UNDERSTANDING THE DIFFERENT TYPES OF BITCOIN WALLETS
In Chapter 2 we recommended using the Bitcoin wallet program Electrum, which is free and open source, runs on most devices, and is ideal for beginners. However, hundreds of other Bitcoin wallet programs are available, ranging from simple to sophisticated, and new ones are being released constantly as developers compete to add new features and slicker interfaces. But beneath the slicker interfaces and occasionally gimmicky features, some fundamental differences between Bitcoin wallet programs exist. The goal of this chapter is to help you understand those differences so you can make an informed choice about the most useful Bitcoin wallet for your needs.
In this chapter, we'll occasionally use the terms Bitcoin wallet or just wallet to mean Bitcoin wallet program, despite the fact that a Bitcoin wallet normally refers to just a list of addresses and private keys.
Wallet Software Design Fundamentals
At a minimum, a Bitcoin wallet program needs to let a user send and receive bitcoins, as well as keep track of how many bitcoins are available to spend. In other words, a Bitcoin wallet program must be able to (1) create and broadcast transactions to the Bitcoin network, (2) generate new Bitcoin addresses, and (3) scan the blockchain to detect whether you've received any bitcoins at those addresses. The major differences between different wallet designs primarily involve these three functions and how they are implemented. The design choices that support these differences are as follows:
1. Offline vs. online transaction signing
2. Random vs. deterministic key generation (versus single key generation)
3. Full vs. simplified payment verification
These design choices have significant consequences for the computational resources required, the security of the stored bitcoins, and even the nature and effectiveness of backups. There are no right choices. Some users are better off using a wallet that requires only a single device and the least amount of computational power, whereas a large enterprise might prefer software that emphasizes security. In the following sections, we explain each design choice in detail so you can make an informed choice.
Offline vs. Online Transaction Signing
Bitcoin wallet programs need private keys in order to sign transactions before they can be broadcast to the Bitcoin network. In the simplest design, these private keys are found in the user's Bitcoin wallet, which is stored locally on the user's device in a wallet.dat file. This is the way the first Bitcoin wallet program, Bitcoin-Qt, worked. However, this design is vulnerable to attackers, who could attempt to remotely access the device over the Internet, copy the wallet file, and try to extract the private keys. A more secure design involves splitting the Bitcoin wallet and the software that manages it into two components: one with the private keys and the other without. The component with the private keys is usually stored in a highly secure location and is used for transaction signing. The component without the private keys can be stored anywhere, possibly in many locations at once, and is called a watch-only wallet.
As the name implies, you cannot directly spend money stored in a watch-only wallet. Instead, if you want to make a purchase, you would need to take an extra step to sign your transactions with the private keys. This second step is usually done via a second computer that isn't connected to the Internet (to prevent hacking attacks) and is used solely to store private keys and sign transactions with them as needed. This security technique, called offline transaction signing, was discussed to some extent in Chapter 3 as a strategy for securely storing large amounts of bitcoins, but it offers other benefits as well.
Watch-only wallets are particularly useful for point-of-sale terminals (i.e., cash registers) where the cashier needs to receive bitcoins from a customer but never needs to (and may not be authorized to) spend them. Importantly, because watch-only wallets do not store any private keys, if a point-of-sale terminal was stolen, the bitcoins it contained would remain secure. In addition, watch-only wallets can be safely installed on mobile phones or run from low-security web servers (requiring only a simple username and login for access) to allow users to monitor their funds without the risk of the wrong person gaining access to them.
Many Bitcoin wallet programs can be run in one of two modes: a full mode (where a single wallet program and computer are used for all steps) or a watch-only mode. If a wallet program advertises a watch-only mode, it typically implies that the same software can also be used for offline transaction signing. Hybrid wallets are also available in which some of the Bitcoin addresses are watch-only, whereas other addresses have their private keys stored on the online device. As a result, the same device can be used for spending from a low-security checking account and for monitoring a more secure savings account.
Depending on how new Bitcoin addresses are generated, watch-only wallets may or may not have to be synchronized with their offline component. Typically, a new Bitcoin address must be generated on the offline computer and then imported into the watch-only wallet (without importing the corresponding private key). However, with deterministic key generation (described in the next section), watch-only wallets can generate new Bitcoin addresses on their own without knowing the private keys that correspond to them.
Deterministic key generation is very useful for point-of-sale terminals, because they won't run out of deposit addresses in situations that involve numerous customers.