This article is written by Nick Neuman, CEO and co-founder, Casa.
The views of Nick Neuman are separate from those held by Advancing Bitcoin.
How many bitcoins do you hold?
If you answered “none”, congratulations: go straight to the top of the class. Why? Because no one technically holds bitcoin. Bitcoins are simply entries in a publicly-viewable database: the blockchain. Sure, they’re yours. You can control them, mine them, buy and sell them. But they never reside anywhere but on the blockchain.
So what? you might say. It’s just semantics. In fact, it’s a lot more important than that. Failing to understand the rudiments of Bitcoin — including what ownership entails — makes it much harder for people to keep their coins safe.
Keys not coins
If you don’t own your bitcoin, what’s in your wallet? The answer is not coins; it’s something even more important: Private keys.
A Bitcoin private key is like a secret passcode that’s needed to transfer ownership of bitcoins on the blockchain. With private keys, you have the power to alter the blockchain record by authorizing a transfer from one Bitcoin address to another. That transaction gets recorded in the blockchain.
To go a level deeper, bitcoins are, at their root, numbers; balances that are assigned to different Bitcoin addresses. For every private key, there is a public key (translated to a “Bitcoin address” or a “deposit address”).
The private key belonging to that corresponding public key is the secret code needed to “spend” bitcoins.
Wallets aren’t just for banknotes. In fact, in today’s era of cashless payments, your physical wallet is more likely to contain tokens (like debit or credit cards) than it is to store folding money. And that’s a good way to think about Bitcoin wallets: they are not somewhere to store your coins, but a secure place for your private keys.
Think of your Bitcoin wallet like a password manager (which everyone should be using!). Password managers store and secure the secret passwords you need to access websites, rather than the content of the websites themselves.
When we start thinking about Bitcoin wallets as key managers rather than a place to store our coins, we get a much better sense of how to keep our investment secure.
Take full control over your coins
Part of the elegance of the Bitcoin network is that it allows one to have total ‘self-sovereign’ control over a digital monetary asset - a simple but powerful tool of self empowerment.
With that power comes the responsibility of keeping those private keys secure. If an attacker is able to obtain your private key, they can take control of your bitcoin. Likewise, if the private key to a Bitcoin address is lost, no one will be able to move the bitcoins on the blockchain.
There is no password reset button you can press in Bitcoin and no central party or support team to turn to for help. Once you’ve lost your keys, you kiss your coins goodbye.
Private keys seem important….
They are. Anyone who holds the private key to a Bitcoin address can spend that bitcoin — even if they’re not the rightful owner of those coins. Because of this, it’s vitally important that not only are your keys secure, but that you have full control over those keys (and not someone else).
With centralized entities (like Bitcoin exchanges), you’re trusting someone else to keep your private keys secure, and give you access to those keys when you request it. This is convenient, but unfortunately, third-party custodians have been notoriously poor keepers of private keys. And poor key management can trip up even those who are technically literate.
Maximum security, minimal risk
For greatest security and resilience, you can generate multiple private keys, with a customizable quorum of keys needed to spend funds. This type of wallet is called a multisignature (or “multisig” for short) wallet.
Multisig allows you to create, as an example, five private keys to a Bitcoin wallet, with at least three keys needed in order to move funds on the blockchain. To picture this, imagine a safe with five keyholes. If there are at least three keys in any of the corresponding keyholes, the safe can be opened.
Multisig offers the greatest resilience against both theft and user error. In such a setup, two keys could be compromised, and the attacker would not be able to move the bitcoin. Likewise, you can lose up to two keys, and still be able to access funds using your remaining three keys.
Private keys are an essential part of the Bitcoin ecosystem but, as we’ve seen, they can also be its Achilles’ heel. The more we understand about wallets, the better equipped we will be to choose one which follows key management best practices and keeps our Bitcoin safe.