The material in this presentation belongs to St. Francis Institute of Technology and is solely for educational purposes.

Distribution and modifications of the content is prohibited.

Blockchain
and DLT
(BLCH)
ITC801

Subject In-charge
Dr. Joanne Gomes
Professor Dept. of Information Technology SFIT
Room No. 317
email: [email protected]
Module 2
Lecture 3
Bitcoin
Topics:
• Bitcoin Types of Wallets and Wallet Technologies
 Revision- Bitcoin Concepts: keys
• Bitcoin is based on public key cryptography
• Ownership of bitcoin is established through digital
keys, bitcoin addresses, and digital signatures.

• The digital keys are independent of the bitcoin

protocol and are created and stored by users in a
file, or simple database, called a wallet without
reference to the blockchain or access to the internet.

• Keys enables bitcoin, to have properties like

decentralized trust and control, ownership
attestation, and cryptographic-proof security model.

• Bitcoin transactions requires a valid digital signature

(witness) to be included in the blockchain, which can
only be generated with a secret key; anyone with a
copy of that key has control of the bitcoin.
Revision- Bitcoin Concepts: keys
Bitcoin Wallet
• Each user has a wallet containing keys for proving they own the transaction
outputs (their coins).

• The coins are stored on the blockchain in the form of transaction-outputs

(noted as vout or txout).

• Traditional bitcoin addresses begin with the number “1” and are derived from
the public key, which is derived from the private key.

• Although anyone can send bitcoin to a “1” address, that bitcoin can only be
spent by presenting the private key signature and public key hash.
 Wallets are containers for
private keys and not coins

The coins are stored on the

blockchain in the form of
transaction-outputs (noted
as vout or txout).
Hot wallets cold wallets can
are always be disconnected
connected to from internet
the internet

Electrum, Armory Mycelium Trezor

software wallets and hardware wallets

 Difference: Hot and Cold Wallet
Hot Wallet
• Pros:
– easy to access and use.
– convenient for frequent transactions.
– can be accessed from anywhere with
an internet connection.
• Cons:
– prone to hacking and cyber attacks.
– not as secure as cold wallets.
– private keys are stored on a third-party
server, which can be a security risk.
Cold Wallet
• Pros:
– more secure than hot wallets.
– private keys are stored offline, making
them less susceptible to hacking.
– ideal for long-term storage of Bitcoin.
• Cons:
– not as convenient for frequent
transactions.
– can be lost or damaged, making it
difficult to access your Bitcoin.
– more expensive than hot wallets.
Desktop Bitcoin Wallet
• A desktop wallet is a computer program that runs on your PC.
• It stores and manages your private keys in the same way that any other wallet
would but usually has more features than other types of wallets.
• Ex.: Electrum, Armory etc.
 Mobile Bitcoin Wallet
• Mobile wallets are simply bitcoin wallets designed for a mobile device. This means
they can easily scan QR codes, are easy to navigate with a touch screen, and are
accessible while on the move.

• Examples
• OPOLO crypto wallet:
– Best bitcoin wallet for Android users.
• Mycelium crypto wallet:
– Best bitcoin wallet for mobile users.
Web Bitcoin Wallets
• Web wallets (online) store your private keys on a server, which is always online and
controlled by a third party, such as a cryptocurrency exchange. .
• You can gain access to your coins and make transactions through any device that
lets you connect to the internet.

Example:
• Guarda Bitcoin Wallet
Hardware Bitcoin Wallet
• Trezor is a hardware wallet that will help you store your bitcoins (offline storage).
• You will be able to easily plug Trezor into your computer or a smartphone, then it
would provide you with a pin code which will be generated randomly. This will
ensure that the device is safe and secure.
Paper Wallet
• A paper wallet is a printed piece of paper that has your private key written on it.
• Paper wallets are best for users who rarely plan on interacting with their owned
cryptocurrencies.
• Paper wallets are a very effective way to create backups or offline bitcoin storage,
also known as “cold storage.”
• Paper wallets in themselves are not secure.
• As a backup mechanism, a paper wallet can provide security against the loss of key
due to a computer mishap such as a hard drive failure, theft, or accidental deletion.
• As a “cold storage” mechanism, if the paper wallet keys are generated offline and
never stored on a computer system, they are much more secure against hackers,
key-loggers, and other online computer threats.
• Though paper wallets are completely disconnected from both the internet and
blockchain, the keys on them do indeed represent keys on the blockchain which are
still active and can be used to locate cryptocurrency.
 Encrypted paper wallet
Paper Wallet
• Disadvantages of Paper Wallet:
– If the paper gets wet or is burnt in a fire, you will not be able
to read your private key (or seed phrase) and the
representative crypto will be lost forever. A water/fireproof
safe is necessary for the secure storage of a paper wallet.
– Paper wallets also make the process of transacting with
blockchain networks tedious.
• Paper wallets come in many shapes, sizes, and designs,
but they are just a key and an address printed on paper.

