Open in app

Sign in

Write

Sign in

Custody at Conio — part 1

Vincenzo Di Nicola
Conio Engineering
Published in
8 min readDec 19, 2019

This is the 1st out of 3 articles describing the cryptocurrency custody solutions developed at Conio

Real life challenges in a seemingly virtual world

«Not your keys, not your Bitcoin». This is a famous sentence in the Bitcoin community and made it famous by Andreas Antonopoulos, which highlights quite a truth regarding cryptocurrencies. That is, whoever has access to the private keys, de facto controls the funds associated to them. Without the private keys, no external entity (e.g., a bank, State, tax authority) can ever take your cryptocurrency, and you can enjoy the thought that funds are forever yours (future quantum computing breakthroughs aside).

However, as always when human nature is involved, things are in reality more complex. And in order for cryptocurrencies to become mainstream, these human-related challenges must be considered. It’s not a surprise that a Goldman Sachs spokesperson declared last year: «We believe that a custody offering is a logical precursor to digital asset market making»

At Conio we also believe that custody solutions are paramount to the overall cryptocurrencies success. And there are a number of unfortunate situations that may occur and must be taken into account. Below are a few:

Theft

https://xkcd.com/538/

Your funds may be cryptographically secure. However, as this xkcd figure illustrates, in real life a thief can take control of a victim’s cryptocurrencies funds by threatening his/her life and thus having the private keys revealed. Gory thought you might say, but unfortunately not all human beings despise violence.

Forgetfulness

People forget. Stop. It can be due to one’s own nature, or simply getting older. I myself am very messy, and this is actually the main reason that led me to study databases: quite a philosophical comfort in knowing how to find things easily.

Everyone forgets something at a certain point. “Where did I leave the house keys?” “Where did I park the car?”.

Even the ACINQ team (BTW, kudos to their work on Lightning Network) ended up forgetting the keys to publish the Eclair Android app on the Google Play Store.

https://twitter.com/acinq_co/status/982749520202215424

So far we have been talking about somehow-fixable situations. Things are considerably more dire in the cryptocurrency world.

There are a number of (in)famous cases where the owners of massive amount of Bitcoins have lost their funds by accidentally formatting their drive or even throwing it into a dump.

https://www.cnbc.com/2017/12/20/man-lost-127-million-worth-of-bitcoins-and-city-wont-let-him-look.html

2 years ago at the Web Summit in Lisbon I met a person who lost the private keys associated to the-then equivalent of € 30 Million. It’s true: “Not your keys, not your Bitcoin”. Though, it becomes hard for a person in that situation to agree with the statement.

Death

Image from https://bitcoinist.com/bitcoin-is-dead/

No one likes to think about his/her own mortality, but that’s part of our existence. What happens then to your cryptocurrencies? There are two philosophical points of views on this:

  1. “After I die, I wouldn’t care less about my wealth. Let my riches die with me”
  2. “After I die, I wish my children, wife/husband, or my dears have access to my wealth. Let them enjoy it”

The latter case regards inheritance. However, how can a person provides for the heirs, without having first shared his/her private keys? And if s/he does share them, it would mean that others have access to the funds while the real owner is still alive.

If s/he does not share them, they simply go to the grave. Quite an infamous example is the QuadrigaCX exchange, where the founder — and apparently only private key owner of the deposit wallet — allegedly died in India last February.

https://www.bbc.com/news/world-us-canada-47123371

“With great power comes great responsibility”

Thanks Ben Parker

This is a sentence I really love, and has even further meaning with cryptocurrencies. You can handle your cryptos yourself: that’s the great power of cryptocurrencies. But are you sure you are able to take all the associated responsibility and bear the burden?

For most people, especially the non-technically savvy, the answer is a sounding no. This is indeed one of the biggest (if not the main) obstacle to a cryptocurrency mass adoption.

The Conio approach

I made this long preamble to explain how Conio started. From the get-go, we decided to focus on the non-technical people: allow them to easily use cryptocurrencies, and at the same time do our best to address their concerns.

Furthermore, Conio started with an investment from Poste Italiane (Italian Postal Service), the largest Italian government-owned bank and most trusted institution for deposits. As a result, we took into account unfortunate real-life situations such as loss or inheritance.

In 2016 in Conio we developed our first mobile Bitcoin wallet. It is a “2-of-3” multi-signature wallet, with the following high-level scheme:

  • one private key (key #1) handled by the user on his/her smartphone
  • one private key (key #2) handled by Conio on its servers
  • one private key (key #3) kept strictly offline, to be handled by a third-party entity (e.g. a bank)

We implemented our multi-signature scheme way before the adoption of SegWit. Basically, a native P2SH (PayToScriptHash) / OP_CHECKMULTISIG script, where 2 of 3 signers are needed to make the unspent signatures valid (the well-known Base58 addresses with a leading 3), and then the inputs spendable. When SegWit was activated, we promptly adopted it (BTW, reducing transaction costs up to 60%).

