Are your cryptocurrency tokens safe? Part 2 of 3: Hot and cold storage & Splitting and sharing keyssteemCreated with Sketch.

in #bitspace8 years ago (edited)

Should you bury your bitcoins in the ground or store it in a safe? We may answer some of your weirdest questions in this part 2 of the article series on wallet security.

Part 1 of 3: The basics

Part 2 of 3: Hot and cold storage & Splitting and sharing keys

Part 3 of 3: Online wallets and exchanges

Hot and cold storage

“Hot” wallets are characterized by being online and connected to a network. Thus, they become easily accessible, but with a high level of risk in case you get hacked.

“Cold” wallets are characterized by being offline and not connected to the Internet. They can be regarded as an archive, and they are not as accessible as a hot wallet, but on the flipside, they are significantly safer.

A good strategy is to use a combination of both. Use a cold wallet for storing large amounts of value, and use hot wallets for transferring smaller amounts and daily use.

How does hot and cold storage work?

First, you need separate private keys for cold and hot wallets. If you had stored a cold private key in a hot wallet, the whole purpose would be gone. Then, you need addresses. In the cold wallet you need the addresses to the hot wallet and vice versa.

Even if the cold wallet is offline, you can transfer Bitcoin from the hot wallet to the address of the cold wallet. The amount is transferred immediately from the hot wallet to the address of the cold wallet, and this gets stored on the blockchain. When/if the cold wallet is connected to the Internet, it will update the account balance after having read the information from the blockchain. The cold wallet is now ready to spend the funds that have been transferred from the hot wallet.

Hierarchical key generation

How does the hot wallet know the addresses of the cold wallet? And how does the hot wallet come to know about new addresses that the cold wallet stores? You could have generated several sets of keys in advance, but when they are spent, you are back where you started. A better method is to use a cryptographic technique called hierarchical key generation. Briefly, what this technique entails is that, instead of generating an entire set of keys, you create a set of keys that can generate new sets of keys.

For instance, we can initially create a “mother key”. The mother key is used to make two “sibling keys”: one “brother key” and one “sister key”. Let’s say the brother key is the private key, whereas the sister key is the public key, i.e. the address. What the sibling keys are able to do, is they can generate new sibling keys. All new sibling keys will still have a relation with the mother key. Together, they comprise a big family.

What’s useful with the hierarchical model, is that when, say, sister key #10 is generated, she will match brother key #10. The reason this works, is that the brother and sister stem from the same mother. Sister keys can thus be generated independent of brother keys. In this way, you can create as many keys as you want on both sides and be safe that they will match one another, WITHOUT them ever having to communicate with one another!

With a hierarchical wallet, the mother and brother keys will remain on the cold side, and the sister keys on the hot side. Wallets that use this technique typically use “HD” (Hierarchical Deterministic) in their name, such as Mycelium HD or MultiBit HD.

How to store information in a cold wallet

There are different methods you can use to store information in a cold wallet.

  1. Store the information on a unit, e.g. a memory stick or a switched off computer/mobile phone, and lock it in a safe.
  2. Encrypt information with a password that only you remember.
  3. Store the information on a piece of paper and lock it in a safe, or laminate the paper and bury it in the ground.
  4. Use a tamper evident unit, such as Trezor (www.trezor.io), which signs transactions for you, but will not leak the key.


This guy is digging a hole for his bitcoins, but he needs to be cautious so as to not forget the location, especially if he digs several holes. He does not want to be a squirrel that forgets where he has put all of his nuts. He may need a treasure map to remember. And if something happens to him, he would presumably want his loved ones to find it and understand it.

Clearly, there are pros and cons associated with all the methods. If you use a password, the information is only as secure as the strength of the password, provided that the owner is not forced to give away the password in any way. If the information is stored in a safe, the information is only as secure as the safe and its location. If the building in which the safe is located is subject to a fire, earthquake etc, you are also at risk of losing all of your funds. If somebody manages to break into the safe and steal the information, it may take a while before you find out. If you are using a Trezor, however, you will be notified immediately.

Examples of cold storage

The first thing you need to do to store your wallet offline, is to find a medium that you are comfortable with as a medium of storage. For example, you can use paper wallets, or a PC without connection to the Internet. There are also gadgets that solve all of this for you, such as Trezor or Ledger Nano. These are also known as “hardware wallets”. These are very practical, but are somewhat expensive. Either way, the scope of the security measures should be proportional to the values they protect.

Another option is to set up a paper wallet. You can do this here: https://tools.bitcoin.com/paper-wallet

It is recommended that you save the website locally on your computer and then disconnect from the Internet. Once you are offline, you open the saved website in a web browser. Move the mouse around and insert a symbol in the text box to create a randomly generated key. You receive a private key that can be used to sign transactions, as well as a public key to receive Bitcoin in the form of QR codes. Then print the page, but do make sure that the printer is not connected to the Internet. Store your private key in a safe and fireproof place.

