What's Next for Bitcoin Wallet Security?
Bitcoin wallets have become more secure thanks to multisig and hardware advancements, but there's still room for improvement.
Oct 26, 2014 at 4:53 p.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/ZBBLAM7ZTJEY3POJCIJ37TKJBA.jpg)
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
Times have been busy in the bitcoin wallet world lately. Two hardware wallets – Trezor and BTChip – have finally shipped, and wallet security continues to mature.
In spite of all this, though, people who should know better are still being robbed because they fail to add more protection to their bitcoin holdings.
To tackle the issue of bitcoin wallet vulnerabilities, it's important to look at the security protections that are currently available for wallets, and to explore what work still needs to be done in the future.
Multisig
2014 was to be the year of multiple signatures (multisig), according to Gavin Andresen in his 2014 State of Bitcoin speech, and there has been a lot of activity on this front. Multisig allows wallet owners increased security by requiring that a third party sign off on transactions before they're finalized.
This paves the way for third party risk services, said Gary Rowe, CEO of popular bitcoin wallet Multibit:
Multibit is based on Bitcoinj, a Java-based implementation of bitcoin. Bitcoinj now has multisig support built-in, along with pluggable transaction signers. But neither Multibit nor Hive, both of which are based on Bitcoinj, currently support multisig at the time of writing.
Other wallets, such as BitGo and Armory, which are focused more on enterprise users, have built in multisig support.
But we shouldn't pin all of our security hopes on multisig wallets.
"Not everyone will buy into them as being part of the decentralised ethos of bitcoin, so they can’t be relied upon as being the only solution to the problem," said Rowe, who added that multisig wallets are also more complex to use than deterministic wallets.
Deterministic wallets
Early bitcoin wallets generated addresses randomly. Bitcoin addresses aren't supposed to be reused, which means that when used properly, there should be many addresses in a single wallet. This makes it difficult to recover those addresses if they are lost.
Deterministic wallets create addresses using a simple multi-word phrase, randomly created by the user. The phrase will also create the same set of addresses.
All of this makes it easier to solve the backup problem, said Aaron Vosine, creator of iOS-based Breadwallet:
Now, hierarchical deterministic (HD) wallets are adding another dimension. They create 'trees' of addresses using a seed phrase. Any branch of the tree can be shared with another user, without giving away the whole tree. That makes HD wallets easily exchangeable with others without compromising privacy, and easily replicable.
These are all great developments, but perhaps one of the biggest evolutions this year has been the rise of the hardware wallet. Bitcoinj project leader Mike Hearn lauded the shipment of Trezor:
Other wallets are rapidly rolling out support for hardware wallets. Multibit's Trezor integration should be live in a couple of weeks, said Rowe.
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/YGY77P6H4FGGLAXRTFSN2HDP3I.jpg)
Room for improvement
In spite of the strides made this year, there are still significant challenges for wallets.
One of the biggest concerns is malware, said Breadwallet's Vosine. The threat from malware is only likely to increase, and Android has been a hotbed of malware activity.
Vosine explained:
This is another reason to move into hardware wallets, commentators said, but hardware, too, has room for improvement.
Thomas Voegtlin, who created popular bitcoin wallet Electrum, said that he already has support for Trezor, and that BTChip integration is coming soon. The stage is set for the next evolutionary step in hardware wallets, he suggested:
Nicholas Bacca, creator of BTChip, has created a smartcard wallet which he said cannot be easily recovered by an attacker gaining physical access to the chip.
Bacca said he expects to see virtualisation play a part in the future:
The use of TEEs and the associated Trusted Platform Modules (TPMs) – both of which provide protected hardware areas for the execution of sensitive code – could end up negating the need for hardware wallets, argued Wendell Davis, founder of Hive Wallet:
People also want to carry around fewer devices, rather than more, he asserted, adding that they tend to opt for less secure but more convenient options.
Biometrics
Phone companies are already trying to marry security and convenience, in the form of biometrics; Breadwallet will soon have support for Apple's TouchID, Vosine said.
Multibit's Rowe isn't a big fan of biometrics. He said he worries that fingerprints, voice recognition and even iris scans can be compromised. In any case, the accuracy rate isn't perfect, he warned, which makes it difficult for widespread adoption.
Vosine, on the other hand, is putting a limit pin code on the phone to avoid people copying fingerprints and hacking a phone. Hearn has also considered using an NFC 'badge' that someone can wear in their pocket to help verify the phone that they're using.
As all of these security measures make their way into wallets in one form or another, where does this leave Bitcoin-Qt, the reference wallet created by the core developers? In the past, Bitcoin's lead developer has indicated that Bitcoin-Qt would be spun off from the core project.
It may be significant that recent releases of the bitcoin daemon – the underlying bitcoin code that keeps the network running – can now be compiled without bitcoin functionality at all.
The delta between the reference implementation and other wallets in the field is growing, warned Hearn:
Usability
Atop all of this, we still have the usability problem to contend with. There's always a tradeoff between security and convenience, and the same is true with secure wallets, Hearn warned:
One of the biggest problems, according to Hive Wallet's Davis, is that people still fail to follow even basic security guidelines with wallets.
"We know that an absolutely appalling number of users simply ignore the two lines of instructions about writing down their seed phrase. They just breeze forward and ignore the warning, marked in red," Davis explained.
Bitcoin wallets are more secure than ever before, and in many cases, already far more secure than the banking industry's arcane credit card system, in which you give merchants your name, credit card details, and even your secret code – and often over the Internet.
Nevertheless, there is more work to be done. The tools can be improved, yes – there is always another technical trick to add. But at this point, when technical security is outpacing that in conventional financial industry, it may be user behaviour that needs enhancing.
Bitcoin security image via CoinDesk
:format(webp)/downloads.coindesk.com/arc/failsafe/user/1x1.png)