bitcoin keys, addresses & wallets

Transcript

Bitcoin Keys, Addresses & Walletsby Christopher Allen <[email protected]>

June 21, 2015

1

Transcript

What is this?e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

2

Transcript


Clues:• it is a hex value (only 0-9 & a-f characters)

3

Transcript


Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes

4

64 chars

Transcript


Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key

5

Transcript


Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number

6

Transcript


Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number • look up e3b0c442 with Google

7

Transcript


Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number • look up e3b0c442 with Google

This is a Bitcoin programmers nightmare: • the SHA256 of ""

8

Transcript

What is this?5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjssClues:

• no ambiguous numbers, it may be base58 • it begins with a 5

9

Transcript

What is this?5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjssClues:


It is an uncompressed WIF (Wallet Import Format) private key • it is the private key for a brain wallet of "" • like e3b0c442 it is a bitcoin developers

nightmare

10

Transcript

What is this?1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN

11

Transcript

What is this?1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzNClues:


13

Transcript

What is this?1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzNClues:


It is a P2PKH (Pay to Public Key Hash) Bitcoin address • it is the Bitcoin address when was generated

from a private key for a brain wallet of "" • Like e3b0c442 I watch out for 1HZ

15

Hidden Transcript

A common error…

16

Over $1600 has been lost, $67 last month, swept in minutes

Hidden Transcript

Creating a P2PKH Address

17

Transcript

What is this?mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrH

18

Transcript

What is this?mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrHClues:

• no ambiguous numbers, it may be base58 • it begins with an m

19

Transcript

What is this?mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrHClues:

• no ambiguous numbers, it may be base58 • it begins with an m

It is a P2PKH (Pay to Public Key Hash) Bitcoin address for TestNet • it is the TestNet bitcoin address equivalent to 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN generated from a brain wallet of ""

• Like e3b0c442 I watch out for 1HZ & mx5

20

Transcript

What is this?L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1Clues:

• no ambiguous numbers, it may be base58 • it begins with a L

21

Transcript

What is this?L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1Clues:

• no ambiguous numbers, it may be base58 • it begins with a L

It is a compressed WIF (Wallet Import Format) private key. Could be L* or K* • but it is 1 character longer than a 5* WIF! • when stored in blockchain, the public keys

are only 256 bits, vs 520 bits >50% smaller!

23

Transcript

What are Bitcoin Wallets?• There are 2^160 P2PKH keys• 1,461,501,637,330,902,918,203,684,832,716,

283,019,655,932,542,976 keys• Which keys are yours?• Wallets help you manage many keys

24

Transcript

Kinds of Wallets• Software• Brain, browser, bulk, deterministic, HD, multi-sig,

export (BIP38/39), escrow (BIP44/5), full node or thin SPV (Simplified Payment Verification) or server

• Physical• Paper, cold, FIPS hardware

• Hosted• Exchange, multi-sig (BIP11/16), escrow (BIP44/5),

locked/unlocked keys, export (BIP38/39), etc.

25

Transcript

What is a Brain Wallet?• In essence, your Bitcoins are stored in your

mind, by memorization of a passphrase• The passphrase is turned into a 256 bit private

key using SHA256• If you forget the passphrase, or are

incapacitated or die, the Bitcoins are lost forever

• HOWEVER, passphrases are not very secure

29

Transcript

Passphrase Entropy• A truly random 12 character password (MixeD CaSe,

Numb3r5, $peçial Characters) has 78 bits of entropy• for example: mH*naG8}Np`$ or [Kh8}J@2t[%3 • Supercomputer or network: 55 days • PC with GPU: 3018 years

30

Transcript

Passphrase Entropy• A truly random 12 character password (MixeD CaSe,

Numb3r5, $peçial Characters) has 78 bits of entropy• for example: mH*naG8}Np`$ or [Kh8}J@2t[%3 • Supercomputer or network: 55 days • PC with GPU: 3018 years

• However, in practice humans are not good at randomness, most 12 character passwords…• Average network decrypt: 47 seconds • PC with GPU in 11 days

