it's time to end the cold storage ice age and adopt multi-sig
TRANSCRIPT
IT’S TIME TO END THE COLD STORAGE ICE AGE AND ADOPT MULTI-SIG
Inside Bitcoins Las VegasOctober 7, 2014
Will O’Brien@willobrien
© 2014 BitGo, Inc.@BitGoInc
COPYRIGHT © 2014 BITGO, INC. 2
Who Am I?
• Will O’Brien• CEO & Co-Founder of BitGo• FinTech, trading platforms and capital markets• Startups and mid-size companies in consumer,
payments, video games, and media• Computer Science, Harvard; MBA, MIT Sloan• Obsessed with Bitcoin since 2012
Copyright © 2014 BitGo, Inc.3
BitGo: Securing the World’s Bitcoin
Leading Bitcoin security platform and pioneer in multi-sig technologyLaunched the world’s first multi-sig wallet in August 2013
$14m in total funding from veteran investors and finance luminaries
Our products:
• BitGo Enterprise
• Platform API/SDK
Copyright © 2014 BitGo, Inc.4
What Types of Customers Use BitGo?
Why They Choose BitGo:Family office
investors
Hedge funds
Bitcoin miners
eCommerce companies
Marketplaces
Exchanges
• Secure storage & transactions
• Corporate treasury policies
• Multi-user wallets• Financial reporting &
audit capabilities
5 Copyright © 2014 BitGo, Inc.
“This is the year of the multi-signature wallet.” -- Gavin Andresen, chief scientist of the Bitcoin Foundation, May 2014
6 Copyright © 2014 BitGo, Inc.
0.831% source: p2sh.info
% of all bitcoins stored in multi-sig wallets
7
“$1.2M hack shows why you should never store bitcoin on the internet.”
“From treasure to trash: Man tosses out bitcoin wallet on hard drive worth $9 million.”
“To achieve wider adoption, bitcoin needs to address significant issues related to security…Mt. Gox was like a bank storing valuables in the lobby entrance.”
“Some see the security issues as teething pains, but it is possible that the security of the core transactions technology will be outweighed by the insecurity around the core...almost 10% of all Bitcoins have been stolen or seized as part of a criminal venture in the last year.”
We Know Security is a Fundamental Threat
Copyright © 2014 BitGo, Inc.
8
Does This Even Qualify as “Digital” Currency?
Copyright © 2014 BitGo, Inc.
The Bloomberg reporter opened up his paper wallet to show the private key, and, not too surprisingly, the funds were quickly stolen.“
”
9
We Need a Secure Bitcoin Ecosystem
Copyright © 2014 BitGo, Inc.
Financial Services Payment
Processing
Wallets & Vaults
Trading & Exchanges
Mining
Consumer Apps
10
Multi-Sig: The Digital Equivalent of a Safe Deposit Box
Copyright © 2014 BitGo, Inc.
19frDKN7XwWL2wwhz35as7PtRFcL4vCNYG
335Zc8furTKgD32bWewYwGYGai7sMrtKseMulti-sig!
Not multi-sig
11
Multi-Sig Solves the Trade-Off of Security and Ease of Use
Copyright © 2014 BitGo, Inc.
Security
Ease
of U
se
desktopwallets
low
low
high
high
multi-sigwallets
hosted wallets, vaults& exchanges
(single key cold storage)
offline storagepaper wallets
brain wallets
12
Single Key vs Multi-Sig Wallets
Single Key Threat Vector Multi-Sig Solution
Customer loses private key or password Recover wallet with Backup Key
Customer’s login credentials stolen 2-factor authentication and fraud detection
Server key stolen or service provider unavailable
Customer still has 2 keys and can transact directly on the blockchain
Malware, fraud or insider theft within customer’s organization
Service layer corporate treasury policies: spending limits, whitelisted addresses and secondary approvals
Copyright © 2014 BitGo, Inc.
18
Call to Action for the Industry:Embrace Multi-Sig as a Standard• Based on P2SH (BIP 16)• Build it internally or use a security platform provider
Key Tenets:• Funds held on blockchain in multi-sig, not in cold pools• Maintain independent auditing of holdings• Enable customer segregated accounts (where appropriate)• Set corporate treasury policies and protections• Leverage security of multi-institutional key distribution
– Use a 3rd party co-signer on transactions– Store backup key with a custodian
Copyright © 2014 BitGo, Inc.
20
Case Study: Enterprise Corporate HoldingsCustomer needs enterprise-grade security for its bitcoin holdings and outside auditor views
• Create a BitGo multi-sig wallet for your corporate holdings. Set low spending limits for additional security.
• Add officers as administrators on the wallet. Add members of the Finance team as spenders. Add outside auditors as view-only.
• Use reports for monthly financial statements.
BitGo, Inc. Confidential
Copyright © 2014 BitGo, Inc.21
Bank-Grade Software for Bitcoin
Multi-user enterprise wallets with network fraud detection, spending limits, whitelisted addresses, approval chains and financial reporting
Corporate Holdings Wallet
Accounts Payable Wallet
Marketing Dept. Wallet
Wallet purpose Primary holdings Pay suppliers and vendors
Advertising payments
Spending limit $100,000 $10,000 $5,000
Admins CEO, CFO, COO CFO, VP Finance, Dir. Accounting
CFO, VP Finance, VP Marketing
Spenders VP Finance Members of Finance and Accounting
teams
Members of Marketing team
Auditors Financial analyst, outside auditor
Financial analyst, outside auditor
Financial analyst, outside auditor
26
Case Study: Trading OperationsCustomer needs the ability to share wallets with pre-set rules to initiate transactions
• Create a unique BitGo wallet for each trading partner• Add your trading partner to the wallet to spend and approve transactions• Queue orders by depositing BTC in the wallet. When a price is hit, the
trader can withdraw from the wallet• Spending limits can be set to require secondary approval for large orders• Reconcile trades at end of period using BitGo reporting
BitGo, Inc. Confidential
COPYRIGHT © 2014 BITGO, INC. 27
Case Study: Multi-Sig Custodial Accounts
• Remittance• Escrow• Auctions• Real estate
28
After Multi-Sig: Future of Bitcoin Security
• BIP 32 HD (hierarchical deterministic) wallets
• Corporate treasury policies
• Industry standards for managing keys
• Hardware fobs and security modules
• Multi-institutional models of trading and settlement
Copyright © 2014 BitGo, Inc.
Read more….https://medium.com/@willobrien/its-time-to-end-the-cold-storage-ice-age-and-adopt-multi-sig-8589733c9fd6