2. Bitcoin TL;DR
● Decentralized economy based on public key cryptography
● The revolutionary technology behind cryptocurrency is
called the blockchain
● A blockchain is a distributed ledger (list of entries) built in
such a way that no single node can change the history
● Every new row on the ledger is essentially permanent
● Bitcoin is cool, but Ethereum is cooler, since it allows adding
rows to the blockchain which can programmatically react to
transactions.
3. Public Key Cryptography
● Allows everyone an ability to encrypt a message so that only the key holder can decrypt it
● Also allows someone to sign a digital item using a private key and have everyone with the public
key verify it (underlying technology behind SSL certificates)
● RSA is an algorithm invented by Ron Rivest, Adi Shamir and Leonard Adleman in 1978
● ECC is another algorithm invented by Neal Koblitz and Victor S. Miller in 1985 (independently)
4. RSA Algorithm (just for fun)
● We calculate two numbers e and d such that:
○ e * d = 1 (mod φ(N)) → e * d = 1 + k*φ(N)
● Euler’s theorem states that:
○ aφ(N)
= 1 (mod N) (where φ(N) is the Euler’s totient function counting sum of numbers coprime to N)
● So we can say that
○ m e * d
(mod N) = m 1 + k*φ(N)
(mod N) = m * m k*φ(N)
(mod N) = m * 1 (mod N) = m (mod N)
● So m e * d
can be broken down to the ciphertext c = me
and the decrypted message d = cd
● You want to find an N such that calculating φ(N) is easy for you and hard for everyone else
● To do that, we can pick two primes p and q so that N = p*q, and φ(N) = φ(p)*φ(q) = (p-1)*(q-1)
● Therefore, the strength of RSA is hidden in the difficulty of finding p and q given p*q. This is called
the factorization problem. The assumption is that it is not NP-hard but still no one knows an
efficient algorithm to do it.
5. RSA Example (just for fun)
● Select two primes: p = 17, q = 11
● Compute n = p * q = 17 * 11 = 187
● Compute φ(n) = (p-1)*(q-1)=160
● Choose any e so it will be a coprime to φ(n) (gcd(e, φ(n)) = 1)
○ gcd(7,160)=1 so e=7
● Compute d so that d*e = 1 mod φ(n) → 23*7=161=1 mod 160 → d=23
● Public key = { e = 7, n = 187 }, Private key = { d = 23, n = 187 }
● m = 137, c = (m ^ e) % n = (137 ^ e) % 187 = 69, d = 69, m = (c ^ d) % n = (69 ^ 23) % 187 = 137
6. Elliptic Curve Cryptography
● Involves finding intersections on an elliptic curve
● Strength based on the “Elliptic Curve Discrete Logarithm Problem”
● ECC is MUCH stronger than RSA (ECC 256 bit ~ RSA 2048 bit)
which means private keys can be very short
7. How does Bitcoin use Cryptography?
● Bitcoin uses a private key to sign a transaction to send
money out of a wallet, and add it to the distributed
ledger, a.k.a the blockchain
● Only the holder of the private key can sign a transaction
for the wallet but everyone with the wallet’s public key
can verify it
● Bitcoin uses ECDSA (Elliptic Curve Digital Signature
Algorithm) to sign and verify transactions
● The network continuously verifies transactions using the
public key to build one large ledger of verified
transactions. Invalid transactions don’t go into the ledger
8. What is a wallet?
● A Bitcoin wallet is simply an ECDSA public/private keypair, usually 256 bit
● Private key allows sending money out of the wallet
○ Example: 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf
● Public key allows receiving money to the wallet and is also considered as the “wallet address”
○ Example: 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH
● Transactions can be viewed on the blockchain using the public key:
○ https://blockchain.info/address/1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH
9. Sending and receiving money
● Sending is done using your private key (which is stored inside a file on your computer) and a Bitcoin
application which connects to the network
● Receiving money does not involve any action - only giving out your public key (wallet address)
● You can also have an online wallet and use a website to send bitcoins and get your wallet address.
10. “Deterministic wallet” is a neat and secure way to generate a public/private keypair out of a human
readable seed. Luckily Bitcoin is based on Elliptic curve cryptography which means seeds can be both
short and secure.
Deterministic Wallets
constant forest adore false green weave stop guy fur freeze giggle clock
5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH
Seed (12 words x 11 bits = 132 bits of entropy)
Private key Public key
11. How hard is it to secure your wallet?
It all comes down to having a safe place to store your seed, which you can derive your public/private
keypair from it.
So the problem of securing your wallet can be reduced to the problem of securing 12 words in English.
constant forest adore false green weave stop guy fur freeze giggle clock
12. Securing your money
● Your seed / private key needs to be stored somewhere. Where should it be stored?
Internet Personal
Computer
Offline
Storage
PaperSmartphone Hardware
Wallet
Less Secure More Secure
13. Securing your money - Internet
Pros Cons
Simple Hackers can mass-target websites
Very durable Hackers can steal your money
without accessing your computer
Two-factor authentication Websites credit your account
instead of holding your money,
which means you don’t actually hold
bitcoins but believe the website they
will give you some when you
withdraw.
