CH11: edits for consistency with rest of the book

- s/bitcoin/Bitcoin/ when appropriate
- Proof of work is only part of security
- Mining is separate from verificatino
- Kill BIP38 encrypted private keys section (mention seeds instead)

ch11.asciidoc

@@ -1,34 +1,35 @@
 [[ch11]]
 == Bitcoin Security
 
-Securing bitcoin is challenging because bitcoin is not an abstract
+Securing your bitcoins is challenging because bitcoins are
-reference to value, like a balance in a bank account. Bitcoin is very
+are not like a balance in a bank account. Your bitcoins are very
 much like digital cash or gold. You've probably heard the expression,
-"Possession is nine-tenths of the law." Well, in bitcoin, possession is
+"Possession is nine-tenths of the law." Well, in Bitcoin, possession is
-ten-tenths of the law. Possession of the keys to unlock the bitcoin is
+ten-tenths of the law. Possession of the keys to spend certain bitcoins is
 equivalent to possession of cash or a chunk of precious metal. You can
 lose it, misplace it, have it stolen, or accidentally give the wrong
 amount to someone. In every one of these cases, users have no recourse,
 just as if they dropped cash on a public sidewalk.
 
-However, bitcoin has capabilities that cash, gold, and bank accounts do
+However, the Bitcoin system has capabilities that cash, gold, and bank accounts do
-not. A bitcoin wallet, containing your keys, can be backed up like any
+not. A Bitcoin wallet, containing your keys, can be backed up like any
 file. It can be stored in multiple copies, even printed on paper for
 hard-copy backup. You can't "back up" cash, gold, or bank accounts.
 Bitcoin is different enough from anything that has come before that we
-need to think about bitcoin security in a novel way too.
+need to think about securing your bitcoins in a novel way too.
 
 === Security Principles
 
 ((("security", "security principles", id="Sprinc11")))((("decentralized
-systems", "security of")))The core principle in bitcoin is
+systems", "security of")))The core principle in Bitcoin is
 decentralization and it has important implications for security. A
 centralized model, such as a traditional bank or payment network,
 depends on access control and vetting to keep bad actors out of the
-system. By comparison, a decentralized system like bitcoin pushes the
+system. By comparison, a decentralized system like Bitcoin pushes the
-responsibility and control to the users. Because security of the network
+responsibility and control to the users. Because the security of the network
-is based on Proof-of-Work, not access control, the network can be open
+is based on independent verification, the network can be open
-and no encryption is required for bitcoin traffic.
+and no encryption is required for Bitcoin traffic (although encryption
+can still be useful).
 
 On a traditional payment network, such as a credit card system, the
 payment is open-ended because it contains the user's private identifier
@@ -43,61 +44,50 @@ when customer data is compromised, the customers are exposed to identity
 theft and must take action to prevent fraudulent use of the compromised
 accounts.
 
-Bitcoin is dramatically different. A bitcoin transaction authorizes only
+Bitcoin is dramatically different. A Bitcoin transaction authorizes only
-a specific value to a specific recipient and cannot be forged or
+a specific value to a specific recipient and cannot be forged.
-modified. It does not reveal any private information, such as the
+It does not reveal any private information, such as the
 identities of the parties, and cannot be used to authorize additional
-payments. Therefore, a bitcoin payment network does not need to be
+payments. Therefore, a Bitcoin payment network does not need to be
 encrypted or protected from eavesdropping. In fact, you can broadcast
 bitcoin transactions over an open public channel, such as unsecured WiFi
 or Bluetooth, with no loss of security.
 
 Bitcoin's decentralized security model puts a lot of power in the hands
 of the users. With that power comes responsibility for maintaining the
-secrecy of the keys. For most users that is not easy to do, especially
+secrecy of their keys. For most users that is not easy to do, especially
 on general-purpose computing devices such as internet-connected
-smartphones or laptops. Although bitcoin's decentralized model prevents
+smartphones or laptops. Although Bitcoin's decentralized model prevents
 the type of mass compromise seen with credit cards, many users are not
 able to adequately secure their keys and get hacked, one by one.
 