31

Password Best Practices

Life With Alacrity blogby Christopher Allen

http://www.lifewithalacrity.com/2009/09/password-best-practices.html

Hidden Transcript

32

Transcript

Summary of Best Practices• Have at least TWO passwords• Create a “non-secure” password for non-financial websites• Pick a memorable long word or short phrase,

• e.g.“amber waves”, “perspicacious”• Shorten it to 7 characters• “ambrwvs”, “prspccus”

• Convert a letter other then first to number• O=0, L=1, E=3, S=5 e.g. “ambrwv5” or “pr5pccus”

• Use letter from domain name for last char, and capitalize it• e.g. second o from google “ambrwv5O” or “pr5pccusO”

• Same technique but longer word for financial (minimum 12)• Check your password's quality (using local Javascript code)• Or use a password generator, or even better — “Diceware"

33

Hidden Transcript

www.grc.com/haystack.htm

34

Transcript

apps.cygnius.net/passtest/password: mH*naG8}Npentropy: 59.823composition: Password is too short.acceptable:nocrack time (seconds):51006556106687.336

35

Transcript

www.PasswordsGenerator.net

36

Transcript

Dicewarehttp://world.std.com/~reinhold/diceware.html

37

Transcript

BrainWallet.orgor git clone https://github.com/brainwallet/brainwallet.github.io.git

38

Transcript

What is a Paper Wallet?• Using a brain wallet is risky• You may forget your passphrase • You may not have enough entropy

• So save it on paper!• 256 bits of entropy• WIF private key• QR code for payments, QR code for WIF

39

Transcript

BitAddress.orgor git clone https://github.com/pointbiz/bitaddress.org.git

40

Transcript

BitCoinPaperWallet.orgor git clone https://github.com/cantonbecker/bitcoinpaperwallet.git

41

Transcript

What is this?6PRKN3F46DpESCG6jPzSybFQwE9SRoK1CYFaiKfVtmDMiv8EBrQhHQdCLK

Clues:• no ambiguous numbers, it may be base58 • it begins with a 6

42

Transcript

What is this?6PRKN3F46DpESCG6jPzSybFQwE9SRoK1CYFaiKfVtmDMiv8EBrQhHQdCLK

Clues:• no ambiguous numbers, it may be base58 • it begins with a 6

It is a BIP38 encrypted WIF (Wallet Import Format) private key address

• BIP is Bitcoin Improvement Proposal • BIP38 is how to encrypt a random private

key with an additional passphrase

43

Transcript

Why use BIP38?• If your paper wallet is stolen, it must be

decrypted before being used• Allows you to "give" a paper wallet to

someone, have them verify amount, then give them password to decrypt.

• Simple version is just encryption (like AES) but advanced version supports "intermediate" codes so that 2nd parties can't see private key

44

Transcript

BitCoinPaperWallet.orgor git clone https://github.com/cantonbecker/bitcoinpaperwallet.git

45

Transcript

bit2factor.comor git clone https://github.com/mannkind/bit2factor.org.git

46

Transcript

What is a Bulk Wallet?• Every time you spend coins on a Bitcoin

address, you should never use it again.• This means you need lots of private keys!• A bulk wallet stores all your private keys• The oldest software wallets are typically bulk

wallets• Can still be useful today for "archive" storage,

such as on an encrypted USB key

47

Transcript

What is a Deterministic Wallet?• Bulk Wallets need lots of private keys! • big file to backup, could be compromised • maybe lots of passphrases to remember • maybe many pages of paper wallets

• Instead, a "master" private key is created, and additional private keys are generated on the fly

48

Transcript

Type 1 Deterministic Wallet• The Electrum wallet (and old versions of

Armory) create a chain of keys based on a master

• Only a root key plus a chain code• Much shorter mnemonic for saving master key• 12 words e.g."magic spoken nearly nine fist

bathroom surprise north reach scrape illusion courage"

49

Hidden Transcript

50

Transcript

Type 2 Deterministic Wallet• "Hierarchical Deterministic" or HD Wallets• Defined in BIP32• Creates a tree of master and child keys• Allows delegate of a child private key to a

server to act as an agent on behalf of the master private key holder

• BEWARE: With a child private key and the master public key an attacker can derive private master!

