Neil Woodfine of Clavestone rejoins me in this episode to talk about the Cerberus Protocol. Cerberus is a protocol designed to be simple for businesses to use Bitcoin multi signature and self custody their bitcoins. We talk about:

  • Why Cerberus Protocol
  • Risks that bitcoin businesses face with bitcoin storage
  • Balancing security with ease of use
  • Walkthrough of the key steps in Cerberus Protocol
  • Plan for future development
  • Clavestone


SLP Bitcoin Custody Series:

Sponsor links:

Stephan Livera links:

Podcast Transcript by

Stephan Livera: Neil, welcome back to the show.

Neil Woodfine: Hi, Stephan. Thanks for having me.

Stephan Livera: It’s been something like over 100 episodes since I had you on. You were one of my first few. I think you’re in the first 10. I can’t remember now.

Neil Woodfine: Yeah, that was great. Thanks very much.

Stephan Livera: Yeah. Neil, I know you’re working mainly at Blockstream, but I know you’re also working on this Cerberus protocol and also Clavestone. Can you just give us a bit of an overview? What is it and why was it written?

Neil Woodfine: The Cerberus protocol was or is a guide for businesses to set up their own Bitcoin self storage. I think it’s common knowledge for everybody that HODLers individuals should be holding their own keys, not your own keys, not your Bitcoin. It’s something that everybody knows and talks about a lot, but for businesses I think a lot of people seem to think that it’s okay for them to be holding their funds with custodians. That’s especially for things like funds and family offices. People like quote the regulatory requirements and how difficult it is for companies to do their own self storage? Well, it is pretty damn difficult for individuals to store their on Bitcoin in general. The Cerberus protocol is basically a guide for businesses to coordinate self storage of Bitcoin in a simple easy to use way.

Neil Woodfine: I think as well, like with companies they face a lot of very unique issues that don’t apply to individual Bitcoin storage. With a company, the company itself cannot called the Bitcoin. If you’re an individual holding Bitcoin, the ownership is very, very clear. You hold the keys, you decide when the payments getting sent, you decide what addresses the payments are getting sent to. But with a company, it’s kind of like a virtual entity that’s holding these Bitcoins and the virtual entity has to use agents, generally employees or shareholders to hold the keys on behalf of the company. That kind of changes the dynamic for how this storage is executed.

Neil Woodfine: Another key differences. Now I know there’s a lot of multi sig options for individuals, but a company pretty much definitely has to use multi sig and if they’re using multi sig you’re involving multiple people and multiple people when they’re working together have to know how to coordinate.

Neil Woodfine: Right now there’s a lot of Bitcoin storage solutions, technical storage solutions, software, hardware and it’s great. To an extent, some people might disagree with me on this but the technical side of Bitcoin storage has been solved. There are some really nice, really secure solutions on the market right now. They could definitely be improved but they’re working.

Neil Woodfine: But these solutions don’t provide a business any kind of indication, any kind of instructions on how to coordinate certain things such as, how should you generate your private keys when you are receiving a payment from a third party? Let’s say you’ve got three people involved in multi sig, who’s the person that’s going to be providing that address and how do they make sure that they haven’t been compromised and the person that’s sending the Bitcoin, how do they know that this address comes from a company that’s asking for it?

Neil Woodfine: Then sending payments obviously, who initiates that transaction? Who confirms that? And if they confirm it, what kind of checks are they doing to make sure that the transaction is legitimate? Unlike the current solutions in the market right now are just like, here’s multi sig you all hold the key. Go for it. I think for anybody that’s not a Bitcoin company or like has Bitcoin expertise within their team, it’s a very big ask.

Neil Woodfine: Without those kinds of instructions, it’s going to be a lot. They’re going to feel a lot more comfortable going with a custodian. Obviously if they’re going with custodians, it’s important to point out that there’s a lot of professional custodians in the market right now. I think there was a big boom last year in various different companies coming up with different custodial solutions.

Neil Woodfine: But most of them are kind of holding the keys on behalf of the companies and perhaps they discovered that there is more demand for that. But the problem here is that, if you’re a company storing your Bitcoin with a custodian, you’re not really reducing the risks, you’re just pushing them off to the custodian. Now if the custodian is using multi sig and they are using physical vaults and stuff, that’s great. But they have their own employees, their own agents which are carrying these private keys and they’re exposed to all of the exact same risks.

