Square, a financial services and mobile payment company, has open sourced the documentation, code, and tools for Subzero, an enterprise offline Bitcoin Wallet. According to Square’s blog published on October 23, 2018, Square recognized the importance of not only developing a safe and secure storage option for Bitcoin but the need to share code and work in progress as it helps provide additional feedback for their projects, and helps push the cryptocurrency community forward.
Square’s Bitcoin Storage Solution
In 2017, Square introduced the option to purchase and sell Bitcoin on their Square Cash App. The Bitcoin Support function not only facilitates the trading of Bitcoin but is also responsible for holding and storing the Bitcoins. Since the launch of Bitcoin Support, Square took the responsibility of handling cryptocurrencies very seriously. They began developing their cryptocurrency infrastructure to ensure that they can protect themselves and consumer funds from any potential threats.
When it comes to storing cryptocurrencies, Square currently holds Bitcoins in a combination of hot and cold wallets. While it’s easier to hack into a hot wallet, hot wallets provide fast access and flexibility as funds can be sent out at any time. Although cold wallets reduce the risk of a remote attack and potential theft, transferring funds from a cold storage system to another is quite slow. Cold storage systems require physical access to the private keys of the device.
While there are many different ways to implement cold storage, Square uses a specialized hardware device known as Hardware Security Modules (HSMs) that are commonly used in the payments industry to store crucial cryptographic material.
According to Square, FIPS-certified Hardware Security Modules (HSMs) are an excellent cold storage solution because they provide guarantees around the security of sensitive material. For example, they provide secure access control and active protection against physical tamper. Furthermore, they also allow the replication of keys without exposing the plaintext key materials. With HSMs, Square can securely store the company’s private keys, while being able to use them to transfer Bitcoin when required.
Subzero: A Robust Bitcoin Cold Storage Solution
According to the blog post, Square uses Subzero, a programmable enterprise Bitcoin wallet as their cold storage solution. While Subzero only supports Bitcoin at the moment, they can, however, support other tokens and implement other protocols in the future. Square is also using the same HSM vendor in Subzero as they do for all other payment-related needs because they are familiar with the software and hardware. The Subzero cryptocurrency, cold storage solution is great for users who would like an off-the-shelf hardware wallet without the need to implement customizations.
In the Subzero wallet, Square focused heavily on security measures. For example, specific customization was ensuring that the Subzero cold wallet can only send funds to a Square-owned hot wallet. The onion approach provides layers of protection and defense. For an attacker or hacker to gain access to the system, they need to compromise many different systems before they can access and extract the funds. Square can also create an additional layers system. The layers system can be programmed so that it can tradeoff convenience with security as the number of funds in the cold storage increases.
While the funds can be sent from online systems into Square’s cold storage solution at any time, moving funds out of the cold storage will, however, require a multi-party signing ceremony. According to Alok Menghrajani, a security engineer of Square, the participants moving funds outside of cold storage will use a combination of passwords and smart cards to authenticate the cold storage system.
It will also use QR codes which are a great way to exchange a small amount of data required from the offline to the online world. The Subzero wallet remains offline throughout its lifetime as this boosts the security and integrity of the wallet. Any unauthorized modification of the system is extremely unlikely.
In addition to all these security measures, Subzero is also geographically distributed which makes is both harder to compromise, since a hacker needs to compromise many sites, and it also provides a level of redundancy, since Square can lose a certain number of sites at a point in time without being affected.
Beancounter to Audit Wallet Balances
In the medium blog, Square also discussed a tool known as Beancounter. Beancounter is a command line utility designed to audit Square’s wallet balances. The tool is created to scale and work for wallets that have a large number of addresses or transaction. Beancounter can also support many wallets ranging from simple watch wallets to more complex wallets that require multi-signatures and Segwit.
The Design documents and specific technical information for Subzero and Beancounter are available on Github. Square mentioned that while they are sharing their source code, the current code is only useful if developers have the exact hardware setup. Square, however, plans to make the code more modular over time. They also plan to open contributions enabling support for alternative vendors as well.
“We hope that by sharing our work, we can make it easier for others to fulfill their security needs, enabling even more innovation- and better protection for all players – in the cryptocurrency space,” said Menghrajani. “In the long run, since we had to solve problems that other companies may face, we are interested in standardizing some of our work.”
Square’s repository contains documentation and code to build the DVDs, the GUI, the wallet that runs on HSM and other utilities. Square is happy to share their work with the community and is eager to hear the peoples’ feedback and suggestions as they continue to improve Subzero and Beancounter.