enemy of the banks

COIN PUNK

Kyle Drake

Obsoleting the banking industry with HTML5 and JavaScript

Tuesday, October 15, 13

What is Coinpunk?• First open-source Bitcoin web wallet

service

• Designed and intended for power users and developers

• Funded by a grant from the Bitcoin Foundation (and others)

Tuesday, October 15, 13

Coinpunk “Old School”

Tuesday, October 15, 13

• Ruby application

• Bitcoind (official client) JSON RPC does all heavy lifting

• Implemented in 4 days

• Stored all private keys on server

• Works. But there’s a Serious security risk.

Coinpunk “Old School”

Tuesday, October 15, 13

• July 2011: Bitomat “loses” database. $220,000 USD

• August 2011: MyBitcoin hacked. $800,000

• August 2012: Bitcoinica hacked. $460,000

• March 2012: Linode servers trawled. $250,000

• Sept 2012: BitFloor hacked. $250,000

• April 2013: InstaWallet hacked. $4.6 million

Major Bitcoin Wallet Thefts

Tuesday, October 15, 13

We’re starting to think putting the private keys on a central server is a really bad idea. I can’t imagine why.

Tuesday, October 15, 13

But web interfaces are easy to use. They’re lightweight. They’re universal. They make sense to non-tech users.

Tuesday, October 15, 13

How can we provide a web interface while reducing server trust?

Tuesday, October 15, 13

“Bitcoin wallets” that store the private keys on the server are not wallets.

They are Bitcoin accounts.

The Problem

Tuesday, October 15, 13

The Solution

Move the wallet encryption over to the browser.Yes, really.No, seriously!

Tuesday, October 15, 13

Fear, Uncertainty and Doubt

“DOOMED”? REALLY?Tuesday, October 15, 13

Tuesday, October 15, 13

Counterpoint

http://log.nadim.cc/?p=33Tuesday, October 15, 13

Tuesday, October 15, 13

Coinpunk “New Wave”

• HTML5/JS frontend• Node.js backend• Redis• Bitcoind

Tuesday, October 15, 13

Coinpunk “New Wave”

Browser generates Bitcoin private keys, encrypts them, sends encrypted payload to server for storage/backup.

Tuesday, October 15, 13

Coinpunk “New Wave”

Browser also creates all the transactions. The server (and therefore hackers) cannot spend the user’s money.

Tuesday, October 15, 13

Progress

Tuesday, October 15, 13

Browser Crypto Libraries• CryptoJS

• Stanford JS Crypto Lib (SJCL)

• BigInteger (JSBN)

• BitcoinJS-lib

• RandJS

https://github.com/kyledrake/randjs

Tuesday, October 15, 13

RandJS• Uses

window.crypto.getRandomValues if exists, otherwise falls back

• Allows you to decide whether you’re cool with that.

Tuesday, October 15, 13

window.crypto.getRandomValues

Tuesday, October 15, 13

Observations• It’s all kindof slow

• SJCL PBKDF2 is (a lot) faster than CryptoJS

• Can’t go above 4k-5k iterations

• Limited pre-rolled authenticated encryption options (sjcl.encrypt)

http://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken

Tuesday, October 15, 13

I’m not doing Bitcoin work.Why should I care?

Tuesday, October 15, 13

Browser-side crypto will become a lot more commonplace.

Tuesday, October 15, 13

JS crypto libraries will become secure, standardized and fast.

Tuesday, October 15, 13

One-way hashing of the password on the browser will be considered “best practice”.

Tuesday, October 15, 13

THANKS!

Tuesday, October 15, 13