Neil Woodfine: To some extent these custodians are actually … the risks are even more concentrated because they have multiple different companies funds held within their multi sig, within their vaults. They have a small number of people holding very large numbers of funds and that obviously poses extra risk.

Neil Woodfine: If we end up in a situation like I say five years from now, where Bitcoin becomes even more popular than it already is, and we have even more kind of institutional investors, we have a lot of companies throwing their fiat at this. We could end up with a very, very fragile ecosystem where there’s a fairly large quantity of Bitcoin funds being held in a small number of centralized custodians. I think it’s very important that just regular companies understand that this is a potential risk further down the line. You need to also understand the benefits of distributing that control, having the keys themselves in the same way that individuals understand the benefits of that now.

Stephan Livera: Excellent. What you’re touching on there is this idea that there is both a local risk and a global risk, right? Of not holding the keys. Part of that in some sense is the ethos of Bitcoin that you should … not your keys, not your coins, not just for individuals but for businesses and potentially for smaller businesses it might be more feasible for them to do their own self custody. Using a multi signature protocol such as a Cerberus Protocol.

Stephan Livera: Let’s talk about who it’s mainly intended for. As I understand it’s therefore Bitcoin companies or companies who handle Bitcoin and is it mainly for technically unskilled users? Is that the idea?

Neil Woodfine: It’s specifically targeted at companies not individuals. If you’re an individual, don’t even bother looking at this. However, it could technically be used by other groups. I think such as if you’re a family investing in Bitcoin together or a charity or some other kind of group organization. It’s intended for long-term Bitcoin holdings, a low frequency of transactions. Some People might want to say it’s cold storage.

Neil Woodfine: I’m a bit hesitant to call it cold storage because I think that often comes with connotations such as pure air-gapping I think, whereas we’re using, for example, Trezors which are connected connect via USB. It’s not genuine air gapping. I’m not sure whether to call it cold storage, but it’s certainly meant for somebody that’s making a longterm investment, a company that’s making a longterm investment in Bitcoin and it’s only planning to make a transaction perhaps at most once a week but hopefully a bit less than that. Sorry, you’re are going to have to ask [crosstalk 00:08:47]

Stephan Livera: Yeah, no, that’s fine. I think the next thing I was keen to touch on is just to motivate it for some listeners, maybe there are listeners out there and they’re working with a small Bitcoin company and they’re not using a very secure method of storing their Bitcoins, right? I think we’ve all heard some of these stories of Bitcoin companies, maybe some of them small, some of them large, and they’re not necessarily using very secure methods of storage. Have you got any stories you can share with us, obviously without doxing the companies involved or the people involved, of perhaps what we might call inadequate storage given the amount of money being stored or the size or the type of that business?

Neil Woodfine: Yeah. I’ve been working in the industry for quite some time now and throughout the last few years I’ve heard some pretty shocking scary stories of prominent Bitcoin companies like well known names holding Bitcoin and in ways that I wouldn’t consider to be particularly secure and we’re talking like Ledgers just thrown in drawers kind of thing. I think people think that the industry has learnt its lessons and professionalized, but personally I’m not confident that that’s the case.

Neil Woodfine: You have to bear in mind the driver behind Cerberus is to create some kind of formalized process around Bitcoin storage that the community has checked and we agree on. Nothing like that exists right now. Every single individual company is coming up with their own ad hoc solution.

Neil Woodfine: If you’re a Bitcoin specialist, there’s an argument that’s okay. I think some of them will make mistakes but for everybody else, like any other company that doesn’t have that expertise in the team, they need some kind of standardized way of holding the Bitcoin. There’s another risk that by standardizing Bitcoin storage like we in the Cerberus Protocol, we’re very explicit about where you should be storing your seed phrases, where you should be storing your hardware wallets. By making that very, very explicit, there is the risk that it provides kind of a guidebook to attackers to compromise the storage.

Neil Woodfine: But I think the alternative is much worse where you get all of these individual companies coming up on their own with their own solutions.They’re not like experts in OPSEC. They’re not experts in Bitcoin storage, cryptography, any of this. I think that it’s important that we come up with something that is standardized that anybody can follow and it I think you have to have a basic technical understanding, you need to be able to navigate around Windows or a Mac. That’s the basic requirements.

