MultiSig vs Deterministic bitcoin wallets
Thursday 10 July 2014
If you have ever read anything about keeping your bitcoins secure, you may have heard that keeping the bulk of your funds in an offline wallet is recommended. This is primarily due to the fact that the private keys to your funds would not be under your control in an online environment. However, with the recent implementations of deterministic wallets and multisignature bitcoin addresses, it’s possible that tighter security can exist in an online environment.
BitScan takes a look at two relatively new and upcoming wallets to the market, that use these diffferent methods, to weigh up the pros and cons.
For those who are unfamiliar, a deterministic wallet is one which generates all of its keys (public and private) based on a given a random sequence of words, or a “seed”. A seed is highly unlikely to be guessed like a brain wallet password would due to the fact it is hashed multiple times to create entropy (or uncertainty). A wallet of this type has a few advantages regarding security.
Under an early bitcoin client, private keys for both your normal and change addresses would have a buffer limited to about 100 keys. This would be exhausted quickly due to every transaction creating a new change address and result in private key backups becoming outdated very quickly; this of course is terrible for long term use.
Deterministic wallets don’t need to rely on a randomly generated buffer due to the fact that private keys are generated in a predictable pattern based on its seed. This would entail being able to create an unlimited amount of addresses without worry.
Until recently, deterministic wallets have only seen implementation in desktop wallets like Electrum and Armory. Being able to have this kind of wallet implemented online would play into another advantage of deterministic wallets, which is the fact that only you ever know your seed.
Multisignature technology allows users to secure their funds in a different way, requiring more than one private key to authorize spending funds from a bitcoin address. Normally each bitcoin address is associated with one private key, and should a user lose this private key, they lose access to their funds permanently.
With multisignature there is more than one private key, and typically three private keys associated with the address. This technology makes recovering one's funds more forgiving, while adding a layer of security.
For example, a person can have a 2-of-3 bitcoin address, whereby it has 3 private keys associated with it and would require 2 in order to spend bitcoins from it. This specific example allows for 1 private key to be lost or stolen, but still provide the user control over their funds; a thief could not gain control of their address with only 1 private key. Multisignature bitcoin addresses open the door for all sorts of security enhancements and innovations, but this is the basic idea.
Greenaddress.it is a web wallet that implements deterministic wallet technology as well as payments through social media. Neither your seed nor the private keys generated from it will be stored on their servers. However this does leave you with the responsibility of securing your seed and your account, as you are also able to view your seed from it.
As far as your seed is concerned, you are given a QR code for it as well as the option to print it for a paper backup. For your account, you can set up two- factor authentication using any or all of the following methods: email, Google 2FA, SMS, and phone call.
Frozenbit.io, on the other hand, has more of an emphasis on utilizing multisignature technology to secure one’s bitcoins in a trustless manner. It also seeks to make the use of multisignature bitcoin addresses much easier than ever before. Currently the site is up, but there are no features implemented yet, so it is difficult to give a fair assessment. However, conceptually it sounds secure. Your funds are secured via a 2-of-3 multisignature address, meaning two out of three private keys are needed to spend an address’ funds. Frozenbit stores one, while you presumably control the others. If Frozenbit servers were compromised, there would be nothing to gain, as the attacker would only attain one out of the two necessary private keys.
Pros & Cons
There are advantages and disadvantages between both of these services. With Greenaddress, you may be comforted knowing that your seed and private keys are in your control, however if their servers ever goes down, you lose the ability to spend your funds. This stems from how they implement multisignature technology, which is different from most given examples.
Traditionally, examples are presented with a 2-of-3 bitcoin address, whereby you need 2 out of the 3 private keys of an address in order to spend its funds. However, Greenaddress.it uses a 2-of-2 implementation to allow a bitcoin address’ funds to be spent. This does not mean to say that private keys are involved, rather this implementation involves providing signatures to validate a transaction. One signature comes from the user while the other comes from Greenaddress when two factor authentication is performed. This would entail that if Greenaddress cannot provide the second form of verification, you’re unable to spend your funds. This fact leads into the second disadvantage, which comes from there being a central point of failure. This is very relevant considering the above fact about authenticating transactions. They explain a way around this in their FAQ, but this still should be taken into consideration.
There is still the convenience surrounding a service such as this, though. Couple this with the fact that Greenaddress has been functional longer than Frozenbit, and you have a service that may be more polished and easy to use. Frozenbit has the potential to be more secure than Greenaddress, however. It makes an interesting use of multisignature technology to give security not seen in other online bitcoin wallets. I’d encourage examining both, particularly when Frozenbit becomes fully functional. It may boil down to which technology you have more trust in, which is of course, a whole other topic when it comes to bitcoin!
comments powered by Disqus