Bitcoin Startups Berlin - April 22 2014

Cold Storage with Bit-Card

Brian Fabian Crain

Outline

❖ Context: Wallets, Thefts, New Users!

❖ Bit-Card!

❖ BIP0038!

❖ Testing the System!

❖ Conclusion!

❖ The Road Ahead

Bitcoin Wallets

Thefts

❖ MtGox (~700,000 BTC?)!

❖ Chinese Exchange GBL ($4.1m)!

❖ Sheep Market Place (~$100m)!

❖ Inputs.io ($1.2m)!

❖ Malware!

❖ Total: ~820,000 BTC (~6% of money supply)

Mainstream Adoption

What’s a New User To Do?

The Bit-Card System

❖ bit2factor.org (Generate Intermediate Codes)!

❖ Receive-Only Card!

❖ Encrypted Paper Wallet (2)!

❖ Blockchain.info (To spend money)

Bit-Card.de

❖ Company based in Leipzig!

❖ Carsten Unger is often at meet ups!

❖ Have sold 100,000+ cards

Types of Wallets

❖ Unencrypted Paper Wallets (Presents/hologram safe)!

❖ Encrypted BIP38 paper wallets

BIP38Passphrase

Intermediate

Intermediate

AddressEncrypted Private Key

Confirmation

Confirmation

Verification

Email/Order

Scrypt

SHA256/AES256

Bitcoin Address

Encrypted Private Key underneath

Confirmation Code

Bit-Card.de URL with balance

Arrangement

Password

Parents’ House

Bank Safe Recovery Instructions

Home

Scrypt

❖ A password-based key derivation function!

❖ Expensive to brute-force, takes 100s of ms!

❖ Requires large amount of memory

Could Scrypt-ASICs Break BIP38?

❖ Memory-demand for Litecoin: 128kB!

❖ Memory-demand for BIP38: 16MB!

❖ Cryptocurrencies: Require Partial Hash Collision!

❖ BIP0038 would need exact match!

❖ With a reasonably secure password: No

Spending From Cold Storage

Problems

❖ QR code scan fails with bad light!

❖ No QR code for confirmation code!

❖ Very little information - QR Codes not labeled!

❖ Danger of change addresses!

❖ Not (really) reusable

Conclusion

❖ Usability is not there yet.!

❖ Solid system for intermediate-advanced Bitcoin users, who want alternative to offline Armory.

Resources

❖ Bit-Card.de (Thanks to Carsten!)!

❖ BIP0038 (Not very readable)!

❖ bit2factor.org