Neil Woodfine: It’s intended for people that don’t know how to do any coding. They perhaps have never really engaged with Bitcoin very much in the past. It’s really, really step-by-step do this, do that. We even kind of provide directions for coordinating booking a meeting with your fellow signatories. It tries to leave nothing out, but at the same time be extremely lean. We took a lot of inspiration from the Glacier Protocol, which is a storage solution for individuals. It’s very well respected. It’s been used by a lot of people. It’s been checked by a lot of the technical community in the past. Sorry, I’ve lost my train of thought. Dammit!

Stephan Livera: Yeah, as it’s been, you’re making the point there that there are comparisons with the Glacier Protocol and so from my own reading of Glacier Protocol and reading of Cerberus, I notice that Cerberus has been really cut down and made a bit more lean for people. It’s not as secure as Glacier obviously. Glacier makes very specific call outs about all manner of things like side channel attacks and verifying doubly and so on. Whereas I think there is a fair point to be made around usability as well, right. It can be difficult for a user when they try to go to a website and read the procedure and then they’re confronted with this massive document and they’ve got to read through the whole thing before they can even get started.

Stephan Livera: It can be a bit confronting, whereas perhaps if you have set it up in a more lean way, they might actually use that protocol and actually go and use multi signature as opposed to leaving the Trezor in the drawer kind of thing or the ledger in a drawer somewhere kind of approach to securing the company’s assets Bitcoins.[crosstalk 00:14:04] I think it might be good to just talk through some of the main threats. You were speaking before about how there is that principal agent problem that any business or government even faces, right? What are some of the main threats that you could see in terms of ways of business might lose Bitcoins by not securing it correctly?

Neil Woodfine: You’ve got two main kinds of threat. From my perspective, you’ve got external threats and these are pretty much the same as the threats experienced by individuals storing Bitcoin. You’ve got hacks, physical theft and physical theft can take many different forms. You could get mogged and your high school get broken into, your office could get broken into. You got a kidnapping, ransom pretty horrible things, but they’re already starting.

Neil Woodfine: Jameson Lopp has got a really good record online of all of these physical attacks on Bitcoin. All this stuff is starting to happen now. You’ve got blackmail. It’s very difficult to detect. People can kind of be threatened and then start acting like their own volition on compromising the Bitcoin storage. Then you’ve got social engineering, which I think many exchanges have experienced or at least claim to have experienced in the past few years.

Neil Woodfine: I think external threats but with the company you have a whole unique set of threats that are internal and that looks like inside jobs. You could have like three signatories and one of them could be compromised. You could be interested in taking the company’s funds but also like Bitcoins, very new software could still be improved in terms of its usability. There’s a lot of room for error and when you make an error in Bitcoin, that’s it. You’ve lost your Bitcoin.

Neil Woodfine: You’ve also got like this kind of what we call a fat finger error, sending the wrong amount, sending it to the wrong address, just pure mistakes you get. As well there’s a risk when you receiving as well that you provide an address that’s wrong.

Neil Woodfine: Then another additional internal threat or problem that companies face is people leaving the company. Companies are fluid. You could have shareholders selling their shares, you could have an employee who gets terminated for whatever reason and you could even have deaths within the company which could cause a lot of headaches.

Neil Woodfine: I think there’s two key problems that are to highlight that are unique to companies. For the external threats it’s not the business that’s facing the threat. The business could lose its Bitcoin, but these Bitcoin don’t belong to the agents that are carrying the keys. If I am one of the signatories and like I say, I’m just like an employee. I’m not even a shareholder. I’m taking on physical risk on behalf of the company. That’s an unusual situation to be in. Perhaps if I’m threatened, I don’t really have much incentive to refuse any kind of requests.

Neil Woodfine: Then with regards to the internal threats, you also have a unique situation where you have plausible deniability. The difference between a hack and some signatories getting together and stealing the Bitcoin, you can’t really tell the difference so it gives insight jobs like a higher risk of success because there’s a good chance they can get away with it. They can blame [inaudible 00:17:47]. I’m sure I’m absolutely certain we’ve already seen a number of these within the industry already exchanges quite regularly talk about getting hacked. It could be in the future that we see some of these professional custodians also claiming to have been hacked but actually it’s just some of their internal employees taking the funds for themselves and as a law enforcement or anybody monitoring the blockchain, how do you distinguish between a hack and that inside job? Very difficult.

