Security comes from evolution, not revolution

The O'Reilly Radar Podcast: Mike Belshe on making bitcoin secure and easy enough for the mainstream.


Editor’s note: you can subscribe to the O’Reilly Radar Podcast through iTunes, SoundCloud, or directly through our podcast’s RSS feed.

In this week’s O’Reilly Radar Podcast episode, I caught up with Mike Belshe, CTO and co-founder of BitGo, a company that has developed a multi-signature wallet that works with bitcoin. Belshe talks about about the security issues addressed by multi-signature wallets, how the technology works, and the challenges in bringing cryptocurrencies mainstream. We also talk about his journey into the bitcoin world, and he chimes in on what money will look like in the future. Belshe will address the topics of security and multi-signature technology at our upcoming Bitcoin & the Blockchain Radar Summit on January 27, 2015, in San Francisco — for more on the program and registration information, visit our Bitcoin & the Blockchain website.

Multi-signature technology is exactly what it sounds like: instead of authorizing bitcoin transactions with a single signature and a single key (the traditional method), it requires multiple signatures and/or multiple machines — and any combination thereof. The concept initially was developed as a solution for malware. Belshe explains:

“I’m fully convinced that the folks who have been writing various types of malware that steal fairly trivial identity information — logins and passwords that they sell super cheap — they are retooling their viruses, their scanners, their key loggers for bitcoin. We’ve seen evidence of that over the last 12 months, for sure. Without multi-signature, if you do a bitcoin transaction on a machine that’s got any of this bad stuff on it, you’re pretty much toast. Multi-signature was my hope to fix that. What we do is make one signature happen on the server machine, one signature happen on the client machine, your home machine. That way the attacker has to actually compromise two totally different systems in order to steal your bitcoin. That’s what multi-signature is about.”

The security issues of course are never ending — as Belshe puts it, “security is an evolution not a revolution-solved problem.” He admits it’s all still too difficult for the mass consumer:

“As the values go up, you keep putting in more and more layers to protect it. Bitcoin, as an early technology, still has a lot of growing up to do in order to make this technology easy enough for folks to use. Even though we have the mathematics, I think, in very good shape to handle all this work, humans are not very good keepers of secrets. We started out with passwords that we used to think were secure — to have your spouse’s name and then 1, 2, 3 after it. We’ve evolved since then.

“As it turns out with keys, we still don’t really know how manage these. Where do you put them? Where do you store them? Even though there’s multiple keys required and multiple people required, now what you’re doing is you’re just moving the problem up so that somebody who wants to attack you is going to have to gather credentials from a set of people or a set of organizations and pull it all together. There’s always more to do here. It’s not easy enough to use. It’s way too hard. … We now need to move into the security problem of how people use that tech.”

Looking at money and financial transactions 10 or 15 years out, Belshe sees a sure trajectory toward digitization:

“For certain, we’re going to have bitcoin being a backbone of currency to other systems. It is just faster and cheaper, and it’s under your own control. It is an international, global economy today. We’re still evolving; in the past, each nation had its own little economy; then, moving money out of any particular nation is very difficult. Companies that are worldwide already can definitely benefit from being able to transfer that value all around the globe in nanoseconds. I think that will definitely be part of what we see.

“The second potential home run for bitcoin will be if we’re able to actually get all the way down to consumers. Ten or 15 years out, we’ll have broadened our horizons enough that I think there’s a chance. I think we’ll start to see dedicated devices that we carry on our bodies. Maybe it will be built into our computer ware that we’ve got in our eye glasses, on our watches, whatnot, where we can actually keep pieces of our keys in each of these devices, and you have to pull multiple things together. It will still be multi-signature, I’m absolutely certain of that.”

As to whether or not the currency will be bitcoin, Belshe isn’t sure, but he hasn’t yet seen a new crytpocurrency that’s valuable in way that bitcoin isn’t. “I do think that eventually there will be an alternative coin that will have some sort of value — maybe it will be better privacy, maybe it will be better scalability, maybe it will be a little faster. … Until then, I have yet to see an alternate currency that makes much sense.”

Subscribe to the O’Reilly Radar Podcast

iTunes, SoundCloud, RSS

You can listen to the podcast in the player embedded above or download it through SoundCloud or iTunes.

Cropped image on article and category pages by Steven Tom on Flickr, used under a Creative Commons license.

tags: , , , , , , ,