Verifying the Existence of Digital Assets - Audit

[JayBleezCPA]

Hey folks, I hope all is well.

I am currently involved in an audit of a pretty decent size institution that holds a good amount of Bitcoin.

We are running into a problem where we are having difficulty proving ownership of the private keys for the addresses that hold the funds. Understandably, the client does not want to send a small satoshi amount from the address that holds millions of dollars in Bitcoin, it's simply not worth exposing the private keys.

However, the client does move their Bitcoin from address to address every certain length of time.

Our thought would be to verify ownership of the wallet address prior to receiving the funds from the other address during the transition phase. What would be the best way to do this? Is there a way to create the wallet offline, sign the message locally (never hit the internet), and confirm ownership of the address without ever comprising security?

Any thoughts or insights would be very much appreciated.

Thanks,

-JayBleez

[LoyceV]

I am currently involved in an audit of a pretty decent size institution that holds a good amount of Bitcoin.

If you have to ask this very basic question on a forum, you're the wrong person for this audit. You should find someone more knowledgeable in this field.

We are running into a problem where we are having difficulty proving ownership of the private keys for the addresses that hold the funds. Understandably, the client does not want to send a small satoshi amount from the address that holds millions of dollars in Bitcoin, it's simply not worth exposing the private keys.

You don't have to expose private keys to send Bitcoins.
The best way to prove ownership of any address, is signing a message. See How to sign a message?!

However, the client does move their Bitcoin from address to address every certain length of time.

Why?

Our thought would be to verify ownership of the wallet address prior to receiving the funds from the other address during the transition phase. What would be the best way to do this? Is there a way to create the wallet offline, sign the message locally (never hit the internet), and confirm ownership of the address without ever comprising security?

Again: signing a message is how you prove ownership of an address. It doesn't matter whether or not the address holds any funds. Signing can be done offline.

[JayBleezCPA]

I appreciate the response.

To our defense, it is a financial statement audit (vs. security or whatever other audits are out there). Once we can gain comfort they own what they say they own on the blockchain, we're pretty much good from a technical blockchain perspective.

I think our best bet is getting the hex hash with the complete:True statement on the Core wallet. Let me know if I am understanding that wrong.

Cheers,

-Jeremy N.

PS: No idea why they change addresses, I'll be sure to ask.

[HCP]

I think our best bet is getting the hex hash with the complete:True statement on the Core wallet. Let me know if I am understanding that wrong.

Not sure what you're trying to achieve with a hex hash? A hex hash of what? A dummy transaction?


As LoyceV said, you can use "Signed Messages". A signed message proves that the person who signed the message has access to the private key for a given "address"... it contains 3 components:

1. The actual message
2. The "address" you want to sign with
3. The cryptographic signature

They often look like this:

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is HCP, demonstrating signed messages for JayBleezCPA on Bitcointalk
Date: 20180828
-----BEGIN SIGNATURE-----
16qkTAUmtCdBYfXXKKGKqD8pAYtL1T5pqV
H8yDXZyf2SPHM0ujn//3kp4jx8wm42LWilaZM381A8aUPaL1nGULbo/5sGFOJuz2aIi5Z5hUlof6SPyGHb7XAsk=
-----END BITCOIN SIGNED MESSAGE-----

As you can see... message is:

This is HCP, demonstrating signed messages for JayBleezCPA on Bitcointalk
Date: 20180828

Address used is:

16qkTAUmtCdBYfXXKKGKqD8pAYtL1T5pqV

Signature is:

H8yDXZyf2SPHM0ujn//3kp4jx8wm42LWilaZM381A8aUPaL1nGULbo/5sGFOJuz2aIi5Z5hUlof6SPyGHb7XAsk=

You can verify this message here

Changing even 1 character in the message will break the signature and it will not validate. Even adding an extra space on the end of one line will break it. It is basically just as secure as a signed transaction. It cannot be edited in any way. So, you can be sure that I have access to the private key for 16qkTAUmtCdBYfXXKKGKqD8pAYtL1T5pqV... ergo, it is MY address.

Thus, if someone provides you a signed message (with a "proper" message, including pertinent dates/times, names etc)... you can be reasonably sure that they have access to the private key that controls the address the message is signed from.

You can sign messages using Bitcoin Core in either the GUI (File -> Sign Message)... or using the console/command line with the signmessage command. You do NOT need to be "online" to do this. And you can easily verify it offline as well... they don't need to expose anything to anyone but yourself.

For your purposes, ask the client to sign a message of your specification from the address containing the coins you want to audit. Remember, make the message very specific and include dates/times/names/specific reason for signing etc... something like:

This is XXX Ltd. Proving ownership of Address 1bitcoinAddress for JayBleezCPA
Date: August 28th 2018

Then, you can simply use a blockchain explorer to confirm the coins are in the nominated address... and you can verify they control the private key for that address via the signed message. Alternatively, if they want to do it in conjunction with a coin move... simply ask them to nominate the receiving address first and provide a signed message for the empty nominated address. Once they move the coins, again, you can verify the balance using a blockchain explorer... and you can confirm that they control the address via a signed message.

[JayBleezCPA]

Thanks HCP. Really appreciate the detailed explanations.

I am pretty comfortable with the process now. I have had one issue using my Electrum wallet (SegWit address). I can sign the message, verify on another (and my own) electrum wallet, but not on a third-party verifier.

Do these 3rd party tools have trouble reading Bech32 addresses?

My main fear would be having our client sign a message, provide us with the hash, etc, and be unable to verify due to some technical problems.

Any insight be much appreciated!

-JayBleez

[OgNasty]

We are running into a problem where we are having difficulty proving ownership of the private keys for the addresses that hold the funds.

If someone is claiming to hold BTC and they refuse to sign a message, that is a huge red flag.  They are either lying, incompetent, or just plain not interested in doing legitimate business.  Regardless of the reason, be careful and don't trust, verify.

[HCP]

I am pretty comfortable with the process now. I have had one issue using my Electrum wallet (SegWit address). I can sign the message, verify on another (and my own) electrum wallet, but not on a third-party verifier.

Because of the way SegWit works... There is no currently accepted "standard" for signing (and verifying) messages using SegWit addresses.

The Electrum devs have come up with a proposed method... But as far as I'm aware, it has not been implemented by any other wallets at this time.

Everyone will need to use Electrum, or you'll need to use "legacy" (aka "1-type") addresses