Stephan Livera: Right. Yeah. Great points there. Let’s talk also about insurance as well. If you’re a company, you may be looking at insurance for Bitcoin and I know you wrote some articles in relation to this. What were some of your thoughts around the problems with insurance for Bitcoin storage?

Neil Woodfine: Just to be clear upfront, I’m not an insurance expert by any means. We did a little bit of research to produce our article. I can only kind of talk from the research that we did there. But I’m very, very skeptical of any companies that are claiming to have any serious insurance for any Bitcoin holdings or cryptocurrency in general. Insuring Bitcoin poses a lot of risk for insurance companies. Generally they are looking at three things. One is the value of the thing that they’re insuring. Then they’re looking at what events they’re insuring against. Specific events that could happen and then the risk of those events happening. There’s like three factors coming into play when they’re there deciding on the premiums.

Neil Woodfine: Now with Bitcoin how do you define the value? It’s very difficult for an insurance company to know how much they’re insuring because Bitcoin’s value is also leading as very volatile. It’s moving all over the place. It’s very difficult for them to get that value right. It’s very difficult for them to be very specific about the events that they’re insuring against. We have the problem of plausible deniability that I mentioned earlier. It makes fraud very likely for fraudulent insurance claims. Insurance companies hate insuring cash, which essentially is what Bitcoin is because it’s very liquid. It’s very easy to offload. It’s very attractive as a kind of insurance fraud option.

Neil Woodfine: I think that there was a really good example of a data breach.I can’t remember the name of the company, but there’s a data breach a few years ago. They claimed that the company that had the insurance claimed for the insurance, but the insurance company refused because they described it as an act of war because there was indications that it was committed by Russian government agents. The company never got there, never got that paid.

Neil Woodfine: If you’re at Bitcoin insurance, if you’re insuring some Bitcoin holdings, you could be looking at a similar situation and then the risk of things happening. There’s just not enough data. Right now, it looks like exchanges get hacked quite often so that’s going to push the premiums very high, but it’s very difficult for an insurance company to calculate those risks.

Neil Woodfine: All these difficulties have piled up and the result is that you get some Bitcoin companies claiming to have insurance, but they either have ridiculously expensive fees to get in on that insurance or they’re only insuring a very, very small portion of the holdings that they’re holding. This maybe out of date already, this is some research that we did back in February, but for example, Coinbase Custody, they’d say that it’s an insured solution, but they were only insuring that hot wallet and the hot wallet only accounts for 2% of the holdings and Xapo the same. That they’re only insuring their hot wallet, again, around 2% of their holdings.

Neil Woodfine: I think it was just yesterday KNOX Custody, a newly launched custody service claim to have a hundred percent insurance. I’d very much like to see their small print. I’m sure there’s a lot of caveats to what they’re providing there. Then let’s say they do insure a 100% of the holdings, they probably only going to be able to provide you the U.S dollar amount and when do they fix that U.S dollar amount. Was it at a time of a theft or was it at the time that they approved the insurance claim.

Neil Woodfine: You have this time differential where you could be receiving a lot less than what you originally insured. There’s a lot of issues around it as well. You’re going to have to buy back those Bitcoins. If you decide you want to continue holding and when you buy back those Bitcoin, you’re going to be faced with a lot of slippage when you try to find it back on the market. If you’re a large custodian that’s lost a lot of friends, people are going to know about this.

Neil Woodfine: There’s going to be this incoming demand. It may push the price up. Yeah, it’s a really complicated issue and I think because insurance is so difficult and so questionable it’s even more important for companies to make sure that they have their Bitcoin storage locked down in the same way that individuals recognize that they’re not gonna get their Bitcoin insurance and they have to make sure that the storage is in good shape.

Stephan Livera: Yeah, a lot of good points there, Neil. I think ultimately a lot of that is owing just to how early we are in Bitcoin. It may well be that, if I asked you that same question 10, 20 years from now, maybe it would be a lot more mature then and maybe by that stage it would be more of a normal thing, but it may just be an aspect of the world is not quite used to Bitcoin yet and so all the institutions have not quite caught up and it that’s just part of the journey.

Neil Woodfine: Yeah.

Stephan Livera: But in the meantime you’ve got to be careful.

