Secure Key Storage & Multi-Signature Wallets
Explore the vital concepts of secure key storage and multi-signature wallets in cryptocurrency security. Learn how hardware wallets and multi-signature solutions safeguard against hacking, theft, a...
TECHNICAL
11/9/20244 min read


For Bitcoin wallets in use today, the mechanism used for key derivation is similar to the babushka dolls but think of it as when each doll is opened 5 more pop out instead of one, it can also be described as a tree with the trunk being the seed phrase and hash function, the large branches coming off the tree being the private keys, and the small branches coming off each large branch being the public keys, for each step, the quantity increases and so many public keys can be derived from a private key. Like the tree branches as they get smaller. There is also a main public key and main private key. The main private key generates all the private keys and the main public key generates all the public keys. Each private key generates the public key associated with that wallet. In this way the seed phrase of 12 words can be used to generate millions of separate wallets, so that if you are receiving Bitcoin (or other digital assets) and send out a public key, this will be received into a brand new wallet so that your privacy is maintained when receiving other Bitcoin or other cryptocurrency and no need to remember which addresses are used as you can just select your main wallet then select receive and press the copy icon for a fresh address.
How can someone prove ownership of a wallet without exposing their private key? If there is a 10,000 Bitcoin wallet and Elon Musk claims that he owns for the Tesla balance sheet it how can he prove that he owns it?
“cheese” is sent to him on Twitter, not literal cheese but just the word cheese, requesting for it to be signed, now lets say he sends a signed message (bunch of cypher text) back and posts it on twitter, now we take this message as well as the public key, which is by definition in this case public so anyone can see it. Using the private/public key magic we can determine from these two elements, (the public key and the signed message) if the public key (wallet) balances are owned by the owner claimed who signed the message, If not then it won’t match and we will know that the private key that signed “cheese” does not belong to the holder of the 10,000 bitcoin wallet, whereas if it does match up we can conclude that the private key that signed out message is owned by Elon Musk
Now where does Elon Musk store his private key? Probably isn’t on the cloud and I don’t think it would be on his personal PC either as this would be at risk of a hack or theft. How can the private key be stored to ensure it does not touch anything that is internet connected in case of these risk factors? A “hardware” wallet is the solution, this works by having the mnemonic phrase on the device and the device being connected to the PC via usb cable? wait isn’t the seed phrase then exposed to the internet? well yes but it is highly secure and the seed never leaves the device but if you don’t trust the technology and want to be extra fancy and a bit paranoid you can get hardware wallet that comes with its own screen, so its completely air gapped - never been connected to the internet. The process of setting up the seed phrase is done purely on the device and is hashed on the device and the keys are created within the device. Then say you want to send bitcoin to an address, the wallet uses your private key to sign the recipient’s public key, and the result is a bunch of cypher text once again. This cypher text is then encoded into a QR code which you can scan with your phone and broadcast onto the Blockchain in order to complete the transaction request. The private key never left the device, and no wires ever touched the device, a perfect solution, or can we take security even further to prevent him being caught in “the five dollar wrench attack”, weird name I know but it makes sense, a wrench is purchased assumably for 5 dollars and someone finds out where Elon Musk lives and sneaks in when the security is not watching, the criminal then uses the trusty 5 dollar wrench to threaten Elon into sending the bitcoin to him, so all that fancy security can be outsmarted by a dedicated thief with a 5 dollar wrench, can the security of the wallet improve again to thwart this?
Yes it can, we can do this by using something called a multisig wallet, which as the name suggests requires multiple digital signatures to be broadcast in order for a transaction to be valid and go ahead. So lets say its a 3 of 5 multisig wallet, this would mean that 5 private keys are distributed among Tesla board members and in order for a transaction to go through 3 of these people need to utilise their private keys to sign to broadcast a transaction as described above, this prevents the trusty 5 dollar wrench attack, sorry hope you didn’t get excited about robbing Elon’s fortune. In addition, if one or two private key holders try to collaborate to steal the funds it will not work, they need 3 or the majority of the key holders to make a transaction. Once 3 digital signatures are sent out on the blockchain then the transaction can go ahead.
Get in Touch
We'd love to hear from you! Reach out for questions, feedback or other enquiries
Reach
info@bitesizedblockchain.com
Bite Sized is not affiliated with these brands in any way










Grab your daily web 3 byte