 ==== Developing Bitcoin Systems Securely
 
 ((("decentralized systems", "bitcoin as")))The most important principle
-for bitcoin developers is decentralization. Most developers will be
+for Bitcoin developers is decentralization. Most developers will be
 familiar with centralized security models and might be tempted to apply
-these models to their bitcoin applications, with disastrous results.
+these models to their Bitcoin applications, with disastrous results.
 
 Bitcoin's security relies on decentralized control over keys and on
-independent transaction validation by miners. If you want to leverage
+independent transaction validation by users. If you want to leverage
-bitcoin's security, you need to ensure that you remain within the
+Bitcoin's security, you need to ensure that you remain within the
-bitcoin security model. In simple terms: don't take control of keys away
+Bitcoin security model. In simple terms: don't take control of keys away
-from users and don't take transactions off the blockchain.
+from users and don't outsource validation.
 
-For example, many early bitcoin exchanges concentrated all user funds in
+For example, many early Bitcoin exchanges concentrated all user funds in
 a single "hot" wallet with keys stored on a single server. Such a design
 removes control from users and centralizes control over keys in a single
 system. Many such systems have been hacked, with disastrous consequences
 for their customers.
 
-((("transactions", "off blockchain")))((("off-blockchain
-transactions")))Another common mistake is to take transactions "off
-blockchain" in a misguided effort to reduce transaction fees or
-accelerate transaction processing. An "off blockchain" system will
-record transactions on an internal, centralized ledger and only
-occasionally synchronize them to the Bitcoin blockchain. This practice,
-again, substitutes decentralized bitcoin security with a proprietary and
-centralized approach. When transactions are off blockchain, improperly
-secured centralized ledgers can be falsified, diverting funds and
-depleting reserves, unnoticed.
-
 Unless you are prepared to invest heavily in operational security,
 multiple layers of access control, and audits (as the traditional banks
 do) you should think very carefully before taking funds outside of
-bitcoin's decentralized security context. Even if you have the funds and
+Bitcoin's decentralized security context. Even if you have the funds and
 discipline to implement a robust security model, such a design merely
 replicates the fragile model of traditional financial networks, plagued
 by identity theft, corruption, and embezzlement. To take advantage of
-bitcoin's unique decentralized security model, you have to avoid the
+Bitcoin's unique decentralized security model, you have to avoid the
 temptation of centralized architectures that might feel familiar but
 ultimately subvert bitcoin's security.
 
@@ -123,12 +113,12 @@ operating system to higher-level system services, and finally across
 many servers layered in concentric circles of diminishing trust.
 
 ((("mining and consensus", "security and consensus")))Bitcoin security
-architecture is different. In bitcoin, the consensus system creates a
+architecture is different. In Bitcoin, the consensus system creates a
 trusted public ledger that is completely decentralized. A correctly
 validated blockchain uses the genesis block as the root of trust,
 building a chain of trust up to the current block. Bitcoin systems can
 and should use the blockchain as their root of trust. When designing a
-complex bitcoin application that consists of services on many different
+complex Bitcoin application that consists of services on many different
 systems, you should carefully examine the security architecture in order
 to ascertain where trust is being placed. Ultimately, the only thing
 that should be explicitly trusted is a fully validated blockchain. If
@@ -141,12 +131,12 @@ under the control of a malicious actor. Take each component of your
 application, in turn, and assess the impacts on the overall security if
 that component is compromised. If your application is no longer secure
 when components are compromised, that shows you have misplaced trust in
-those components. A bitcoin application without vulnerabilities should
+those components. A Bitcoin application without vulnerabilities should
-be vulnerable only to a compromise of the bitcoin consensus mechanism,
+be vulnerable only to a compromise of the Bitcoin consensus mechanism,
 meaning that its root of trust is based on the strongest part of the
-bitcoin security architecture.
+Bitcoin security architecture.
 
