This document summarizes a Bitcoin meetup discussing wallet security concepts. It covers different types of wallets including full chain, partial chain, no chain, and off chain wallets. It examines the attack surfaces of each wallet type and discusses general purpose platforms and hardware wallets. While hardware wallets aim to improve security, each has potential issues, highlighting the challenges of securing cryptocurrency and the importance of decentralization.

1. Bitcoin Meetup
Eric Voskuil<eric@voskuil.org>
3CD8C07F0B5CE14E

2. Libbitcoin
C++ Bitcoin Development Toolkit and Applications
github.com/libbitcoin

3. Agenda
• Security concepts
• Wallet attack surface
• General purpose platforms
• Fun with hardware wallets

4. Agenda
• Security concepts
• Wallet attack surface
• General purpose platforms
• Fun with hardware wallets

5. Wallet Security
• Security
– Preventing involuntary loss of property.
– Fundamentally, the reason for Bitcoin.
• Wallet
– Bitcoin does not have banks.
– It’s wallets all the way down.

6. CIA
• Confidentiality
– How might unintended people get it?
• Integrity
– How might the system fail on its own?
• Availability
– How might intended people not get it?

7. Agenda
• Security concepts
• Wallet attack surface
• General purpose platforms
• Fun with hardware wallets

8. Wallet Types
• Full Chain
• Partial Chain (SPV)
• No Chain (trusting)
• Off Chain (custodial)

9. Full Chain - Defined
• Builds a chain of complete blocks
• Validates chain against consensus
• Validates payments against chain
• Chain and private keys are co-located
• May also
– send new transactions to peers
– get unmined transactions from peers

10. Full Chain – Attack Surface
• Mining
– Finney Attack (double spend)
– 51% Attack (double spend, DoS)
• Network
– Sybil Attack (double spend, DoS, privacy)
– Eavesdropping (privacy)
• Platform
– Total loss
– See Pony Botnet

11. Partial Chain - Defined
• Simple Payment Verification
– Actually more complex, just less data
• Like full chain except
– Validates block headers not full blocks
– Requests only transactions of interest

12. Partial Chain – Attack Surface
• Same as full chain except
– Omission of transactions possible
– Privacy loss extends to validation
• This is a design and implementation issue
• Validation can be achieved privately

13. No Chain - Defined
• Gets summary information from server
• Spends are typically relayed by server
• Server is presumed to be honest
• Private keys are retained by the wallet

14. No Chain – Attack Surface
• Server
– All full chain attacks apply to server
– Attacks on the server affect its clients
– The server is a potential attacker
• Network
– A man-in-the-middle can become server
(fraudulent spend, DoS, privacy)
• Client Platform
– Total loss
– Multifactor auth?

15. Off Chain - Defined
• A gold certificate is not gold.
• Custodial accounts are not Bitcoin.

16. Off Chain – Attack Surface
• Server
– Privacy loss is expected.
– Total property loss if compromised.
– Attack surface is unbounded.
– See Mt. Gox, Silk Road, etc.
• Platform
– Total loss

17. Agenda
• Security concepts
• Wallet attack surface
• General purpose platforms
• Fun with hardware wallets

18. General Purpose Platforms
• Personal Computer
– Malware
• Mobile Device
– Malware
– Loss and theft
– Baseband attack
• Trusted Computing?
– “When you think about a secure computer, the
first question you should ask is: "Secure for
whom?" ” – Bruce Schneier

19. Agenda
• Security concepts
• Wallet attack surface
• General purpose platforms
• Fun with hardware wallets

20. Hardware Wallets
• Case
– “You press the bitcoin button, scan the QR code with
the camera, swipe your finger and you’re done.
Everything happens on the device; you don’t have to
log in with a complicated password or use a
smartphone app.“
• Ledger
– “[T]he initial setup should be safe as the ECDH is done
against a static public dongle key.”
• Trezor
– “It took only a single recording of the computation of
the public key, to recover the private key.”

21. Case
• Seems to do the right stuff
– Biometrics (fingerprint)
– Multisig (2 of 3)
– Encryption (“encrypted online database”)
– Key escrow (“offline vault”)
• “Insanely Secure” – TechCrunch
• But…

22. Ledger
• Seems to do the right stuff
– Secure element
– Multifactor (card, phone)
– Multisig (via Coinkite)
• “Malware Proof” – ledgerwallet.com
• But…

23. Trezor
• Secures money, not privacy
– Use a full chain wallet.
– Beware of address reuse.
– Send transactions via Tor (client-server).
• Seems to do everything wrong
– No biometrics
– No encryption
– No secure element
• But…

24. Decentralization