Read more of this story at Slashdot.
While many companies in the Bitcoin space are working on the “killer app” that will drive mainstream consumer adoption, at Armory we are working on the “killer app” for institutional adoption: insurance. There are few investments that financial institutions can make that have the all-or-nothing security properties of a Bitcoin wallet.
Many proponents tout the benefits of irreversible Bitcoin transactions for consumers and merchants, but at the enterprise level irreversibility can actually be quite scary. Business-to-business transactions are rarely anonymous, and the legal system provides sufficient pressure for parties to behave.
However, the legal system will not be of much help if those coins disappear due to accidental destruction or an anonymous security breach. In our experience with institutions, this is a critical barrier to entry. And getting institutions involved is a critical milestone for mainstream Bitcoin adoption.
Insurance can solve these problems, and a strong backbone of insured storage options could be a catalyst for both consumers and businesses to take Bitcoin more seriously. But getting insured is no easy task in such a new and high-stakes technology field.
Imagine you are an insurance underwriter being asked to price a policy for full coverage of a $100 million bitcoin wallet held by a company whose name you don’t recognize. In your first meeting with them they claim, “We are using all the most advanced technology to store our coins!” They use all the Bitcoin security buzzwords: “cold storage,” “multi-sig,” and “fragmented backups.”
Would that alone comfort you enough to risk $100 million for a small premium?
How do you know that they are actually using cold storage and multi-sig in their setup?
How do you know backups are created and secured properly (and not on Dropbox)?
How do you know an employee or executive did not rig the software or hardware to essentially steal the wallet before it was even created?
Cold storage and multi-sig are important concepts in Bitcoin security, but conceptual security alone is not enough. We want operationally transparent, auditable security. And it all starts with the “Key Ceremony.”
Key Ceremonies are not new. They have actually been used for 20 years to ensure integrity of some of the most valuable cryptographic key material in the world. This includes keys that protect the backbone of the Internet, and keys held by governments used to issue and verify passports. Our goal at Armory has been to bring these established, high-integrity processes into the Bitcoin space. This is important in so that organizations can manage their own risk, but especially important to the insurance companies whom we believe will help enable traditional institutions to become Bitcoin holders.
Key ceremonies are typically tailored to the organization and the value of the key material. However, in the most extreme cases, they are performed in a secure room with video cameras, witnesses, lawyers, notaries, and company executives.
The goal is not to only create the sensitive key material, but to reach an overwhelming consensus that they are generated in a cryptographically secure manner, and that no one could have made unauthorized copies. The process can ultimately include the following:
• Those who ultimately manage the keys and key backups are identified, documented, and their responsibilities are made clear.
• The authenticity of all hardware and software is verified before it is used for secure operation.
• Tamper seals are applied to all secure devices, and tamper-evident bags are used to detect any tampering or copying of sensitive backup data after they leave the ceremony room.
• The display of the secure computer is mirrored on large monitors for all witnesses and video cameras to observe every keystroke and mouse click during the key ceremony.
• The videos from the ceremony are archived to be reviewed/audited by third-parties, and possibly as part of an investigation if funds go missing unexplained.
Keep in mind, that in a cold-multisig wallet arrangement, each site will have to independently carry out its own key ceremony. In our conversations with insurance representatives, the best way to decentralize the security model is to have different independent companies managing the coins.
The company that owns the coins would not even have the ability to move the coins by themselves. Nor would any other company. Authorizing transactions would require other signers to get recorded video confirmation from executives with authority over the wallet, enabling traceability and auditability of the ongoing operation.
Not all companies need this level of rigor. But a “full-paranoid” solution needs to exist if Bitcoin is going to see the entrance of global corporations who would be managing billions of dollars worth of bitcoins. A strong key ceremony as outlined above is only the start of an enterprise end-to-end security solution.
The post The Key Ceremony: Auditable Private Key Security Practices appeared first on Bitcoin Magazine.
Bitsquare is an open source, completely decentralized bitcoin exchange. Founder and developer, Manfred Karrer, discusses his project and his ideals with Ethan Wilding and guest host, Hai Nguyen. Bitsquare is based on the concept of “no single point of failure” and decentralization. Karrer also discusses the concept of peer-to-peer arbitration.
Andrew Lee of purse.io answers questions partially sourced from the bitcoin community. Purse.io’s model of selling Amazon giftcards for bitcoins is both controversial and exciting for people who want to buy bitcoins without going through the lengthy verification processes associated with exchanges. It also facilitates purchases through Amazon at a discount for people who want to shop with bitcoin. The DTL audience sent in some hard-hitting questions, and Andrew Lee has promised to answer them “head-on.”
Other guests this week will include Gerald Cotten of the Canadian exchange, QuadricaCX, as well as Mitchell Callahan, founder of Saucal, a marketing and brand development company that integrates bitcoin into its clients’ growth strategies.
Check out past videos at decentral.tv.