8. Blockchain Workspace www.blockchainworkspace.com 8
Exchange Kraken Nov 2016:
• “people publicly involved in the cryptocurrency scene
being victimized by mobile phone hijacking”
• “consider yourself an active target
Key management - 2
15. Blockchain Workspace www.blockchainworkspace.com 15
Group “Lego-clickers”
Group “Towering over”
Group “Card tricks”
Group “Transparant Street”
Step I:
Think of an analogy for either the working of:
the bitcoin PoW consensus, transactions or a hierarchical deterministic wallet
Step II:
Appoint a spokesman/woman and make the story sharp & clear
Step III:
Listen to the story of the other groups and give them hints about the reception
Neighbor: “HOW does it work?!”
16. Blockchain Workspace www.blockchainworkspace.com 16
A series of blocks, each composed of time stamped sets of
transactions and a hash of the previous block, which
connects the two together; presented in a merkle-tree.
Definitions 2
What is the real need to use this knowledge. How can you actually use this knowledge.
Who has done something stupid with the thing valuable in life, e.g. banks and money, your assets or your privacy? e.g. Send to a wrong account. Lose it. Who has lost a significant amount of value. Who has ever been robbed?
<ik had een wallet, ik zag ze staan op het publieke ether blockchain crawler>
What happens if you lose money / all your possessions? What type of fall backs do we have in real life?
[conclude: service! banks, insurance companies, government, charities, cadastre ]
In which way is management of your valuables in crypto different from what we have seen before?
[Among all those Huray-stories we to better understand the NEW vulnerabilities we have come up to with the introduction of Freedom. Example: “Sovereignty beyond the grave”, leave your heirs with nothing and lots to explain. ]
Goal: Freedom at the price of Inefficiency, Freedom at the price of Constant Alertness & Constant Preparation.
How:
Knowledge of State of the Art techniques / Threads
Profound understanding of modern key chains
Design of a personal Key Management protocol
Where did the trust go?
Practical application
Fitness
Auditing without revealing
Secure Back up / revocation
[One big diff: now technique dictates userfriendly-ness. Example : https://github.com/bitcoin/bips/blob/master/bip-0070.mediawiki ]
“A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin private key.”
“To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It is important to make a backup copy of the private key and store it in a safe location.”
This site does not have knowledge of your private key. If you are familiar with PGP you can download this all-in-one HTML page and check that you have an authentic version from the author of this site by matching the SHA256 hash of this HTML with the SHA256 hash available in the signed version history document linked on the footer of this site.”
Treat a paper wallet like cash.
Add funds to this wallet by instructing others to send bitcoins to your Bitcoin address.
Check your balance by going to blockchain.info or blockexplorer.com and entering your Bitcoin address.
“Keep in mind when you import your single key to a bitcoin p2p client and spend funds your key will be bundled with other private keys in the p2p client wallet. When you perform a transaction your change will be sent to another bitcoin address within the p2p client wallet. You must then backup the p2p client wallet and keep it safe as your remaining bitcoins will be stored there.”
Single key, many sub-keys (compare the master key in relation to the sub-keys)
<Which two very important features in one go? <hash/Digest+privkey_encryption> Why should we care?
Various Proofs: Identity, Existence, Location, Ownership etc.
Fun trick: sign a hash pointer.
Bitcoin: ECDSA: Elliptic Curve Digital Signature Algorithm
Which of those could be represented by a lock?
Where does the analogy falter? :
no revocation option,
no multi-door key,
no copy negative option,
A private key can’t break in the lock
<master slave>
Your mobile company is hacked! Then: How about you?!
"In the past month, 10 cases… The consequences have been expensive, embarrassing, enduring, and, in at least one case, life-threatening.
If you are in any way publicly involved in cryptocurrency, consider yourself an active target. You need to immediately audit the security of your accounts – especially email, social media, social networking and mobile phone."
email, social media, social networking and mobile phone.
We want practical applications!! What do we need? How can we be safe (not lose money, do anything stupid, be vulnerable etc)
If know more, we can better protect ourselves, be more confident.
<copy paste errors story>
A bitcoin address is in fact the hash of a ECDSA public key
BIP0032
https://bitcoinmagazine.com/articles/deterministic-wallets-advantages-flaw-1385450276/
Vitalik Buterin 2013 (18 yrs old):
The problem is this: although you certainly can securely hand out child keys with no risk to the parent key, and you can hand out master public keys with no risk to the master private key, you cannot do both at the same time.
Solution : a. Don’t hand out master public key
b. making three hierarchical BIP32 wallets, with every address being a 2-of-3 multisignature address between the three wallets down some particular child key derivation path
“
The two current competitors for memorising a Bitcoin wallet are (1) choosing a password and using the password or a hash of the password as a seed, and (2) randomly generating a seed and converting the seed into a passphrase in a way that can be reversed.
A bitcoin address is in fact the hash of a ECDSA public key
BIP0032
https://bitcoinmagazine.com/articles/deterministic-wallets-advantages-flaw-1385450276/
Vitalik Buterin 2013 (18 yrs old):
The problem is this: although you certainly can securely hand out child keys with no risk to the parent key, and you can hand out master public keys with no risk to the master private key, you cannot do both at the same time.
Solution : a. Don’t hand out master public key
b. making three hierarchical BIP32 wallets, with every address being a 2-of-3 multisignature address between the three wallets down some particular child key derivation path
“
The two current competitors for memorising a Bitcoin wallet are (1) choosing a password and using the password or a hash of the password as a seed, and (2) randomly generating a seed and converting the seed into a passphrase in a way that can be reversed.
1 Boss
3 departmental heads with budgets in crypto - costs
1 web departmental head that sells trainings - revenu
Question: design the wallet of the boss and what he spends on the different actors in the company.
http://www.hongkiat.com/blog/bitcoin-wallets/
A blockchain consists of a series of blocks, each of which is composed of time stamped sets of transactions and a hash of the previous block, which connects the two together, as presented in a merkle-tree