HSM-backed Bitcoin Cold Storage

Square's Bitcoin Cold Storage solution.

For security purposes, Square stores a reserve of Bitcoins in an offline setting. By having these funds offline, we reduce attack surface and hence risk of theft.

Subzero, Square's solution, is unique. Specifically, we leverage FIPS-certified Hardware Security Modules (HSMs) to protect the private key material. We decided to use such HSMs because we already own, operate, and trust these devices for other payments-related needs. We feel our solution defends against external as well as insider threats.

Funds can be sent from online systems to the cold storage at any time. Moving funds out of cold storage requires a multi-party signing ceremony. In addition, the offline HSMs are able to enforce business logic rules; for instance we only allow sending funds to Square-owned addresses. Such a scheme is usually called defense in depth or an onion model. We maintain the online/offline isolation by importing transaction metadata and exporting signatures using QR codes.

HSMs have the ability to share key material. This enables us the ability to store our backups in encrypted form and restore a wallet at any location.

This repo contains our design documents as well as specific technical information. We are sharing our source code, with the caveat that the code is currently only useful if you have the exact same hardware setup. We are willing to make the code more modular over time, as long as the broader community shows interest to implement support for additional hardware vendors.

Map

A multi-party signing ceremony is needed to unlock funds.

Map © Domaina / Wikimedia Commons / CC-BY-SA-3.0. The word "QR Code" is registered trademark of Denso Wave Inc. FIPS publication 140-2 (Security Requirements for Cryptographic Modules) is a US government standards.