2. How to store bitcoins


Different ways to store bitcoins

Introduction

One of the first questions everybody asks is how to store bitcoins and keep them safe. This is not a trivial question, and the purpose of this article is to explain what it means to own bitcoins, and explain different methods for storing them safely. While I will go through important concepts and many different ways of storing bitcoins, I will also give you a simple recipe in the end of the article for storing your bitcoins safely without having to research all the alternatives.

What does it mean to own bitcoins?

A bitcoin wallet in its most basic form is two cryptographic keys (one private and one public key) that are mathematically linked together through public-key cryptography using the Elliptic Curve Digital Signature Algorithm. The private key is needed to spend bitcoins, i.e. authorize the transfer of the bitcoins the key controls. The public key or rather what is known as the bitcoin address is what you have to give out to someone that wants to send bitcoins to you. The bitcoin address is deterministically derived from the public key, which in turn is deterministically derived from the private key. You can read more about private keys in this excellent article and on this wiki page. The technical explanation of how a bitcoin address is derived from a public key can be found here

Owning bitcoins simply means that you alone have control of a secret private key which is linked to a certain amount of bitcoins (or to be technical: Unspent Transaction Outputs, UTXOs) in the decentralized public ledger called the blockchain. For someone to be able to send you bitcoins, you need to let them know that a specific bitcoin address belongs to you, meaning that you control the private key to that address and are able to spend the bitcoins you receive to that address. Anyone who wants to send you bitcoins needs to know at least one bitcoin address that is yours, but anyone who knows that a specific bitcoin address belongs to you can also easily look up all the transactions that have been done involving that specific address in the public blockchain, using a blockchain explorer such as e.g. www.blockstream.info. For this reason, the best practices to preserve your financial privacy is to always use a new bitcoin address for each transaction. Bitcoin wallet software for smartphones and computers handles this automatically today, so you don’t have to think about it, but it is important to know and understand.

Who do you trust?

One of the fundamental questions you have to ask yourself when it comes to storing your bitcoins is if you want to put the trust and responsibility in yourself, or if you want to entrust your private keys to someone else. In the first case, you are the only one in the world with access to your bitcoins, and nobody can take them from you (unless your are careless with your private keys). It also means that if you lose access to your private keys, then the bitcoins associated with those private keys are gone forever, and no one can get them back. In the second case, you decide to entrust your private keys to somebody else, that you for some reason trust more than yourself. This is then no different from the current banking system, where the money you put in the bank is no longer your money, and the bank only owes you the money. As long as the bank is solvent you can get your money out, and if the bank goes out of business you will likely lose the money that you essentially borrowed to the bank. This is the same when trusting a third party with your private keys that holds your bitcoins.

You probably heard of the MtGox crash in the spring of 2014, where a lot of people from all around the world lost bitcoins with a total value of $450 million, at the time, but much more today (~ 850 000 bitcoins). That incident was only possible because people didn’t have control over their bitcoins, and instead entrusted the company MtGox to hold the private keys to their bitcoins. In retrospect that was not a wise decision, and a very expensive lesson for a lot of people. This was also far from the first time this kind of incident happened (only the biggest), and it will not be the last time, since people continue to entrust their money to third parties, even though bitcoin, and decentralized blockchain technology in general, now makes that totally unnecessary and obsolete. There are many available solutions for storing your bitcoins completely under your control which will be described in this article.

Take control of your money

Bitcoin makes it possible for anyone in the world to have complete control over their own money, without having to trust a bank or other third party. With Bitcoin you can easily hold your money and send your money to anyone in the world, and no third party, e.g. a payment processor company, government, or special interest group can stop your transactions or confiscate your accounts.

There are many ways to store the private keys to your bitcoins. You can store a private key in plain text on a piece of paper, you can memorize it in your head, or you can store it on some electronic storage device. You can also encrypt a private key, which means that you also must remember the password, or store the password to decrypt your private key and the encrypted file in separate locations. Storing private keys encrypted is generally more safe provided the encryption used is strong.

Storing your bitcoins safely comes down to managing the private keys to your bitcoins in a safe way so that you are the only one in the world that have access to your private keys, but it is also very important to make sure that the bitcoin wallet software you are using generates truly random keys, which I explain the meaning of further down.

What is a private key?

A bitcoin private key is basically a number between 1 and approximately 10^77 (2^256, or 256 bits), and this number is put through a mathematical function, called the Elliptic Curve Digital Signature Algorithm using the curve parameters secp256k1 to generate the corresponding public key. A bitcoin address in turn is generated from the public key by a sequence of steps involving the SHA-256 hash algorithm. For more technical details, read this blog post.

