Bitcoin is a “bearer instrument” and, as such, it can only be spent by using private (secret) keys; if they are lost or stolen, there is no way to recover the associated Bitcoins. Safe management of the private keys is therefore of paramount importance for Bitcoin holders, but such activity requires sophisticated technical skills and domain knowledge.
Private keys are usually stored in “wallets”; however, “hot” (online, internet connected) wallets can be hacked, “cold” (offline, internet disconnected) wallets can be lost or stolen, and the PINs/passwords needed to gain access to wallets can simply be forgotten.
Consequently, individuals may be uncomfortable dealing with their Bitcoin holdings; even more if they consider issues such as inheritance (how to ensure that children will inherit Bitcoin without having to share private keys with them) and personal safety (how to avoid violence and coercion aimed at stealing Bitcoin). Institutions too, they have the above security issues; moreover, they are often required by law and/or internal regulation to entrust the management of Bitcoin holdings to a specialized service provider. That’s why there are companies offering professional Bitcoin custody services.
This is why CheckSig has decided to undertake a totally different approach designing its transparent open protocol for Bitcoin custody. The protocol includes patent-pending inventions, pledged to the Crypto Open Patent Alliance.
Our guiding principles:
There are four main events happening in our custody process: deposit, withdrawal, proof-of-reserves, and disaster recovery. Before describing them in detail, it is important to know that three main parties are involved:
Furthermore, CheckSig custody process uses two layers/wallets:
Both wallets are comprised of professional-grade hardware security module (HSM) devices, provided by leading manufacturers: currently, Ledger (the most reputable specialized vendor) and CryptoAdvance/Specter (the most technically advanced one).
HSM devices are used to provide the digital signatures required for a Bitcoin transaction. A HSM device contains a secure element that perform the signatures using the secret keys without exposing them outside its own boundaries, so preventing the stealing of the keys even if the device is used in an unsecure or compromised environment.
In essence, deposit is very straightforward: the Client moves Bitcoins to an “address” belonging to the Frozen Wallet and notified to the Client by CheckSig.
The withdrawal process cannot be performed by CheckSig without involving the Federation, to reduce the risk of internal CheckSig wrongdoings. At the same time, the Federation cannot initiate a withdrawal process, only CheckSig can.
The withdrawal consists of two distinct Bitcoin transactions:
At this stage, Bitcoin can only be moved to a previously approved list of addresses: it is technically impossible to move them to any other arbitrary address and this prevents any chance of Federation agents stealing Bitcoins away from the CheckSig custody.
2. Bitcoins are moved from the Cold Wallet to the Client(s). This second “withdraw and/or redeposit” transaction requires the digital signatures of two out of three (2-of-3) CheckSig custodian agents, each signature involving a distinct HSM device held in a different safety box in a different bank in a different city. It is with this second transaction that Bitcoins are effectively withdrawn from CheckSig and returned to the Client. Furthermore, the withdraw transaction can only be performed with a four days (more precisely 4*144=576 blocks) “fixed time delay” after the previous unlock transaction has been confirmed by the Bitcoin network; this is to allow for security checks (see “4. Disaster Recovery” later on): in the case of any problem, Bitcoins can be redeposited back to the Frozen Wallet.
The act of spending from the Frozen or Cold Wallet reveals the (pre-image of the P2WSH) locking script that protects the Bitcoins under custody. Since these transactions happens at least monthly, the scripts protecting the Bitcoins under custody are public on the blockchain, making CheckSig custody really transparent: everything documented here can be independently verified, avoiding any kind of security-by-obscurity (see also “4. Disaster Recovery” later on).
Differently from all other custodians that have access to all the assets all the time, CheckSig has direct access to Bitcoins only during the withdrawal process and only for the amounts being withdrawn. This being the only residual attack surface of the custody process, the withdrawal is covered by insurance guarantees.
On a periodic (at least monthly) basis, an “unlock and/or redeposit” transaction is confirmed by the Bitcoin network, publicly documented on the blockchain and published on the CheckSig website. The Bitcoins that are not unlocked to satisfy withdrawal requests are redeposited from the Frozen Wallet back to the Frozen Wallet itself. This is the “proof-of-reserves” provided periodically to clients and auditors as evidence of the amount under custody and, crucially, to prove that CheckSig has not lost control of the Bitcoins held in the Frozen Wallet.
A disaster recovery procedure is activated when:
More specifically, there are two different kind of disaster recovery transactions.
OP_PUSHNUM_3 <F1> <F2> <F3> <F4> <F5> <F6> OP_PUSHNUM_6 OP_CHECKMULTISIG
5184 OP_CSV OP_DROP OP_PUSHNUM_2 <F-R1> <F-R2> <F-R3> OP_PUSHNUM_3 OP_CHECKMULTISIG
576 OP_CSV OP_DROP OP_PUSHNUM_2 <C1> <C2> <C3> OP_PUSHNUM_3 OP_CHECKMULTISIG
OP_PUSHNUM_2 <C-R1> <C-R2> <C-R3> OP_PUSHNUM_3 OP_CHECKMULTISIG