James Hogan and Jacob Lyles recently published a document titled Bitcoin Self-Managed Cold Storage Protocol: Design Approach which looks to “serve as the de facto guide for anyone looking for secure cold storage of bitcoin. We want it to be as close to bulletproof as a reasonable person can get.”
Cold storage, a term referred to private keys usually created and stored in secure, isolated environments is a very popular method of storing a significant amount of funds where transactions are rare, and security is a priority.
The only problem is that most methods of creating private keys offline or in an otherwise secured ecosystem requires a rather advanced knowledge with any of the current methods, as well as knowing how to account for numerous security risks and being able to mitigate them.
In the document, they are designing a protocol for storing bitcoin for a particular use case scenario:
- Large amount of Bitcoin ($100,000+, ~130 BTC)
- Long-term storage(years or even decades)
- Infrequent transactions (long-term savings)
Due to the objective of the process, this specific protocol would prove to be too cumbersome and inconvenient for users making regular deposits and withdrawals.
For a smaller amount of funds, a cross-platform wallet or hardware wallet secured by a secure password should suffice. However, the primary drawback identified is that current hardware wallets operate via a physical USB link to a computer; an undiscovered vulnerability arising from either the wallet’s open-source software, closed-source software or closed-source hardware could be exploited by malware to steal the private keys.
“We think that hardware wallets such as KeepKey, Trezor, and Ledger are great for storing a moderate amount of funds with high security, but for our use case of large amounts of funds with very high security, we prefer a more robust approach.”
The document further describes how they would like to properly secure the above use case scenario with a low-risk tolerance, acknowledging that maximum security is not only impossible, costly but may prove to be unnecessary and lead to fewer people using it.
While design approach and theory crafting is discussed thoroughly in this guide, they also describe the means of achieving said security. Through the implementation of multi-sig wallets with ways to account for death of signatory, lost keys, and other typical situations, private keys stored on paper in separate locations with visual verification for integrity, and the usage of dice to generate entropy, they hope to offer a multi-layered protocol with the ability to trade off convenience and security on an individual basis to suit every end user.
Ubuntu would be the preferred operating system as it is open source and be booted off a USB drive with all memory ran off of a RAM disk to ensure no data is stored permanently. Libbitcoin-Explorer, a command line based program, would be the wallet application of choice. The main reason for this, among many, is it allows for user-provided entropy (which would be generated through dice.)
There is no timeline on when the guide for the protocol should be complete. In the meantime, the document is posted on Google Docs, allowing people to comment and suggest changes to the protocol and is a helpful addition to the ecosystem for those wanting to invest large amounts into bitcoin.