Lily TechnologiesBitcoin Security Guide

There is a lot of information out there about Bitcoin security and how to properly secure your digitial wealth.

While there is a lot of high quality content out there already, we felt compelled to put forth our own thinking as a security company in the space so that our customers and customers-to-be understand why we built Lily Wallet.

Introduction: Keys are Key

Bitcoins are secured by private keys. These keys are random strings of letters and numbers that, through cryptography, allow someone who knows them to send coins to other people.

Therefore it is important that:

  1. You don't lose your private keys
  2. Others don't find your private keys

If either of these two things happen, then your digital wealth can be lost or stolen.

The evolution of private keys

Before diving right into it, it's helpful to set the scene.

In the early days of bitcoin, users would keep track of individual private keys that secured their coins. In 2012 and 2013, proposals to make private key management easier were put forth.

The first proposal, BIP32, introduced what is called heirarchically deterministic wallets. While it sounds intimidating, HD wallets simply allow a user to derive a number of different private keys from one master private key.

The other proposal, BIP39, was to use mnemonic phrases to represent the random strings of letters and numbers into more human readable (and correctable) forms. This reduced potential errors when backing up your keys.

With these two concepts standardized, companies like Trezor and Ledger started manufacturing devices called hardware wallets that that utilized these technologies.

This greatly improved the user experience and security of bitcoin. Now users can write down one sequence of 24 words to access and recover their funds. At the same time, hardware wallets allow users to store their private keys offline and simply plug a device into their computer to approve transactions.

With hardware wallets, private keys now take on a physical form like real keys that people use to lock their cars or houses with.

Don't lose your keys

With the introduction of hardware wallets, not losing your private keys seems pretty trivial to solve. Just don't lose your hardware wallet! Put it in a locked cabinet in your house, engrave your seed phrase into a plate of steal and bury it in the backyard, put your hardware wallet in the safety deposit box at the bank.

While these are all viable solutions, they are still open to failure. What if the house burns down? What if your kids get into the cabinet, steal the device, and lose it? What if the landscapers dig up the steal plate while planting the garden and haul it off to a landfill? What if you lose access to the safety deposit box?

We admit, the odds of some of the situations we listed above are very unlikely. Almost unheard of in fact. But there is a more than 0% chance that they might happen, and if they do, your digital wealth is toast.

We can mitigate the risk of losing our private keys by simply making copies of our mneomonic and storing them in different places. If we lose track of our keys in one location, we can go to another spot where we stored them and still maintain control of our money.

While this strategy diminishes the risk of losing our private keys, it increases the likelihood of others finding our private keys. Because of this, simply making multiple copies of your private keys is not a suggested strategy for securing your digital wealth.

Single point of failure

The problem we described above boils down to your private key being a single point of failure. If that one piece of information is lost or stolen, then your digital wealth can be lost forever.

So how can we create a private key setup that allows us to have multiple copies of our keys while preventing someone from stealing our funds if they happen to stumble upon them?

Over the past few years, the industry has started shifting towards using multisignature vaults to solve this problem.

What is multisig?

Multisig combines different private keys together to create unique addresses that require multiple signatures, or approvals, in order to send coins.

Work in progress...