51

Hidden Transcript

52

Transcript

Master Key Mnemonics• Moving a master key from software wallet to

software wallet can be difficult• BIP39 defines a standard 12 or 24-word

mnemonic for moving master keys• Recreates BIP32 keys for HD wallets• BIP32 master private: xprv9s21Z*• BIP32 extended private: xprv9wzGf*• BIP32 extended public: xpub6Ayd5S*

53

Transcript

dcpos.github.io/bip39/or git clone https://github.com/dcpos/bip39.git

54

Transcript

What is this?3EktnHQD7RiAE6uzMj2ZifT9YgRrkSgzQXClues:

• no ambiguous numbers, it may be base58 • it begins with a 3 • this is a P2SH (Pay to Script Hash) Address • defined by BIP11 & BIP16, P2SH allows for

more complicated transactions that may require multiple keys or signatures to redeem

55

Transcript

ms-brainwallet.orgor git clone https://github.com/ms-brainwallet/ms-brainwallet.github.io.git

56

Transcript

What is this?SSS-5CJkUwdiUPZi2R8RJJzkUFvs1TWC22JAQD2T3QMyhuAvDgzrXKuhT5at

Clues:• no ambiguous numbers, it may be base58 • it begins with a SSS

57

Transcript

What is this?SSS-5CJkUwdiUPZi2R8RJJzkUFvs1TWC22JAQD2T3QMyhuAvDgzrXKuhT5at

Clues:• no ambiguous numbers, it may be base58 • it begins with a SSS

It is a Mycelium "Shamir Secret Share". It lets you "split" a secret into shares github.com/cetuscetus/btctool

• Mycelium Wallet only. No BIP for this yet. • There are other Shamir Secret Sharing

approaches. But cool tech!

58

Transcript

I want it all!• BIP44 and BIP45 wallets are the most advanced• Use multisig addresses (BIP11, BIP16)• Use HD keys (BIP32)• Use Mnemonic backups (BIP39)• Use Structured HD keys (BIP43)• Support multiple accounts & escrow:• BIP44 — Trezor, Coinomi, Mycellium, Encompass• BIP45 (BIP44 plus multiple currencies)— Copay

59

Transcript

Bitcoin vs Testnet

60

Type Bitcoinprefix

Testnetprefix Examples

Pubkey hash (P2PKH address) 1 m or n 17VZNX1SN5NtKa8UQFxwQbFeFc3

mipcBbFg9gMiCh81Kj8tqqdgoZub1

Script hash (P2SH address) 3 2 3EktnHQD7RiAE6uzMj2ZifT9YgRrkS

2MzQwSSnBHWHqSAqtTVQ6v47Xta

Public key(WIF, uncompressed pubkey) 5 9 5EktnHQD7RiAE6uzMj2ZifT9YgRrkS

92Pg46rUhgTT7romnV7iGW6W1gb

Private key(WIF, compressed pubkey) K or L c L1aW4aubDFB7yfras2S1mN3bqg9n

cNJFgo1driFnPcBdBX8BrJrpxchBW

BIP32 private key xprv tprv xprvs21ZrQH143K24Mfq5zL5MhWK

tprv8ZgxMBicQKsPcsbCVeqqF1KV

BIP32 public key xpub tpub xpub661MyMwAqRbcEYS8w7XLSV

tpubD6NzVbkrYhZ4WLczPJWReQy

Bitcoin-QtSoftware Client Desktop: Windows, Mac, Linux+ Open Source+ Maintained by the core Bitcoin developers+ Full Node—downloads full block chain, no need to trust 3rd party SPV servers- Can take a few days to initially download and sync the blockchain.- Clunky UI, no BIP32,38,39,44,45

Hidden Transcript

61

ArmorySoftware Client Desktop: Windows, Mac, Linux+ Open Source+ Multiple wallets, cold and fragmented paper backups+ BIP32 (HD)+&- Full Node—sits on top of Bitcoin-QT (days to download and sync)- Clunky UI, no BIP 38,39,44,45

