KoinKeep uses a number of Bitcoin and cryptographic techniques to secure its users' Bitcoin. Many are techniques commonly used by hardware wallets and a few are techniques pioneered by KoinKeep. Read on to discover them.
Public Key Cryptography
- 32 byte secp256k1 keys are used exclusively.
- All keys are stored in as few places as possible. Keys on the hardware device never go to the phone and vice versa.
Learn more about KoinKeep’s public key management
Public keys are used in many places throughout the application. Secp256k1 is the public key standard adopted by Bitcoin. Obviously by supporting Bitcoin a hardware wallet has to support it to do transactions at all however we use these keys for more things throughout the app. We also use ECDH over secp256k1 which is a technique for getting shared secrets between the hardware device and the user's phone.
- Any number of KoinKeep hardware wallets can be combined into a multi-sig arrangement.
- When using multiple devices, two-thirds of the collection are required to unlock funds.
Learn more about KoinKeep’s multi-sig support
multi-sig is short for “multiple signatures”. Traditional Bitcoin transactions use a single signature but Bitcoin supports using multiple signatures. This provides a number of useful security trade offs.
Typically multi-sig setups use three devices, each device holding a single key. To successfully withdraw you need two of these devices to electronically sign a withdrawal transaction. Since you need two signatures but you have three devices this is called "2 of 3 multi-sig."
The primary value of this arrangement is protection against loss or theft of a device. You can lose one of the devices as long as you keep the other two. Bitcoin's multi-sig allows you to recover your funds with any of the two devices, so it doesn't matter which particular one is lost.
The secondary benefit is theft of a device provides no value to the thief. Because the thief needs two devices to create a valid withdrawal transaction, they cannot steal any funds if they've only stolen a single device.
Local Transaction Signing
- Transaction payloads are transferred between devices, signed and passed back.
- Transactions are taken to hardware wallets individually, so they never need to be in the same location.
Learn more about KoinKeep’s local transaction signing
This step is crucial for making the system more secure. It allows private keys to 'never move' instead of any keys being sent over channels where they might be hijacked.
Instead when making a withdrawal you begin by creating the transaction on the phone to execute the transaction. Then you go to your KoinKeeps individually and send the transaction to the device. The device will sign the transaction and send it back. Once you have signatures from 2/3rds of your devices the transaction is complete. The phone will upload the transaction automatically, completing the withdrawal.
On-chain Two-factor Authentication (2FA)
- KoinKeeps use a unique bitcoin script format that allows for on-chain 2FA
- The key for this 2FA is stored in the user's phone and is never transferred to the device.
- This key is required but not sufficient to unlock funds.
- The unique input script format is:
[Signature] OP_CHECKSIGVERIFY [Signature] [Signature] OP_2 [Public Key] [Public Key] [Public Key] OP_3 OP_CHECK
Learn more about KoinKeep’s 2FA
KoinKeep is the first hardware wallet to offer this feature. By having a key that is stored off of your device and is never transferred to the hardware wallet you're protected against a fallen angel supply chain attack.
This sort of attack is done by someone who wants to attack an entire supply of devices at once. The reason to be concerned about is the magnitude of funds possible to steal. Stealing funds stored on a given batch of hardware wallets can be quite a large bounty.
Using this technique we can dramatically reduce trust in the hardware wallet to the point that even if a device was hacked to do everything in its power to steal your funds -- it would be unable to do so.
This key also acts as a deterrent to theft of your individual device. An attacker needs to steal your device as well as this key off your phone which adds a layer of difficulty.
- Nothing sensitive is ever sent over Bluetooth (ie. no keys).
- All communication over Bluetooth is encrypted AES_CBC anyway.
- All encryption keys are 32 bytes.
- Initial setup performs diffie key exchange. After which the device will only ever recognize that single key forever.
- Nonces are used to prevent replay attacks.
Learn more about KoinKeep’s Bluetooth security
While data passed through Bluetooth is encrypted and cant be read by an attacker listening in, none of the data passed is sensitive in nature. While it shouldn't be possible, if an attacker gained access to the communication keys to listen in they would not see any keys or items of value.
The only data that is passed over Bluetooth is being prepared to be published on the Bitcoin blockchain, which is public anyway. Special care is taken to ensure only this public data is sent over the Bluetooth communication channel.
The initial setup key acts as an ultra secure password or pin code. Passwords are generally as secure as their size in bytes. KoinKeep uses a 32 byte key for this which is much, much more byte size than a long password.
