Monero and ZCash are two of the most well-known cryptocurrencies supporting strong features for private transactions. Some interesting posts on ZCash and Monero recently:
Better Faster Zksnarks
Monero: Private and Difficult to Use
Before reading the posts above, I did not realize that neither Monero nor ZCash had mobile or hardware wallet support. (Monero does seem to have a workaround through a mobile wallet that can be used on Chrome.) Obviously, that will hamper their adoption in the long term. On Monero’s end, the reason for this is unclear. On ZCash’s end, it seems that the heavy math involved in using Zksnarks for private transactions was preventing mobile and hardware wallet support. Hopefully the development discussed in the first post will make it more likely to emerge in the near future.
In Part 1 of this series, we looked at paper wallets. Today I’ll discuss hardware wallets.
Hardware wallets are a very significant upgrade from paper wallets. As I mentioned yesterday, paper wallets are actual sheets of paper with printed public and private keys. Each key pair corresponds to a particular Bitcoin “account,” and the private key allows access to all the bitcoins within that account. There are several significant problems with paper wallets:
- Anyone with access to the paper wallet has access to the bitcoins. (You can BIP-encrypt the wallet, but that’s a whole other post.)
- You never really know whether a copy has been made from a paper wallet at some point.
- To do anything with the bitcoins, you need to load them into an online wallet.
Hardware wallets fix these problems. These wallets are actual, physical devices with the sole purpose to store keys and sign cryptocurrency transactions. Several different manufacturers offer reputable devices, including:
Ledger Nano S
Hardware wallets address the issues with paper wallets in the following ways:
- Anyone with access to the paper wallet has access to the bitcoins. (You can BIP-encrypt the wallet, but that’s a whole other post.) — Hardware wallets use a PIN, so only an authorized user can instruct the wallet to sign a transaction.
- You never really know whether a copy has been made from a paper wallet at some point. — Hardware wallets don’t show your private key. They take a transaction, sign it with the private key within their own internal hardware, then export the signed transaction. There’s nothing to copy.
- To do anything with the bitcoins, you need to load them into an online wallet. — Because hardware wallets have a connection to your computer (albeit carefully limited to prevent hacking), they can sign transactions without loading your private key to an online wallet.
In this post, I’m going to talk about how businesses can secure any bitcoins or other cryptocurrency they might have. Lawyers need to understand how their clients’ businesses work, both for litigation and compliance purposes. Not to mention that law firms themselves should probably consider keeping at least some funds in Bitcoin for flexibility.
First, we need to discuss some basic concepts: Any bitcoins you have (and this is generally true for other cryptocurrencies) will be assigned a specific public/private key pair. The public key is also the address that people use to send you bitcoins. The private key lets you send those bitcoins to someone else. If a malicious actor has the private key, your bitcoins are gone, period. So the entire goal of Bitcoin security is to keep that key secure. (Really, it’s keys, plural, but we don’t have to get into that right now.)
Paper wallets put the public and private keys on a physical sheet of paper. By their very nature, they can’t be hacked. But except for sole proprietorships or very closely held companies, they are not suitable for business use. Why?
- They can be destroyed in a fire or similar incident and the bitcoins would be lost forever.
- It’s impossible to know whether a paper wallet had been copied at some point along the way.
- There is no audit trail for a paper wallet.
- Whenever the company wants to use funds in a paper wallet, the private key needs to be transferred into an online wallet.
- It’s difficult to transfer responsibility for a paper wallet when someone is fired or moved to a new position. The easiest way to do it would be for the newly responsible employee to create a new paper wallet and transfer all the funds from the old paper wallet into it. But then any new funds transferred into the old wallet would be lost.
If you want to use a paper wallet:
- bitaddress.org provides a wallet generator for Bitcoin
- liteaddress.org provides a wallet generator for Litecoin
- ethaddress.org provides a wallet generator for Ethereum
In later posts, I’ll talk about more enterprise-friendly methods, like hardware wallets, multi-sig, and other ideas that businesses could implement.