• Table shows the simplest form of a paper wallet with

Wallet Import Format (WIF), usually starts with ‘5’ or ‘K’.

Public Address Private Key (WIF)

1424C2F4bC9JidNjjTUZCbUx 5J3mBbAH58CpQ3Y5RNJpUKPE62S
v6Sa1Mt62x Q5tfcvU2JpbnkeyhfsYB1Jcn
Wallet Technologies
Wallet Technology

Non-deterministic (Random) Wallets Deterministic (Seeded) Wallets

Mnemonic Code Words

Hierarchical Deterministic
(HD) Wallets

Ease of use

Increased security
Advantages
Backup and recovery

Compatibility
 Nondeterministic (Random) Wallets
• First bitcoin client wallets were called a Type-0 Type-0 Non-deterministic (random) Wallet
nondeterministic wallet which was simply
collections of randomly generated private keys

• Bitcoin Core client pre-generates 100 random

private keys when first started and generates
more keys as needed, using each key only
once. This type of wallet is nicknamed “Just a
Bunch Of Keys,” or JBOK

• Disadvantage: Difficult to manage

– If you generate many of them you must keep
copies of all of them, meaning that the wallet
must be backed up frequently
• These wallets are being replaced with
deterministic wallets because they are JBOK
cumbersome to manage, back up, and import.
 Deterministic (Seeded) Wallets
• A deterministic wallet is a system of deriving Deterministic (random) Wallet
keys from a single starting point known as a
seed, by using a one-way hash function.
• The seed allows a user to easily back up and
restore a wallet and to recover all the keys,
without needing any other information, a
single backup at creation time is sufficient.
• The seed is a randomly generated number
that is combined with other data, such as an
index number or “chain code”
• The seed is also sufficient for a wallet export
or import, allowing for easy migration of all
the user’s keys between different wallets.
• Seeds are serialized into human-readable
words (Mnemonics) in a Seed phrase making
it easier to remember.
Deterministic Wallet: Mnemonic Code Words
• Mnemonic codes are English word sequences that represent (encode) a random
number used as a seed to derive a deterministic wallet.
• The sequence of words is sufficient to re-create the seed and from there re-create
the wallet and all the derived keys.
• A wallet application that implements deterministic wallets with mnemonic code will
show the user a sequence of 12 to 24 words when first creating a wallet to create a
512 bit seed..
• The 512 bit seed is used to create a master private key.
• This master key is used to create private keys and corresponding public address.

• Mnemonic code words make it easier for users to back up wallets as they are easy
to read and correctly transcribe, as compared to a random sequence of numbers.
• Mnemonic codes are defined in Bitcoin Improvement Proposal 39 (BIP0039). It is a
standard that proposed utilizing a mnemonic phrase - a group of easy to remember
words.
 BIP0039 Standard
• BIP0039 standard consists of two main parts:
1. How to generate the mnemonic.
2. How to transform the generated mnemonic into a
binary seed.
1. Generating a mnemonic:
• Creation of a mnemonic code and seed:
– Create a random sequence of 128 to 256 bits.
– Create a checksum of the random sequence by
taking the first few bits of its SHA256 hash.
– Add checksum to the end of random sequence.
– Divide sequence into 12 sections of 11 bits, use
them to index a dictionary of 2048 (211)
predefined words.
– Produce 12 to 24 words representing the
mnemonic code.
Mnemonic codes
• Mnemonic codes: entropy and word length

Entropy (bits) Checksum (bits) Entropy+checksum Word length

128 4 132 12
160 5 165 15
192 6 198 18
224 7 231 21
256 8 264 24
 BIP0039 Standard
2. Seed generation from mnemonics:
• The seed is created by using the key
generation function PBKDF2 algorithm from
the mnemonics.
• PBKDF2 stands for Password-Based Key
Derivation Function 2 and uses a
pseudorandom function, HMAC (hash-
based message authentication code).

