Holding Bitcoin — the Basics

Custody May 21, 2020

In this document, we present a primer on some of the fundamentals behind Bitcoin. We will only cover the basics involved in holding and spending, and introduce these in one place so they may act as a useful guide should such a prerequisite be useful elsewhere.

We will focus on simplicity over accuracy if it helps get the point across, which means for those more knowledgeable that we’ll skip over the UTXO model, and only speak in terms of:

  • Addresses
  • The right to spend Bitcoin from some address

Signing Authority

We use the term signing authority to refer to a situation in which some entity has the right to spend bitcoins from some address. If so, that entity has signing authority over the address. You can think of it as that entity having the right to sign off on Bitcoin movements away from the address. That entity is also said to hold all the bitcoins that were ever sent to that address. The entity typically has signing authority over many addresses, and they hold as many bitcoins as have been sent to all of the addresses over which they maintain signing authority.

It should be noted that when we refer to signing authority in this way, we mean it only in the strict technical sense. An entity maintaining signing authority may not have the legal authority to spend. Further dissection of some of these differences, as well as Knox’s view on how to implement a trust-minimized service and the importance of insurance can be found in our first discussion on insurance.

Conventions & Helpful Aides

To make everything clearer, for the rest of the article, any time an important term appears, especially one that will appear in multiple diagrams, we will italicize it and use the same form in the article. For example Public-Key, Private-Key, Address.

Many of the below examples will involve basic transformations of information from one form to another. As a common mental model, we will call these computer programs. If you prefer, you can think of them as functions or simple input-output machines. In any case, they will always be shown graphically like in the below example:

Keys & Addresses

An entity has the right to sign off on Bitcoin movements away from an address by proving to the Bitcoin network that they know a secret number. We call this a private key, so termed because it must be kept private to be of practical use. The relation is as follows:

What does Private-Key look like? You can think of it as nothing but a large number. Given some Private-Key, it is easy to derive a corresponding Public-Key. What does the Public-Key look like? You can also think of it as nothing but a number.

Importantly, given some Private-Key, you can always use it to get the corresponding Public-Key. The Public-Key will always be the same given the same Private-Key. However, it is impossible to go backwards. If you prefer, you can think of it as: There exists a computer program called Get-Public-From-Private, which can be fed one input, a Private-Key, and always outputs the same Public-Key.

There exists no program Get-Private-From-Public, and indeed a practical one is impossible to write.

Signing

Suppose that there exist two special computer programs called Sign and Verify.

Sign works by taking some Private-Key, and any Message you can throw at it, and outputs a Signed-Message. We’ll use the Signed-Message output in a moment.

Given a signed message like that above, we can use the other special computer program called Verify. Feeding it the Signed-Message, and the Public-Key, the program will tell you if Signed-Message was signed using the same Private-Key from which Public-Key is derived. Amazingly, this works without revealing that corresponding Private-Key.

Spending

Now, suppose Address above had previously been sent 5 bitcoins, and the holder of those bitcoins wished to send them to another address, Pay-Address.

We can imagine a particular Message being produced that asks the network: Take the 5 bitcoins from Address and move them to Pay-Address.

Of course, anyone could produce such a message, so the network needs some proof that the request is legitimate. It demands proof that the sender of the Message seeking a spend actually maintains signing authority over the particular Address. This requires proving that they actually know the associated Private-Key. Of course, Private-Key can’t be revealed otherwise everyone who witnessed it would gain signing authority over Address.

But of course, we can turn to the programs we defined above, Sign and Verify. Behind closed doors, the entity that knows the Private-Key used to derive Address can use it to produce a signed message of the above:

The participants in the network will see the Signed-Message, and can use Verify to convince themselves that the movement is legitimate, and from then on know that Pay-Address holds the 5 bitcoins. If the entity that maintains signing authority over Pay-Address then wants to send them to another address, they can use Sign to produce a similar Signed-Message.

In reality, the kinds of Signed-Messages that are signed in order to move funds on the Bitcoin network do not look much like the movement requests above, but ultimately it is important to understand the relation between Private-Key, its corresponding Public-Key, and the ability for perfect signing and verification to occur without a Private-Key ever being exposed.

Multisignature Holding

Up until now, we showed the relationship between a Private-Key, and its corresponding Address. In fact, in Bitcoin it is possible to produce an individual Address derived from a set of completely independent Private-Keys. The great thing about this arrangement, and one of the reasons we make such heavy use of it at Knox, is that the address is derived from the set of Public-Keys corresponding to the set of Private-Keys. This means that a completely distinct set of entities can independently create each Private-Key without ever having to reveal anything to the others. In this way, signing authority is achieved by a quorum of independent Private-Keys. As you can imagine, this goes a long way in taming risk.

The above depicts 4 distinct private keys, (Private-Key-1, Private-Key-2, Private-Key-3, Private-Key-4) each of which may be completely independently generated, coming together to produce 4 public keys (Public-Key-1, Public-Key-2, Public-Key-3, Public-Key-4) from which a single Address is derived. When the Address is derived, we can specify the number of signatures that need to appear to achieve quorum.

For example, in the case that it is 3 out of 4 keys, we refer to the Address above as a 3-of-4 multisignature address. In this case, at least 3 signatures like those we saw earlier need to be produced before anything can be moved from Address. As an example, Private-Key-1, Private-Key-2, and Private-Key-4 can together reach quorum. Conveniently, not only can the keys be created independently, they can be used completely independently of each other, and never even need to be found in the same place. Suppose for example that Private-Key-1 were created in Paris and used in Montreal, Private-Key-2 were created in Calgary and used in Toronto, and Private-Key-4 were created in Vancouver and used in Montreal.

We hope that with the help of this document you have come to better understand some of the intricacies involved in holding and spending Bitcoin. If you came to this document to learn these basics in order to understand other content, we trust you will be better armed, and can come back to this document regularly should you need to refresh your knowledge.

Alex Daskalov

Recommended for you

No results for your search, please try with something else.

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.