Inside Bitcoins_AlanReiner

  • View

  • Download

Embed Size (px)



Text of Inside Bitcoins_AlanReiner

  • 1.Inside Bitcoins Conference, Dec 10-11, 2013Best Practices for Using and Securing Bitcoins 10 December, 2013Alan Reiner Founder & CEO Armory Technologies, Inc. Armory Technologies, Inc. 2013

2. List of Topics Introduction Bitcoin storage methods Bitcoin Basics The wedding of cryptography and money Security Practices The future of Bitcoin best practicesLearn to hold your own Bitcoins and let the power of decentralized money shine! Armory Technologies, Inc. 2013 3. Who Am I? Alan Reiner etotheipi on the Mathematician, Statistician, SW Developer, Perfectionist With a sprinkling of cryptography and data mining Have been part of the Bitcoin community since 2011 Contribute to documentation, standards, security discussions, etc, on the Development & Technical Discussion forum A huge nerd! (you have to be to do what I do) Sub-category: ultra-paranoid crypto-nerd Armory Technologies, Inc. 2013 4. What is Armory? Armory Bitcoin Wallet is a free, open-source desktop application for securing Bitcoins yourself One of four such applications featured on Known for security at all costs Sometimes convenience is one of those costs... Currently a tool tailored to advanced/power users Recently funded, will develop beginner's interface 5. What is Armory? Even after two years, Armory is still one of the only ways for non-experts to use cold storage Sign transactions from an air-gapped computer Also innovated many other features Multiple-wallet interface Wallets that only have to be backed up one time Printable paper backups (with fragmenting!) Not for Beginners! Need Bitcoin-Qt running in background (for security!) Need to download blockchain Lots of advanced featuresI created Armory because the best practices I wanted were not available elsewhere Armory Technologies, Inc. 2013 6. Bitcoin Basics Bitcoin has the potential to revolutionize payments The same way email changed written communications Bitcoin is complicated But it will get easier... hopefully Bitcoin creates both tremendous opportunities and tremendous risks Harness the opportunities, mitigate the risks: win-win Positive: Take control of your own money (and save)! Negative: Take control of your own money (and lose it)! (If you are using Bitcoin to remove third-parties from the equation, you have to take over the responsibilities of those third-parties!) Armory Technologies, Inc. 2013 7. It's Just a Baby The infrastructure around Bitcoin is still being built Relatively speaking, Bitcoin is still in its infancy Started only five years ago (2009) Relatively unknown for years Lots of venture capital flowing in to turn it into something much bigger Still a lot of soul-searching to do by the communityBitcoin may end up being the TCP/IP of money advanced payment systems will be built off of it, but only developers have to interact with it directly Armory Technologies, Inc. 2013 8. Why Bitcoin? Show me another payment system that you can pay someone $10,000,000 USD: To and from anywhere in the world 24/7 without restrictions Nearly instantaneously Irreversible With $0.00 in fees* Can't be frozen or seized (without direct access to your wallet) Bitcoin is not perfect, but it certainly is powerful! There is no other payment system like this! If only we could make it safe and usable... *Certain types of transactions may require fees, but it rarely exceeds $0.01 USD. Armory Technologies, Inc. 2013 9. Why Bitcoin? Decentralized Not controlled by any one entity: run by all users of the system simultaneously! Limited Supply There will only ever be 21,000,000.00000000 Bitcoins The entire schedule of Bitcoin generation was announced in 2009 and cannot be changed Predetermined inflation, no printing/debasing Secure! (theoretically) Built from standard, trusted crypto algorithms Bitcoin shares many of the same properties as gold (no one issues gold, the supply is limited, easy to identify, fungible, durable) Armory Technologies, Inc. 2013 10. Bitcoin Storage Options With Bitcoin, now data is money A 32-byte secret (private key) can control $millions Raises the stakes of computer and network security Money now stored directly on phone, computer, paper, etc Store Bitcoin yourself + Full control over your money + Cannot be seized or stolen if secured properly - It's easy to lose 32 bytes if you're careless! Let someone else hold your Bitcoin + -May be more diligent about security than you May hold BTC properly but use poor user auth Counterparty risk No Bitcoin insurance Armory Technologies, Inc. 2013 11. Third-Party Risk The history of Bitcoin is filled with users trusting third-parties to hold their money - Currently, there is no equivalent of FDIC for Bitcoin DateServiceService TypeBTC Lost / StolenJune 2011 Mt. GoxExchangeJune 2011 MyBitcoinWalletUSD Value (at time of loss)2,000$47,00079,000$1,100,000May 2012Bitcoinica (#1) Exchange38,000$91,000July 