If you could generate all the possible private keys by running all numbers between 1 and approximately 10^77, you could in theory steal everybody’s bitcoin (keeping in mind that the number of atoms in the observable universe is approximately 10^80). So how feasible is that? Fortunately, 10^77 is a very large number, and to generate, and to try all possible private keys with the bitcoin blockchain would take orders of magnitude longer than the age of the universe. However, in order to have secure private keys, you must generate them in a random process! To emphasize how important that is, here is an example of a very bad private key. The private key generated from the number 1 has the bitcoin address 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm, which you will see if you click on the link has received over 7 bitcoins through over 1300 transactions. This is however hopefully the result of many early Bitcoin developers using 1 as a private key as a simple educational example to understand how Bitcoin and the blockchain functions. Anyone who generates a private key in a non-random way will likely lose the bitcoins they send to that associated address before they can say the word RANDOM! There are many computer programs active all the time that are generating and trying private keys in order to steal bitcoins from people who store bitcoins associated with private keys generated through a non-random process. So it is of crucial importance that you only use randomly generated private keys to keep your bitcoins safe from brute force hackers.

What does private keys and bitcoin addresses look like?

Private keys, public keys, and bitcoin addresses are just very large numbers. In order to make it easy to read and transcribe private keys and bitcoin addresses without introducing errors, they are most commonly represented in a format called Base58Check, as an unambiguous sequence of letters and numbers. Several of the characters serves as a checksum, so that if you misspell a bitcoin address that you want to send bitcoins to, the transaction will be rejected, and you do not need to worry about losing money due to misspellings. There is only a 1 in 4.3 billion chance that you accidentally type a different valid bitcoin address. Uncompressed private keys in the Base58Check format always starts with the number 5, and are 51 characters long (also called Wallet Import Format format, WIF). A bitcoin address starts with the number 1 for normal addresses, and the number 3 for multisignature addresses (or actually pay to script hash addresses). A bitcoin address is usually 34 characters long, but 33 characters is not uncommon, and they can be even shorter if the number the Base58Check formatted string represents has many leading zeros, in which case some characters can be omitted while still being a valid bitcoin address.

Bitcoin private key and address examples

Always use open source software

A bitcoin wallet is simply a set of private and public keys (and bitcoin addresses) handled by a piece of software or stored on some other medium. It is extremely important that you use a good random generator to generate the private keys for your bitcoin wallet. The best way to ensure that is to only use reputable open source software available on GitHub. Anyone with sufficient programming skills can look at the code behind the software to see that the software program does what it is claimed to do, and that there are no backdoors or hidden functions in the code. On GitHub you can also see the history of every change in every single line of code and who contributed those changes, and if you want to, you can propose changes to the code, or copy the code, and build on it in your own direction. All of the software recommended in this article is open source.

It is vital for your security to only use software that is open source for generating all your keys, and for storing and handling your bitcoins on your computer, and on your smartphone.

Now let’s go through some important concepts relating to bitcoin wallets.

Cold storage

If you store your private keys to your bitcoins in a way where they never been on a device connected to the internet, it is called cold storage. This means that you must generate the private keys that you intend to use for cold storage on a device with no access to the internet. For guides on how to do that, follow the links in the paper wallets section further down.

Cold storage is the most secure way to store bitcoins and should be the preferred method for any larger amounts of bitcoins that you want to keep as safe as possible. By holding your bitcoins in cold storage, you transfer the problem of securing your bitcoins from an information security problem to a physical security problem, where the later is much easier and more intuitive to handle.

You can easily send bitcoins to your wallets in cold storage through their bitcoin addresses, but in order to transfer your bitcoins out of cold storage, you have to input the private keys into an internet connected device running bitcoin wallet software. Because of the security risk in exposing private keys to an internet connected device, and the issue with change addresses (explained further down), you should always transfer the entire amount (not just a partial amount) of bitcoins from a private key that has been used for cold storage.

Hot storage

When you store your private keys to your bitcoins on an internet connected device, such as a computer or mobile phone, it is called hot storage. This is a less safe, but also much more convenient way to store bitcoins, since you easily can spend them right away. You should not store a larger portion of your bitcoins in hot storage than you intend to spend in the near future.

