Newcomer’s guide to bitcoin security: A closer look at cryptography

Nobody really talks about oxygen until someone’s got their hands around your neck — Stephen Colbert

Nobody thinks about security until they lose something. Hopefully this article prompts you to consider security before that happens.

A previous post introduced Nakamoto’s white paper which serves as a foundation for understanding bitcoin. In this post, we’ll look at security. Perhaps you transacted¹ for some bitcoin on one of the popular exchanges.

Not wanting to expose your funds in an exchange, you begin thinking about security and different options for a cryptocurrency wallet. It can be overwhelming . Every site will list pros and cons of each wallet type.

But how do you know it’s really secure?

Imagine

Traditionally, your bank and the Japanese supplier’s bank will intermediate this transaction. If anything happens to your funds — the bank will be responsible. The question is:

How can you maintain security without a bank?

Moreover, how do you prevent others from tampering with your funds or forging your identity to transact in your name?

Private-Key Cryptography

Source: @IntlSpyMuseum on facebook

Both Bob and Alice know the private key that is used to encrypt the message. This same key is used to decrypt the message. This is called private key encryption (one-way encryption) because one key is used for both encryption and decryption.

You can try encrypting and decrypting your own password at this site:

Say I wanted to encrypt my name:

http://md5decrypt.net/en/

Here’s what it looks like:

In reverse, I can also decrypt the long alphanumeric string:

http://md5decrypt.net/en/

Once decrypted, the original message — Paul — is revealed:

The problem with symmetric key algorithm is that it is predicated on two (or more) people agreeing on one private key. In this case, if the two parties wanted to securely share a key, they would have to meet in person (as it could get intercepted via text, phone or email). This method of communicating is limited.

Public-Key Cryptography

If Bob² wanted to send Alice a secret message, Alice would first generate a pair of keys (public and private). She would share her public key with Bob, while keeping the private key to herself.

Bob would use Alice’s public key to encrypt his message to her. Alice would decrypt the message with her private key, as only her private key can decrypt any message encrypted with her own public key.

Symmetrical vs Asymmetrical Cryptography

This solves the first problem with symmetric key algorithm. Alice and Bob do not need to be in the same place to ensure a secure communication. Alice can send her public key to Bob without fear that someone else might intercept the key because only her private key can decrypt a message encrypted by her public key.

What does this have to do with bitcoin?

Your Cryptocurrency Wallet

Whenever you create a wallet, 100 private keys are randomly generated from seed phrases (a series of 12–24 non-similar, sorted, and simple words; also called a recovery phrase) and stored inside the wallet (details here). The private keys are then mathematically transformed, or hashed³, into public keys, which are then transformed into addresses (details here). This process is formally called Elliptical-Curve Cryptography (ECC). The flow is:

Private Key → Public Key → Address

When you use the private key to hash (SHA-256) the public key, and then another hash (RIPEMD-160) to get your bitcoin address, you cannot reverse the operation. Meaning, you cannot figure out someone’s private key just from know their public key or their address⁴. The irreversible nature of hashing is what gives bitcoin its security (technical details here).

So where do digital signatures fit in?

Digital Signatures

When a wallet is created, a key pair is generated. The private key is used to sign messages, while the public key is given to everyone to verify that the signature is yours. Just like your private key can access anything sent to your address (a hash of your public key), it also works in reverse. Anyone who has your public key can verify⁵ signatures signed by your private key (and know that it’s from you).

Here’s a breakdown of a transaction between, you guessed it, Bob and Alice:

  1. Bob and Alice have exchanged bitcoin addresses.
  2. Wanting to send 0.45 bitcoin to Alice, Bob digitally signs a transaction — debit 0.45 bitcoin from his account, credit 0.45 bitcoin to her account — with his private key (this will eventually go into the distributed ledger).
  3. Bob enters the amount (0.45 bitcoin), enters Alice’s address (e.g., 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy )and hits send from his wallet (his digital signature is added when he hits send).
blockchain.info wallet

4. Once he hits send, Bob broadcasts to the rest of the network — the transaction he wants to make.

5. Bob notices there’s lag time and fees he has to pay.

blockchain.info wallet

6. Miners do proof-of-work to compete for the right to validate Bob’s transaction.

7. They verify Bob’s transaction by checking to see that his digital signature (created by his private key) matches the public key of the address from which funds are sent (Bob’s address). See footnote [5] for details.

8. If it matches, the transaction is validated and added it to the blockchain.

Recap

Although bitcoin is pseudonymous, greater privacy can be achieved to the extent that different addresses are used for each transaction.

Best Practices: Key Take Aways

  1. Never share your seed (recovery) phrase (generally 12–24 words)
  2. Generate a new Bitcoin address every time you receive funds.

(Blockchain.info does this automatically. Nano Ledger S does this automatically as well. Both use a hierarchical deterministic wallet.)

What happens if you lose your wallet? Or the wallet company shuts down?

You might be wondering who came up with all these rules around seed words and retrieval of lost wallets, etc. It’s not done by any one individual or company. The open source nature of bitcoin means that the community is continually making improvements to the protocol that is available for the public to see. Here is a list of bitcoin improvement proposals (BIP)made by the community.

The BIPs most pertinent to the discussion here are #32, #39 and #44.

A community of people are always working to make the bitcoin ecosystem better; your trust is not placed in the hands of a private company, a CEO or any one organization. It’s the network — permissionless, available for all to join and contribute.

Although this is by no means an argument for the investment value of bitcoin or cryptocurrencies (a topic I’ll tackle in a future post), with the community devoting time and money into securing the network, it does beg the question: would so many invest in something that is just magic internet money?

Early meme: Magic Internet Money (ref. Reddit)

Conclusion

Although Warren Buffet is not proponent of Bitcoin, or cryptocurrencies in general, his advice is instructive here:

“Rule #1: Never lose money.”

[1] Transacted is more awkward than bought, but I find it helps me think about bitcoin in a way that’s closer to the nature of a distributed ledger, instead of buying and possessing coins. The former will lead to a more accurate understand.

[2] There’s a reason why Alice and Bob’s names are always used. See here.

[3] The distinction between hashing and encryption is important here. Hashing is irreversible. The same cannot be said for encryption, which is reversible. As a newcomer, it’s easy to get these two confused. While you use encryption for data (i.e., files, passwords), hashing is used to generate your public key and address from your private key.

[4] SHA-256 means there are 2²⁵⁶ public keys being hashed from private keys; and RIPEMD-160 means there are 2¹⁶⁰ addresses being hashed from public keys; thus there are, on average, 2⁹⁶ different public keys per address or 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 keys, an impossibly long number. For context, there are 2⁶³ grains of sand on earth, making the likelihood that someone backtracks from your address to your private key, for practical purposes, zero. For further discussion.

[5] A more thorough explanation of the digital signature scheme is provided by the excellent text, “Bitcoin and Cryptocurrency Technologies” (Narayanan, Bonneau, Felten, Miller & Goldfeder, 2016, p. 15; draft here). First, a key pair is generated. The private key used to sign messages; while the public key is given to everyone — anyone with this key can verify your signature. When you propose a transaction, you hash a piece of data(x), then encrypt, or sign, that data(y) with your private key. Then the network verifies your digital signature by decrypt the data that was signed(y) and comparing it to the hashed piece of data(x) to see if it’s a match. If it matches, then the signature if validated. See also here and here for discussion.

Data-Informed People Decisions