- All device storage is encrypted.
- Encryption is done with AES_CBC.
- The encryption key is 32 bytes.
- The encryption key is never stored in permanent memory.
- The encryption key is instead stored on the user's phone and given to the device during signing.
Learn more about KoinKeep’s storage encryption strategy
The important detail about device encryption is that the key is not kept on the device. So if an attacker had a device and broke into it they would not get access to anything at all.
When pairing a device to initialize it or sign a transaction the encryption key is first passed to the device. This allows the device to startup and read it's own storage. If the device never receives this key or receives the wrong key it cannot boot up.
Direct-access SPV Bitcoin Wallet
- KoinKeep’s phone application connects directly to the Bitcoin network as an SPV (Simple Payment Verification) wallet.
- Bloom filters are used in a privacy-increasing fashion.
- When a bloom filter is updated all currently connected nodes are disconnected. New nodes receive the updated bloom filter. This prevents nodes from being able to 'diff' the bloom filters and reduce your privacy.
Learn more about KoinKeep’s decentralized Bitcoin network access
Mobile apps that connect directly to the Bitcoin network are rare. We at KoinKeep are very proud of building an app that can efficently connect to the Bitcoin network live without relying on a trusted server.
This lack of a trusted server gives the user a large boost in privacy. Trusted servers are able to see all transactions, both going in and going out. This means they can make a record of the funds you have, how you got those funds, and how you spend those funds.
With our focus on privacy KoinKeep we didn't want users to have to trust us to not keep those records. By eliminating that component we've tied our hands behind our back -- we can't keep those records if we wanted to or were compelled for any reason.
Not having a trusted server is an order of magnitude more effort to get working on mobile which is part of why other wallets support it so rarely. We hope to open source this effort in the future.
- You can specify nodes to always connect to.
- You can specify nodes to only connect to by marking them as "master nodes." This is helpful if you run your own node to further increase your privacy.
Learn more about KoinKeep’s whitelist support
The app begins with a list of 50 known Bitcoin nodes and connects to eight of them, chosen randomly. Once connected the Bitcoin network will announce more nodes as they come online. Each node the app learns about is added to this list, up to a limit of 2000. Any nodes that have a connection problem or get removed during a bloom filter update are removed from the list.
If you manually add a node it will always be one of the eight nodes the app connets to.
If you mark at least one node as a "master node." The app switches to whitelist mode and will only connect to nodes marked as master nodes. If you run your own node you should use this option.
Built in Block Explorer
- Using online block explorers decreases privacy, because their servers can track you.
- KoinKeep’s phone app has a built-in basic block explorer, which shows all transactions relevant to your wallet.
Learn more about KoinKeep’s Block Explorer
Using a block explorer to see when your transactions are confirmed is bad for your privacy. Companies that run those block explorers have the option of tracking which transactions you look at, and can make an educated guess that they are yours.
To address this issue, KoinKeep includes a simplified block explorer. You can find it by going to the settings page, tapping "bonus" and then tapping "block explorer". This includes withdrawals, deposits, coin joins, and other esoteric transactions you are a part of.
- Fees estimates are downloaded from multiple sources and a median is taken.
- This can be disabled to further increase privacy.
Learn more about KoinKeep’s fee estimate handling
Fee tracking can be done locally, but only works if you have a high enough volume of transactions and are okay with some transactions needing fee bumps with RBF. While we recommend users do so if they're familiar with those concepts, this is too complex for new users. If you are an advanced user check the fee chart under the settings page, "bonus," "transaction fee analysis." It will show a chart of all previous transactions you've sent, their fee ratio, and the confirmation delay -- use this to help determine what fee you should use for your next transaction.
For our newer users, by default, the fee rates are downloaded from public APIs. Go to settings, "bonus," "fee estimate downloader" to see which providers are used. You can disable the providers individually or turn them all off if you'd like to calculate your transaction fees manually.
- No user tracking of any kind is done inside the app.
Learn more about user tracking in Bitcoin wallets
Most applications track their users' actions inside applications to better understand how to serve them. They also track them in case of app crashes or support needs.
By choosing to not use these tracking services we preserve our users' privacy but we are in the dark about how our users are using the app. Please help us by reaching out to us if you have an issue or suggestion about the app! Go to settings, "get support" to start a conversation with us. You can also access support by tapping the chat icon on this website.