The “Two-Man Rule” and Bitcoin Security

2

This morning, OKCoin shared information on how it secures cold wallets in an effort to move the industry forward.

The company released a statement saying,

Through this transparency, OKCoin aims to assure users of the security of their funds. We hope this helps the industry be more open and welcome feedback and new ideas.

The principles of the cold wallet security system borrow heavily from the “The Two-Person Concept,” otherwise known as the “two-man rule,” from the United States Air Force instructions (AFI 91-104). The two-man rule is a system designed to achieve a high level of security for especially critical operations.

During the height of the Cold War in the 1960s, the United States had several minute-men missile systems in which the “two-man rule” was used. In the event of an ordered launch, both crew members of the silo would have to turn their keys at the same moment on the commander’s count. The two ignitions were situated far enough apart that one person alone could not reach both keys and single-handedly provide the go-ahead to launch a missile.

OKCoin has implemented new security measures to protect customer cold-wallets after a security breach with the Bter cold wallet. On a reddit post this morning, OKCoin shared the following security principles and philosophies the company has applied to the cold wallet security system:

  1. Any equipment connected to the internet is inherently vulnerable.

  2. USB drives are unsafe as USB disks may be compromised with viruses. Such a USB virus may automatically record data in a computer network after it’s inserted and steal the contents within.

  3. No security practice can be reliant on one individual. Any access to cold wallet must require confirmation of two authorized parties.

  4. Everyone has the potential to suffer from an unexpected event. Others need to be authorized to access offsite backups in order to ensure safety.

  5. Individuals may be kidnapped, so important data must be saved in the highest security bank safe and require in-person access.

The company also outlined how it is generating private keys and backups, including principles from the “two-man rule”:

  1. Generate 10,000 private keys and corresponding address on the completely offline computer.

  2. Add AES private key encryption on the completely offline computer.

  3. Delete the original 10,000 private keys.

  4. AES password to be controlled by two OKCoin company personnel in separate locations – one in OKCoin’s Beijing office, one in a city on the West Coast of the United States.

  5. The two AES master password holders cannot use the same means of transportation at the same time.

  6. The address and encrypted private key on the offline computer are displayed in QR code format.

  7. The QR code of the address is scanned by another computer to publish the address of the cold wallet in order to receive deposits from our hot wallet. Each cold wallet address will be used only once. 8.The QR code of the encrypted key is printed and stored inside a highly secure bank vault. Even if the holder of the encrypted key was kidnapped, the document is secure as the holder must be present at the bank to retrieve it.

  8. The QR code of the encrypted key is stored and backed up – one in the bank safe in China, and another in a city on the East coast of the United States.

  9. Access to these two banks are granted to two separate people.

  10. These two people do not take transportation together.

  11. Those with access to the bank safes cannot be the same as the ones who control the AES password.

OKCoin is the first major exchange to publicly outline the measures being taken to secure customer funds at each step. The team’s statement also highlighted the handling of coins from cold-storage to hot-wallets:

  1. Send personnel to the bank safe near the office and retrieve the appropriate number of unused encrypted private keys. Scan the QR code of these keys into an offline computer.

  2. The QR code is scanned into another completely offline computer.

  3. The holder of the AES master password decrypts the encrypted private key on a completely offline computer.

  4. The private key is scanned using QR code to import into another entirely offline computer.

  5. Signing trading on another computer completely offline, and after the transaction signature synchronized to a computer with internet broadcast transaction through USB drive.

OKCoin CEO Star Xu reiterated to Coin Fire that the private keys for cold-storage are truly cold and that the two-man aspect is just one of the security precautions OKCoin has taken.

OKCoin’s transparency is another move forward towards increased information sharing in the cryptocurrency industry. The OKCoin team is looking for additional feedback on the security principles on reddit.

Titan missile launch key image courtesy of James Brooks.

Find the best exchange to buy Bitcoins


Coin Fire

Coin Fire is a cryptocurrency news site started on June 6th of 2014. The site focused on hard-hitting investigative stories. Coin Fire was acquired by 99Bitcoins on October 2015.

2 Comments

  1. Henny Sixpence on

    The two-man missile launch system was designed specifically to prevent a single rogue individual from firing the missiles. However, it sounds like OKCoin’s system is just giving the master key to two separate individuals, thereby adding an extra point of failure. Each of these individuals has full control over the wallet, meaning now you have to trust two (unknown) individuals instead of one.

    In his Reddit post, Star Xu also said that “multi-sig is not safe enough” and that “encrypting the private key with AES achieves the same effect.” This displays a disturbing lack of understanding of the technology or proper bitcoin security measures, which for many may be excusable but for the CEO of one of the world’s largest bitcoin exchanges is quite shocking.

    http://www.reddit.com/r/Bitcoin/comments/2yx1p3/okcoin_first_bitcoin_company_to_openly_share_cold/cpduyj9

    Instead of just repeating what they posted on Reddit, you guys should have looked into this story more. This line is not true either: “OKCoin is the first major exchange to publicly outline the measures being taken to secure customer funds at each step.”

    • We understand your concerns but the entirety of this post was not based on reddit but rather discussions with the OKCoin team. This is not the entirety of the system they have deployed.

      We have equal concerns as well but those are best expressed in the reddit thread where they are asking for feedback.

      We stand by this report as it is still factually accurate. Can you please provide a link to show that other exchanges have publicly outlined this process? We were unable to find anything after extensive searching. Many people stated that other exchanges have done this but we searched very extensively and have asked repeatedly for links showing that 100% conclusively and have yet to find them.

Leave A Reply