• PBKDF2 requires two parameters:

– a mnemonic and a salt. The purpose of salt
(passphrase) is to make cracking more
difficult, as an additional security factor to
protect the seeds.
• “PBKDF2 is part of RSA Laboratories'
Public-Key Cryptography Standards
(PKCS) series.
Types of Deterministic Wallet
• Different types of deterministic wallet are

• Hierarchical deterministic (HD) wallets,

• Multi-signature wallets or
• Shamir’s Secret Sharing (SSS) deterministic wallets
 Hierarchical Deterministic Wallets (BIP0032)
• The most advanced form of
deterministic wallets is the
Hierarchical Deterministic (HD)
wallet defined by the BIP0032
standard.
• HD wallets allow you to create
multiple private and public keys from
the same seed.
• Hierarchical deterministic wallets
contain keys derived in a tree
structure, such that a parent key can
derive a sequence of children keys,
each of which can derive a
sequence of grandchildren keys, and
so on, to an infinite depth.
HD wallet creation from a seed
• The root seed is input into the HMAC-SHA512 algorithm and the resulting hash is used to
create a master private key (m) and a master chain code.
• The master private key (m) then generates a corresponding master public key (M), using the
normal elliptic curve multiplication process m * G.
• The chain code is used to introduce entropy in the function that creates child keys from
parent keys.
Extending Parent to Child key
HD wallet key identifier (path)
• Keys in an HD wallet are identified using a “path” naming convention, with each
level of the tree separated by a slash (/) character.
• Private keys derived from the master private key start with “m”.
• Public keys derived from the master public key start with “M”. Therefore, the first
child private key of the master private key is m/0.
• The first child public key is M/0.
• The second grandchild of the first child is m/0/1, and so on.
HD path Key described
m/0 The first (0) child private key from the master private key (m)
m/0/0 The first grandchild private key of the first child (m/0)
m/1/0 The first grandchild private key of the second child (m/1)
The first great-great-grandchild public key of the first great-grandchild of the 18th
M/23/17/0/0
grandchild of the 24th child
Advantages of HD Wallet
• HD wallets offer two major advantages over random (nondeterministic) keys
1. The tree structure can be used to express additional organizational meaning, such as,
branches of keys can also be used in a corporate setting, allocating different branches
to departments, subsidiaries, specific functions, or accounting categories.
2. The second advantage of HD wallets is that users can create a sequence of public keys
without having access to the corresponding private keys. This allows HD wallets to be
used on an insecure server or in a receive-only capacity, issuing a different public key
for each transaction. The public keys do not need to be preloaded or derived in
advance, yet the server doesn’t have the private keys that can spend the funds.
Advanced Keys and Addresses
Advance form of keys and addresses:
• Encrypted private keys,
• script and multisignature addresses,
• vanity addresses, and
Encrypted Private Keys (BIP0038)
• Private keys must remain secret
• Keeping the private key private is much harder when you need to store backups of the private key to
avoid losing it.
• A private key stored in a wallet that is encrypted by a password might be secure, but that wallet needs
to be backed up.
• At times, users need to move keys from one wallet to another—to upgrade or replace the wallet
software, for example.
• Private key backups might also be stored on paper or on external storage media, such as a USB flash
drive.

• Bitcoin Improvement Proposal 38 or BIP0038 is a portable and convenient standard

for encrypting private keys.
• A BIP0038 encryption scheme takes as input a bitcoin private key and encodes
private key in the Wallet Import Format (WIF), as a Base58Check string with a prefix
of “5”.
• It also takes a passphrase a long password to save the key as encrypted key
Encrypted Private Keys (BIP0038)
• BIP0038 encrypted private keys is incredibly secure and a great way to create
offline bitcoin storage (also known as “cold storage”).
• The result of the BIP0038 encryption scheme is a Base58Check-encoded encrypted
private key that begins with the prefix 6P.

