View
357
Download
4
Category
Tags:
Preview:
Citation preview
Multi-SignatureDeep Dive
Benedict Chan, BitGo
@bencxr benchan@bitgo.com
Agenda
● Basics of P2SH and Multi-sig● Emerging Multi-sig models● BitGo Multi-Sig API/SDK hands-on● Our Service Architecture
The Input
script signature to prove ownership
references previous output to spend
The Outputs
Spending a P2SH outputOutput
Input (in spending transaction)
signature 1 signature 2
Redeem script (multi-sig)
Pay to Script Hash (P2SH)
● Bitcoin address that requires successful execution of a script corresponding to a hash○ “Claim only if xyz conditions were satisfied”
● ~8% of BTC held in P2SH addresses, mostly multi-sig
P2SH - Hash-Locked Contract ● Example: A and B want to trade BTC for DOGE● A thinks of any x and hashes it to H(x)● On Bitcoin chain:
○ A creates transaction TX0 to a P2SH script to ■ Pay BTC to B if x of H(x) is known and signed by B or■ Pay BTC to A if signed by A and B
○ A creates refund transaction TX1 (with TX0 as input) valid at a future date (3 days later) for B to sign
● On Dogecoin chain:○ B does similar (refund not shown), sends to P2SH script “Pay
2,000,000 doge to A if x of H(x) is known and signed by A”● When A claims DOGE by revealing x, B can claim BTC
P2SH - Multi-Signature Address
● Spend an input if only M of N signatures were provided○ Script: M PUBKEY..PUBKEY3 N OP_CHECKMULTISIG○ Spend: 0 SIG1..SIG2 REDEEMSCRIPT
● Commonly 2 of 3● Eliminates a single point of failure● Often combined with BIP32 (HD Addresses)
Multi-Signature Models
● Bitcoin minimizes human trust dependency but increases requirements on key security
● Businesses need to correctly map operating scenario to key models
Storage on Multiple Devices
● Create and use keys on separate devices● Hacker must compromise multiple machines● Redundancy● Examples:
○ Bitcoind, Armory Lockboxes○ Hardware Wallets
Joint Wallet with Multiple Parties
● Family savings (birthday gift, holiday funds)● Custodial child wallet● Business partnership
Multi-Sig Escrow
● 2-of-3: Buyer, Seller and Escrow● Buyer/seller send funds into shared wallet● If buyer receives item in good order, create
payment transaction with seller● Otherwise escrow agent can mediate● Escrow agent can never steal funds with only 1 key
Micro Payment Channel
● Customer creates TX0 to shared 2-of-2 address● Provider sends Nlocktime refund for full amount● Publish TX0● Replace off-chain transactions
○ 0.99 to customer, 0.01 to provider○ 0.98 to customer, 0.02 to provider○ …○ 0.55 to customer, 0.45 to provider
● Broadcast only last transaction to close channel
Instant Confirmations
● 2-of-2 Multi-sig address● “Clearing house” creates address for customer
to pre-fund● Payments guaranteed “instant confirmations” ● Clearing house would never double-sign the
same input
BitPay Impulse
Co-Signing Service
● 2 keys held by user, 1 key held by service● To transact, user creates transaction for
service to co-sign● Co-signer evaluates rules:
○ Velocity limits / transaction limits○ Bitcoin address whitelists○ Human approval with 2FA○ External callbacks / state○ IP lockdown, kill switch, time locks..
Enterprise Treasury
● Backup Key held by company CEO/Lawyers● Multiple users on a wallet share user key● BitGo holds co-signing key
○ Require 2FA and User Auth● Employees able to spend limited amounts● CEO, CFO able to approve large withdrawals● Example customers: Bitcoin Foundation,
ChangeTip, BitFury
ATM Provider
● Shared wallet with multiple machines● One access token per machine● IP lockdown for each token● Tokens may be individually revoked● Example customers: Lamassu ATMs
Exchange Hot Wallet
● Exchange maintains single hot wallet for all deposits and withdrawals
● Outgoing withdrawal amount limited per day● Callback on each transaction to accounts
database● Examples: Bitstamp, BitSpark, BitQuick, ...
Exchange-owned Segregated Wallet
● One wallet per exchange user● Per-user-wallet policy granularity● Withdrawals require user 2FA● Transactions to house wallet whitelisted
● Every customer holds their own private key● Backup key held by arms-length custodian● Buy orders can go directly to user wallet● Sell orders can be confirmed by exchange instantly● Great for places that allow you to just “buy
bitcoin”
User-owned Wallet Linked With Exchange
Exchange+User Joint Wallet
● User and exchange each hold a private key● Instant confirmation● Withdrawals depend on
○ Webhook call to exchange to ensure user has sufficient margin
Co-Signer Oracle Contracts
● HTTP callback enables external logic to be implemented
Shared Multi-Sig
Wallet
UserA BTC Collateral (1BTC)
UserB BTC Collateral (1BTC)Winner creates/signs tx for 2BTC out
BitGo Co-signer
Webhook oracle gets BTC price at contract date to
determine winner
cosign/transmitBitcoin P2P Net
● Available interfaces○ Javascript○ Bitcoind RPC (BitGoD)○ Local REST Service (BitGo Express)○ Pure REST API
BitGo Platform SDKs and APIs
● Objects○ Keychains○ Wallets○ Addresses○ Users○ Policies
● Also available: ○ Blockchain Data○ Webhooks
BitGo Platform - Open Source SDK
Javascript SDK1. Create a wallet2. Get new addresses3. Fund the wallet4. Get transactions and balances5. Send coins
Implementation Walkthrough
Exchange Integration
Peatio Open Source Exchange● https://github.com/peatio/peatio● Ruby on Rails● Uses BitcoinD● Pooled wallet for customer funds● Integration path: BitGoD
BitGo Service ArchitectureIndexing ServiceBitcoin P2P
Network
Front Ends
Client SDK/APIWeb Client
Chrome App
BitGo Express
BitGoD
DB
Key service
BitGo.com Load Balancers
External Services(e.g. Authy)
Task Workers(Webhooks, etc)
Ledger Service
Send Queue
● Third party key custodian services● Compatibility with multiple wallets● Privacy improvements● Multiple oracle contracts
Future Multi-sig Development
Thank you
visit: https://www.bitgo.com/platformtwitter: @bencxremail: benchan@bitgo.com
Recommended