Bitcoin Experiences – Part 1

For me, Bitcoins are a fascinating phenomena. For one thing nobody really knows who created the Bitcoin system initially, it’s a big mystery. Regularly someone claiming to be the inventor of the system comes forward or is suggested by the media but so far nothing was ever proven. A major idea behind the Bitcoin system is to have a method of payment that is independent of state governments. The idea is great and more and more shops have started accepting Bitcoins as a method of payment. Unfortunately, Bitcoins are also used by criminals which receives quite some attention in the press as well. However, in this respect it is no different from any other currency.

While every now and then I’ve read about the theory of Bitcoins I never actually owned or used Bitcoins to pay for anything. With the time of the year coming up at which I make donations to a number of open source projects I decided to put theory into practice and donate to them using Bitcoins if it is offered as a payment method. So here’s the story of what I found out in the process, from practical payment experience to insight into how anonymous the system really is and and why and how crypto trojans can potentially misuse Bitcoins.

Getting Started With A Wallet

Bitcoins are an electronic crypto currency and if you are not familiar which the basics have a look at its Wikipedia entry as I won’t repeat them here. Getting started is actually quite easy, the only thing required is a Bitcoin wallet to store your Bitcoins (or rather your private keys). Online and offline versions of wallets are available with different kinds of hardware and software features. I chose to use an offline software wallet on the PC for security reasons but without any hardware additions. My choice fell on Electrum as it’s open source, written in Python and available for all major PC and mobile platforms. As can be seen in the screenshot below, Electrum’s graphical user interface is quite simple, nothing fancy but it does what it is supposed to do. It suits me well.

Seeds and Security

After installation, Electrum automatically generates a new wallet unless existing credentials are imported. Once done it presents a “seed” text that consists of 12 English language words that have been generated out of the 128 bit Bitcoin private key. By using this seed text it’s possible to recover from a broken device or installation, to clone the wallet on any other device or to steal the Bitcoins if the seed text gets into the wrong hands. I wondered for a long time how 12 English words could possibly be a safe way to represent a 128 bit private key. The details why this is secure is explained in this blog entry. The 12 words are generated from the 128 bit private key taken from a pool of 1600 words using a standard Python function that is not related to Bitcoins at all. The conversion function works in both directions so the 12 human readable words represent the 128 bit key unambiguously. The key point here is that the combination of words is just a different representation of the 128 bit key that is easier to type for humans. It is no more or less secure than the 128 bit key itself.

There are No Coins In the Wallet

One important thing to realize is that there are no Bitcoins in the wallet at any time. The only thing that is stored in the wallet is the information which Bitcoin IDs you own and the associated private keys to sign outgoing transactions. The amount of Bitcoins behind each Bitcoin ID is stored in the Bitcoin public ledger. So if you have a Bitcoin ID from someone else you can actually find out how many Bitcoins that person owns on this ID.

Anonymous Or Not?

In the past I always assumed that Bitcoins where anonymous but the opposite is the case. In addition to the amount of Bitcoins behind each Bitcoin ID being public knowledge, all transactions from one ID to another are also publicly known. This transparency made me wonder why Bitcoins are used by criminals behind crypto trojans and other malware to collect a ransom. More about this later.

How To Get Bitcoins From Someone Else

Once a wallet has been set up the next question is how to get Bitcoins from someone else. The process is simple and straight forward. The only thing that needs to be known is the Bitcoin IDs to which to transfer Bitcoins to. A transaction can then be generated by the wallet application to transfer a given amount of Bitcoins from Bitcoin IDs for which a private key exists in the wallet to the destination Bitcon ID. The wallet program digitally signs the transaction using the secret key and then sends the result to the Bitcoin network that validates the transaction and puts the transaction into the public ledger. To be valid this process has to be performed in many places in the network. A confirmation of 6 Bitcoin servers is considered to be sufficient to validate the transaction. After a couple of hours the process is repeated by well over 100 Bitcoin servers which gives an interesting insight into the size of overall Bitcoin network. One thing I was surprised about is that the proper validation of a Bitcoin transaction takes well over 10 minutes so Bitcoins are not suited for instantaneous transactions. Also, the number of transactions seem to be limited to around 7 per second. That is obviously very little and a major limiting factor. There are initiatives underway to lift this restriction but it doesn’t seem to be simple to do this securely so the number of transactions that can be performed per second are still a very limiting factor at the time this blog entry was written.

How To Exchange Euros and Dollars Into Bitcoins

A bit more effort is involved to exchange state owned currencies like euros, dollars, etc. into Bitcoins and vice versa. The fastest way is to use Bitcoin websites that offer to receive money via standard bank transfers, convert the received amount into Bitcoins and transfer the result to a given Bitcoin ID. In Europe many banks offer online transfers to websites so Bitcoins can be bought and received this way in a few minutes. For my experiments I was using Anycoin Direct and the GiroPay mechanism offered by many German banks and received my Bitcoins in a few minutes. At the time of this writing a single Bitcoin was worth around 400 euros so most transactions are done in milli-Bitcoins (mBTC). 0.125 mBTC for example were about 50 euros. Another interesting thing is that those websites want to know who you are if you transfer higher amounts of money for a number of reasons. Anycoin Direct, for example, lets you transfer up to 100 euros without identifying yourself. For higher amounts you have to upload a scan of your passport and go through a browser based video identification session that includes a picture of you and your passport being taken. Again I was surprised that this was necessary but it’s obviously done to minimize money laundering possibilities.

More Next Time

There is a lot more to tell about Bitcoins so I’ve decided to continue in another blog post and go into the details of how to Convert Bitcoins to other currency at Bitcoin exchanges and how criminals are probably using Bitcoins while staying anonymous there.