Neil Woodfine: Could I mention something on that? If you’re looking to the future, there’s a number of reasons why actually in the future insurance may not even get that much more easy. Right now insurance companies insure themselves through companies called Reinsurers, which insure against global catastrophes, things that are very, very difficult to predict, black swans, that kind of thing. They’re able to do that because they’re backed up by government. These Reinsurers are backed up by government organizations. In the U.S for example the Reinsurers are guaranteed by the FDIC and they can basically print money to backup their Reinsurers who will then make the insurance able to pay on their insurance claims.

Neil Woodfine: The problem with that is if you’re investing in Bitcoin, you’re predicting or are speculating on certain things happening. You’re perhaps speculating on the death of Fiat. Central banking may become more difficult and we could end up encountering some kind of financial disaster. In those kinds of situations, your insurance isn’t going to be particularly useful. The Reinsurers are not going to be backed up as well as their [inaudible 00:25:43] government organizations.

Neil Woodfine: We are going to be in this sound money paradigm where money is very difficult to come by. It becomes very, very scarce so if it’s lost, it’s going to be very difficult to get it back. I feel like in that kind of situation, premiums would be even higher. Yeah. Yet the industry is going to mature for sure, but I think the entire insurance industry to some extent may have to change to account for this new kind of Bitcoin paradigm that we might be heading towards.

Stephan Livera: Yeah, sure. Fair enough. Okay, let’s dive into the Cerberus Protocol itself. Let’s talk a bit about preparing and what are some of the requirements that you need to get arranged?

Neil Woodfine: Yeah, first thing you got to do is assemble team. You’ve got to choose three trusted signatories at your ideal company. Should be fairly easy. I think most companies have three people that they trust. Yeah. You get them together. Prime them for what their Cerberus Protocol is. Ideally everybody needs to read through the protocol. Although we’ve taken the decision to assign one person the major responsibility of implementing the setup stage of the protocol and we call that the master of ceremony. The MC.

Neil Woodfine: I think every company has at least one person who is more technically able than the rest of the team and it’s the MCs responsibility to for example, procure a bunch of the equipment that’s required. For example the hardware wallets. We require a bunch of equipment from Amazon to use during the set up ceremony. That person is kind of absolutely has to be very familiar with the protocol and will be kind of directing the other signatories during the set up ceremony.

Neil Woodfine: Other things that you need to do to begin with is prepare some physical storage. When you are generating your private keys, you’re going to create some backups in the form of a seed phrases. You don’t want to be storing them in the same place as your hardware wallets. That would be a terrible idea.

Neil Woodfine: We recommend using bank safe deposit boxes for that and we have some recommendations, some protocol around that to make sure that they’re not all stored for example, at the same safe deposit box provider, they’re stored under the individual names so that either the company that you work for can’t go out and just claim all of the backups and also the safe deposit box providers aren’t aware that these three boxes are connected and they can join the dots and recreate the wallet.

Neil Woodfine: We don’t explain all of these design decisions within the protocol itself. But what we do is we back load all of that information into an appendix. For example, Glacier tries to explain everything as you’re going so you know why you’re doing these things. We found that it bloats the protocol, it provides a lot of information that people are potentially not even that interested in. We really kind of keen to make sure that people actually use the protocol because that’s going to be more secure than them not using it.

Neil Woodfine: In terms of other preparation you’re going to need to get Electrum on a laptop. You’re going to need to verify that your Electrum install is genuine. You’re going to basically set a date for your ceremony and everybody’s going to have to get together for a key generation ceremony. We’ve really kind of made it very formal. Like people got to switch off their phones. They enter a room that has been kind of checked for potential compromises and we really get the signatories to take it extremely seriously that this is the most sensitive time of the protocol.

Neil Woodfine: These seeds that have been generated, provide people access to any future Bitcoin that you add to the wallet. Let’s get this right and that part of the protocol hasn’t been published yet. The set up ceremony, it’s very, very close. We should have it out within a week or two. I don’t really want to go into too much detail on that until that’s finalized. But the general theme is I think for example, a lot of people saw the Zcash set up ceremony. It was a live recorded. We are going for something a little bit like that.

Stephan Livera: Got it. Okay, great. I guess just summarizing in terms of the tools required, you need three trusted employees and are presumed then it’s as I understand, it’s a two out of three multi signature set up. We would have three Trezor ones. The cheaper hardware wallet device, you’d have three computers and then beforehand those three users or employees have gone to set up safe deposit box as the backup location for their seed words for each of their respective devices. You would go through that preparation and set up process and … Right.

Stephan Livera: Let’s talk a little bit about presuming now you’ve done the setup. What about things like transition of holders or a staff member leaves or is incapacitated or you need to rotate in a new key. Is that that also covered inside the protocol?

Neil Woodfine: Yeah, after the setup, the next sections are receiving a transaction. I think a lot of people often overlook receiving a transaction how risky it is. You need to make sure that you’re providing the correct address or you’ve got to have a bit of redundancy there, a little bit of duplication using multiple different channels to provide that to third parties. Then the next section would be making a transaction, which is of course very, very sensitive. You need to make sure that all the signatories are checking that the transaction is genuinely in the interests of the company. It was intended, the amount is correct, the third party’s address is correct, that kind of thing.

Neil Woodfine: Those two sections and then we get into a section such as the replacement of a key. You got two different situations here.One is where perhaps one of the keys at the hardware wallets has failed. Now we need to replace one of the hardware wallets. One of one of the employees has quit and he’s a rogue agent and he holds one of these very, very sensitive keys. How do we deal with these situation. That’s very different from hardware wallet breaking.

Neil Woodfine: We’ve got protocol around that. Let’s set up a new key let’s get the other two remaining signatories to very, very quickly and transfer the funds to this new wallet that we’ve regenerated and that also we’ll have secure set around it. But these things are really important and they’re not codified anywhere. Right now people are just kind of making it up as they go along. It’s important to make sure that there’s some standards around this.

Stephan Livera: Yeah. Got you. You mentioned earlier around receipt or the first receive address, let’s say, and just in general, the process of receiving address. Is there any guidance you can provide there around good practice for receiving into that two or three multi signature set? For example, is it possible to verify the incoming address on the device, that kind of thing?

Neil Woodfine: Right. Trezor provides some great solutions for making sure that you check your address on the device before and not just on your screen. Which reduces the potential for compromises obviously if you’re getting socially engineered that could pose a problem. It’s important to make sure that you’re checking the address that you receiving from your third party on multiple channels and ideally with multiple people. Again though, this part of the protocol is still under development. I wouldn’t really want to give too many specifics on that until it’s finalized.

Stephan Livera: Got you. All right. What about any procedures in terms of shutting it down? I guess, is there anything there that would stick out to the user or things that they might not have thought of before?

Neil Woodfine: Shooting the storage down is not something that we’d considered adding to the protocol. Yeah. I think it would just be as simple as coordinating a transaction from the three signatories to … They’re going to be sending the Bitcoins somewhere, right? To whatever new storage decide to use or to an exchange to liquidate or whatever. But the transaction part of the protocol should cover situations such as emptying the wallet. That’s not a big concern.

Stephan Livera: Got it. Yeah. Fair enough. Okay. I think it also might be interesting to talk about segregation of the funds. Typically an individual might be thinking, I’ve got my cold storage, which is more secure setup, and then I’ve got a day to day balance on my phone or whatever right? Is there any guidance there for a business who is using Cerberus Protocol? How they might segregate the funds between the hot wallet and then their Cerberus storage?

Neil Woodfine: Maybe in a future version? I think right now the most important thing is to teach people to store Bitcoin long term in a secure manner. This is a side project for us. We all have day jobs like building that protocol around the safe storage is a big enough task as it is. We’re going to get that right first. We’ve already had like a number of recommendations and feedback from people that we know working in the industry. For example, they’ve suggested mixing hardware wallets. The problem with suggestions like that is it significantly increases the complexity of the protocol and the bigger it gets the more it’s going to put off potential users, the less it’s going to get used, the less secure Bitcoin storage is going to be out there.

Neil Woodfine: We’re going to focus on that kind of core model first and then we can think about maybe doing extensions, separate versions, that kind of thing. Another thing that actually I haven’t mentioned so far is that we’ve taken a decision to make sure that we don’t provide any choices to the users. I think the Glacier protocol in some sections it’s like, well you can do it like this or if you want to like add a bit of extra security, you can do it like that. We want to avoid all of that and this is the most standard way of storing Bitcoin in a multi sig manner for a company. People shouldn’t be making subjective judgments like that especially companies that are familiar with Bitcoin, they should just kind of be told what to do and I think most companies would actually prefer that.

