Payments Company Square Open-Sources Its Bitcoin Cold Storage Tool
U.S. payments processing company Square has open-sourced the code for its Bitcoin cold storage solution used for crypto users of its Cash App.
Cold storage refers to a method of keeping cryptocurrency holdings and users’ private keys offline in order to safeguard against theft via a remote attack.
Today’s post outlines that an HSM is a specialized hardware device that is used across the payments industry to “store sensitive cryptographic key material and perform operations with those keys.”
A HSMs’ security benefits reportedly include robust protection against physical tampering, strong access control and the option to replicate keys for backup or recovery purposes, which Square says makes them a “natural fit” for crypto cold storage.
Subzero, for its part, is a customizable enterprise-grade offline Bitcoin wallet, which Square says it has programmed so that its cold wallets can only send funds to a Square-owned hot wallet, thereby adding another layer of “defense.” The firm has also reportedly added multi-signature protection for its wallet, in which “participants [must] use a combination of smart cards and passwords” to authenticate transfers.
Moreover, the post continues, “QR codes are used to exchange the minimal amount of data needed between the offline and online world.” The post extensively outlines the multiple layers of protection involved in a “signing ceremony”:
“A signing ceremony starts by having an online server generate a QR code. The QR code contains the minimal amount of information necessary to sign a transaction [...] The people performing the signing ceremony interact with servers. The servers are located in undisclosed secure locations.”
As reported yesterday, Oct. 22, Dutch multinational banking and financial services corporation ING has also recently released the open source code for its blockchain privacy improvement mechanism dubbed “Zero-Knowledge Set Membership (ZKSM),” which aims to provide validation of specific data without compromising that data’s overall security.