BitGo & Securing Bitcoin with P2SH

50 %
50 %
Information about BitGo & Securing Bitcoin with P2SH

Published on March 4, 2014

Author: mbelshe



This talk was presented at the SF Bitcoin Dev meetup on March 3, 2014. It's a pretty low level talk, and we covered many topics from how transaction signing works, how scripts work, how multi-signature transactions work, what are standard transactions, what are P2SH transactions, and finally, how to use the early BitGo APIs to do your own P2SH wallet creation and transaction signing.

If you wish to use the BitGo APIs, please contact me.

Securing Bitcoin With P2SH

Who Am I? ● ● ● ● ● Mike Belshe CTO / Co-Founder of BitGo. Startup Addict. Early Chrome Engineer Co-creator of SPDY, becoming HTTP/2.0 Co-founder of Lookout Software, email search.

Agenda Part 1: The Theory ● Signatures - how do they work? ○ Inputs & Outputs ○ Script Pub Key ○ Script Signature ● The P2SH Overlay Part 2: The Code ● BitGo APIs ○ HTTP Service ○ JavaScript library ● Let’s create a P2SH address! ● Let’s create a transaction

Part 1: The Theory

Anatomy of a Transaction Input #1 Transaction Input #2 ● ● ● ● ● ● Version # of Inputs List of inputs # of Outputs List of outputs Lock time Output #1

Anatomy of An Output Output ● Value (in Satoshis) ● ScriptPub ½ of the Script “Deposit Script”

Anatomy of An Input Input ● txHash of input ● Output index ● Script Signature ½ of the Script “Withdrawal Script”

Transaction Chain Transaction #d4444 Transaction #a1111 Transaction #b2222 Inputs: None Input #0: #a1111:0 Output #0: 50 BTC Input #0: #b2222:0 Input #1: #c3333:1 Output #0: 25 BTC Output #1: 25 BTC Output #0: 35 BTC Output #1: 10 BTC Transaction #c3333 Input #0: #b2222:1 Output #0: 5 BTC Output #1: 20 BTC Unspents

Anatomy of A Transaction Script Transaction #b2222 1. Take Script Pub Key from the output to spend Input #0: #a1111:0 Output #0: 25 BTC Output #1: 25 BTC Script Signature (from the new transaction) Script Pub Key (from the old transaction) Transaction #a1111 Inputs: None Output #0: 50 BTC Script 2. Append it to Script Signature from input in spending transaction 3. Use this as a stack of commands to run as a script

What Does A Script Look Like? Sampling of Script OP CODES OP_0, OP_FALSE Push 0 onto stack OP_PUSHDATA[1-4] Push a number of bytes on stack OP_DUP Duplicate top of stack OP_IFDUP If top of stack is not zero, duplicate it OP_NUMEQUAL Returns 1 if the numbers are equal OP_SHA256 Hash the contents of the stack with SHA-256 OP_RIPEMD160 Hash the contents of the stack with RIPEMD-160 OP_CHECKSIG Hash the transaction inputs/outputs; the sig must be a valid for the given pub key etc Overall, there are < 100 op codes ● Scripting language is complicated ● Scripts can be large and expensive to run ● Not turing complete ● bitcoind does not implement the full language ○ Rely on “standard transactions”

Standard Transaction Types & ScriptPub Pay to PubKey Pay to PubKey Hash MultiSig M of N ● old ● used in coinbase. ● Common form ● (BIP 11) <PubKey> OP_CHECKSIG OP_DUP <m> OP_HASH160 <PubKey> <PubKeyHash> … OP_EQUALVERIFY <PubKey> OP_CHECKSIG <n> <OP_CHECKMULTISIG>

The Need For P2SH ● Existing “Standard Transactions” require the transaction creator to specify the ScriptPub portion of the script ● Wanted a way to let the receiver specify the script. ○ Faster adoption of new formats (like BIP11: M of N) ○ Applies to all transactions at an address