Multisignature

Multisignature is a system to require the input of M of N private keys in order to authorize a transaction. The most common variant is to require the input of 2 out of 3 private keys. Multisignature is very useful for securing accounts and for escrow transactions, where e.g. the buyer holds one key, the seller one key and a third party holds one key. If both seller and buyer are satisfied they can just sign with their respective keys and there is no need to involve the third party. If there is a dispute between buyer and seller, the third party can step in to arbitrate and settle the transaction by signing with the third private key, either together with the buyer or the seller, i.e. to resolve the issue in favor of either the buyer or the seller, or a percentage split between them. Multisignature support was implemented in the Bitcoin protocol in the end of 2011 as the first standard Bitcoin Improvement Proposal (BIP 0011). The functionality of multisignature transactions is accomplished through a special transaction type called pay to script hash (P2SH) which gives limited ways of programming transactions, a.k.a. smart contracts. Multisignature transactions is the most common application of P2SH.

HD wallets and word phrase backup

The acronym HD stands for Hierarchical Deterministic, and it is a system that enables all the private keys that you need in your bitcoin wallet to be generated from a single seed master key in a deterministic way. This enables you to backup and restore your bitcoin wallet with all your keys and addresses using only the seed master key. The functionality for this was introduced in the end of 2012 through BIP 0032. HD wallets generate a new key-pair automatically for each new transaction, which is very good from a privacy point of view.

HD wallets use a format of 12-24 words (taken from a list of 2048 words) as a human memorable (mnemonic) backup for the seed, which generates all the keys and addresses you use in your bitcoin wallet. 24 random words from a list of 2048 corresponds to the highest security possible in Bitcoin since 2048^24 is higher than 2^256 (256 bits). But also 12 words giving 2048^12 possible private keys should be secure enough for many years into the future. This mnemonic word phrase backup system was created in late 2013 as BIP 0039. Using this system, you only need to keep the secret 12-24 words safe as a backup in order to restore your bitcoin wallet. But if somebody knows your 12-24 words they can easily steal the bitcoins you keep in that wallet. So it’s important to write down the words by hand, on paper, in a place or in a way where it will not be found, or will not be understood by someone unauthorized who reads it. You can keep several backups and divide the words over different locations. The more value you store in bitcoin the more care and thought you should put into storing them safely. You can also have an encrypted HD wallet, so that in addition to the 12-24 words, a password is also required. This further increases security.

Change addresses

To understand how bitcoin payments work, you need to understand change addresses. When you make a bitcoin payment you always send all of the bitcoins on the address you send from. If one of your addresses contains 0.2 bitcoins and you want to transfer 0.05 bitcoins, this means that 0.15 bitcoins will be returned to you in change. For privacy reasons, the change should always be returned to a newly generated address that you control instead of one of your previously used addresses. Otherwise it is very easy to link together all the different payments that you have done by analysis of the blockchain. Modern bitcoin wallets handles this automatically so you don’t have to worry about it. However, it is good to be aware of this aspect.

In the worst case scenario you could actually lose bitcoins, if you use a wallet software that lets you handle change addresses manually, in combination with you not understanding how they function. Here is a very good article about ways of loosing money because of misunderstandings about change addresses. 

Now that some important concepts have been explained, let’s look at different specific mediums to store your bitcoins.

Mobile wallets to store bitcoins

There are several mobile wallet apps available that you can download to your smartphone. Mobile wallets are very convenient and suitable for storing small amounts of bitcoins for every day purchases. Mobile wallets are hot wallets, since your phone is connected to the internet, which is a less secure way to store bitcoins. For this reason you should only keep small amounts of bitcoins on your phone. Some good alternatives are:

Why not download all of them and try them out with small amounts of bitcoins to see which one you prefer? Or perhaps you want to explore even more alternatives.

Paper wallets to store bitcoins

A paper wallet means that you store your secret private key either in plain text or encrypted on a piece of paper. This can be used as a way to store bitcoins in cold storage if you follow all the steps required to create them offline. However there are many security problems which you should be aware of when generating paper wallets. You should also always try out your storage method with a tiny amount of bitcoins before you transfer any larger amounts to make sure that everything works the way you intended, and that you can transfer the bitcoins out to a new address at a later time. For added security, you can also divide the keys and store them on different papers in different locations so that you need M of N (e.g. 2 of 3 or 5 of 7) of the partial keys in order to transfer the bitcoins out of cold storage. If you want to take this advanced approach you can split the keys using the Shamir’s threshold secret sharing scheme using the open source tools available at PassGuardian.