-The numerous examples of hacked bitcoin exchanges serve to underscore
+The numerous examples of hacked Bitcoin exchanges serve to underscore
 this point because their security architecture and design fails even
 under the most casual scrutiny. These centralized implementations had
 invested trust explicitly in numerous components outside the Bitcoin
@@ -166,7 +156,7 @@ constantly exposed to external threats via always-on internet
 connections. They run thousands of software components from hundreds of
 authors, often with unconstrained access to the user's files. A single
 piece of rogue software, among the many thousands installed on your
-computer, can compromise your keyboard and files, stealing any bitcoin
+computer, can compromise your keyboard and files, stealing any bitcoins
 stored in wallet applications. The level of computer maintenance
 required to keep a computer virus-free and trojan-free is beyond the
 skill level of all but a tiny minority of computer users.
@@ -185,17 +175,17 @@ we have seen ever-escalating thefts. Bitcoin escalates this problem
 because it doesn't need to be fenced or laundered; it is intrinsic value
 within a digital asset.
 
-Fortunately, bitcoin also creates the incentives to improve computer
+Bitcoin also creates the incentives to improve computer
 security. Whereas previously the risk of computer compromise was vague
-and indirect, bitcoin makes these risks clear and obvious. Holding
+and indirect, Bitcoin makes these risks clear and obvious. Holding
-bitcoin on a computer serves to focus the user's mind on the need for
+bitcoins on a computer serves to focus the user's mind on the need for
 improved computer security. As a direct result of the proliferation and
-increased adoption of bitcoin and other digital currencies, we have seen
+increased adoption of Bitcoin and other digital currencies, we have seen
 an escalation in both hacking techniques and security solutions. In
 simple terms, hackers now have a very juicy target and users have a
 clear incentive to defend themselves.
 
-Over the past three years, as a direct result of bitcoin adoption, we
+Over the past three years, as a direct result of Bitcoin adoption, we
 have seen tremendous innovation in the realm of information security in
 the form of hardware encryption, key storage and hardware wallets,
 multisignature technology, and digital escrow. In the following sections
@@ -208,54 +198,51 @@ wallets")))((("wallets", "types of", "paper wallets")))((("paper
 wallets", see="also wallets")))Because most users are far more
 comfortable with physical security than information security, a very
 effective method for protecting bitcoin is to convert them into physical
-form. Bitcoin keys are nothing more than long numbers. This means that
+form. Bitcoin keys, and the seeds used to create them, are nothing more than long numbers. This means that
 they can be stored in a physical form, such as printed on paper or
 etched on a metal coin. Securing the keys then becomes as simple as
-physically securing the printed copy of the bitcoin keys. A set of
+physically securing a printed copy of the key seed. A seed
-bitcoin keys that is printed on paper is called a "paper wallet," and
+that is printed on paper is called a "paper backup," and
-there are many free tools that can be used to create them. I personally
+many wallets can create them.
-keep the vast majority of my bitcoin (99% or more) stored on paper
+Keeping bitcoins
-wallets, encrypted with BIP-38, with multiple copies locked in safes.
-((("cold storage")))((("storage", "cold storage")))Keeping bitcoin
 offline is called _cold storage_ and it is one of the most effective
 security techniques. A cold storage system is one where the keys are
 generated on an offline system (one never connected to the internet) and
 stored offline either on paper or on digital media, such as a USB memory
 stick.
 
