17crypto_L12
Bitcoin Practicalities
Crypto & SecDev 2017 © Ron Poet: Lecture 12 1
Managing Keys
� The public key is a user’s ID.
�Contracts giving him bitcoins use a hash of the public
key. The hash makes it shorter.
� The secret key is necessary in order to spend the bitcoin.� The secret key is necessary in order to spend the bitcoin.
�The relevant transaction must be signed with the secret
key.
� It is usual to have a different key pair for each bitcoin or
fraction of a bitcoin.
�So that anonymity cannot be breached by matching
transactions.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 2
Key Aspects of Keys
� Availability: can use them when required.
� Security: no one can steal them.
� Convenience: easy to use.
� These requirements are contradictory.� These requirements are contradictory.
�Tradeoffs have to be made.
� Hot storage: available immediately but more at risk
� Cold storage: available off line.
� It must be possible to transfer between the two.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 3
Representing Keys
� A textual representation of a key uses base 58 arithmetic.
�Upper and lower case letter + digits, omitting I, l, 0,
and O, which can cause confusion.
�This is suitable for copying and pasting between �This is suitable for copying and pasting between
documents as well as writing down.
� A QR code.
�In common use with smartphone apps.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 4
Types of Wallet
� Wallets are apps contain bitcoins.
� They can be used for hot and cold storage.
� A user will typically have a hot and a cold wallet.
�The hot wallet for some money that is ready to spend.�The hot wallet for some money that is ready to spend.
�The cold wallet for the bulk of the money, to be kept
safely.
� One task of wallets is creating public and secret key pairs.
� An algorithm called Hierarchical Deterministic Wallets
can transfer keys between wallets in a safe manner.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 5
Brain Wallets
� Use a predictable algorithm to turn a pass-phrase into a key
pair.
�It generates the secret key and then the public key can
be derived from it using information that is kept secret.be derived from it using information that is kept secret.
� It is vulnerable to an offline pass-phrase guessing attack.
�Don’t use a pass-phrase that can be guessed.
� If you forget the pass-phrase your coins are lost forever.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 6
Other Wallets
� Paper wallet
�Print the keys out and keep the printout securely.
�If you lose the piece of paper . . .
� Tamper resistant device.� Tamper resistant device.
�Only you can open it.
� Online wallet
�You have to trust the company managing it.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 7
Composite Keys
� Sometimes it is useful to split a key into more than one
part.
� This makes it harder for a thief to steal it.
� Standard secret sharing and slitting algorithms can be used.� Standard secret sharing and slitting algorithms can be used.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 8
Bitcoin Exchanges
� You need to provide real money to buy your first bitcoin.
�Unless you are lucky enough to mine one.
� A bitcoin exchange will convert money to bitcoins.
�They will have another customer who wants to convert �They will have another customer who wants to convert
bitcoins to money.
� There will be no transfers on the blockchain.
�The exchange owns the bitcoins, and just allocates
them to different customers.
�There will need to be an initial blockchain transaction
to get started, and other transactions to keep a balance.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 9
Risks of Bitcoin Exchanges
� They are unregulated banks, with similar risks.
� A run on the bank.
�The value of bitcoin falls and everyone wants to cash
out at the same time.out at the same time.
�The value of the exchange’s bitcoins no longer covers
their real money liabilities.
� The owners might be crooks running a Ponzi scheme.
� The exchange might be hacked.
� In 2013 18 out of 40 exchanges failed for one of these
reasons.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 10
Payment Services
� Most merchants who accept bitcoins as payment want
them to be quickly converted into real money.
�Typically at the end of each day.
� This is handled by payment services, for a fee.
�The payment service absorbs all the risk.
�They will typically use bitcoin exchanges.
� There are currently about 15 million bitcoins in circulation.
Crypto & SecDev 2017 © Ron Poet: Lecture 12 11