The developers of Insight, an open-source Bitcoin blockchain API, are currently interested in the development of a new highly-secure Bitcoin wallet to prevent unsanctioned intrusions, hacking and simple coin theft.
The team sees a solution to the security problem in multisignature transactions, which have not received the deserved attention due to their complexity of usage. When the process and interface is simplified and made more user-friendly, the technology could become a panacea for vulnerable wallets.
The bitcore team believes that the idea could be realized in the following way – the coins are simply spent, while all transactions are verified by authorized users from a group with the right to accept or reject an action. If the principle chosen is 3-out-of-5, then the request to verify will appear on the screens of each peer, who will have to make a choice. If 3 users approve the transaction, the coins are moved.
Security is improved because someone willing to steal the money has to obtain numerous private keys from the members of the multisignature wallet. In addition, Cosign users have to satisfy two more basic conditions:
- The private keys have to be generated on the client side. If stored remotely, a strong password must protect them.
- The required wallet software must be open-source with no ability to be modified by a third party. A regular audit is required for for maximum security.
For further examination, let us take the same 3-of-5 condition. One of the 5 group users of a new multisignature wallet will receive the wallet ID. The number is generated randomly. All members obtain the number so they can enter the common wallet. The process could be compared with Google Hangouts.
The first login of every member launches the generation of a random master extended private key, followed by the creation of master public keys. These addresses appear in the list of the software for further use.
The interface of the transaction page is relatively conventional, except for an additional feature, which at first shows all transactions as “partially signed”. A notification makes other members aware that a transaction must be verified. When 3 users agree and the action is allowed to proceed, the money is transferred to the Bitcoin network and added to the blockchain.
The only factor that could postpone a payment is other users being offline, but the level of security is nevertheless increased in comparison with present technologies. The wallets must be backed up. In case of an attack or loss of data, 3 master private keys are sufficient to recover the coins.
An innovative technology called BIP 32 will be used to simplify the process of sharing public keys in case a new private key is randomly generated. The required data is first given to all members of the group holding the wallet.
The Web RTC is going to be used for p2p connections in browsers. The aim is to make a mobile application - one that has all the initial advantages and which can be audited. Finally, the application could function without a communications server, although this feature is still in the pipeline due to present technological limitations.
With HTML 5 Local Storage possibly allowing the storage of bigger amounts of data within the app, the need for a central server could be eliminated. Simplified payment verification could prove to be the missing link between the RTC communication protocol and the real Bitcoin p2p protocol.
The Cosign project is still in the design phase and Coin Telegraph will continue to closely monitor its development. Stay tuned for the latest information straight from the Bitcoin community.