-==== Hardware Wallets
+==== Hardware Signing Devices
 
-((("wallets", "types of", "hardware wallets")))((("hardware
+((("hardware
-wallets")))In the long term, bitcoin security increasingly will take the
+signing devices")))In the long term, Bitcoin security may increasingly take the
-form of hardware tamper-proof wallets. Unlike a smartphone or desktop
+form of tamper-proof hardware signing devices. Unlike a smartphone or desktop
-computer, a bitcoin hardware wallet has just one purpose: to hold
+computer, a Bitcoin hardware signing device has just one purpose: to hold
-bitcoin securely. Without general-purpose software to compromise and
+keys securely. Without general-purpose software to compromise and
-with limited interfaces, hardware wallets can deliver an almost
+with limited interfaces, hardware signing devices can deliver an almost
-foolproof level of security to nonexpert users. I expect to see hardware
+foolproof level of security to nonexpert users. Hardware
-wallets become the predominant method of bitcoin storage. For an example
+signing devices may become the predominant method of bitcoin storage.
-of such a hardware wallet, see the https://trezor.io/[Trezor].
 
 ==== Balancing Risk
 
 ((("risk, balancing and diversifying", seealso="security")))Although
-most users are rightly concerned about bitcoin theft, there is an even
+most users are rightly concerned about theft of thir bitcoins, there is an even
-bigger risk. Data files get lost all the time. If they contain bitcoin,
+bigger risk. Data files get lost all the time. If they contain Bitcoin keys,
-the loss is much more painful. In the effort to secure their bitcoin
+the loss is much more painful. In the effort to secure their Bitcoin
 wallets, users must be very careful not to go too far and end up losing
-the bitcoin. In July 2011, a well-known bitcoin awareness and education
+their bitcoins. In July 2011, a well-known Bitcoin awareness and education
 project lost almost 7,000 bitcoin. In their effort to prevent theft, the
 owners had implemented a complex series of encrypted backups. In the end
 they accidentally lost the encryption keys, making the backups worthless
 and losing a fortune. Like hiding money by burying it in the desert, if
-you secure your bitcoin too well you might not be able to find it again.
+you secure your bitcoins too well you might not be able to find it again.
 
 ==== Diversifying Risk
 
 Would you carry your entire net worth in cash in your wallet? Most
-people would consider that reckless, yet bitcoin users often keep all
+people would consider that reckless, yet Bitcoin users often keep all
-their bitcoin in a single wallet. Instead, users should spread the risk
+their bitcoin using a single wallet application. Instead, users should spread the risk
-among multiple and diverse bitcoin wallets. Prudent users will keep only
+among multiple and diverse Bitcoin applications. Prudent users will keep only
-a small fraction, perhaps less than 5%, of their bitcoin in an online or
+a small fraction, perhaps less than 5%, of their bitcoins in an online or
 mobile wallet as "pocket change." The rest should be split between a few
 different storage mechanisms, such as a desktop wallet and offline (cold
 storage).
@@ -284,10 +271,10 @@ Bitcoin users are told to use complex passwords and keep their keys
 secure and private, not sharing them with anyone. Unfortunately, that
 practice makes it almost impossible for the user's family to recover any
 funds if the user is not available to unlock them. In most cases, in
-fact, the families of bitcoin users might be completely unaware of the
+fact, the families of Bitcoin users might be completely unaware of the
 existence of the bitcoin funds.
 
-If you have a lot of bitcoin, you should consider sharing access details
+If you have a lot of bitcoins, you should consider sharing access details
 with a trusted relative or lawyer. A more complex survivability scheme
 can be set up with multi-signature access and estate planning through a
 lawyer specialized as a "digital asset executor."((("",
@@ -297,5 +284,5 @@ startref="Suser11")))((("", startref="UCsecurity11")))
 
 Bitcoin is a completely new, unprecedented, and complex technology. Over
 time we will develop better security tools and practices that are easier
-to use by nonexperts. For now, bitcoin users can use many of the tips
+to use by nonexperts. For now, Bitcoin users can use many of the tips
-discussed here to enjoy a secure and trouble-free bitcoin experience.
+discussed here to enjoy a secure and trouble-free Bitcoin experience.