Johnathan Corgan

Corgan Labs
June 2014
Copyright 2014 Corgan Labs
Introduction to
Bitcoin Wallet Software
June 2014 2

The Bitcoin blockchain is ledger of title transfers

Title to newly created bitcoin is issued to a successful miner as a

reward for securing the ledger

Title to specified amounts can then be signed over to other bitcoin

participants through transaction outputs

The signing/transfer process, in the simplest case, uses the private

half of a cryptographic keypair to prove control of a public address

Possession of these private keys is all that decides BTC ownership

Bitcoin - A Distributed Ledger
25 BTC Coinbase
Transaction
1FXLG...
Address
L3UhL...
Private
Key
15bZB...
Address
L16HZ...
Private
Key
10.1 BTC
1LGck...
L3omo...
Private
Key
Address
14.9 BTC
June 2014 3
Bitcoin A Trustless Protocol

How does a Bitcoin node know the history of a coin?

Every (full) node in Bitcoin verifies the integrity and

veracity of every piece of data received with a local copy of
the blockchain

Rules are enforced by ignoring anything that fails

This is one key to distributed consensus, with no central

authority (the other being proof-of-work)

Bitcoin lite nodes can use lower resources locally by

having some trust in third parties in the network
Blockchain
Blockchain
Blockchain
June 2014 4
Simplified Payment Verification

The SPV trust model allows verification of transactions

using a much smaller subset of locally stored data

Trade-off is increased trust in connected nodes

Some possible loss of transaction privacy

SPV uses downloaded copies of blockchain headers and

transaction data to verify transaction was accepted by
bitcoin network sufficiently long ago

Results in dramatically smaller local database (hundreds

of MB vs. tens of GB)

Basically assumes network connection is not controlled by

an attacker

Since transactions must be queried by SPV node, other

nodes can learn which transactions belong to it
June 2014 5
Wallet Software Functions

Generate and secure cryptographic key pairs

Participate in Bitcoin network

Detect, verify, and process incoming transactions

Create, sign, and broadcast outgoing transactions

Maintain local information about state of network

Provide backup and recovery of keys

Maintain accounting information about transactions

Address book and labels

Provide off-line storage capabilities - cold wallets

June 2014 6
Bitcoin Wallet Types

Bitcoin Full Nodes

Bitcoin Core (Bitcoin QT)

Wallet Only (Requires full node for information)

Armory

Lite Nodes, using Simplified Payment Verification

Electrum

MultiBit

Mycelium

Bitcoin Wallet as a Service (Web Wallets)

Hybrid services (Blockchain.info)

Multi-sig-based (BitGo, GAit)

Pure hosted (Coinbase, CoinKite)

June 2014 7
Things to Consider

Where are my private keys generated?

Where are my private keys stored?

Who or what do I need to trust?

What resources do I need to use this wallet

software/service?

How easy is it for me to separate long and short-term

bitcoin (i.e., Savings vs. Checking)?

What happens if the software author or website goes

away?

What happens if the website is compromised?

What happens if the author/website is a scammer?

June 2014 8
Bitcoin Core (Bitcoin QT)

Original, reference client for Bitcoin network, desktop-

based, open source (C++) (Windows, Mac, Linux)

Implements all node functions and provides backbone of

network

Fully maintains local blockchain copy

Maintains randomly generated cryptographic key pool

June 2014 9
Bitcoin Armory

Open source (Python), desktop-based wallet only using

blockchain created by Bitcoin Core (Windows, Mac, Linux)

Provides deterministic key generation, simplifying backup

Many advanced features for storage and retrieval of keys

Supports offline/online paired operation

June 2014 10
Electrum Client

Open source (Python), desktop-based lite node using 3rd

party servers and SPV trust model (Windows, Mac, Linux)

Very light software footprint

Supports deterministic key generation for easier backup

Supports offline/online paired mode

June 2014 11
MultiBit Client

Full-featured open source (Java) desktop-based lite node

using SPV trust model (Window, MacOS, Linux)

Uses random key generation, deterministic in

development

Internally uses bitcoinj, written by Mike Hearn

June 2014 12
Mycelium Client

Open source, mobile wallet

using SPV trust model
(Android)

Private keys are stored on the

phone, with encrypted backup
and optional PIN-based
access

Uses cryptographic primitives

from Android OSweak point

Convenient for holding small

amounts of spending money

Not recommended for long-

term storage
June 2014 13
Wallet as a Service (Web Wallets)

All of these feature some division of labor between a local

browser and an Internet-hosted wallet service

Requires varying degrees of trust in the owners/operators

of service

Sometimes, these are outright scams

Important to determine who generates the private keys,

who has control over them, and what vulnerabilities exist
in their implementation

That said, this is an area ripe for innovation and many

new companies are forming in this space

Allows for new types of wallets (multi-signature) and value

added services (e.g., transaction limits, accounting)
June 2014 14
Blockchain.info

Hybrid service that uses

downloaded Javascript to
generate private keys and perform
local signing of transactions

Host-site only has access to

encrypted form of private keys

All other functions of the wallet are

trusted to be done by
Blockchain.info's server network

Vulnerable to server and local

browser compromise

Easy to use on either desktop or

mobile
June 2014 15
GreenAddress.it

Uses Bitcoin multi-signature feature to provide 2-of-2

signature receiving addresses generated from two private
keys--one key stored on website, one in local wallet

Transactions require both keys in order to sign transfers

Future time-locked refund transactions sent to client to

allow recovery of funds if website/service goes away
June 2014 16
BitGo

Uses 2-of-3 multi-signature addressesone key on server, one key

in client, and one safely stored offline

Normal transactions can be done with server key and client key,
but:

If server goes away, client can use local key and offline stored key to
recover funds

If local client (e.g., phone) is lost, can use server key and offline stored
key to recover funds
June 2014 17
Pure Hosted Services

Service providers such as Coinbase and CoinKite provide

a hosted wallet where one can purchase bitcoin though
transfers from a bank account

With these service types, you do not own the bitcoin

involved.

Instead, you own a liability entry in the company's balance

sheet, similar to traditional banking

This is, of course, fine for many people...

...but why use bitcoin the way you'd use a traditional

bank?
June 2014 18
Summary

Bitcoin allows you to store money and transact globally,

with no 3rd party financial system

Good news: This allows you to manage your money

Bad news: This requires you to manage your money

Creation and storage of Bitcoin private keys is the heart of

wallet software functionality

Possession is 100% of the law

Choice of wallet software is a trade-off between security,

trust, and convenience

Full node vs. lite node vs. web hosted wallet vs. bitcoin
bank

Thanks for your time!

June 2014 19