Quorum — Using Bitcoin keys with Ethereum

Hello, have you seen the recent price surge of Ethereum? Putting aside other questions, it is important to think about how to keep your precious Ether tokens secure. Especially if you are in for the long term as opposed to trading.

Well, you can create a wallet as a contract with every combination of usual and unusual rules — Ethereum is a smart contract platform, after all. It will enforce the rules how your assets can be accessed and disposed of. Your own personal treasurer.

(I think you should read this article, but if you are short on time, you can also have a look at the product now: Quorum Wallet.)

Smart wallets

There are some wallets out there (for example part of the Mist project), which offer multi-signature transactions. They do the following: you specify which addresses can control the wallet and how many of them need to agree to a given transaction in order to have it executed. Those accounts of course need to be kept on a computer at the moment.

I want to go a bit further. Have some, if not all, of those keys controlled by a hardware wallet. I could go ahead and build one myself for Ethereum. That would be a waste of resources at the moment so I’ve chosen the next best thing — using an off the shelf Bitcoin hardware wallet and making it to work with Ethereum.

Bitcoin and Ethereum have as much in common as much they differ. Bitcoin keys and wallets cannot be used without modification as the protocols are different, but at least the underlying cryptography is the very same.

Signature verification

In both systems, a signature is calculated from the hash of the transaction data and the private key. When someone wants to verify the transaction, the same hash is calculated from the public transaction data. This hash together with the signature can be used to calculate the public key. This public key must match the one initiating the transaction (aka the sender, which is also part of the public transaction data).

This process is called public key recovery and is supported by Ethereum smart contracts (where it is called ecrecover), although with one important limitation — it only returns an Ethereum formatted address as opposed to a public key. As a result, Bitcoin addresses cannot be compared against the output of ecrecover. In order to do that, the Bitcoin public keys first need to be formatted as Ethereum addresses. And you really need the public key, cannot transform a Bitcoin address to an Ethereum address.

How to do this in practice?

Two issues need to be solved:

• the address format as mentioned above
• the format of the transaction message to be signed

The two networks use entirely different transaction message formats. They are not even remotely similar. Different encoding (ASN.1 vs. RLP) and structures impractical to reconcile (TxIn/TxOut vs. simple fields — Ethereum is also limited to one input/output in a given transactions).

The solution is a seldom used feature of many Bitcoin clients: signing messages. Not transactions. Messages. Have you heard about that?

Basically any text message can be signed. The message together with the signature can be used to prove you have control of that Bitcoin address. No need to spend money on a transaction. Some exchanges use this as a recovery feature when someone has locked out themselves. Here’s how to do it with Coinbase and Trezor.

Even though you enter a normal text message like “Hello World”, that will be encapsulated in a specific format. It would be too easy, wouldn’t it? Just to sign an Ethereum transaction as a message :)

Putting together these bits and pieces it is possible to create a smart wallet, which stores your bitcoin address (the transformed one) and expects a signature for the transaction.

This is exactly what I have done with Quorum. It is a fully client side solution running in your browser. Nothing is stored on our servers. It enables you via a simple interface to:

• deploy and setup a new wallet
• push new transactions into it
• sign these transactions
• and to see all the incoming/outgoing events

Give it a try and let me know how would you improve it or what features would be nice.

Important note: It is alpha level software so do not trust it with anything you are not willing to lose. Read the FAQ for more detail on the implementation.

I want the technical bit

Yes, sure, here you go.

I’ve created a simple library called ethereum-bsm (bsm stands for bitcoin signed message), which can be used to convert Bitcoin keys and verify signatures. It has a Javascript and a Solidity code snippet.

I am looking forward to make many parts of Quorum open source. As a start, here are couple of components:

• the wallet contract — the most important bit
• ethereumjs-wallet — to handle key import/export
• provider-engine — many improvements (such as supporting etherscan.io’s API, transaction signing and gas price calculation)
• bippath — to handle BIP32 HD wallet paths
• scrypt.js — wrapper for the best Node and browser scrypt implementations
• trezor-react-pinpad — the pin pad UI as a React component

You see Trezor there? There’s an unreleased version of Quorum which supports Trezor directly. Should be released soon.