In a nutshell, our solution is based on 2 keys online (key #1 and key #2), and one key offline (key #3).

Private key #1 is created on the user’s smartphone upon user’s first registration. It is encrypted and saved on the phone secure storage; the user is asked to copy and save the associated mnemonic representation.

Private key #2 is created on the Conio servers, upon user’s first registration.

Private key #3 would be BIP32 derived from a master private key. Such a master private key is created at the very beginning by the third-party entity, and safely stored there in cold storage (the following article will describe this). The related master public key is shared with Conio.

All of this allows the following scenarios:

Normal scenario

A user wants to transfer his/her Bitcoin:

  • User communicates with Conio that s/he wants to transfer funds to a recipient’s address
  • Conio creates a transaction and sends user the transaction metadata and sighash forms
  • User verifies the transaction metadata, signs the sighash forms with his/her private key #1, once key details are gathered from the transaction metadata (signature #1)
  • Signature #1 is sent to Conio
  • Conio signs with private key #2 (signature #2)
  • At this point, with 2 signatures out of 3, the transaction is valid
  • Conio broadcasts to the Bitcoin network, transferring funds from the user to the recipient
  • Transfer operation is done

Recovery scenario

A user has lost access to his/her private key. As mentioned earlier, this may happen for several reasons (e.g., human carelessness, death). In such a case, the user can contact Conio support and ask to recover the funds:

  • User creates a new Conio account (thus, a new pair of keys and a new address)
  • User shows Conio that s/he is entitled to recover the funds of the old account (e.g., user shows documents proving his/her identity)
  • Conio verifies that the user is entitled to recover the funds
  • Conio creates a recovery transaction, and signs with private key #2 (signature #2)
  • At this point, Conio would transfer this information to the third-party entity (in order to streamline operations, Conio waits for further recovery requests by other users, and then sends batch information to the third-party entity)
  • Using the transaction metadata, the third-party entity verifies the signature #2 and signs the related sighash forms with private key #3 (signature #3)
  • At this point, with 2 signatures out of 3, the transaction is valid
  • The transaction metadata and signatures are transferred back to Conio
  • Conio broadcasts to the Bitcoin network, transferring funds from the old user address to the new one
  • Recovery operation is done

The recovery scenario just now described shows from a high-level point of view how Conio would work with a third-party entity. Of course, specific operations may vary on the third-parties depending their own standard procedures.

Failure scenario

Whenever money is involved, people ideally expect that the company handling it operates over the centuries. This is actually the case of several banks in Europe, the oldest of which in Italy (Monte dei Paschi di Siena, founded in 1472).

However, both for their recent history and their nature, high-tech companies rarely live over decades, let alone centuries (only exception so far being IBM). Hence the reasonable question: what if Conio stops operating and goes out of business? In such a case, a fail-safe operation is set:

  • Third-party entity brings up a new service
  • User creates a new address (e.g., through another company, or through a SPV wallet, or simply through Bitcoin Core)
  • User communicates with the third-party service that s/he wants to transfer funds to a new address
  • Third-party service sends user the transaction metadata and sighash forms
  • User verifies the transaction metadata, signs the sighash form with his/her private key #1, once key details are gathered from the transaction metadata (signature #1)
  • Signature #1 is sent to the third-party service
  • The third-party entity signs with private key #3 (signature #3)
  • At this point, with 2 signatures out of 3, the transaction is valid
  • The third-party service broadcasts to the Bitcoin network, transferring funds from the old user address to the new one
  • Failure operation is done

Final thoughts

Conio approach to cryptocurrency use and custody consists in distributing responsibilities. It’s neither custodial nor non-custodial: no one on his/her own can transfer funds. As a result, no rogue employee in Conio can do harm; same goes for the third-party entity. Also, in case of emergency, a process is set in place so that the user can recover his/her funds.

One personal note. I understand this approach does not fully meet the original Bitcoin vision (summarized in the “not your keys, not your Bitcoin”). However, I personally believe this is quite a good intermediate step to get non-technical people involved in cryptocurrencies, and have them understand the importance of private keys. Once this becomes common knowledge and anyone is able to safely handle private keys on their own, I welcome the day a hybrid approach like Conio is no longer needed. Till then, I believe that, leveraging the old banking world to enable the capabilities of this new world is the best avenue to mass adoption.

Bitcoin
Cryptocurrency
Custody
Wallet
Blockchain

--

--

Vincenzo Di Nicola
Conio Engineering

Written by Vincenzo Di Nicola

99 Followers
Editor for

Head of Tech Innovation & Digital Transformation at INPS. CoFounder @Conio. Blockchain strategy advisor to Italy gov. Building with Italian passion & US courage

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams