Dhruv Bansal

Bitcoin security

Introduction

Hi everyone, my name is Dhruv Bansal. I am the CTO of Unchained Capital. Thank you for the history lesson, Tuur. That's a hard act to follow. I keep thinking about how it must have been like to transact large amounts of money back then. It was a fascinating time period. There was a lot of foundations laid for how the global financial system will work later in the future, like fractional reserve lending, loans, and so on. I want to talk about what security looks like for this new kind of digital gold that we've all been talking about.

Bitcoin security

What is a bitcoin? Bitcoin is digital gold. We can't hold it in your hands. Where does a bitcoin live? If I have a bitcoin, where is it? If it's anywhere, it's "on the internet" and "in the bitcoin network". It's replicated across tens of thousands of nodes on the bitcoin network. It might be my coin, but everyone in the network has a copy. What distinguishes that coin from anyone else's coin? Well, I have a key. This is how Satoshi conceived what it means to own bitcoin. Bitcoin are like valuable tokens that are locked up in a glass case in the center of town in a town square. Everyone can see the coins, everyone can see the cases, and each case has a random label on it and they don't know who owns it, but at night I can sneak by the box and unlock it with my key and put it in someone else's box-- there's a slot on the top of each box, and you can add coins into any key you want. When I talk about securing bitcoin, I am really talking about securing the key I have to the bitcoin that lives in the public network environment. Security of that key is a complex process. That key is itself information, there's various ways to represent it. Digital just means binary, that's not wrong. There's other convenient representations, like a list of 24 english words which is not an easy thing for a person to memorize, but it's possible. You can write that key down, and put it into a digital wallet or a hardware wallet, and you can use that to manipulate your coins on the network. Protecting your bitcoin means protecting this key which means protecting information.

But people are terrible at protecting information. Have you ever seen gossip? People just really want to share. The best way to protect information is to do it in layers. This includes computer security, network security, information security, physical security. If my key is well protected on my laptop, and my laptop is on my desk, then all you have to do to steal my bitcoin is go into my house and get my laptop. A good way to protect information is to not know all the information which you are protecting; if there are 24 words, and we split them up so that 3 friends know 8 of those words, none of the friends can unlock the coins without collaborating. There's ways to do this.

I talk a lot about keys, and I'm emphasizing that because it's important to realize that bitcoin doesn't know who we are. On the internet, nobody knows who you are unless you tell them. It comes down to validation and protection of keys. A key difference between bitcoin and fiat money is that there might be a concept of legal ownership, but it's distinct from the concept of control. You might legally own a bitcoin, but someone else might have the keys. If they lose the keys, or take the keys from that third-party, you might legally own those bitcoins but they are not yours, and you will never get them back if an attacker gets them because they did so anonymously and used cryptography. All the affordances that protected you when you had that key, is now the attacker's benefits. It's extremely important to know where keys are and how they are protected. As much as you can claim legal ownership, you can't fix the coins on the network. In fiat money, if there's a problem, you can usually get it fixed. This is different. Bitcoin is very punishing, and it's a very hard edge. If you make mistakes, it's very costly. This means a lot of software and human experience has to go into protecting bitcoin at scale as it continues to grow.

The phrase that bitcoiners often use is "not your keys, not your bitcoin". We can talk about why people-- maybe before I go too much further, I might point out that as much as I'm talking a big game about protecting your keys, I did not when I first got into bitcoin. I bought on Coinbase, and before I understood what was going on, they were sitting on Coinbase and thankfully the value was low at the time, and at the time I didn't know what it meant to protect a key. I didn't have a strategy to protect that information. It was easier for me to push that off to Coinbase. I'm a technical person, and I'm well positioned to protect keys, and I chose not to-- simply because I didn't want to take the risk and it was easier to let Coinbase did it. Over time, technology came out that made me feel more comfortable about me handling it personally. I leveraged some of those tools.

One thing particularly cool about bitcoin is that it's not just in my analogy a locked box with a single lock; bitcoin being programmable makes it possible to build locks in these glass cases in the public square in my analogy, with multiple locks. The locks can know about the time in certain ways, they can also have if-else combinations of different locks, and it allows you to construct "multisig security" where you can have k-of-n threshold requirements. This is an extremely important development in bitcoin. It wasn't possible in the earliest days of bitcoin to use these approaches, and it is now possible and somewhat common.

My own company specializes in Bitcoin security, and we use multisig to store the bitcoin we're adjacent to. In our view, a single key is a single point of failure. I encourage you to investigate protecting your keys, but don't spend too much time. Move on to multisig quickly, like the one that Unchained Capital has setup. As a programmer, and as a paranoid person, I know things fail and I know humans make mistakes. If you can just stack the odds a little bit in your failure, by allowing you to make a single mistake and not be completely fatal to the security of your coins, that's a virtue.

Collaborative custody

Collaborative custody is something that Unchained Capital has been trying to brand. Multisig means multiple keys and multiple locks. Collaborative custody is us realizing that security really comes from social relationships. Nationally, we rely on the military, we rely on police forces, and we rely on our neighbors to provide some security for us like they hear a strange noise and investigate or something. No man is an island, and nobody can secure their personhood, their property, their family in the woods on their own with their own guns and traps and whatever. Most of us are far better off relying on friends, doormen, police forces, military, etc. These social relationships can create real physical security, the kind that allows us to sleep at night. It is in that spirit that we distinguish at Unchained this product of collaborative custody, beyond the idea of just using multisig and different keys.

Any time you create a digital lock, you create a key management problem: where d oyou store the keys, how do you make sure you don't lose them, how do you make sure they don't get stolen? Digital locks are very complex. You need to manage data about where keys live, how can people access it, by what rules are they allowed to access these keys, and so on. People need systems to help coordinate their behavior, like systems of record where they can figure out who else has keys, have they signed a transaction that I need to participate in? Is there some task I need to participate in?

Also, consider identity. Bitcoin doesn't know who you are. It lets anyone sign with your key. It doesn't care that it's not you, it has no idea who you are. When we're talking about creating better defense with multiple keys, it's important to realisze we don't want to create systems where it's easy to pose as one another and hten co-sign on some asset we're protecting to blithley unlock their part of the lock and reduce their security just because they got a text message or saw something on a website. We want better and more robust systems that involve knowing each other, like talking with each other, videos, and asserting their identities. There's a universe of people building identity on the blockchain, and personally I think that's premature. I'm just talking about normal identity management, like the kind that you wish your bank would do better. When you do a wire transfer, the bank asks you for the last four of your social, which is stupid because attackers can easily get that information. But in banks, mistakes are easier to fix than in bitcoin. It's really important to spend a lot of time thinking about how to manage identity, relationships and communications when we're working collaboratively. We want real humans who make mistakes to still be able to protect themselves.

Why bitcoin is different

Let me talk a little bit about why bitcoin in particular I think has the best security out of all the options out there. The first idea is that bitcoin is the longest running cryptocurrency in existence, it's been out for 10-11 years. That's not a long time, but it's much longer than any other cryptocurrency. During that entire time, bitcoin has mostly had a larger marketcap than any other cryptocurrency. If you think about integrating that value over time, that's the largest bug bounty that has ever existed for any project in the history of the world. If you can find a bug in bitcoin and steal coins, you would do that. I am not saying there were never any bugs, in fact in hte beginning there were some problems where you can create bitcoin out of thin air, it was never exploited but it was found in the early days. There was a more minor last year, which was patched and caught before it was exploited in the wild. There has never been an instance of a major bug stealing coins or causing a big problem like that. Now, of course, some people have had their coins stolen, but that's only because of their poor practices in managing their keys. The network itself has been held robust. Every day that bitcoin continues, the idea that this is hard to breach increases, the probability of an attack is decreasing over time because it's unliekly that someone hasn't revealed such a problem yet. However, the odds of a problem existing in other cryptocurrencies is massively higher. I won't go into the long list of times that this has happened, but they are out there. Those issues exist.

Programmable money

Bitcoin is programmable money. Not everything that is programmable is the same amount of programmable. Turing complete is like the upper ceiling of what it means to be programmable. Bitcoin doesn't aim to hit that target. Why would we want to base our financial system on a system that is not even as programmable as my laptop or whatever? Why would we choose that constraint? Well, abilities are holes. Every time we give ourselves the ability to do more, we give ourselves more surface area to defend from attacks. It's much harder to build a nuclear reactor than it is to build a nuclear bomb. Nuclear bomb is just infinite potential going out into space, whereas a nuclear reactor is riding a line of criticality. If you go to the ceiling, you have built a programming nuclear bomb and someone will find holes in this and make it do things that you never expected your script. If you doubt me, go look at how people have reprogrammed Mario by just jumping around-- look it up on youtube. Mario becomes a cursor where they can write bytes to reprogram the Mario game to play pong. They just press buttons, like a kid might do, in a very specific order, and they are able to reprogram all the rules of the game. How is it possible to break through the programming of Mario Brothers to turn it into a general purpose programming environment? Well, the answer is that the security of Mario Brothers was not a big deal, nobody cared, there's no data in there that is valuable. But contrast this to a blockchain; if you build a completely programmable blockchain where you don't just get left-right and up-down and a/b buttons, how long until someone tries to make this complex system try to "play pong" or subvert the intentions of what your smart contract was intending to do? Bitcoin is a smart balance between the things we need it to do, and contracts. It is still not open to pandora's box, it is not super critical and it is not an explosion of unfortunate potentialities. I think this is an important conservative design choice. I think younger people don't appreciate this; I think young people just like things that go fast and think they must be better. By a large margin, I think that the bitcoin developers are the best developers in this market. I prefer conservative systems that are modular and easier to predict at scale; not things that promise everything, but things that are easier to engineer, scale and predict. There have been thousands of people who have contributed to bitcoin, excellent engineers, some of which are in this room right now. That community is robust in other ways that other communities I don't think are... we can talk about the Segwit2x fork, and we can illustrate how much this community is not controlled by corporations but rather the users of bitcoin, which is unique among any project existing at the scale that bitcoin does. I also think bitcoin is just better software. I've written a lot of software in my time. In 2014, I took a piece of bitcoin software and I launched it. Years later, I got an email saying hey you should go check on that cloud machine and something funny was going on-- I didn't evne remembe rdoing this, but yeah I logged in and bitcoind was still running all that time, and the disk was full. This was bitcoin v0.99 which was 5-6 years out of date that point. It was a piece of software launched in the wild, it was launched 6 years ago, and it was still running and still working, still validating transactions. Conversely, when I run software for other blockchains, I can't run them for more than a few weeks without them turning off--- and why is this? This is because of updates, developers obsessed with adding new features, and frankly their lack of concern about the robustness and stability of their networks. The shiny new things are often less reliable than you might hope.

Proof-of-work

Sometimes people might critize bitcoin for its proof-of-work. I am not going to talk about the energy effects; I just want to point out that energy is expensive. It's extremely difficult to fake energy in the way that bitcoin uses for proof-of-stake. I can build a proof-of-stake blockchain with 20 years of history generated on my laptop in minutes. You can't do that with proof-of-work. I can't forge bitcoin's blockchain, whereas I can do that with a proof-of-stake blockchain. The laptop simply isn't powerful enough to redo all of the mining work of the past 10 years. This has deep implications for the long-term and finality of everyone's bitcoin transactions. Proof-of-work is impossible to fake, and impossible to predict. It's basically a lottery, it's only known once it happens. PoW is like a random number generator. No algorithm has been thought of that is as good. Previously the best we had was that the last leader chooses the next leader, which is not undeniably fair unfortunately.