Topic: Best protocols for cold wallet, hot wallet. We are building an exchange. (Read 2647 times)

Armory wallet is looking into schemes like communitcating through QR codes or sound waves. You can contact the dev for what they are thinking.

well i was suggesting and maybe someone can try this and post here, if you remove ubuntu-desktop and you end up with a bare terminal. and if you put the usb stick, auto run should never run.

Animated qr codes would work great, but digitizing something makes it easier for theft then physical objects. I think paper wallets would be the way to go.

those are valid concerns. there has to be some form of auditing available to customers especially they have no control over hot/cold storage.  we will have an officer approve the withdrawal request and then also have speed bumps and a some kind of activity monitoring.

has anyone found a serial tx program that can be used to transfer transactions from cold to hot storage?

I believe other controls (not tech based) around this process are also needed.  I'm not an accountant but I'm thinking:
- Regular cash/BTC recons.  Is the amount of btc/cash held now equal to previous balance +/- transactions made?
- Customer balance recons.
- Cold to hot transfers can only occur if a proper recon has been done.  Is the cold as big as it should be.  Has the hot reduced to a low level for valid reasons?  Need sign-offs on this, with the cold to hot transaction only occurring if audits/recons are in place.

This is to stop one blindly refilling an empty hot wallet from the cold.  If you have a recon you can be sure the hot needs refilling for the right reasons.  

You are trying to create an "air-gap" effect.  The problem is that many things have auto-run, so it is hard to be certain that you are secure.

You pretty much have to code the channel yourself to be absolutely sure.

One suggestion was an animated QR code .gif file.  Each frame would have a different code.

Armory doesn't care how you get the file to/from the offline computer.

Yeah I'm a bit suspect of USB viruses / trojans
I have had them in the past. not to do with bitcoin but they infected computers at my old job.

I like the idea of having the cold storage monitor and the hot wallet server camera facing each other and to sign transactions we just let the 2 communicate via QR.
It seems really archaic but bitcoin is strange like that, we have to go back to old tech like paper to truly secure such a futuristic asset.

Armory uses usb sticks, so you would need to do recoding to support other methods.

The point about cold storage is that the money should very rarely be touched.

It is like money in a bank account that isn't tied into your trading engine.

Maybe if you used hot/warm/cold, then you might be able to convince them?

You can use any method for transfer really.  There was talk of using a sound card based solution and sending the data via sound pulses (like old telephone modems).

QR codes could possibly work too.  The problem is that you actually need a lot of information.  To safely spend a transaction, you need to include all the input transactions.  Otherwise, the cold store cannot determine how much is about to be spent.

I would like to discuss what manual methods are available to transfer signed tx from cold storage to warm/hot wallets. I am having a hard time to convince my team to use cold storage for one let alone usb sticks because they think its too old fashioned to use usb sticks.   The thing about cold storage is it must not be connected so ethernet cable over vpn does not work.  What other options are available to withdraw manually?



 

You could set it up so that the cold wallet has a watching only wallet for the hot wallet. 

It would be possible to verify that all outgoing payments of the cold wallet are going to a hot wallet address.  I don't think Armory supports that though.

Thanks for all the great responses.

I love the idea of a warm wallet!
I am collating all the ideas and schematics for the devs to talk over.

Just looking at armory and it would be great if you could import a CSV with transactions that you need to happen and then then sign those on the cold wallet and finally broadcast them from hot.

So Armory would effectively be both the cold and warm wallet but we daily export a CSV of transactions that are waiting to happen and then send them out from cold storage.

Its not ideal because I was thinking it would be best to use Armory to just recharge the HOT wallet and so if the hot wallet runs out of funds then every new transaction goes into a Queue which are then executed once the hot wallet is full again.

What I like about this is that its more automated but if we are compromised I want a way to detect dodgy withdrawals in the queue because we don't want to fall into the alleged Karpeles tunnel syndrome, where funds are tunnelled away under the noses. But thats a whole other problem.

The main problem at the moment is cold warm hot wallet architecture.

Armory really is an amazing piece of work for cold storage, the issue is hot and warm really. I think it might be that every 24 hours we manually top up the hot wallet to a percentage of the cold.

If there is an overflow of withdrawals then we could manually process them. (This could annoy customers but if they realise that its for security reasons then people will be a bit more accepting, although people are fast to yell scam all over the internet if they don't get there bitcoins within seconds :/ so theirs that.  )







 

so your implying,  the withdrawal from cold wallet will be manual and deposits would go in warm wallet?  transfer will be automatic from warm wallet to hot wallet using a server api (custom) ?

