As some of you may already know, my name is Bryan Bishop. Some of you know me from the community of Bitcoin Core contributors, but I am also the digital assets bitcoin expert at LedgerX. I would like to offer some current perspective on methods for the storage and custody of bitcoin and other digital assets. The perspective from LedgerX can be somewhat unique because while we’re a company operating in the nascent field of digital assets, we’re also a company that is heavily regulated by the U.S. federal government. LedgerX operates regulated market infrastructure– this includes an exchange and also a clearinghouse for fully-collateralized, physically-settled bitcoin swaps and options.

One of the roles of a clearinghouse is to eliminate counterparty risk in markets by providing a central counterparty interfacing with market participants. The central counterparty takes custody of collateral to eliminate the effects of any individual participant’s counterparty risk. This in turn promotes stability for the world financial system. Taking custody of collateral for market participants is a serious task that requires a deep understanding of security and storage, particularly because in the world of bitcoin and digital assets there’s nobody to call when mistakes are made and nobody can reverse a transaction on the bitcoin network. When it’s time to settle up, the assets absolutely must be available to the clearinghouse.

By working through the problem details ourselves, hand-in-hand with our regulators, we were able to find solutions that have desirable security properties while also satisfying regulatory requirements. Where does this leave everyone else in the industry on the topic of storage? I am going to roughly outline what storage looks like for individuals personally interested in bitcoin. After that, I’ll provide some color on what LedgerX does for bitcoin storage, and I’ll wrap up with some thoughts on industry storage risks and what the future of bitcoin custody might look like for institutions.

Basically, I’ll show why institutional bitcoin is most likely going to end up on LedgerX for long-term storage during open positions. Most brokers or FCMs that store bitcoin will do so only temporarily if they are withdrawing for a client or some other operation. Even between exchanges, it makes sense to store bitcoin at a central location, as the trades are going to be clearing at the same clearinghouse in the end anyway.

Disclaimer: Always get your own security expertise in bitcoin storage to look at the details of your particular situation.

General details about bitcoin and its storage
Bitcoin is not like a bank account. The mindset to securely store bitcoin is different, called “adversarial thinking”. There are many different rabbit holes to investigate, depending on the level of security risk exposure each person wants for themselves. While coins on the blockchain will still be there permanently no matter what, the ability to access those coins goes away if a thief spends the coins before the original owners get a chance to spend. The bitcoin system only distinguishes between valid spends and invalid spends based on public key cryptography. There’s nobody to call when coins get stolen by a thief or the private keys are lost. The task of bitcoin storage, then, is securing the private key, which must be kept secret with the highest confidentiality, confidence and security.

One of the interesting features of bitcoin is that to send money you only need to know a public key (pubkey), scriptpubkey, or bitcoin address. This allows users to safely store their secret private key offline, and have a list of public values which they can store with less security precautions.

Each bitcoin address or “scriptpubkey” is actually a smart contract. It’s code or programming which instructs the blockchain how to check whether a transaction is considered authorized. The simplest program in widest circulation is pay-to-pubkeyhash (P2PKH) which authorizes a private key to sign a message and spend the coins. However, there are other popular programs in use, such as bip16 pay-to-scripthash (P2SH) multisignature contracts. In multisig contracts, multiple private keys must sign and publish a signature to authorize the spend of the coins. Using this technique it is possible to establish escrow and other services. Multisignature escrow alone is not enough to build a clearinghouse because one of the two counterparties might refuse to provide a signature in the event that they were on the losing side of a trade.

Testing is very important, and generally all storage schemes should be tested with a small amount of money before moving larger amounts. The bitcoin network has a “mirror universe” called testnet. On testnet, coins are intentionally valued at zero to make testing less costly. To try out a new wallet, always try it on testnet first. It’s just a rule, a best practice that should be followed and only violated with great caution. The same goes with new transaction techniques– try on testnet first, and then move on to mainnet later. After confirming that procedures work on testnet, it’s time for an initial test on mainnet with a small quantity of coins. Once an initial test on mainnet is also confirmed to work, then it is time to move on to the actual transaction. Getting these steps wrong can lead to a loss of money.

