What do Jeremy Howells and several BIPS customers have in common? They each lost a lot of bitcoins because of the way they were stored. But BitGo, a company offering a new multi-signature wallet service, says that it doesnât have to be that way.
Howells lost £4m in bitcoins after he threw out his hard drive, while payment processor and online wallet service BIPS saw over $1m stolen in a wallet hack. They both suffered from the same problem: a single point of failure.
BitGoâs founder Mike Belshe says that relying on a single device to store your bitcoins is a bad idea. Web wallets are outside the userâs control, while their own devices are prone to attack, hardware failure, or simple user error. âYou wouldnât want to use pure web, but you wouldnât want to use pure client-side either â at least not for most mortals,â he said. âClient-side software is a bear.â
Instead, his wallet service, called BitGo Safe, uses a little-acknowledged feature within the bitcoin protocol that makes it possible to better protect money in a bitcoin address. Called Pay to Script Hash (P2SH), it is a specification outlined in an update to the bitcoin protocol called BIPS 16. It enables multisignature transactions, and the benefit of those is that they enable bitcoin transactions that must be authorized by more than one public key.
Conventional bitcoin transactions are non-reversible, meaning that once a bitcoin transaction has happened, it is impossible to retrieve the funds. If Bob wants to send Alice some bitcoins in exchange for a product, then one of them has to make the first move, and trust that the other will follow through. Bob may send his bitcoins, only for Alice to keep the product. Conversely, Alice may send the product and Bob may never pay her.
But if Jen, our third party, acts as an arbiter, then she can hold the funds in escrow until both Bob and Alice confirm that they received their goods. All the parties can do this manually, but that would enable Jen to run off with the bitcoins, or for her bitcoin wallet to be compromised, leaving her responsible for Alice and Bobâs outstanding transaction. This is what happened with black market web sites such as Sheep Market, whose customers saw thousands of bitcoins stolen.
Instead, multi-signature transactions are encoded in the protocol to make it more efficient, and secure. In BIPS 16, any number of signatures can be required to complete a transaction, but generally, people describe them as âtwo out of threeâ transactions, requiring two of three digital signatures to execute.
In a multi-signature scenario, Bob would send his bitcoins to a bitcoin address that he controls jointly with Alice and Jen. If Alice and Bob both agree that the goods have arrived and the transaction is complete, then Alice can confirm Bobâs transaction, unlocking the money, and Jenâs involvement isnât needed. But if either party disputes the transaction, theyâll end up trying to perform the opposite of each other: Bob will try to return the bitcoins to his own address, while, Alice will try to extract the bitcoins to her address. They can then call Jen in to investigate. Sheâll make a decision, and then use her signature either to back Bobâs or Aliceâs transaction. The neat thing about this is that Jen canât send the coins to her own address, and no one else can steal the coins without stealing two of the three signatures involved.
In addition to stopping online scams, itâs also useful for stopping theft. Belshe, a software engineer who has worked at Netscape and Google, has developed a wallet that uses multi-signature support not for escrow purposes, but for wallet security.
His wallet uses three keys. One is stored on Bit2Goâs server. Another is the userâs âhotâ key, used in transactions, while the third is a backup key that can be held in any form by the user, say on a USB stick or a paper wallet. Money can be sent to the walletâs address as usual, but when the user wants to withdraw it, the âhotâ key must be combined with another key in a two out of three transaction.
Typically, that will be the server-side key. But if the server disappears, they can still withdraw money from their wallet using their own two keys. And if their hard drive dies, they accidentally throw it in the landfill, or a hacker compromises it, then they can use the backup key with the server-side key to retrieve their coins.
âUsing the two of three system has a really nice property, which is that thereâs always a backup key available,â says Belshe, who raised the issue of P2SH wallets on the Bitcoin Talk forum in November.
However, multisignatures alone are not enough, points out Mike Hearn, one of the core bitcoin developers. âFor the web wallet service to do something useful it needs some way to authenticate the user that doesnât rely just on passwords (otherwise itâs no different to wallet encryption),â he points out.
Bit2Go solves that problem by introducing another feature: out-of-band two factor authentication. When a transaction occurs, it sends a message with a one-time password to the userâs phone so that they can confirm the transaction.
âNow, in order for you to be compromised, they really have to attack three different devices,â Belshe says.
Providers of traditional web wallets like the idea. Brian Armstrong, CEO of Coinbase, which just scored $25m in funding, was positive.
âCoinbase is excited and interested in any solutions like this which would help secure bitcoin wallets,â Armstrong said. âFor example, we offer the ability to create paper wallets today (which are offline, private, and a physical storage of bitcoin).  Using two of three could be a nice addition to this.â
BitGo also offers several other services, including a person-to-person exchange designed to connect friends who want to buy and sell bitcoins, and a bitcoin gifting service. The latter enables people to give bitcoins to friends by setting up a multisignature BitGo address.
It would be easy to see how it could begin packaging this as an API service to other bitcoin businesses. Belshe is staying tight-lipped, but heâs promising more announcements from the company soon.
