoin
@ -166,7 +156,7 @@ constantly exposed to external threats via always-on internet
connections. They run thousands of software components from hundreds of
authors, often with unconstrained access to the user's files. A single
piece of rogue software, among the many thousands installed on your
computer, can compromise your keyboard and files, stealing any bitcoin
computer, can compromise your keyboard and files, stealing any bitcoins
stored in wallet applications. The level of computer maintenance
required to keep a computer virus-free and trojan-free is beyond the
skill level of all but a tiny minority of computer users.
@ -185,17 +175,17 @@ we have seen ever-escalating thefts. Bitcoin escalates this problem
because it doesn't need to be fenced or laundered; it is intrinsic value
within a digital asset.
Fortunately, b itcoin also creates the incentives to improve computer
B itcoin also creates the incentives to improve computer
security. Whereas previously the risk of computer compromise was vague
and indirect, b itcoin makes these risks clear and obvious. Holding
bitcoin on a computer serves to focus the user's mind on the need for
and indirect, B itcoin makes these risks clear and obvious. Holding
bitcoins on a computer serves to focus the user's mind on the need for
improved computer security. As a direct result of the proliferation and
increased adoption of b itcoin and other digital currencies, we have seen
increased adoption of B itcoin and other digital currencies, we have seen
an escalation in both hacking techniques and security solutions. In
simple terms, hackers now have a very juicy target and users have a
clear incentive to defend themselves.
Over the past three years, as a direct result of b itcoin adoption, we
Over the past three years, as a direct result of B itcoin adoption, we
have seen tremendous innovation in the realm of information security in
the form of hardware encryption, key storage and hardware wallets,
multisignature technology, and digital escrow. In the following sections
@ -208,54 +198,51 @@ wallets")))((("wallets", "types of", "paper wallets")))((("paper
wallets", see="also wallets")))Because most users are far more
comfortable with physical security than information security, a very
effective method for protecting bitcoin is to convert them into physical
form. Bitcoin keys are nothing more than long numbers. This means that
form. Bitcoin keys, and the seeds used to create them, are nothing more than long numbers. This means that
they can be stored in a physical form, such as printed on paper or
etched on a metal coin. Securing the keys then becomes as simple as
physically securing the printed copy of the bitcoin keys. A set of
bitcoin keys that is printed on paper is called a "paper wallet," and
there are many free tools that can be used to create them. I personally
keep the vast majority of my bitcoin (99% or more) stored on paper
wallets, encrypted with BIP-38, with multiple copies locked in safes.
((("cold storage")))((("storage", "cold storage")))Keeping bitcoin
physically securing a printed copy of the key seed. A seed
that is printed on paper is called a "paper backup," and
many wallets can create them.
Keeping bitcoins
offline is called _cold storage_ and it is one of the most effective
security techniques. A cold storage system is one where the keys are
generated on an offline system (one never connected to the internet) and
stored offline either on paper or on digital media, such as a USB memory
stick.
==== Hardware Wallet s
==== Hardware Signing Device s
((("wallets", "types of", "hardware wallets")))((("hardware
wallets")))In the long term, bitcoin security increasingly will take the
form of hardware tamper-proof wallets. Unlike a smartphone or desktop
computer, a bitcoin hardware wallet has just one purpose: to hold
bitcoin securely. Without general-purpose software to compromise and
with limited interfaces, hardware wallets can deliver an almost
foolproof level of security to nonexpert users. I expect to see hardware
wallets become the predominant method of bitcoin storage. For an example
of such a hardware wallet, see the https://trezor.io/[Trezor].
((("hardware
signing devices")))In the long term, Bitcoin security may increasingly take the
form of tamper-proof hardware signing devices. Unlike a smartphone or desktop
computer, a Bitcoin hardware signing device has just one purpose: to hold
keys securely. Without general-purpose software to compromise and
with limited interfaces, hardware signing devices can deliver an almost
foolproof level of security to nonexpert users. Hardware
signing devices may become the predominant method of bitcoin storage.
==== Balancing Risk
((("risk, balancing and diversifying", seealso="security")))Although
most users are rightly concerned about bitcoin theft , there is an even
bigger risk. Data files get lost all the time. If they contain bitcoin ,
the loss is much more painful. In the effort to secure their b itcoin
most users are rightly concerned about theft of thir bitcoins , there is an even
bigger risk. Data files get lost all the time. If they contain Bitcoin keys ,
the loss is much more painful. In the effort to secure their B itcoin
wallets, users must be very careful not to go too far and end up losing
the bitcoin. In July 2011, a well-known b itcoin awareness and education
their bitcoins. In July 2011, a well-known B itcoin awareness and education
project lost almost 7,000 bitcoin. In their effort to prevent theft, the
owners had implemented a complex series of encrypted backups. In the end
they accidentally lost the encryption keys, making the backups worthless
and losing a fortune. Like hiding money by burying it in the desert, if
you secure your bitcoin too well you might not be able to find it again.
you secure your bitcoins too well you might not be able to find it again.
==== Diversifying Risk
Would you carry your entire net worth in cash in your wallet? Most
people would consider that reckless, yet b itcoin users often keep all
their bitcoin in a single wallet. Instead, users should spread the risk
among multiple and diverse bitcoin wallet s. Prudent users will keep only
a small fraction, perhaps less than 5%, of their bitcoin in an online or
people would consider that reckless, yet B itcoin users often keep all
their bitcoin us ing a single wallet application . Instead, users should spread the risk
among multiple and diverse Bitcoin application s. Prudent users will keep only
a small fraction, perhaps less than 5%, of their bitcoins in an online or
mobile wallet as "pocket change." The rest should be split between a few
different storage mechanisms, such as a desktop wallet and offline (cold
storage).
@ -284,10 +271,10 @@ Bitcoin users are told to use complex passwords and keep their keys
secure and private, not sharing them with anyone. Unfortunately, that
practice makes it almost impossible for the user's family to recover any
funds if the user is not available to unlock them. In most cases, in
fact, the families of b itcoin users might be completely unaware of the
fact, the families of B itcoin users might be completely unaware of the
existence of the bitcoin funds.
If you have a lot of bitcoin, you should consider sharing access details
If you have a lot of bitcoins , you should consider sharing access details
with a trusted relative or lawyer. A more complex survivability scheme
can be set up with multi-signature access and estate planning through a
lawyer specialized as a "digital asset executor."((("",
@ -297,5 +284,5 @@ startref="Suser11")))((("", startref="UCsecurity11")))
Bitcoin is a completely new, unprecedented, and complex technology. Over
time we will develop better security tools and practices that are easier
to use by nonexperts. For now, b itcoin users can use many of the tips
discussed here to enjoy a secure and trouble-free b itcoin experience.
to use by nonexperts. For now, B itcoin users can use many of the tips
discussed here to enjoy a secure and trouble-free B itcoin experience.
David A. Harding
12 months ago