Open in app

Sign in

Write

Sign in

Cerberus Appendix 01: Basic Bitcoin Security Principles

Some basic principles in bitcoin storage that inform the approach to building the Cerberus Protocol

Clavestone
Clavestone
4 min readFeb 2, 2020

--

By Neil Woodfine, Robbert Gorris, and Guillaume Verbal

This is the first in a series of articles produced from content in the recently-published Cerberus Appendix, covering general principles around secure bitcoin storage.

We have more articles in this series coming up soon, so make sure you give us a follow, or add our Twitter over at @clavestone_.

There is No Perfect Security

There is no bitcoin storage solution that can offer perfect, unbreakable security. For a determined-enough attacker under the right circumstances, any storage has vulnerabilities that can be breached.

Some solutions are more vulnerable than others, but all approaches to bitcoin storage involve a variety of tradeoffs. Improving security against one threat can sometimes decrease security against another. A custodian does not solve this problem, and in many ways makes the problem worse (covered in a future article).

As a basic example of a tradeoff: a hardware wallet is physically more secure than a typical internet-connected laptop, but a hardware wallet exposes users to increased supply chain risk (to be covered in our next article).

The goal of building a secure bitcoin storage solution is to mitigate or outright eliminate the largest risks, and to ensure that there are checks and balances in place to detect and prevent potential compromises before they occur.

Technology & Processes

Any secure bitcoin storage is achieved through a combination of both technology and processes. As a simple example, a user should always remember to cross-check the send address on a hardware wallet display before confirming a transaction. An impenetrable, unhackable hardware wallet would still be vulnerable if the person using it was careless.

Sometimes technology can help enforce processes — e.g. by prompting users to make certain checks or preventing users from initiating dangerous commands — but ultimately any good bitcoin storage will involve strict processes that are enforced outside of the hardware and software.

Security Versus Convenience

One of the key tradeoffs faced when building a bitcoin storage solution is between security and convenience.

When selecting a bitcoin storage solution, users are forced to make a series of subjective decisions on whether to retain a certain level of usability at the expense of security. Sometimes lower convenience can even be part of what makes a solution secure.

As a crude example, a user could set up a 14-of-15 multisig with two of the keys sent to a secret location on the moon. This would be very secure — no one would be spending the coins in a hurry — but this storage would be practically useless for most use cases.

Herein lies a serious problem: the more secure a storage solution is, the less convenient it will be, the fewer people will use it, the more bitcoin are put at risk. Therefore the Cerberus Protocol favours practical security over “absolute” security.

“A user could set up a 14-of-15 multisig with two of the keys sent to a secret location on the moon. This would be very secure…but practically useless for most use cases.”

Corporate Versus Personal

Bitcoin storage for companies is fundamentally different in nature to bitcoin storage for individuals. With personal bitcoin self-storage, the owner is the same person that is in control of the bitcoin. But with corporate bitcoin storage ownership and control are split. The owning organisation must entrust control of its bitcoin to one or more its agents (e.g. shareholders, board members, employees).

Some unique issues presented by the ownership-control split:

  • Motives: The organisation’s agents have independent motives, which could be out of alignment — or outright conflict — with the wider organisation’s goals.
  • Motivation: The agents may also be less motivated to properly manage the organisation’s bitcoin keys in a secure manner.
  • Control transfers: The organisation, through its agents, must also have the power to transfer control to new agents in the event of one agent’s termination or death.

Multisig storage helps mitigate these issues by giving no single agent direct control over the bitcoin. With multisig, multiple agents must coordinate together to spend the organisation’s bitcoin. They can verify each others’ actions, better ensuring that any transaction is in line with the organisation’s goals.

It should also be noted that for companies, the security versus convenience issue is worse, because people at work are busy, and unlike bitcoin hobbyists, they don’t have time or patience to deal with anything heavily technical.

Therefore it is especially important when it comes to corporate storage to eschew “absolute” security in favour of practical security.

The next article in the series will provide a breakdown of the external and internal risks posed to corporate bitcoin storage.

For readers that absolutely cannot wait, you can of course head to the Cerberus Appendix for access to all content in the upcoming series.

We want your feedback! Drop us some comments on Medium, send us an email to storage@clavestone.io, or submit an issue on GitHub.

And of course, don’t forget to applaud and share our article!

Bitcoin
Security
Cryptocurrency

--

--

Clavestone
Clavestone

Written by Clavestone

32 Followers

Bitcoin multisig solutions for organisations. Home of the Cerberus Protocol. Don’t put all your keys in one basket.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams