1. enemy of the banks
COIN PUNK
Obsoleting the banking industry
with HTML5 and JavaScript
Kyle Drake
Tuesday, October 15, 13

2. What is Coinpunk?
• First open-source Bitcoin web wallet
service
• Designed and intended for power
users and developers
• Funded by a grant from the Bitcoin
Foundation (and others)
Tuesday, October 15, 13

3. Coinpunk “Old School”
Tuesday, October 15, 13

4. Coinpunk “Old School”
• Ruby application
• Bitcoind (official client) JSON RPC
does all heavy lifting
• Implemented in 4 days
• Stored all private keys on server
• Works. But there’s a Serious
security risk.
Tuesday, October 15, 13

5. Major Bitcoin Wallet Thefts
•
July 2011: Bitomat “loses” database. $220,000
USD
•
August 2011: MyBitcoin hacked. $800,000
•
August 2012: Bitcoinica hacked. $460,000
•
March 2012: Linode servers trawled. $250,000
•
Sept 2012: BitFloor hacked. $250,000
•
April 2013: InstaWallet hacked. $4.6 million
Tuesday, October 15, 13

6. We’re starting to think
putting the private keys
on a central server is a
really bad idea. I can’t
imagine why.
Tuesday, October 15, 13

7. But web interfaces are
easy to use. They’re
lightweight. They’re
universal. They make
sense to non-tech
users.
Tuesday, October 15, 13

8. How can we provide a
web interface while
reducing server trust?
Tuesday, October 15, 13

9. The Problem
“Bitcoin wallets” that store
the private keys on the
server are not wallets.
They are Bitcoin accounts.
Tuesday, October 15, 13

10. The Solution
Move the wallet encryption
over to the browser.
Yes, really.
No, seriously!
Tuesday, October 15, 13

11. Fear, Uncertainty and Doubt
“DOOMED”? REALLY?
Tuesday, October 15, 13

12. Tuesday, October 15, 13

13. Counterpoint
http://log.nadim.cc/?p=33
Tuesday, October 15, 13

14. Tuesday, October 15, 13

15. Coinpunk “New Wave”
• HTML5/JS frontend
• Node.js backend
• Redis
• Bitcoind
Tuesday, October 15, 13

16. Coinpunk “New Wave”
Browser generates Bitcoin
private keys, encrypts them,
sends encrypted payload to
server for storage/backup.
Tuesday, October 15, 13

17. Coinpunk “New Wave”
Browser also creates all the
transactions. The server
(and therefore hackers)
cannot spend the user’s
money.
Tuesday, October 15, 13

18. Progress
Tuesday, October 15, 13

19. Browser Crypto Libraries
• CryptoJS
• Stanford JS Crypto Lib (SJCL)
• BigInteger (JSBN)
• BitcoinJS-lib
• RandJS
https://github.com/kyledrake/randjs
Tuesday, October 15, 13

20. RandJS
• Uses
window.crypto.getRandomValues if
exists, otherwise falls back
• Allows you to decide whether you’re
cool with that.
Tuesday, October 15, 13

21. window.crypto.getRandomValues
Tuesday, October 15, 13

22. Observations
• It’s all kindof slow
• SJCL PBKDF2 is (a lot) faster than
CryptoJS
• Can’t go above 4k-5k iterations
• Limited pre-rolled authenticated
encryption options (sjcl.encrypt)
http://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken
Tuesday, October 15, 13

23. I’m not doing
Bitcoin work.
Why should I care?
Tuesday, October 15, 13

24. Browser-side crypto
will become a lot
more
commonplace.
Tuesday, October 15, 13

25. JS crypto libraries
will become secure,
standardized and
fast.
Tuesday, October 15, 13

26. One-way hashing of
the password on
the browser will be
considered “best
practice”.
Tuesday, October 15, 13

27. THANKS!
Tuesday, October 15, 13