Your Keys, Your Coins

Introduction

On 14 February, Canadian Prime Minister Justin Trudeau invoked the Emergencies Act, granting him sweeping powers to combat the blockades by truckers across the country. These truckers were using their vehicles to inflict crippling bottlenecks on country-wide traffic to protest against recent vaccine mandates.

As part of his newfound powers, Trudeau instructed banks to inspect their customers and freeze the accounts of protesters and anyone known to support protesters, without the need for a court order.

Alas, this shocking overreach in the face of a harmless and benevolent democratic movement is not without precedent in the history of modern statecraft. The US government confiscated gold in 1933 and 1934, and the German Reichsbank inflated away the wealth of its entire population just a few years earlier.

Bitcoin offers a remedy. With Bitcoin, a censorship-resistant, tamper-proof ledger, secured by billions of dollars’ worth of mining equipment, keeps the tab, and governments all over the world cannot interfere with it. But this freedom hinges upon one central assumption: that you, as a HODLer, control your own private keys. Because only someone in possession of an address's private keys can sign the transactions necessary to spend some of their Bitcoin in exchange for goods or services. If another party controls these keys, they control the entire wallet and all the funds associated with it.

This report will outline various methods of securing your private keys. We will also address why you should never entrust your private keys to another entity.

How Bitcoin addresses work

First, we will explain what a Bitcoin address is and how it works. Bitcoin addresses are where your precious Sats come together to form the basis of your wealth, secure from inflation and government interference. In a radical departure from the account model used by banks, Bitcoin uses another way of bookkeeping, with significant consequences.

Bitcoin addresses are a string of characters between 26 and 35 characters long. These use an encryption algorithm called ECDSA, or elliptic curve digital signature algorithm. In a nutshell, elliptic curves are a good and efficient way to implement public-key cryptography, allowing the transfer of encryption keys over insecure channels. Messages can be encoded with the public key, after which only the holder of the corresponding private key can encode them. They also allow the holder of the private key to sign a message, which anyone in the possession of the corresponding public key can then verify as coming from the holder of the private key. This offers a robust proof of identification without the need for central authorities.

Each Bitcoin address derives from its private key in a procedure explained in detail here in the Bitcoin wiki. This address can then receive incoming transactions.

The way bitcoin processes payments is by collecting inputs from one or more addresses and then putting them out to another address. This happens within one single transaction.

All the inputs for one address go into the transaction, with the remainder going back to the sender's wallet. Why is that important?

How Bitcoin transactions work

We have seen that instead of updating accounts, Bitcoin uses outputs.

Let us illustrate: Alice’s address is funded with 100m Sats. This address has one input - the 100m Sats that she bought for cash on localbitcoin. She wants to pay Bob 10m Sats and signs a transaction to that effect.

Instead of subtracting 10m from Alice’s account and adding 10m to Bob’s, Bitcoin uses a very elegant mechanism. A Bitcoin transaction uses the inputs to Alice’s address and outputs 10m to Bob’s and the remaining 90m Sats back to Alice’s address. Bob’s wallet scans each new Bitcoin block for transactions with his address as the target. Let’s say Bob’s address already had one transaction for 10m Sats going to it. Then the wallet will display the 10m and add the 10m Sats Alice sent as soon as this transaction gets mined.

That way, Bitcoin cannot have half-done transactions. Even if all the bitcoin miners stopped in the most inopportune moment, the transaction would either be mined and finished or not. There’s no way the deduction from Alice’s wallet could have already happened, but not the addition to Bob’s, because it is one operation: the output of coins from Alice to Bob’s wallet.

Bitcoin's accounting model is called UTXO, or unspent transaction outputs, meaning that each address holds as much of the inputs as it has not yet spent on outputs. Instead of maintaining accounts, Bitcoin counts the inputs and outputs corresponding to an address and only the holder of the private keys can sign transactions originating from a given address. Whoever controls the private keys, controls the funds. And, conversely, who doesn’t, can only ever politely ask the holder of the private keys to make a transaction on their behalf, which is precisely how centralised exchanges work.

What does a balance on a centralised exchange mean

When your Kraken account displays one BTC, you don’t truly see the balance of a Bitcoin address controlled by yourself. Instead, you get to see an account balance, very much like you would in a bank account.

Exchanges have a few wallets that they secure and maintain. Usually, this involves hot wallets, where funds can flow in and out, and cold wallets, where coins are stored for more extended periods.

