One of the most interesting aspects of the bitcoin story has been the evolving set of solutions for securely storing bitcoins. It’s an issue that combines the classic tradeoffs between security and convenience with all the dynamism of the rapidly changing cryptocurrency landscape.
To help shed some light on where things are today and where they are headed, I reached out to Will O’Brien, CEO of BitGo; Nicolas Cary, CEO of Blockchain.info; and Alan Reiner, CEO of Bitcoin Armory. What follows is an edited Q&A touching on topics including today’s storage options, some exciting changes on the horizon, and what people in the bitcoin ecosystem can do to engage with the regulatory process.
Let’s start at the beginning. If I want to store bitcoins, what are some options that are available, and what are some of the pros/cons involved?
Will O’Brien: The first step is to determine why you are holding bitcoins. Is this an investment? Do you plan to spend them online with merchants such as Overstock.com or Big Fish Games? Do you hope to make money by trading on the open market? The answer to this question will guide you toward the storage solution that fits your needs.
There are three basic types of bitcoin storage. The first is a bitcoin wallet, which is software that stores the digital credentials for your bitcoin holdings. This software can run on your desktop or you can use a hosted wallet provider. A second way to hold bitcoins is to deposit funds with a custodian, exchange, or investment vehicle (like an Exchange-Traded Fund) that holds bitcoins for you. Finally, as curious as it may sound, it is possible to store bitcoins, a purely digital currency, completely offline or in a vault. This is known in the industry as “cold storage.”
Nicolas Cary: Some common methods of bitcoin storage currently include cold storage, desktop wallets, web and mobile wallets. Each of these options presents their own unique pros and cons, with the most pressing issues being security and usability. Cold storage, a method by which a user stores their bitcoins offline, proves to be the most secure but also least practical when wanting to send and receive bitcoins. Desktop wallets offer a secure and easier way to conduct bitcoin transactions, but limit your ability to use them to your desktop computer. The next step in practical solutions is a web wallet, which allows you to spend bitcoins using your computer, tablet, or mobile device. While this makes it easier, a major disadvantage with web wallets is that storage is on a central server. If the server experiences downtime, you may be unable to access your bitcoins. Mobile apps are a new wave of bitcoin storage. You access your bitcoins from your smartphone, in a way that is most practical for using bitcoins regularly. However, if someone gains access to your smartphone, you may lose your bitcoins. Each of these methods has its own unique benefits and disadvantages, and it is recommended to try multiple options to see which combination of options provide the level of security and usability best for you.
Alan Reiner: Your primary options are holding bitcoins yourself or having a third party hold them. There’s a large variety of options for both, and both have significant risks right now, especially without good insurance options available. The pros of holding bitcoins yourself are that you reduce identity theft, no third-party fees, and you have full control over your privacy and security. Third parties may have better security practices, but add another authentication layer that can be broken by malicious parties (i.e. someone logs into the service with your identity and requests a withdrawal). Both users and third-parties have a history of mishandling bitcoins, and hence why we don’t recommend anyone but experts hold life-changing amounts of money right now.
What is a secure bitcoin wallet, and why is it more “secure” than other options for bitcoin storage?
Alan Reiner: A secure bitcoin wallet is one that helps the users practice security best practices without driving them away by being too hard to use. Armory’s stance has been to develop the most secure solutions and then make them as easy as possible. A lot of advanced users who manage large amounts of BTC would say that Armory is the best thing available for manually managing large quantities of bitcoin because it has made these best practices usable without sacrificing usability. However, many new bitcoin users would disagree, because Armory is not very easy to use for those totally new to bitcoin. This is why we don’t market Armory to new bitcoin users, and it markets itself to bigger players in the community.
Will O’Brien: A secure wallet is bank-grade software that protects your bitcoins from theft and loss. This is the level of security we aim to offer at BitGo.
Prior to 2013, security was not a major priority because the price of bitcoin was still relatively low. Most people who owned bitcoins knew the risks associated with using an experimental digital currency. Now the stakes are much higher due to bitcoin’s incredible growth in adoption and price. It is simply not acceptable to store your bitcoins in a place that can be easily penetrated by hackers.
BitGo’s secure multi-sig wallet ensures that there is no single point of attack. Every wallet is comprised of three keys, two of which are required to access holdings. One key is held by BitGo, one by the user, and one offline. This makes our wallet virtually hack proof.
Nicolas Cary: A secure bitcoin wallet ought to have a two-prong approach to security. It is essential that a bitcoin wallet equip the user with all the tools necessary to prevent unauthorized access, such as two-factor authentication methods or a second password. Centralized services or wallets are antithetical to the promise of a peer-to-peer trust-less network. By contrast, at Blockchain.info, our wallet service allows the user 100% access to their own private keys, and will refrain from storing them unencrypted on a central server. The Blockchain wallet gives 100% control to the user. Our servers never see private keys. In fact, even during a service disruption you can still use your bitcoins.