Welcome Pay-to-Script-Hash (BIP16) Deposit Script (ScriptPub) is a Fixed Format: Withdrawal Script (ScriptSig) contains a new Script: OP_HASH160 <Signature> <ScriptHash> <Serialized Script> OP_EQUAL

P2SH Details ● Adoption accepted in April 2012. ● Was controversial because the script is a bit of a “bolt on” ○ New address type (BIP13): 32JnPkrXfNZByp5tgi4YxAVMi649Cjfnds ● Provided simple, 20-byte addresses like our existing ones

BitGo: P2SH & M-of-N magic ● P2SH gives the “Withdrawal Script” back to the receiver, rather than the sender. ● Multi-Sig gives us multi-factor bitcoin ● Now we can create a safe storage for bitcoin using the web:

Part 2: The Code

Disclosures and Disclaimers ● Of course we’re using BitGo APIs! ● BitGo APIs are still evolving, version 0.9 ● If you want to use these APIs contact me.

2-Part SDK: Service + Browser ● Browser API is Javascript ○ Other client-side APIs will work ● Service API is HTTP

JavaScript API ● Modified Bitcoinjslib w/ Multi-Sig support ● https://github. com/BitGo/bitcoinjs -lib Bitcoin. Address ECKey Transaction

Bitcoin.Address var stdAddress = ‘1MyxBcAfzNze2aY3ggLEvroKJBZXDgAmc’; var p2shAddress = ‘32JnPkrXfNZByp5tgi4YxAVMi649Cjfnds’; assert(Bitcoin.Address.verify(stdAddress), true); assert(Bitcoin.Address.verify(p2shAddress), true); var address; try { address = new Bitcoin.Address(stdAddress); assert(address.isP2SHAddress() === false); } catch (e) { console.log(‘Invalid Address: ‘ + e); }

Bitcoin.Util // Arrays to/from Hex Strings Bitcoin.Util.bytesToHex() / hexToBytes() // double-SHA256 Bitcoin.Util.dsha() // A solid PRNG; with browser entropy from mouse/keyboard Bitcoin.Util.randomBytes()

Bitcoin.ECKey var key = new Bitcoin.ECKey(); // Get the bitcoin address for this key key.getBitcoinAddress().toString() // Get the public key key.getPub(); // as a byte array key.getPubKeyHex(); // as a hex string // Get string format for private key key.getWalletImportFormat();

Bitcoin.Transaction - Create // Create a transaction // Input is the outputIndex of inputTx // Output is valueInSatoshis to outputAddress. function createTx(inputTx, outputIndex, valueInSatoshis, outputAddress) { var tx = new Bitcoin.Transaction(); tx.addInput(new Bitcoin.TransactionIn( { outpoint: { hash: inputTx.getHash(), index: outputIndex script: inputTx.script, sequence: 4294967295 }) ); tx.addOuput(outputAddress, valueInSatoshis); return tx; } },

Bitcoin.Transaction - Sign // Sign a transaction function signTx(tx, redeemScript, signingKey) { var key = new Bitcoin.ECKey(signingKey); Simple enough. try { tx.signWithMultiSigScript( But what the heck is a redeemScript? [key], Crypto.util.hexToBytes(redeemScript) ); } catch (e) { // deal with error ... } return tx; } We’ll come back to this after we checkout the service APIs.

Service API ● Authenticate User ● Create Multi-Sig Wallets ● Find Unspents ● Sign & Send Transactions

Basics URL: REST-ful All data is JSON

User Login Method: POST {"user": {"id":"5314b981196d448052000088", URL: api/v1/user/login/local "name":{ "first":"", "last":"", curl --cookie cookies.txt --cookie-jar cookies.txt -header 'Content-Type: application/json' --databinary '{"email": "", "password": "<redacted>"}' https://www.bitgo. com/api/v1/user/signup/loca "full":"" }, // etc }