Another centralised ledger stores which user owns what. This ledger is maintained on the company’s servers and not on the blockchain. In theory, and sadly also in practice, the exchange will sometimes no longer have all the BTC users transferred to its wallets. Instead, they might have sold some for, let’s say, Shiba Inu, because they had a large outflow to fund. As long as all users do not withdraw their BTC simultaneously, no one is the wiser.

You might say that you get a unique address when you want to deposit BTC to your Kraken account. And you are right. But this does not mean that this is your address. Instead, Kraken uses an HD (hierarchic deterministic) wallet. HD wallets allow the generation of almost infinite secondary wallets from a single Master Private Key that controls them all. Ask Kraken for the private key to your Bitcoin address and they will politely decline. Now you know why. With this private key, you could access all of the BTC in one of Kraken’s master wallets. Excellent for you, but likely the end of the company.

When you use the address that Kraken gives you, the exchange’s accounting software credits your account with the balance you deposited. But the actual BTC goes to Kraken’s wallet. And this is where the whole point of stacking Sats gets lost.

Kraken and 15 other centralised exchanges recently announced an initiative called TRUST, which implements the travel rule. The Financial Action Task Force (FATF) Travel Rule requires businesses to collect and share participants' personal data for each transaction.

Should you, as a staunch supporter of civil liberties, want to support the Canadian truckers in their quest for freedom, Kraken would notify the Canadian police, as it is obliged to do, and lock you out of your Bitcoin in order to remain in favour with its regulatory suzerain. And there’s literally nothing you can do about it except beg and repent.

And if that was not enough, centralised cryptocurrency exchanges have an abysmal history of keeping their users' funds safe from harm.

Exchange hacks history

On 8 February 2022, the US Justice Department announced that they had traced 119,754 Bitcoin stolen from the Bitfinex exchange in thousands of illicit transactions, which started in August 2016.

Apparently, Ilya Lichtenstein and his wife, Heather Morgan, had long been in possession of the private keys controlling a wallet with 94,000 of the BTC. They had allegedly tried to launder the coins by purchasing $500 gift cards from darknet markets. Since 94,000 Bitcoin are worth $3.6bn, this would have taken a lifetime. Allegedly, Lichtenstein saved the private keys to this fortune in an encrypted text file on his cloud drive.

It’s currently unclear whether the couple was directly involved in the hack or how they had obtained access to the wallet. But it certainly isn’t the only known hack of a centralised crypto exchange in history.

Mt. Gox, probably the first major centralised Bitcoin exchange ever, was hacked for three entire years before management finally admitted to problems and froze all accounts. 850,000 BTC were lost, some of which were later recovered.

As the exchange became insolvent, accounts remained frozen for years and it was only in 2021 that deposits began to be refunded, albeit only in part.

Other known hacks include:

  • Bitfloor, where 24,000 BTC were stolen in 2012;
  • BitGrail, where hackers stole $187m worth of $NANO;
  • and even mighty Binance, where 7,000 BTC were stolen in 2019.

Since exchanges will do anything to keep hacks from becoming known, many more were quickly swept under the rug.

While customers of exchanges have often been made entirely whole after a hack, Mt. Gox showed that it was only a matter of size and severity for the exchange company to go under. As a result, depositors were left holding the bag, or lack thereof, come to think of it.

Censorship resistance and freedom from influence

“Incentives matter!” is a widespread management expression. It means that when you understand what a given employee is rewarded for, you can predict their actions.

Centralised crypto exchanges are businesses with a headquarter located in a jurisdiction and with employees who have families depending on their paychecks and all the other trimmings of modern corporate life. What are companies incentivised to do? To fight the good fight for freedom, decentralisation and sovereignty? Or to play ball with every whim of the regulatory bodies under whose purview they fall?

We would argue the latter, which is precisely how it played out in the past. When pressed to implement stringent “Know-Your-Customer” procedures, Binance demanded all their customers verify their identity within 48 hours or face severe restrictions on how much they could transfer out of their accounts. A powerful reminder that the company controls the funds, not the user.

Legal entities represent large attack surfaces for governments and are single points of failure to every Bitcoin holder striving for sovereignty. We can not wax poetically about the joys of censorship-resistance and the freedom from undue influence that Bitcoin can convey if we do not control our coins.

And by this point in the article, it should be abundantly clear that there is only one way to do so - having exclusive, discretionary access to the private keys representing a Bitcoin address.