14. Securing your money - Personal Computer
Pros Cons
Much safer than websites Your computer can get hacked
because it’s connected to the
internet
You are in control of your money Your hard drive can get corrupted,
stolen or lost, so you can lose your
key forever
Complicated
15. Securing your money - Smartphone
Pros Cons
Safer than a computer since
smartphones are known to have
less attack surface
Same as a laptop
16. Securing your money - Offline Storage
Pros Cons
Hackers can’t access it, at least
until you connect it to an internet
connected device
Eventually you will need to connect
it to an internet connected device
Can get corrupted
Can get lost
Can get stolen
17. Securing your money - Paper
Pros Cons
Hackers can’t access it at all since
paper doesn’t have a USB port
You’ll need to type it in a computer
eventually
Paper can get lost stolen
Paper degrades over time, unless
you laminate it
People in your house can identify it
and take a photo of it
18. Securing your money - Hardware Wallet
Pros Cons
You never ever have to have the
private key exposed to hackers on
an internet-connected device
It can still get lost, stolen or broken
You can encrypt it using a
password
If hardware wallets will be common
in the future then the device can be
an easy target for thieves
19. Hackers!
● Always assume that hackers can steal files from your computer and log in to your account
● If they can log in to any account, then just don’t use an online wallet.
● You need to encrypt your offline wallet using a password, so if it gets stolen then the key
will not be usable!
✓×
20. Is it enough to encrypt your wallet?
Apparently, no. Hackers can still find your password.
Password reuse
attacks
Keyloggers on
your device
Brute-force using
personal information
21. Intermediate conclusions
Don’t store your private key on an internet-connected
device, even if it is encrypted.
Don’t store your bitcoin (either using a key or credits) in an
online wallet.
22. But...
● Offline storage is inconvenient
● Password protecting and obfuscation also have some more disadvantages:
○ You can actually forget passwords
○ If something happens to you, your relatives can’t figure out where the money is
We don’t want to lose the money. So what can we do?
23. Hybrid approach
● The money that needs to be kept safe should be stored offline
● The wallet you use on a daily basis can be stored on an internet
connected device and password encrypted, or on a website
● You can have a “view-only wallet” that just shows you how much money
you have in your offline storage, and just send money to it
● Or just use a hardware wallet that keeps your key safe and allows
transactions on an internet-connected device
5%
95%
24. Your offline storage
● It’s OK to have your online storage lost / stolen / etc.
● Your offline storage is the most important asset you need to protect,
which means
○ Don’t let anyone have unauthorized access to it
○ Don’t lose it
● It’s OK if it will be super hard to retrieve the private key
25. Back to Deterministic Wallets
● Seeds of deterministic wallets are great to print out on paper alongside a
digital wallet, so if you forget your password or lose your computer, you
can find the seed of the wallet and recreate the wallet.
● The more seeds your print:
○ The safer the wallet is
○ The more vulnerable you are to theft
● Maybe just put it in a safe in a bank?
Paper? Are we back to the prehistoric era?
26. ● Can we benefit from both worlds?
○ Save the wallet online
○ Not risk a hacker taking your money
Safe Online Storage?
27. ● Let’s just take the private key and send it to 3 different people’s GMail accounts.
Let’s split the private key!
constant forest adore false green weave stop guy fur freeze giggle clock
constant forest adore false green weave stop guy fur freeze giggle clock
28. ● If we lose one of the 3 then we lose all of it and we are then unable to restore the key
● We can brute force on 44 bits of data (2048 options * 4 words), but that would still suck
But what happens if we lose one?
constant forest adore false ? ? ? ? fur freeze giggle clock
constant forest adore false fur freeze giggle clock
29. ● Some wallets support splitting a secret into n phrases, which you only need k phrases to recover the
secret s. So you can spread secrets online in such a way that they are useless apart and work together
● Adi Shamir does it again with Shamir’s secret sharing scheme
● The idea is to find several linearly dependent polynomials which encode the
same data such that every subset of shares will be sufficient to decode the data
Secret Sharing to the rescue!
constant forest adore false green weave stop guy fur freeze giggle clock
Secret 1 Secret 2 Secret 3 Secret 4 Secret 5
constant forest adore false green weave stop guy fur freeze giggle clock
31. Multisignature Wallets
An alternative to the hot wallet / cold wallet approach is to use multisig wallets. Bitcoin supports wallets
that require M of N people to sign a transaction for it to work
Advantage: VERY secure as the private keys are generated separately and only public keys are shared
Disadvantage: Requires several wallets to sign every transaction which is not convenient for everyday
use
From 123 → To 555
Wallet 123
Wallet 456
Wallet 789
Wallet 555
Transaction 218937897
2 of 3
32. 1. Use the hot-wallet / cold-wallet approach - don’t have your important wallet on an
internet-connected device, even if it is encrypted.
2. The best way to store your unencrypted seed is to split it using secret sharing, and
distribute it to your relatives. They should store it online and unencrypted in such a way
that it will never get lost and will always be readable.
3. There are solutions which do not involve holding unencrypted seeds and/or private keys
called multisig wallets, which are wallets that require several signatures to sign a
transaction.
4. Needless to say, your seed should never ever be stored unencrypted on an
internet-connected device, or pasted into a website.
Final conclusion