Private Key (WIF) 5J3mBbAH58CpQ3Y5RNJpUKPE62SQ5tfcvU2JpbnkeyhfsYB1Jcn

Passphrase MyTestPassphrase
6PRTHL6mWa48xSopbU1cKrVjpKbBZxcLRRCdctLJ3z5yxE87MobKoX
Encrypted Key (BIP0038)
dTsJ
Pay-to-Script Hash (P2SH) and Multi-Sig Addresses
• traditional bitcoin addresses begin with the number “1” and are derived from the public key,
which is derived from the private key.
• Although anyone can send bitcoin to a “1” address, that bitcoin can only be spent by
presenting the private key signature and public key hash.

• Bitcoin addresses that begin with the number “3” are pay-to-script hash (P2SH) addresses,
sometimes called as multi-signature or multi-sig addresses.
• They designate the beneficiary of a bitcoin transaction as the hash of a script, instead of the
owner of a public key.
• It was introduced by Bitcoin Improvement Proposal 16, or BIP0016 and is being widely
adopted because it provides the opportunity to add functionality to the address itself.
• Unlike transactions that “send” funds to traditional “1” bitcoin addresses, also known as pay-
to-public-key-hash (P2PKH), funds sent to “3” addresses require something more than the
presentation of one public key hash and one private key signature as proof of ownership.
• The requirements are designated at the time the address is created, within the script, and all
inputs to this address will be burdened with the same requirements.
Multi-signature addresses and P2SH
• A pay-to-script hash address is created from a transaction script, which defines who can
spend a transaction output.
• Encoding a pay-to-script hash address involves using the same double-hash function as
used during creation of a bitcoin address, only applied on the script instead of the public key:

script hash = RIPEMD160(SHA256(script))

• The most common implementation of the P2SH function is the multi-signature address script.
• Here, the underlying script requires more than one signature to prove ownership and
therefore spend funds.

• The bitcoin multi-signature feature is designed to require M signatures (also known as the
“threshold”) from a total of N keys, known as an M-of-N multi-sig, where M is equal to or less
than N.
Multi-signature addresses Example
• For example, Bob the coffee shop owner could use a multi-signature address
requiring 1-of-2 signatures from a key belonging to him and a key belonging to his
spouse, ensuring either of them could sign to spend a transaction output locked to
this address.

• This would be similar to a “joint account” as implemented in traditional banking

where either spouse can spend with a single signature.

• The web designer paid by Bob to create a website, might have a 2-of-3 multi-
signature address for his business that ensures that no funds can be spent unless at
least two of the business partners sign a transaction.
Vanity Addresses
• Vanity addresses are valid bitcoin addresses that contain human-readable
messages.
• For example, 1LoveBPzzD72PUXLzCkYAtGFYmK5vYNR33 is a valid address that
contains the letters forming the word “Love” as the first four Base-58 letters.
• Vanity addresses require generating and testing billions of candidate private keys,
until one derives a bitcoin address with the desired pattern.
• Although there are some optimizations in the vanity generation algorithm, the
process essentially involves picking a private key at random, deriving the public key,
deriving the bitcoin address, and checking to see if it matches the desired vanity
pattern, repeating billions of times until a match is found.
• Once a vanity address matching the desired pattern is found, the private key from
which it was derived can be used by the owner to spend bitcoins in exactly the same
way as any other address.
Vanity address security
• Vanity addresses are no less or more secure than any other address.
• They depend on the same Elliptic Curve Cryptography (ECC) and Secure Hash
Algorithm (SHA) as any other address.
• You can not easily find the private key of an address starting with a vanity pattern
than you can any other address.

• Vanity addresses can be used to enhance and to defeat security measures.

• Used to improve security, a distinctive address makes it harder for adversaries to
substitute their own address and fool your customers into paying them instead of
you.
• Unfortunately, vanity addresses also make it possible for anyone to create an
address that resembles any random address, or even another vanity address,
thereby fooling your customers.
Thank You