We at CryptoLabs have been working hard for the past couple months, and we’re very excited to share a bit of our architecture with you. Because we designed our system from the ground up, we took advantage of new developments in the Bitcoin space, including both multi-signature wallets and hierarchical deterministic wallets.
As we discussed in an earlier post, we have three private keys for each user; one is embedded into the Case and never leaves the device, one sits on our server, encrypted with a device-specific key, and one sits in an offline vault. Two of these three keys are needed to sign a transaction, so even if an attacker breaks into our offline vault, or if they hack into our servers, they still would not be able to steal any user funds. We have taken special care to ensure that no employee of CryptoLabs has access to the encrypted database as well as the offline vault, which protects against inside attacks as well. Without multi-signature capabilities, your funds can either be stolen with a single data breach or be made unrecoverable if you lose your device. With our multi-signature architecture we can recover your funds if you lose your Case, as well as protect you from the theft of any of the three keys.
This multi-signature wallet concept is even nicer when married with a hierarchical deterministic (HD) wallet. In a classical non-HD system, new private keys and addresses are generated randomly to prevent transaction histories from being linked together on the blockchain. This makes it very difficult to coordinate signatures in a multi-signature system, as well as making fund recovery next to impossible (unless private keys are shared in multiple locations, which is a no-no!). These problems are solved by introducing HD wallets! With an HD wallet you can make a private key, called a “master node”. Using this master node, you can generate billions of new private keys that cannot be linked to the master node or each other! These private keys can be used to send and receive bitcoin just like regular randomly-generated private keys. The benefit of HD wallets is that even if you lose all of the child private keys, they can be recovered easily if you have the master node. While these private keys are never stored or sent over the network, an HD node enables us to store only the minimum of user data that we need to.
We use an HD node for the server key, while the other two (device key and offline key) are static non-HD. This gives us the benefits of multi-signature-HD wallets, such as unique change and receive addresses while keeping keeping the device and offline keys as simple as possible. This is particularly helpful on the device side, where using a single static key is faster and less intensive to sign and verify with. The server’s HD node is what provides uniqueness when generating new receive and change addresses. This helps keep your transaction history private by preventing address reuse, as well as saving us from encrypting hundreds or thousands of private keys for each user. It’s a win/win! Using an HD wallet also means that the device can be given a public key for the “change address” node and can verify that a transaction is sending exactly what it should (and where it should!), including to the correct change address. The device will only sign transactions being sent to the recipient address from a scanned QR code, or a change address that can be verified to be user-controlled. In other words, the device doesn’t trust our servers.
HD and multi-signature wallets are perfectly suited to hardware wallets where you don’t want to or can’t transfer sensitive information over an untrusted network. We have designed our system knowing that part of it will live on an embedded device. The fact that one private key is embedded into the hardware, and never leaves the device is an enormous security boost. Our use of HD wallets means we never need to transmit public or private keys over a network, and still allow your Case to verify a transaction is trustworthy before signing it. Combining the two together gives unprecedented security benefits.
If you have any questions, please drop us a line at firstname.lastname@example.org.