What other options are available for manual withdrawal from coldstorage besides usb stick?
 

The cold wallet is supposed to be reserve funds.

Cold Wallet
 - funds can be deposited automatically
 - funds can be monitored via watching wallets
 - withdrawal is difficult

Hot Wallet
 - all wallet operations are automatic

The idea is that you get a notification if the Hot Wallet is running low on funds.  Funds can then be transferred to the Hot Wallet in a single transaction from the Cold Wallet.

When a client withdraws money, it is from the Hot Wallet.

In an exchange, there is like a "float" that varies daily.  If the total funds stored on the exchange went up an down by 10%, then you only need to store 10% in the hot wallet.

You could have an intermediate level (warm wallet?) that have less security than the cold wallet but more than the hot wallet.  For example, transfers might be automatic, but need to be signed by 3 of 3 separate servers.

while using usb stick to move info over and back might be suitable for a individual miner it is not feasible in an exchange environment where several withdrawals are possible. So what is an ideal design for a exchange environment?

Cold storage withdrawal is supposed to be manual.  Armory uses a USB stick to move info over and back.

You use Armory running in "watching-only" wallet mode to create an unsigned transaction.

This is copied to the USB stick as a file.

You boot up your offline computer (not connected to the internet).

The offline computer reads the file from the USB stick.

It displays information about the transactions, i.e. destination address and amount.

You press OK, and it signs it and saves it back to the USB stick.

You take the USB back to the internet connected main computer.

Armory running on the main computer broadcasts the transaction.

This assumes that the USB doesn't auto-run and your initial download/setup was correct.

I like to have a discussion on how one can maintain a cold storage (offline system) that has no way to reach the hot wallet. How does one transfer transaction between the two systems? One way would be to have a api server that would allow unsigned transactions to be sent to the cold storage, get them signed and then send them back to hot wallet for broadcasting. A human can also authorize transactions like withdrawal requests.
But using the api method, we are then left with a connected system, a cold storage is offline and no automatic withdrawal exists, withdrawal must be done manually. What protocols are available for a manual withdrawl from coldstorage?

How can a tx be moved from a cold storage to an internet connected machine for submission ? I am able to build a api server that could technically have some api exposed to transfer signed tx from cold storage to hot wallet for submission but then coldstorage wont really be offline. Without using usb keys in an exchange environment, I like to know of other possible methods to transfer tx from cold storage.

It seems Armory does do 2 of 3 multisig wallets, but it is at the beta stage and it just re-uses the same keys over and over.

That's very cool, thanks for all the detail!

Yes.

It generates a series of key pairs.

If you had money in address number 20,000, then you would need to compute addresses 1 to 19,999 before you can work out 20,000.

It is reasonably fast.  It takes a few ms to generate an address.  Dedicated code can do it faster.

If you thought the first 100k addresses were used, you might compute the first million when doing a recovery, so you don't miss any when scanning the blockchain.

The new deterministic wallets have a suggested "gap" length of 20.  This is for use by the general public.  Merchants could have higher gap lengths.

It computes the first 20 addresses.  If it sees address 17 in the block chain, then it computes addresses up to address 37 and so on.

This means that you can have a "gap" of up to 20 unused addresses and it would still find all your addresses.

The client might warn the user if they asked for the 20th address in a row of spaces that it is the last one and it must be used before any more can be computed.

When importing, it might use a gap of 40, in order to be safe.

Indeed, but that only applies to keys. Account info is unrecoverable obviously (hence my other comment about user balances).

Also, it's nice that you can recover the key to an address if you know the wallet seed, but if you lose the wallet how do you keep track of which addresses you control in the first place? Is it possible to build a list just from the wallet seed?

If you use a deterministic wallet, then everything is generated from 1 root seed number.

You can print that out and put it in a safe.

It can even be split into pieces.  You have 9 pieces of paper, and you need 5 of them to generate the root seed.  You can pick any values you want, 90 of 100 is possible.

Even if you lose everything else, you can regenerate all the keys from that one seed.

This is the key advantage of deterministic wallets.

What is cool is that you can create "watching-only" wallets, which are able to generate all the public keys (but not the private ones).

This means that you can detect a deposit into the cold wallet without having the private keys at all.

You can create transactions with this watching-only wallet and have them ready for signature.

The computer with the private keys is supposed to be completely isolated.[/list]