Here are two sources for creating paper wallets:

  • https://www.bitaddress.org
    A open source tool for generating secure offline bitcoin wallets. But it doesn’t explain best practices for doing so, on the web page itself. Here is a guide that walks you through all the steps and pitfalls that you should know about for generating paper wallets so that you end up storing your bitcoins as safely as possible.
  • https://bitcoinpaperwallet.com/ (Warning, don’t use!)
    Another option which is open source and based on the same open source code as the above bitaddress.org. And it also explains how you should generate your paper wallets safely offline.

Warning! Paper wallets generated through websites is not a secure way of storing bitcoins and should not be used. Since 2018 there has been many reports of bitcoins stolen through back doors in the website code for generating paper wallets.

Brain wallet to store bitcoins

A brain wallet refers to when you memorize the private key to a bitcoin wallet in your head. This should be done using a 12-24 randomly generated word mnemonic for the seed to a bitcoin wallet. You should only use this method of storage if you have generated the list of words for the seed in a random way, and you make sure that you will never forget the words. A good open source tool for this can be found here:

Another, extremely less secure way, of generating a brain wallet, is for you to choose a passphrase (a string of characters) which is then run through the SHA-256 algorithm to generate a number in a deterministic way, which is then used as a bitcoin private key. This way of producing a brain wallet is by definition not a random process, and thus is much easier for a hacker to crack. You should never use this method for producing a brain wallet. Humans are terrible at coming up with good passphrases. Look at this slide share by Ryan Castellucci to understand why brain wallets generated by non-random passphrases are a terrible idea.

Here you can listen to an intriguing, short, near future, science fiction story about a boy who saves his family’s wealth using a brain wallet that he learnt to remember in the form of a song.

Hosted web wallets to store bitcoins

There are different companies offering hosted bitcoin wallets, where your private keys are stored encrypted on a server, and you use a password and two-factor authentication, in order to access your encrypted bitcoins. Using these services you decrypt your private keys in your web browser in order to spend your bitcoins, and you are the only one with access to your private keys. Two alternatives are:

Hardware wallets to store bitcoins

A hardware wallet is a dedicated device for storing and generating private keys, that never can leave the secure environment of the hardware wallet. A hardware wallet, together with an online wallet, with support for the hardware wallet interface, combines the security of cold storage, with the convenience of an online wallet, by handling the signing of the transactions using the dedicated offline hardware wallet device, in which the private keys never has, and never will, have any contact with the internet. Buying a hardware wallet is the only time you actually have to pay a little bit of money (~$50-100) for securing your bitcoins, but in return you get the best combination of security and ease of use. Three alternatives are:

Bitcoin wallets for desktop computers

For most people, there is really no need to use a bitcoin wallet installed on your computer. Desktop wallets are useful for advanced users, corporate users, and Bitcoin developers, who need to use advanced features that are only available in desktop clients. However, you can always try out desktop wallets and play around with the different functions. If you know how to make sure that your computer is free from viruses, trojans and malware, that could otherwise steal your bitcoins, you can also use them for handling a portion of your bitcoins. One good use case for less advanced users, is to have a dedicated computer that you make sure is clean and has no connection to the internet, for generating private keys for your cold storage needs. The most popular bitcoin desktop wallets for Windows, Mac and Linux are:

Here you can find even more alternatives.

Don’t leave bitcoins on your exchange accounts

Bitcoin currency exchanges such as e.g. Bitfinex, Bitstamp, OKCoin, Kraken, Coinbase, LocalBitcoins etc. are good for buying bitcoins, but they should not be used to store your bitcoins, since you do not control the private keys! When you keep bitcoins on your account on an exchange, you are essentially borrowing your bitcoins to the exchange, with no recourse if the exchange gets hacked or shut down. Remember MtGox!

Don’t put all your eggs in one basket

I strongly advise to divide your bitcoin savings between different storage methods, and not put all your eggs in one basket. Storing bitcoins safely is still complicated, and you can never be 100% sure that the wallet you use is 100% secure, and fool proof, or that the private keys generated through a particular piece of software is truly 100% random and secure. For this reason, it is wise to divide your bitcoin savings between a few different storage methods.

A simple recipe to store your bitcoins safely

A recommendation if you just want a simple recipe that works well.

For your daily bitcoin spending needs, use:

For larger amounts, and for long term storage, use:

I hope you find this guide useful and that you now feel informed and ready to take control over your economic future, and take it out of the hands of the corruptible, and thus corrupt, banking and political system.