The Key Ceremony: Auditable Private Key Security Practices
While many companies in the Bitcoin space are working on the “killer app” that will drive mainstream consumer adoption, at Armory we are working on the “killer app” for institutional adoption: insurance. There are few investments that financial institutions can make that have the all-or-nothing security properties of a Bitcoin wallet.
Many proponents tout the benefits of irreversible Bitcoin transactions for consumers and merchants, but at the enterprise level irreversibility can actually be quite scary. Business-to-business transactions are rarely anonymous, and the legal system provides sufficient pressure for parties to behave.
However, the legal system will not be of much help if those coins disappear due to accidental destruction or an anonymous security breach. In our experience with institutions, this is a critical barrier to entry. And getting institutions involved is a critical milestone for mainstream Bitcoin adoption.
Insurance can solve these problems, and a strong backbone of insured storage options could be a catalyst for both consumers and businesses to take Bitcoin more seriously. But getting insured is no easy task in such a new and high-stakes technology field.
Imagine you are an insurance underwriter being asked to price a policy for full coverage of a $100 million bitcoin wallet held by a company whose name you don’t recognize. In your first meeting with them they claim, “We are using all the most advanced technology to store our coins!” They use all the Bitcoin security buzzwords: “cold storage,” “multi-sig,” and “fragmented backups.”
Would that alone comfort you enough to risk $100 million for a small premium?
How do you know that they are actually using cold storage and multi-sig in their setup?
How do you know backups are created and secured properly (and not on Dropbox)?
How do you know an employee or executive did not rig the software or hardware to essentially steal the wallet before it was even created?
Cold storage and multi-sig are important concepts in Bitcoin security, but conceptual security alone is not enough. We want operationally transparent, auditable security. And it all starts with the “Key Ceremony.”
Key Ceremonies are not new. They have actually been used for 20 years to ensure integrity of some of the most valuable cryptographic key material in the world. This includes keys that protect the backbone of the Internet, and keys held by governments used to issue and verify passports. Our goal at Armory has been to bring these established, high-integrity processes into the Bitcoin space. This is important in so that organizations can manage their own risk, but especially important to the insurance companies whom we believe will help enable traditional institutions to become Bitcoin holders.
Key ceremonies are typically tailored to the organization and the value of the key material. However, in the most extreme cases, they are performed in a secure room with video cameras, witnesses, lawyers, notaries, and company executives.
The goal is not to only create the sensitive key material, but to reach an overwhelming consensus that they are generated in a cryptographically secure manner, and that no one could have made unauthorized copies. The process can ultimately include the following:
• Those who ultimately manage the keys and key backups are identified, documented, and their responsibilities are made clear.
• The authenticity of all hardware and software is verified before it is used for secure operation.
• Tamper seals are applied to all secure devices, and tamper-evident bags are used to detect any tampering or copying of sensitive backup data after they leave the ceremony room.
• The display of the secure computer is mirrored on large monitors for all witnesses and video cameras to observe every keystroke and mouse click during the key ceremony.
• The videos from the ceremony are archived to be reviewed/audited by third-parties, and possibly as part of an investigation if funds go missing unexplained.
Keep in mind, that in a cold-multisig wallet arrangement, each site will have to independently carry out its own key ceremony. In our conversations with insurance representatives, the best way to decentralize the security model is to have different independent companies managing the coins.
The company that owns the coins would not even have the ability to move the coins by themselves. Nor would any other company. Authorizing transactions would require other signers to get recorded video confirmation from executives with authority over the wallet, enabling traceability and auditability of the ongoing operation.
Not all companies need this level of rigor. But a “full-paranoid” solution needs to exist if Bitcoin is going to see the entrance of global corporations who would be managing billions of dollars worth of bitcoins. A strong key ceremony as outlined above is only the start of an enterprise end-to-end security solution.