2012Bitcoinica (#2) Exchange40,000$305,000Sep 2012BitfloorExchange24,000$250,000Oct 2013Inputs.ioWallet4,100$1,200,000Nov 2013GBL (China)Exchange4,100$4,100,000Sometimes users get some of their own money back. Sometimes. Armory Technologies, Inc. 2013 12. Holding Your Own Bitcoin Holding your own is like harnessing fire Can be extremely useful... and dangerous! Keep your fires small until you are experienced Sometimes the biggest threat to users is themselves Users are not used to truly irrecoverable data! Not everyone makes backups No one expects their hardware to fail Educate yourself, learn the tools, learn the risks, and experiment (with small amounts) Armory Technologies, Inc. 2013 13. Holding Your Own (cont) Most users should not be holding life-changing amounts of Bitcoin themselves Most users should not be trusting third-parties to protect life-changing amounts of BTC for them Wait... so, what are users supposed to do ?!?Answer: Most users should not be putting lifechanging amounts of money into Bitcoin yet! Bitcoin is still the Wild West of money People like me are building safer tools & infrastructure But we're not done yet Armory Technologies, Inc. 2013 14. Cryptography & Bitcoin A Short, Non-Technical Introduction Armory Technologies, Inc. 2013 15. Public-Private Key Crypto On the internet, there are two main concerns: Privacy of communications (encrypt & decrypt) Authenticity of communications (sign & verify) Bitcoin protocol does not use encryption The Bitcoin protocol only uses authentication Are you authorized to move this money? All users create a private key (secret) and a public key (distributed) Armory Technologies, Inc. 2013 16. Public and Private Keys Think of Bitcoin as a decentralized, public bank - is like a bank account number- is the signing authority on that bank account All users make keypairs for account management - give to payers to deposit money in your account- keep it secret so only you can authorize payments A Bitcoin address is just a representation of a public key: Such as: 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa Armory Technologies, Inc. 2013 17. Example Network All Bitcoins have a public unlock condition Most coins have a simple unlock condition: provide a signature that verifies against a specified public key If you have the private key, you can create those signatures! (so your wallet includes them in your balance) Armory Technologies, Inc. 2013 18. A Bitcoin Transaction Bitcoin might make a lot more sense after this demo... Armory Technologies, Inc. 2013 19. Armory Technologies, Inc. 2013Initial Conditions Assume the Bitcoin network has 21 coins All coins are locked using public keys A, B and C (so far) Alice and Bob have all the private keys associated with those coins (and a couple extra unused keys) 20. Armory Technologies, Inc. 2013Bitcoin Transactions 21. Armory Technologies, Inc. 2013Bitcoin Transactions 22. Armory Technologies, Inc. 2013Who owns what? 23. Armory Technologies, Inc. 2013Payment Request Bob will request 4 BTC from Alice Bob's wallet will select unused private key E, and then create a payment address (based on the public key E) Bob sends the address to Alice requesting payment 24. Armory Technologies, Inc. 2013Create Transaction Alice's wallet selects some coins that she knows she can sign for (at least 4 BTC) She will use the 6 BTC associated with A (think of it like a $6 bill) Alice creates a transaction spending the 6 BTC She also selects an unused key (D) to send the 2 BTC back to herself (change) 25. Armory Technologies, Inc. 2013Bitcoin Transactions Alice uses private key A to sign the transaction The signature is mathematically linked to every detail of the transaction If the transaction changes at all, the signature will break (the math stops working) 26. Armory Technologies, Inc. 2013Bitcoin Transactions Alice broadcasts the transaction to the Bitcoin network Users of the network verify: The 6 BTC is unspent The sig corresponds to public key A The sig is valid for this particular transaction 27. Armory Technologies, Inc. 2013Final Condition The original 6-BTC bill is destroyed and 2 new bills totaling 6 BTC created All users update their databases 28. What Have We Learned? Private keys let you unlock and re-lock coins under other public keys (i.e. send to others) Public keys let you: Receive money See available coins/balance Transactions usually have 2 parts (payment & change) Signatures are mathematically linked to the signed data Handwritten sigs can be (maliciously) transplanted between documents, Bitcoin signatures can't be Wallets contain a lot of private keys Uses a new key for every receiving operations Armory Technologies, Inc. 2013 29. Cold Storage Now we can appreciate cold storage (aka offline wallets) Only public keys are required to receive payments and verify transactions Private keys are only required to move the coins It is possible to keep the private ke