We will now discuss methods to store private keys and keep them safe - a process known as self-custody. Custody is a beautiful word, because it stands for stewardship and guidance, as well as trust and safety.

Key storage methods

Bitcoin private keys are 256-bit numbers. This number can be expressed in different ways. One is as a 64-character sequence of hexadecimal numbers 0-9 and A-F, like the example below:

E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262

Memorising private keys

We would go so far as to say that a 64-digit hexadecimal number is hard to memorise! Jokes aside, very few people can repeatedly and precisely recall all the characters in the correct order. Especially if they have not used them for a long time. And we are looking for a way to pass BTC on to our heirs. And we want them to encounter minimal difficulty if they need to spend a portion of their wealth after another lengthy time frame.

Unique Bitcoin addresses allow the computation of a Mini Private Key that uses the Base58 encoding format (basically all of the letters in the alphabet plus the numbers 0-9). The Mini Private Key allows a shorter representation, for example, SzavMBLoXU6kDrqtUVmffv.

The address format affords a simple error-checking capability through the position of upper- and lower-case letters. Wallets can recognise if the key is misspelt and alert the user. Mini Private Keys are often found on physical bitcoin and QR codes.

Clever developers came up with Bitcoin Improvement Protocol BIP-39. They figured that a seed phrase could also be written as just twelve words picked from a word list, where the position in the word list corresponds to a number that can be used as the respective part of the private key. Seed phrases are eminently readable for humans. For example:

witch collapse practice feed shame open despair creek road again ice least

There are undoubtedly many more humans who can memorise twelve words and keep them for years. But would you trust yourself to regurgitate all 12 in the correct order after a decade of not having to recall them?

Paper wallets

Some form of storage is needed. The simplest is writing the private key, in whatever form, on a piece of paper, which shifts the problem to storing that paper safely and securely for a very long time. Paper is prone to degradation and so is the ink or toner used to print on it. But by and large, this storage method is extremely durable and low-tech, which is why paper wallets still enjoy some popularity.

The major drawback of paper wallets is that anyone who comes in possession of the paper, or who is even just able to take a photograph or memorise the private key, is in control of your coins. But how to keep physical objects safe is a subject in which humans have millennia of experience and doesn’t need to be discussed here.

Physical bitcoin

Next up is physical Bitcoin. What at first seems like a paradox, is just a coin where the private key is engraved or embossed in some form - often in a barcode. The use of barcodes for wallets is understandable. They offer the user an easy path to have smartphones read the private key with a software wallet like Coinomi, for instance. Just how easy it will be for the proverbial grandson to read that same barcode and get access to the precious Sats his grandfather bequeathed to him, however, is another topic.

Text files

Let’s leave the physical realm behind for now and talk about software solutions. Text files can also contain private keys. Some users simply put the private key’s character string into a plain text file and store it on their laptops. Clever names like ToDoList021099.txt can further obfuscate the contents. Attackers would need to know what they were looking for to find the keys. The issue now is secure backups, or how that text file will survive the demise of the laptop or data errors on its mass storage device.

Since Bitcoin is about cryptography, it only makes sense to increase security by encrypting the plain text file. An AES-256 encrypted ZIP archive or a PGP encrypted file offer almost bulletproof protection even if an attacker knows the file's contents. But, the encryption key needs to be remembered and we can see a bit of a circular dependency starting to form.

Nevertheless, a well backed-up, encrypted text file containing the private keys, that is stored in locations with rigorous access control, such as a private server in a high-security data centre, is an excellent method to keep your keys safe.

So far, all the methods outlined have been cold wallets. A cold wallet is never connected to the internet. In contrast, a hot wallet is connected to the internet and allows the spending of coins, checking of balances and signing of messages.

Electronic cold wallets

The next category we want to discuss is cold wallets designed to sign occasional transactions happening in a hot wallet. Devices such as the Trezor or the Ledger wallets come into play here.

These devices are small, simple computers with the single purpose of storing private keys securely and signing transactions. These computers only connect to the internet when a user wants to spend coins. They ask the user to verify his identity with a password before signing off on any transaction.

With a well-designed software wallet like Ledger Live and integration with many other popular wallets like MetaMask, these devices boost security significantly. In a nutshell, they represent a second security factor, so that what was a single-factor authentication, is now a three-factor authentication. Where a user only needed his Metamask password, now the Metamask password, the Ledger device and the Ledger’s password have to come together at the exact time and place of a transaction. These devices represent something of a sweet spot, with high security and decent comfort.