Hidden Transcript

62

ElectrumSoftware Client Desktop: Windows, Mac, LinuxMobile: Android+ Open Source+ Thin client — connects to SPV servers+ Quick install and setup time, good for beginners.+ Bulk OR deterministic addresses- NOT BIP38 nor BIP39 (Electrum's word seed backups not compatible)

Hidden Transcript

63

MyceliumSoftware Client Mobile: Android+ Open Source+ Thin client—connects to their servers- Only their servers+ Most advanced Android Wallet with multisig (BIP11, BIP16), BIP32 (HD Keys), BIP38 (Mnemonic), BIP44 (escrow), onion-TOR, cold storage (encrypted PDF or Trezor)

Hidden Transcript

64

Bread WalletSoftware Client Mobile: iPhone- Open Source+ Extremely easy to use (too simple?)+ SPV client— not full node, but not dependent on anyone's dedicated servers- SPV can sometimes be slow+ HD Keys (BIP32), encrypted (BIP38) & Mnemonic Export (BIP39)+ Can sweep private keys and BIP38!

Hidden Transcript

65

Hive WalletSoftware Client Mobile: iPhone, Android, Mobile Web- Open Source+ Supports Waggle (GPS) & QR code+ SPV client— not full node, but not dependent on anyone's dedicated servers- SPV can sometimes be slow+ Supports HD Keys (BIP32) and Mnemonic Export (BIP39)+ Also supports Litecoin

Hidden Transcript

66

Bither WalletSoftware Client Desktop: Windows, Mac, Linux Mobile: iPhone, Android- Open Source+ SPV client— not full node+ Supports HD Keys (BIP32), Encrypted Private (BIP38), Mnemonic Export (BIP39 + QR)+ Interesting "cold iPhone" storage idea- Crashes importing BIP39

Hidden Transcript

67

CoinbaseHosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera+ Hosted by an bitcoin exchange, thus you can buy Bitcoin directly via bank+ Supports two-factor auth via one-time auth (Google Auth or Authy)+ APIs for services like LibraTax- Hosted completely on server- No HD Keys (BIP32) or multi-sig- No export (but can sweep to paper)

Hidden Transcript

68

Blockchain.infoHosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera+ Most popular hosted wallet+ Runs all in browser via Javascript+ Free, supports two-factor auth via email+ You can import/export your keys (but no BIP38/39 support!)- No HD Keys (BIP32) or multi-sig- Limited customer support

Hidden Transcript

69

CopayHosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera+ Open Source+ Great Javascript Library+ Runs all in browser via Javascript+ Export/Import BIP48+ multi-sig (BIP11, BIP16) and BIP45 support (BIP44 escrow plus multiple currencies+ BIP45 escrow only with Copay

Hidden Transcript

70

TrezorHardware Wallet Desktop: Setup via USB + Secure hardware+ Easy to use+ Supports HD keys (BIP32), export (BIP38/39), and multi-sig (BIP44)- Costs $119- Requires USB and plugin to boot and setup with desktop- No two-factor auth- Difficult to security review hardware

Hidden Transcript

71

Other WalletsComparisons at:www.expresscoin.com/wallets-comparison

Lots of wallet walkthru's atwww.expresscoin.com/wallets

Hidden Transcript

72

Transcript

The Future of Wallets• Increased Ease of Use

• Address discovery (email, bluetooth, OneName)

• Multi-currency (Altcoins & Sidechains)

• Instant Currency Exchange (USD<->BTC)

• Asset Wallets (stocks, commodities, derivatives, insurance)

• Micropayments

• More kinds of P2SH transactions (time delays, approvals)

• Smart contracts (more P2SH & Etherium)

73

Transcript

The Future of Wallets (continued)

• Personal & Portable Multi-Sig, Escrow & Distributed Cold

• Anonymous Wallets (Mixers, Fog, Dark)

• Auditable and KYC "Clean Money" Wallets

• Trusted On Chip Key Storage• Trustonic: Trustzone (baseband chip on cell phones)• Google: Project Vault (trusted MicroSD)• Apple: Secure Enclave (iOS9 support EC in Touch ID)• Tamper resistant FIPS hardware (credit card, watch)

74

Hidden Transcript

Questions?

75

bitcoin keys, addresses & wallets

Technology