BTSE uses segwit, BIP32 HD wallets, and multisig key management to reduce their operational burdens and improve fund safety. For this Optech field report, we interviewed BTSE staff to learn how their exchange operations have benefited from these Bitcoin technologies.
BIP32 is a widely-implemented standard that describes how to deterministically derive arbitrarily-many new public keys from a single extended public key, even if the corresponding private key is kept offline. Without BIP32, the burden of securely storing private keys would incentivize reuse of public keys and addresses, leading to problems that include exchange front-running and user loss of privacy. Speaking about the operational advantages of cold wallet deposits for users, BTSE’s CEO Jonathan Leong notes that “if the hot wallet keys are compromised, addresses for all users would have to be re-generated, and inevitably some users would continue to send funds to their old addresses.”
Although exchanges using BIP32 can keep their private key offline, that private key is still a single point of failure. Happily, they can lessen the impact of compromise of any one single key by constructing a k-of-n multisig address with each of the n public keys derived from a different extended public key. What BTSE achieves with this combination is on-the-fly generation of arbitrarily-many addresses that all deposit straight into a multisig cold wallet without needing to touch the private keys.
Aside from BIP32 and multisig, BTSE also uses P2SH-P2WSH (P2SH-wrapped segwit) for their deposit addresses. Segwit allows BTSE to reduce the fee of spending transactions by reducing their weight, such as for moving to hot wallets or UTXO consolidation. As an example, spending from a P2SH-P2WSH 2-of-3 multisig address saves 44% when compared to spending from a legacy P2SH one. As adoption of sending to native segwit P2WSH addresses rises (tracked on Optech’s compatibility matrix), businesses should also consider using these addresses for deposits to unlock 14% additional savings and increase security for their multisig scripts (256-bits rather than 160-bits). You can learn about adoption speed, address security, and much more in our Bech32 Sending Support series.
Segwit, BIP32, and multisig work together to ease the burden of operating a secure, usable, and low-fee exchange for BTSE. Optech encourages new exchanges to consider these technologies when designing their infrastructure. For existing exchanges, as noted in a previous field report, a good time to consider adopting these technologies and reducing your technical debt is when you’re also consolidating UTXOs.