So where’s the catch: Private keys can, and should, be backed up, usually in the form of a seed phrase. Ledger asks users to write the seed phrase down and file the paper away securely, but we’ve already discussed that this is not so simple. Suppose a single ledger controls multiple wallets for multiple cryptocurrencies. In that case, the seed phrase backup is a painful weakness of an otherwise robust security scheme.

Hot wallets

We arrive at the next category of storing private keys, which are hot wallets, also known as software wallets. Here, your keys are stored inside a phone or desktop app, making it easy to spend coins, check your balances or sign messages to prove they come from you.

The Bitcoin Core wallet downloads the entire blockchain and starts a Bitcoin node, valuable for the network. More lightweight wallets include the Jaxx wallet, Coinomi, and the Zap wallet, which support the Lightning Network for instantaneous Bitcoin payments.

Most of these wallets allow users to set up a passphrase or use the phone’s own security like FaceID or fingerprint readers. Phone security adds relatively robust protection, but it needs to be said that people do lose their phones on occasion. An attacker finding the phone has all the time he wants to try to decrypt its contents, including the wallet.

Again, users can back up their seed phrases and some phone wallets store encrypted backups in the native clouds. But all in all, no serious HODLer would store significant amounts of Sats on his phone.

Custodial storage

Recently, some clever institutions have begun to offer their customers the custodial storage of Bitcoin addresses. In this scheme, the institutions take care of storing and securing the private keys and a user gets access to the key much in the same way as a bank vault. After presenting some security credentials, the user can unlock the file or folder containing the keys and then use it to sign transactions.

This approach relies entirely on the trustworthiness of the custodian, which is the diametrical opposite of the Bitcoin spirit. Bitcoin exists to eliminate the need for go-betweens. If the custodian is fraudulent, they can simply take all the private keys entrusted to them and run. It is only a matter of time before this happens.

Self-custodial storage

This latter scheme has merit. Private keys are stored safely and protected from thieves and other mishaps by somebody who makes it their business to take care of just such things. And this is where the Numbrs Bitcoin Account comes in.

Numbrs stores private keys with strong encryption so that only users can access them. Here, the private keys represent a unique, distinct Bitcoin address, not a determined address belonging to Numbrs in the way that centralised exchanges do.

Since forgetting the password that unlocks the Bitcoin Account can happen, Numbrs offers users a way to authenticate themselves and access an encrypted backup of the private keys that needs two keys to be decrypted. One is a key of a Numbrs security specialist and the other is that of the user.

Your keys, your coins - there is only one way to stack Sats

Unless you have direct access to the private keys of your Bitcoin address, you do not control it and can not reasonably expect to be free from interference from governments, scam artists or other plagues.

Without control of the private keys, there is simply no way to authorise a transaction you want to perform. Instead, you have to rely on the good will of the party controlling this precious information.

The ultimate loyalty of any enterprise will always lie with their regulatory overlords instead of with their customers. The attack surface of a corporation is simply too big.

At the same time, there are plenty of ways to store private keys, from low tech paper wallets to high-tech PGP encrypted text files on a private server, and from uncomfortable bank vaults to handy Numbrs Bitcoin Accounts.

We implore our cherished readers to read our suggestions carefully and pick the solution best suited to their needs. Be it for ultra-long-term storage or quick and easy access for everyday payments. Not every storage solution is created equal and they are optimised for different use cases.

Conclusion

Writer Ursula K. Le Guin posited that the first piece of technology created by man was the bag in her remarkable treatise “The carrier bag theory of fiction”.

In this small and delightful book, she explains that, even before hunters invented spears, humans needed a way to store the tiny morsels they would gather on days when they found more than they could eat.

Humanity has come a long way since then, but the need to store the morsels of our wealth that we collect on days of plenty, is as acute now as it was then. Private key storage is the proverbial bag that enables us to collect Sats, which then forms the basis of our sovereign wealth. Choose your bag wisely.

Nothing in this article constitutes professional and/or financial advice. The content is provided exclusively for informational and/or educational purposes. Nothing is to be construed as an offer or a recommendation to buy or sell any type of asset. Seek independent professional advice in regards to financial, tax, legal and other matters.

Subscribe to our Newsletter