Creating the ideal wallet: Hardware, Multisignature and Oracle combined

There are multiple types of security threats to your cryptocurrency stash. Setting aside all of the threats that exist at businesses and exchanges where you send your coins to someone else to watch over; keeping your coins safe for yourself must take into consideration all of the following possible threat vectors:

• Hackers gaining control of the device your wallet is on.
• Hackers socially engineering your private key from you.
• Remote wallets being hacked at the wallet provider.
• Remote wallets being fraudulent themselves and stealing your coins outright.
• You could simply lose your private key.
• An attacker could show up in person and steal your private key.

These threats are not unique to bitcoin of course; all could happen to you with legacy banking and cash… However those systems have been around for a very long time and we understand quite well how to use them, learning from a very young age. Securing your dollars, checkbook and credit cards comes easy to us, but very few people have been taught to securely hold bitcoins, so it’s no wonder so many people feel insecure about holding them.

Up until recently, Bitcoin has indeed suffered a worse safety track record than cash and online banking have both enjoyed. Hackers and loss of coins are both often cited in the media when talking about bitcoin adoption. However, recently three very important safety advancements have appeared, and in 2015 bitcoin may witness a complete reversal of that narrative, going from ‘apparently unsafe’ to “far safer” than the legacy banking system.

The three advances are Hardware Wallets, Multisignature wallets, and Oracles. Together this cryptographic dream team makes an incredibly strong defense against all forms of theft and loss.

Hardware Wallets

Physical, electronic wallets like the Trezor or Ledger allow you to take your private keys completely off systems that are attached to the web, so they cannot be hacked at all if used properly. From there you can stuff them in a safe for some of that old-world, physical security that we have thousands of years of experience using.

Although paper wallets, some smartphone wallet apps, and simply saving your private key on a thumb drive can accomplish the central purpose that these gadgets are made to do, hardware wallets do so with nearly perfect security and much more functionality.

Hardware wallets offer a strong defense against all types of hackers on your system, loss of private key, and if you hide it well, muggers too.

Multisignature Wallets

Multisignature wallets have had an explosive growth in 2014, fully living up to the prediction of it being the year of multisig. Although the wide array of options we have for multisig today are still quite unrefined and dare I say baffling to the layman, the ability to make use of these incredibly secure wallets is already here.

This underrated wallet technology excels at defense against all forms of hacking, even remote hacking at the wallet provider, counterparty fraud, and mugging.

Oracles

Oracles gatherer and format data for wallets and smart contracts. They can be a service or just a server program that provides data about most anything in the world, formatted for use in blockchain contracts.

With oracles you can create advanced security options or interesting financial operations based on all kinds of real-world facts, public or private. These criteria could be the current price of a barrel of oil, who just won an election, real estate prices in a certain location, or just a single keyword in a particular text or email.

Today’s oracles need a wallet of some kind to operate from, preferably a multisignature wallet so that one of the signers of a multisig transaction can be a ‘smart’ signer, as if a human was holding that key doing this oracles job. When used this way, multisig wallets excel at defense against counterparty theft, social engineering hacks, 3rd-party (remote) hacks, loss of your private key, and in-person theft (muggings) too.

So far there are very few oracles available, and just like with multisig wallets, they have a wide variation in their options and usability. Cryptocorp, (http://cryptocorp.co) for instance, is a security-specific Oracle solution meant for developers to include into their own wallets and exchanges. This site focuses on keeping wallets from getting hacked but is not available for us to use directly.

Meanwhile, Early Temple  has quite a different offering, allowing us to make our own smart contracts right there on the site, based off most any information we can see on any website we tell it to look at. They offer both a hosted oracle for this purpose and a downloadable, self-hosted program that plugs into your QT client and runs locally for you to be your own oracle.

However, to get started using an oracle service with your multisig wallet, you might not even have to look for one in the first place, since some wallets like GreenAddress have their own oracle programs built into their wallet options by default. While this makes it easier for users, it takes away the more modular, safer approach of keeping that data in other hands than that of your wallet provider.

Why isn’t Cold Storage enough?