Create Multi-Sig Wallet Method: POST {"id":"2Mx7XSW3s36Em89jCegL75AZ3iDRLKMFXi6", "type":"bitcoin", URL: /api/v1/addresses/bitcoin "watch":true, "private":{ "userPrivKey":"x", "redeemScript":"5241045ccd… … … " curl --cookie cookies.txt --cookiejar cookies.txt --header 'ContentType: application/json' --databinary '{"private": {"m":2, "n":3, "userPubKey": "[insert key here]", "backupPubKey": "[insert key here]", "userPrivKey": "x"}}' https://www.bitgo. com/api/v1/addresses/bitcoin }, "spendingAccount":true, "isActive":true, "accountType":"safe", "pendingBalance":0, "availableBalance":0, "balance":0, "unconfirmedTransactions":[] }

Unspents Method: GET { "unspents":[ URL: /api/v1/transactions/unspen ts/bitcoin/<address> { "tx_hash": "e6f8057a1693b58101… … … ", "tx_output_n":0, "value":9005778, "raw":"0100000001bfe62… … … " curl --cookie cookies.txt --cookie-jar cookies.txt https://www.bitgo. com/api/v1/transactions/uns pents/bitcoin/3LbPcRnHdGHqQ nhjc2VMGZVbh8LfrGQCy6 } ] }

Sign Transaction Method: POST URL: /api/v1/transactions/bitcoi n curl --cookie cookies.txt --cookiejar cookies.txt --header 'ContentType: application/json' --databinary '{"tx":"<hex encoded transaction here"}' https://www. bitgo. com/api/v1/transaction/bitcoin { transaction: “<hex encoded, fully signed transaction” }


Add a comment

Related presentations

Les changements sur le marché du distressed aux Etats-Unis et en Europe

Main Sections of the Report 1) Nifty Technical View 2) 4 Large Cap Trade Ide...

This presentation consits the yearly results of Kinepolis Group

Related pages

BitGo, Inc. | Securing the World's Bitcoin

BitGo is the leading bitcoin security platform and a ... About BitGo, Inc. Securing the World’s Bitcoin. BitGo is the leading Bitcoin security platform ...
Read more

Now Securing Bitcoin For Everyone! - BitGo Blog

Now Securing Bitcoin For Everyone! 16 March 2015. ... These enhancements position BitGo as the most advanced and robust bitcoin wallet software in the world.
Read more

BitGo - Bitcoin Wiki

P2SH Addresses; External Links. Bitgo Website; How to Setup a BitGo Bitcoin Wallet Online; References
Read more

BitGo Safe Aims to Secure Bitcoin Wallets With Multi ...

BitGo's bitcoin wallet ... BitGo's bitcoin wallet offers multi-signature transactions, ... who raised the issue of P2SH wallets on the Bitcoin Talk ...
Read more

World's Most Secure Bitcoin Wallet -

Create the world's most secure bitcoin wallet with BitGo: Industry-leading multi-sig security, full custody and user-access control, and the BitGo Promise.
Read more

BitGo Inc. Posts $1 Billion Bitcoin Transactions in Single ...

BitGo Inc. Posts $1 Billion Bitcoin Transactions in Single ... for bitcoin,” said BitGo CEO ... method of securing and storing Bitcoin. P2SH share of ...
Read more

SF Bitcoin Devs with CTO & Co-Founder of BitGo, Mike ...

SF Bitcoin Devs with CTO & Co-Founder of BitGo, Mike Belshe - P2SH Security and APIs Taariq Lewis. ... SF Bitcoin Devs Seminar: The BitGO API: ...
Read more

BitGo Inc. Posts $1 Billion Bitcoin Transactions in Single ...

BitGo Inc. Posts $1 Billion Bitcoin Transactions in Single Quarter. ... BitGo®, the leading bitcoin ... of securing and storing Bitcoin. P2SH share ...
Read more

It’s Time to End the Cold Storage Ice Age and Adopt ...

Will O’Brien is CEO & co-founder of BitGo, the leading Bitcoin security ... Storage Ice Age and Adopt ... for P2SH. BitGo published a ...
Read more