Usually there is a trade-off between security and convenience. Is it possible for a bitcoin wallet to be secure while also being easy to use?
Will O’Brien: Yes, absolutely. But the paradigm has to change from single key to multi-sig. In any single key storage solution, there is only one piece of information a hacker needs in order to steal bitcoins. With multi-sig, an online wallet is secure because multiple keys are never on the same machine. With this foundation, companies can build easy-to-use, consumer-friendly services that leverage the power of bitcoin without carrying the associated risks.
Alan Reiner: This tradeoff is tough to overcome. I think this is part of the fundamental experiment called “Bitcoin”: there are a lot of options for managing your coins, and today none of them have the right balance for “the average person.” But I’m optimistic that in the longer term balanced solutions will be developed.
Nicolas Cary: Security starts with you. Having a wallet where you are the sole holder of the private keys is the best way to make sure you always control the funds. Adding extra layers of security, such as two-factor authentication, while keeping it convenient to use, is key for any successful wallet app. You want to be able to easily spend bitcoins at a restaurant without having to sacrifice any level of security.
What are some of the exciting changes you expect to see in secure bitcoin storage over the coming year?
Nicolas Cary: There will likely be many different types of hot and cold storage solutions for 2014. Hardware wallets could potentially serve as both, and it will be exciting to see what happens on this front. A bitcoin debit card could serve as a way to integrate hot wallet services into legacy payment systems, like credit cards. We’ll also probably see some cold storage banks come about, and it will be interesting to see how that will work in the bitcoin space.
Alan Reiner: We’ll see growth in multi-signature transactions (such as those offered by Armory), hardware wallets (such as Trezor), and insured storage options. These developments have huge implications across the entire bitcoin ecosystem. Multi-sig and insurance are critical for large companies to be able to split signing authority between company officers, and not go out of business if something goes wrong. Previously solutions have typically had a single point of failure. For regular consumers: hardware wallets provide many of the benefits of an offline computer without all the inconvenience. This might be the level of convenience and security “regular” users need.
Will O’Brien: I think we’re going to see the recent advancements in wallet security move into other areas of the ecosystem. Imagine an exchange powered by multi-sig, for example, where users would be able to independently audit their deposits and withdraw funds. At BitGo we have seen a lot of demand by companies that want to build exchanges, marketplaces, and other services on top of our platform.
For the bitcoin ecosystem to reach its full potential, there are various regulatory hurdles that will need to be addressed. What is the best way for people in the bitcoin community to contribute to addressing those hurdles?
Nicolas Cary: Because bitcoin is so outside the scope of the typical financial regulatory framework, it is essential that bitcoin enthusiasts and evangelists actively communicate with politicians and governmental institutions about bitcoin’s functions and potential. Convincing politicians to accept bitcoin payments for their campaigns is perhaps a start, as this will encourage other policymakers to learn more about it.
Will O’Brien: First, as an ecosystem, we have to continue building the core infrastructure and services that demonstrate that bitcoin is safe and useful. Business leaders and regulators have every right to expect more stability and security in a digital currency that has such incredible potential to change the world. Second, we must get involved in the policy conversation, either directly or through representation. Bitcoin has some strong support in Washington and we must make our needs clear so that any new policy is effective and timely. It’s also worth noting that the growth of bitcoin has led to the entrance of veteran entrepreneurs, backed by institutional capital, who are engaging in productive discussions with regulators about how to build a sustainable and robust industry.
Alan Reiner: I know many people couldn’t imagine writing letters anymore, but they are still one of the most effective ways of communicating with elected officials. People should contact representatives to promote the positive side of bitcoin and explain why can be beneficial to everyone.
There’s been some buzz lately about “multi-signature” approaches to bitcoin transactions, which require two or more signatures to authorize a transfer. Do you think that multi-sig is going to become a dominant approach to authorizing transactions, or do you think it will be limited to a subset of applications?
Alan Reiner: Multi-sig is going to be a critical part of bitcoin’s future, because it so dramatically improves security. Most consumer funds will require two-factor authentication to spend, such as requiring approval from both your computer and your phone, or dual approval of spouses. Larger-scale, institutional use of bitcoin will necessitate 3+ authorized signatures for proper segregation of duties and eliminating single points of failure.
Nicolas Cary: In the next few months I expect that we’ll see multi-sig transactions used in many different ways, although escrow services would likely be the main use early on. There is a lot of potential use for these types of transactions, and it will be interesting to see the types of services that embrace multi-sig.
Will O’Brien: 2014 will be the year of multi-sig. We will see the majority of wallets and exchanges embrace multi-sig to secure their holdings. There is no other effective choice except for very niche cases where a technologist has the acumen to secure their own wallet. We launched our first multi-sig wallet in August 2013, and we believe that multi-sig also has applications beyond wallet technology. It can be the foundational building block for escrow and real estate transactions, where the buyer, seller, and agent each hold a key and two parties need to agree to sign a transaction. Ultimately, multi-sig and ensuing standards will enable mainstream adoption of bitcoin.