You can now receive Bitcoin by sending to the public key. To spend Bitcoin, you must import the private key to an online wallet that supports the import of private keys. When the key is imported, you can sign the transaction from your preferred online wallet. Keep in mind that paper wallets are for one-time use. Once you have imported the private key to an online wallet, it is no longer cold, and you should therefore create a new cold paper wallet.

If you have a computer that you are comfortable being offline, you can for instance use Bitcoin Armory to store your wallet offline. Download Bitcoin Armory, put it on a memory stick and install it on a computer that is offline. When Bitcoin Armory is installed, create your wallet. Then you make a copy that only attends to the wallet (“watching-only copy”), and store it on the memory stick.

Install Armory on an online computer and import the wallet you just saved from the memory stick. Confirm that the wallet belongs to you. You are now able to use the wallet as a regular wallet except that you may not send Bitcoin (you can only receive).

To send Bitcoin, use an online PC and choose “offline transactions” in Bitcoin Armory. This function lets you create an unsigned transaction that you can export and store on your memory stick. Then, import the transaction on an offline computer, choose “offline transactions” and sign the transaction. Export the signed transaction and save it on the memory stick. Go back to the online computer and import the signed transaction. You may now broadcast the signed transaction on the blockchain.

This may sound like a hassle, and surely it is so. Consequently, most people choose to buy a hardware wallet for 100-200 dollars. However, if you are only dealing with small amounts, this may not be a necessary option. Another strategy is to store your values on multiple locations, so that in case something happens at one place, it will only be a small loss. We will have a closer look at this in the next section.

Splitting and sharing keys


The problem with storing all of your values in one location is obviously that if anything goes wrong at that one place, that would be disastrous. It is not a good strategy putting all your eggs in one basket.

Secret sharing

Cryptography enables splitting a key into smaller parts. If an attacker gets hold of one part of the key, he will not get access to anything at all. In order to reconstruct the key, he would need access to x amount of parts where x is determined by the cryptographic method that was used to split the key.

For instance, you can split a key into 5 parts and determine that in order to put it back together, you need at least 4 of the parts. The parts can then be distributed to people you trust, or store the parts in different locations. The good thing about this is that if one of the parts gets lost, the key can still be reconstructed with the remaining parts. Additionally, it will be extremely hard for an attacker to obtain all the parts.

The disadvantage is of course that you have to gather all the parts in order to put the key back together, which can be unpractical. Another weakness could arise once all the parts have been re-gathered, namely if an attacker obtains knowledge of the time and place the parts are being re-gathered. In that case, the attacker may be able to steal all the parts simultaneously. At this point, all the eggs are essentially put back in the same basket.

Multisignature (multisig)

Multisignature is a method which uses secret sharing without having to reconstruct the key every time it is shared, and is supported by most cryptocurrencies.

For example: Andrew, Brad, Carl and David work in a company that owns plenty of Bitcoin. They all own a pair of keys and each store the key in a safe cold wallet.

The company’s cold wallet uses multisignature, which means that three out of four keys must sign the transaction in order to spend Bitcoin.

In this example:

  • The company’s bitcoins will still be safe even if Andrew and Brad conspire to steal all of it. They will still only have two out of four signatures, and thus they will not get access.
  • Brad, Carl and David will still have access to the funds even if Andrew dies in a car accident.
  • Andrew, Brad and Carl will still have access to the bitcoins even if David loses his key.
  • Andrew, Brad and Carl will still have access to the bitcoins even if somebody steals David’s key.
  • The bitcoins will still be safe even if somebody steals Brad’s and Carl’s keys.

Multisignature is a way to spread risk by avoiding having one central point that can be attacked. The same goes for the Bitcoin blockchain. One of the reasons it is so secure, is that it is a decentralized network without any central point. The network is run by a series of nodes, and an attacker would have to attack all of the nodes simultaneously, which is practically impossible.

Please comment below if you have any other good tips on creative ways to store your bitcoins, or if you have any questions.

Part 1 of 3: The basics

Part 3 of 3: Online wallets and exchanges

By Pål Taule Bentebråten
Edited and translated by @Ola-Haukland
For @Bitspace AS

#bitcoin #cryptocurrency #money #blockchain
8 years ago in #bitspace by
$17.55
  • Past Payouts $17.55
  • - Author $15.85
  • - Curators $1.70
26 votes
Reply 1
Sort:  
  • Trending
    • [-]
     8 years ago 

    Checks out, @bitspace. Damn cryptos :^). I want to see more folks like You on this channel.
    Currently I am curating inteviews with blockchain people and also steemians.
    So question: Who would you like to see approached in a life conversation?

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.09
      TRX 0.30
      JST 0.037
      BTC 106058.24
      ETH 3590.29
      USDT 1.00
      SBD 0.55