San Francisco-based mobile payments firm Square announced it is open-sourcing its Bitcoin cold storage solution, which is now available on Github.
Mobile Payments Startup Square Open-Sources Hardware Security Modules (HSMs) and Wallet Auditing Tool
The company founded by Jack Dorsey, who is also CEO of Twitter, has built out its cryptocurrency infrastructure when it started offering Bitcoin payments with Cash App in late 2017.
The documentation, code, and tools for “Subzero” – the HSM-backed solution designed to protect the startup and users from internal and external threats – can now be found here.
Square’s FIPS certified Hardware Security Modules (HSMs) are already in use for other payments-related needs.
“Funds can be sent from online systems to the cold storage at any time. Moving funds out of cold storage requires a multi-party signing ceremony. In addition, the offline HSMs are able to enforce business logic rules, for instance we only allow sending funds to Square-owned addresses. Such a scheme is usually called defense in depth or an onion model. We maintain the online/offline isolation by importing transaction metadata and exporting signatures using QR codes.”
The modules’ ability to share key material enables Square to store backups in encrypted form and restore a wallet at any location. The startup warns that the source code is only useful for coders with the exact same hardware setup, but they are open to contributions enabling support for alternative vendors. Square is also open-sourcing its auditing tool Beancounter, security engineer Alok Menghrajani announced.
“Finally, we wrote a tool, Beancounter, to audit our wallet balances. The tool is written in Go and addresses needs that aren’t fulfilled by existing wallet software, such as the ability to compute the balance at any given date in the past, and the ability to handle wallets with very large number of transactions. Beancounter also has some other useful features, such as mapping dates to block numbers.”
Square intends to share the work in order to help others fulfill their security needs and to promote innovation and security in the cryptocurrency space. Over the long run, the startup will attempt to standardize some of the code.
The payments firm reported $37 million in revenue from Bitcoin, having spent $36.6 million to offer it on their Cash App, leading to a tight profit of $420,000. Square saw tremendous stock performance coinciding with their additions to the Cash App. Many investors see it as a better way to acquire Bitcoin than cryptocurrency exchanges, as the payments service allows for feeless trading while operators can charge fees higher than four percent.
Featured image from Shutterstock.