Security is crucial for the growth and maturity of the Bitcoin space; however, some companies still underestimate the importance of security as a main pillar in any Bitcoin product and still expose their users to risks of losing their funds.
In 2012 we’ve seen the early adoption of multisignature transactions. Three years after, multisignature technology has become increasingly more important for the fast growing Bitcoin space as more companies started adopting it as a security standard for wallets and vaults.
Photo: State of Bitcoin 2015 – CoinDesk
How do multisignature transactions work?
Traditional Bitcoin wallets rely on a simple send-receive system, which is the standard transaction to Bitcoin address (pay-to-pubkey-hash). This means for every Bitcoin wallet there’s one 34-character wallet address, which is a hash of the public key, associated with a 64-character private key that the user would have to be able to spend their bitcoins. Private keys need to be kept safe and only accessed when a user wants to sign a transaction. In these wallets, so long as you keep this single private key safely secured you’ll be fine. However, once this safety is compromised and hackers gain access to your key, they can easily empty your funds out of your wallet.
Multisignature transactions (pay-to-script-hash) are more complex than the scenario explained above. In a multisignature transaction, addresses can have various number of private keys associated to them such that you need any number combination of these keys to be able to spend the funds. This is what’s referred to as n-of-m multisig. The most standard combination of keys for multisignature wallets is 2-of-3 where you need 2 private keys out of 3 to be able to execute a transaction. Hence, even if the safety of one of your private keys was compromised the hacker still can’t steal your bitcoins as they need to gain access to the second key to sign off transactions out of your wallets.
Photo: Since 2012, daily average number of p2sh transactions have been steadily increasing, p2sh.info
While multisignature transactions have been standardized in the Bitcoin protocol since 2012, it didn’t see much traction until early 2014 with more wallets providing multisig security and adopting BIP32 Bitcoin protocol.
HDM wallets and BitOasis multisignature structure
At BitOasis, we understand that security is a priority for any wallet solution and we have built a Hierarchical Deterministic Multisignature (HDM) wallet to provide the highest level of security to our users.
The deterministic characteristic in BitOasis HDM wallet allows it to automatically generate random new Bitcoin addresses on each transaction using a specific algorithm from a single seed, providing higher levels of privacy and easier wallet backups from the seed rather than manually keeping and updating a backup file that can be lost if your hard drive goes corrupted.
The hierarchical characteristic allows the generation of billions of addresses and accounts from a single seed. Think of it like a tree, where you have a single node (key) that have branches and each of these branches have other branches and so on. The HD wallet characteristics combined with a 2-of-3 multisignature setup is a powerful combination to create a wallet with the highest level of security, without compromising usability, and that’s what we aspired for.
Three keys, three distributed locations
BitOasis multisig has three private keys in distributed storage in three different geographical locations:
- The first key is secured by BitOasis under the control of the user and protected by a strong password and 2-factor authentication.
- The second key is secured by implementing a trusted third party oracle, provided by CryptoCorp, that co-signs user transactions after examining the transaction to detect any potential wallet compromise or fraud.
- The third key is a recovery key that is secured and held in cold storage by an independent legal entity for recovery in case of any service compromise.
How do BitOasis multisignature transactions work?
- When you log onto BitOasis and try to spend your bitcoins, you sign with the first key and automatically forward your transaction to CryptoCorp to co-sign.
- Before it signs the transaction, CryptoCorp performs the necessary security and fraud detection checks to make sure the transaction was truly initiated by you and counter-signs with the second key. In the case of suspicious activity, CryptoCorp initiates an automated call or text to your cell phone to verify the outgoing transaction with you before signing it.
- Once you confirm that the transaction is initiated by you, CryptoCorp would sign the transaction with your second key.
- Once the transaction is signed by the second key, your funds are now spent and your transaction is broadcasted to the Bitcoin network for confirmation.
CryptoCorp’s oracle acts as trusted third party that only signs transactions when certain determined conditions are met, by that providing an extra layer of security that doesn’t compromise the usability of BitOasis’ HDM wallet.
Vetting all transactions to prevent fraud
Each transaction is vetted to protect BitOasis users from theft, fraud and risk without having control on user funds. Transactions are pre-classified into different risk weights and when certain risks, anomalies or wallet compromise cases are identified, the user will receive an automated call from CryptoCorp and will be presented with the three options below:
- Enter number 1 to confirm that the transaction is initiated by you, and then CryptoCorp would sign with the second key
- Enter number 3 to cancel the transaction, and hence CryptoCorp wouldn’t sign the transaction and in turn, it will not go through.
- Enter number 9 to notify CryptoCorp and BitOasis that the transaction wasn’t initiated by you. This would put your account and all transactions on hold until you decide on next action.
BitOasis is currently in private beta and we’re rolling out our new exchange service soon.
If you enjoyed the piece and have more questions about BitOasis HDM wallet, shoot us an email at [email protected], or follow us on Twitter @BitOasis.