Qala
Bitcoin Custody
Where are the coins?
- Coins are not stored locally in a wallet
- A wallet is just a collection of private keys
- Coins locked from unauthorised spending using cryptographic keys or puzzles (scripts)
- The lock for every coin recorded on the blockchain
- Need private key to unlock and authorise spending coins
Wallet device vs wallet software
- Wallet device
- Stores private keys
- Signs valid transactions
- Also called "signer" or "keystore"
- Wallet software
- Constructs unsigned transactions
- Broadcasts signed transactions
- Has a nice UI
Security and privacy
| Private | Not Private | |
|---|---|---|
| Secure | ✓ | ~ |
| Insecure | ✕ | ✕ |
Not your keys, not your coins
- Important mentality
- If you do control the private keys, they're your bitcoin
- If you don't control the private keys, they're not your bitcoin
- Do you control your keys?
| Written down seed words | Yes |
|---|---|
| Log into online account | No |
| Other | Maybe |
NOT YOUR KEYS
NOT YOUR COINS
Key backups: seed words
- Usually 12 or 24 words
- Used to generate your keys deterministically (BIP32, BIP44, BIP49, BIP84)
- Can re-create your wallet at any time using seed words
- e.g. lost wallet/phone/computer
- Usually prompted to backup at initial setup of wallet software
- If you skipped this during setup, do it now
Key backups: seed words
- Don't compromise your backup:
- Don't let others get hold of it
- Don't outsmart your future self e.g. splitting up the words or encrypting them with a custom cypher
If you control your keys, you're responsible if you lose them and have no backup!
Seed backups
- Electronic document/file/google doc/iCloud/dropbox ⟵ Bad
- Paper ⟵ OK
- Metal ⟵ Good
- Don't share
- Passphrase can be used to protect seed
Key-stores/signers
| Type | Attack surface |
|---|---|
| Computer | Largest |
| Phone | Reduced |
| Hardware wallet | Smallest |
Hardware wallets
- Most secure
- Private keys physically separated from all network connections
- Single function + focus on security
- Ideally buy from manufacturer or authorised re-seller
- Verify authenticity using instructions
- Will never come with "preloaded" seed words!
Wallet software privacy
- Wallet software often needs blockchain data
- Learn about new transactions related to its keys
- Lookup current fee rates
- Broadcast transactions
- Calculate balance
Where can we get this data from?
Wallet software privacy
| Public sources | Private sources | ||
|---|---|---|---|
| Wallet software provider | Electrum server {HTTPS | Tor} | Electrum server | Bitcoin Core |
| Poor | {Low | OK} | Best | Best |
Computer wallet software
- Specter-desktop (requires Bitcoin Core)
- Sparrow wallet (requires Bitcoin Core)
- Bitcoin Core + HWI
- Electrum
- Blockstream Green (only Jade HWW support)
Phone wallet software
Takeaways
- Hardware wallets provide best key security
- Using your own full node or electrum server provides best privacy
- A public electrum server over Tor is also good
- Don't store valuable private keys on an internet-connected device
- Wallet software can be installed on computer or phone
- Small/test amounts on a phone wallet is fine
- Meaningful amounts, hardware wallet recommended
- Don't neglect seed backup