Simply putting your (single) private key on a thumb drive or paper wallet and throwing it in a safe has long served bitcoiners as the most secure method of storage. Satoshi’s stash is likely saved in this form, since he hasn’t moved his funds at all and he certainly didn’t have a hardware wallet back when he last touched his coins. Sadly, even this tried-and-tested method is not perfectly secure, because when you finally get around to using some of these coins, the technology has to interface with your possibly insecure computer system and can be fully wiped out by malware that is waiting for it. -Even if you are just trying to spend a tiny amount from it. The act of importing the private key can make the whole stash vulnerable!

Also, this method is quite impractical for most people because it’s just too much work to hide their stash (nor even own a safe) and then renew it as safely as they can too. It is clear that most people need a method that is both user-friendly and secure from start to finish. Such a process can include cold storage of course, but it cannot depend on cold storage to be the only line of defense.

The Prominence of Web-based Wallets

Then there is the lack of trust people put in themselves. Despite all of the theft that has happened to bitcoiners from exchanges and web wallet providers in the past, it seems that many people simply do not trust themselves to secure their own wallet yet, and this is clearly a strong force against mainstream bitcoin adoption. In fact, this trend is so popular that even with the option of a hardware wallet included, many existing bitcoiners report that they would prefer to have a web wallet provider be responsible for the security of their coins. In one recent instance, Reddit user blizeH said:

“I was actually considering selling all of my coins but now have decided there is a middle ground that can be secure and doesn’t involve complicated codes, algorithms, paper wallets etc. Whilst the general consensus was to get a Trezor, the initial cost plus the worry of someone stealing it, it getting damaged etc has put me off and I think I’d prefer to go with one of the online alternatives.”

As rash and backwards as this may sound to most long-time bitcoin holders, especially after provider theft and hacks like MtGox, Bitcoin Savings & Trust, MintPal, MyBitcoin, Bitcoinica, ZigApp, and recently Bitstamp as well, we should not be surprised that web-based bitcoin wallets will continue to remain attractive to the masses over taking more personal responsibility in holding our own coins. This is, after all, a major argument for the existence of banks.

Also, placing the responsibility issue aside, there is clearly an advantage to keeping your money in the cloud. Who wouldn’t want for their funds to follow them wherever they go, being instantly accessible no matter where they are in the world, no matter which device they use to access them?

Considering both of these arguments for inclusion, it is clear that web-based wallets are an important and useful addition to everyone’s bitcoin security plan. With the addition of multisignature wallets and oracles, the level of security possible is starting to approach that of the deepest cold storage wallet.

Until some forward-thinking services perfect this whole process giving us the best of both worlds, here are some important security questions you may want answers to about any web wallet provider you are considering putting your wealth into:

Question #1: Will you be holding onto enough keys to be able to send coins from it all by yourself if needs be?

Question #2: Will the provider have enough keys to do the same? (Hint: You don’t want them to as long as you have a seed phrase or enough keys yourself.)

Question #3: Upon new wallet generation, do they allow you to not generate the keys on their server? (“In your browser” is usually fine, but generating them yourself locally is best.)

Question #4: Will they also use 2FA with multiple options for how to confirm it?

Question #5: Will they offer to let/be an oracle service to ensure remote signing is done transparently with many options?

The ideal wallet strategy

The right startup coming along to put together the best hardware wallet, multisig wallet, and oracle services in a user-friendly way could very well be the thing that finally pushes bitcoin into full mainstream adoption.

The most secure plan we can do today is still too technical for mainstream folks to give it a try, but it is possible to come close now to the ideal security level. By combining the best available Multisig wallet, hardware wallet, and Oracle that all happen to be compatible with each other, you can achieve a more manual security plan than any finished product we may expect to see later. One that is really close to being as secure as any bitcoin wallet ever will be.

At the time of this publication, the ideal combination would appear to be the GreenAddress multisig wallet using their 2-of-3 key option and their included oracle service options together with a Ledger hardware wallet. The two have been developed with each other in mind and are well tested together. Be sure however to do your own due diligence before any purchase though, since new options are coming online all the time with new possibilities and pitfalls in the news every week.