Do not rely on smart contracts without extensive testing and formal verification (perhaps using Coq or other theorem provers). The general rule should always be to keep things simple. bip16 p2sh multisig and other bespoke standardized scripts are always going to be a better idea than custom engineering a new smart contract. Use standards that have been extensively vetted by professionals. Always ask questions such as: who has reviewed this smart contract? Has it been formally verified? How much production usage has it seen? How much money is at stake using its security precautions? Is it likely that someone has already tried to steal the money and failed, so it can be considered reasonably secure, or might such a thief still be waiting for larger amounts to be stored using the vulnerable technique? It may simply be that a thief knows about a vulnerability and is waiting for more money to use the vulnerable storage technique, and then the thief will later sweep money and make your fortune his own.

Specific bitcoin storage strategies
Early on, and ever since, the default way that bitcoin has been stored was based on a “wallet.dat” file generated by the bitcoin software. This is a file that stays on the user’s hard drive. The user is then responsible for backing up the file after every change to the file, and periodically backing up the file for good measure anyway. However, the file must be kept secure and it’s not generally recommended to keep a valuable “wallet.dat” on shared hosting for example.

Over time, bitcoin users have moved on to using “hardware wallets” which are personal electronic devices that store the private keys. In most cases, using a hardware wallet with appropriate physical security and software security precautions can be a sufficient bitcoin storage strategy.

In many cases, bitcoin users run offline computers. They bring the transaction plan that they want to authorize to the offline computer, then they validate that the transaction makes sense and is still what they want to do, and the signature is produced on the offline computer. This can involve airgaps and other countermeasures to prevent infiltration or misinformation from entering the process. Validation of the transaction still needs to be confirmed with a machine that as an accurate, updated version of the current blockchain tip.

One of the most common ways to store bitcoin is to write down the secret private key or secret passphrase and store this in a locked vault or safety box. Some schemes involve the splitting of the secret into multiple fragments, and then storing each fragment in different bank safety deposit boxes at different institutions across the country.

Typically bitcoin should not be stored on a web wallet because these companies frequently go out of business or experience “hacks”. The cost of good security work can be rather high, and so it is important to verify that a company has invested appropriately into their ongoing security obligations.

Some details about digital asset storage at LedgerX
LedgerX uses hardware security modules (HSMs) to store bitcoin. A quorum of authorized LedgerX employees must be available in person to begin and follow through with the signing ceremony.

It’s important to be careful to avoid unnecessary “security theater”. Mixing and matching protocols doesn’t work. Instead, these procedures need to be designed from the ground up with security in mind each step of the way. The design of the LedgerX signing ceremony was somewhat guided by the public documentation around the DNSSEC signing ceremony. It’s one of the most thoroughly documented ceremonies available in public. There are other signing ceremonies that have been proposed in the bitcoin community, such as Glacier protocol, however the details must always be carefully analyzed to determine whether the steps are fit to a specific purpose.

Future of bitcoin custody
The future of the bitcoin markets industry might look very different than the one from years long past. Unlike other commodity markets, it may not make sense for FCMs to take possession of bitcoin collateral. Instead, it could be passed through to the central counterparty using the clearinghouse’s existing storage system. The way that I could see this developing is that a broker would integrate and do pass-through bitcoin deposits before entering into positions on the exchange. Similarly, other bitcoin companies could remove their bitcoin storage risks and isolate their own bankruptcy from access to customer funds by offloading to a regulated financial institution that is subject to different laws.

There are still questions in the global financial community regarding the role and suitability of central counterparties. However, central counterparties are here to stay particularly for trading against the U.S dollar. There’s simply no better way to trade against a “non-digital” asset, since the trade of dollars is mostly based on regulation and law or legal vehicles.

However, there are other ways to devise trades using bitcoin technology especially for “digital native”. For example, the cross-chain atomic swap is a popular technique where the swap only proceeds if both signatures for both transactions on the two different chains have been provided by both counterparties. This does not require arbitration by a third-party, and it works today using already-existing technology. The cross-chain atomic swap can also be given timeouts and expirations using the bitcoin transaction features called nLockTime and nSequence.

Furthermore, discreet log contracts (invented by Tadge Dryja) could be used to facilitate derivatives and other contracts on blockchains without using a clearinghouse for custody of the underlying assets. Instead, participants would meet each other and negotiate either through centralized services or in a more byzantine way on their own and hope they get the best price without the benefit of an aggregated market. This provides an interesting path forward for one part of the trading problem, and for the intersection of trades that happen against the U.S. dollar it’s clear that a clearinghouse is necessary.

Please be sure to store your bitcoin responsibly and safely.

Bryan Bishop (kanzure)