I’ve been looking into what the best ways to store Bitcoins are. So far there are 2 primary ways I’ve noticed others doing it, and 1 new way that most don’t know about yet that I think is best overall (for my needs). I thought I’d write this article to share what I’ve learned, but also to get other people’s opinions in case I missed or misunderstood something.
(If you already know about running your own wallet and hosted wallets in general, just skip to the section “P2SH Wallets” below. If you already know about that, then you can skip this article entirely ☺ )
The most common way I’ve seen is using traditional Hosted Wallets. There are many services that run these (for free), the most obvious being the exchanges where most people buy Bitcoins to begin with. Also popular is Blockchain.info.
The main advantage of this method is that the convenience level is very high. For one, you do not need to run any software. You can get to your wallet from anywhere online, via different interfaces like mobile if made available. The main disadvantage to this method is that if the system is compromised, the compromisers have access to all your coins. There are many potential compromisers out there including the wallet service itself, hackers, and government agencies trying to shutdown and confiscate. The bottom line is that the key to your coins is stored on the online wallet’s servers, and anyone with access to that can get your coins.
Running your own wallet
If you are up for it, you can install and run a wallet server on your own machine. From a security standpoint, this might be much safer than a hosted wallet if you know what you are doing, but it could also be a disaster if you don’t. It really depends on how good you are. Since malware and viruses are such a big deal, it’s probably a reasonable assumption to make that most people are not that good at securing their own machines.
The flipside to getting enhanced security (if you are good) is that convenience takes a big hit. If you want to use the wallet on any other machine, you have to move a datafile securely to that other machine.
Most people I know running their own wallets are doing it to have “cold storage”. I won’t get into how that works here, but in a nutshell it means running the wallet software on a clean machine (one that has preferably never touched the internet and never will). You then take the datafile from that wallet, and store it somewhere somewhere super safe (also offline). This is somewhat the equivalent of burying gold, drawing a map, and putting the map in a secret safe deposit box. If you have a hundred million dollars worth of bitcoin, this is not a bad idea. It is the most work though, and to maintain the security of your coins, you are basically taking them out of the system and not going to have quick access to them yourself.
For cold storage, many people also take the added precaution of creating paper wallets. This is the physical act of printing the private keys onto paper and not keeping it in an electronic format at all. (HT reddit user donducky)
This is the new way I was talking about, and as far as I know, only one company called Bitgo is doing it so far.
What they are doing is pretty interesting. There is a lesser known section of the bitcoin protocol that enables something called P2SH. Bitgo has repurposed this functionality to try and create a better hosted wallet.
P2SH enables you to create Bitcoin accounts that always require MULTIPLE keys to complete any given transaction instead of just one... I think of this as being a bit like movies where nuclear missile systems often require two separate and different keys to launch nuclear missiles. If you only have one key, it’s worthless.
What Bitgo does is they have three keys created for your account, of which any two can be used to access the coins:
Key-1: Created and stored by Bitgo.
Key-2: Created by your browser and accessible to you via a password you set. More specifically, your browser creates the key and encrypts it with your password, then stores that encrypted data on Bitgo’s server. Later when you need it, your browser retrieves the encrypted data and combines it with your password to recreate the key. Your browser then signs the transaction without ever exposing the key to anyone, including Bitgo. Bitgo never knows Key-2, and all you have to do to access it is remember your password.
Key-3: Created by your browser and stored by you, presumably in a safe deposit box somewhere or given to trusted friends.
So the beauty of this system is that under normal circumstances when you want to use your coins, it feels like any other hosted wallet. You login to Bitgo and create the transaction, then your browser asks you for a password, and voila your transaction is done. As far as I can tell, all the convenience of a normal hosted wallet is there.
The big difference is that if Bitgo is ever compromised, it doesn’t matter. The compromiser can only steal one key from Bitgo, and one key by itself is worthless. If your machine is hacked, the hackers will have Key-2 but that is all they will have, so also worthless. Even if Bitgo got shut down, you could always use Key-2 and Key-3 to move your coins somewhere else. (Your computer generates a printout of both Key-2 and Key-3 when you create an account. Put these in a safe place, obviously)
In essence, Bitgo reduces the risk of having a single point of failure in a very interesting and clever way. It’s a very elegant solution, and I hope all the wallet companies out there adopt it. Reducing the risk of having Bitcoins stolen will do a lot towards increasing mainstream adoption, as the press loves nothing more than writing articles about it whenever it happens, and I think that scares people off.
Of course no hosted wallet is going to be more secure than running your own server and using cold storage techniques, but the amount of hassle and knowledge it takes to do that seems too high for the common person. I would do that if I had millions of dollars worth of Bitcoin, but given I don’t, the P2SH wallet seems to be a pretty good idea worth considering.
update: Some people have been asking me questions about this on Reddit. I am not comfortable answering the questions myself, so I sent an email to the Bitgo folks asking them to reply on Reddit. In the meantime, you can find more info on what they are doing in their whitepaper.
(Notice that P2SH addresses start with the number 3 instead of 1!)