Neil Woodfine: This is open source, right? Anybody can use it. We haven’t copyrighted it or anything like that. If people really feel like there’s a need for something with a mixed hardware wallets or it needs to have some kind of hot cold protocol in that they can fork it, they can change bits and release their own version. I really hope that service becomes kind of just a basis for the industry to come to some kind of a consensus on how to do very standard multi sig security in in a secure way.

Stephan Livera: Right. Yeah. I can definitely appreciate the usability concern that you’ve got as well because it can be a bit daunting if somebody picks up the protocol and it’s just too detailed and there’s just too much they might not actually go through with using it at all. I guess you are sort of trying to ride the edge in terms of what’s that right balance that you can get the user to adopt something that’s more secure while at the same time not making too many trade offs that might impinge on the of the overall setup set for example, not using multi hardware for the multi signature.

Stephan Livera: I think some of that will become easier over time because hopefully Electrum will have sort of easier or inbuilt set up for some of these. For example, to do Cold Card and Trezor might be more feasible. I think there’s like a pull request … it’s already been merged in and then once the next main release of Electrum comes out, that might make it easier as well.

Neil Woodfine: You can already do mixed hardware wallets with Electrum. It’s still possible. The interface could be improved, but that’s Electrum in general right? It’s a great wallet. Don’t get me wrong. Those guys have done an incredible job, but I think the UI still has a lot of room for improvement. But you can already mix type of wallets. We tried in the early stages of development of Clavestone with Trezors and Ledgers, but we found that it worked, but there was a lot of books, a lot of errors thrown and we didn’t think that was going to be encouraging for anybody trying to deploy the protocol. Just make it super simple. Right now, like I say, you’ve got companies out there storing Bitcoin on a single Trezor.

Neil Woodfine: Like, put in a drawer or in a vault somewhere. This is already, multi sigging that up is already a significant improvement. Let’s get there first and think about improvements in the future as well. We’re still in quite early stages of the software and the hardware. I hope in the future there’ll be more user-friendly solutions and then we can start incorporating that into the protocol, reducing whole sections that have been automated through software.

Neil Woodfine: Potentially as well, if Cerberus proves to be … you sort of very equal and it gets a decent amount of adoption. People could release like Cerberus companions that directs people what to do next and that kind of thing. Although as well, whenever you’re introducing new software, you’re also introducing new risks because it can tell people to do the wrong thing or provide compromised addresses or that kind of thing.

Neil Woodfine: For example, in our protocol we couldn’t find any way around getting the user to verify their Electrum install, which is pretty daunting I think for a basic computer user. We can’t have people using Electrums that they haven’t verified. It just has to go in. It’s like there’s always trade offs but sometimes there’s no way around it.

Stephan Livera: Let’s just talk about Clavestone just generally. Can you just give us an update on Clavestone generally?

Neil Woodfine: Yeah. I haven’t mentioned at all up to this point. Clavestone was started a couple of years ago. We had an idea for a product which we called Shared Storage. I think Unchained Capital call it Collaborative Custody. And we’ve kind of taken inspiration from a couple of articles.

Neil Woodfine: One was Daniel Krawitz’s Bitcoins rugged individualism, which would highly recommend to everybody. He describes the agency problem with Bitcoin storage for organizations and suggests that in the future we will have these dedicated organizations that will hold a portion of the keys but not all of them and that produces the concentration of funds risks that we see with regular custodians today.

Neil Woodfine: Then there was an Antonopoulos video at the Canadian Senate hearing and he also describes in that video the flexibility of models that Bitcoin provides, whether it’s some smart contracting. We could see a future with new forms of Bitcoin banks, again, with this kind of sharing of keys. We wanted to build a shared storage platform for companies to store their Bitcoin. But our first trials didn’t get a lot of interest and it took us quite a while to develop some of for example, the setup ceremony come straight from that model.

Neil Woodfine: We’d learnt a lot from the research that we’d done. We thought we had a lot of important valuable knowledge that the Bitcoin industry could benefit from and we didn’t want to just close it down entirely. That created the birth of Cerberus. Perhaps in the future we may start providing.

Stephan Livera: In the future you may be providing clients consulting.

Neil Woodfine: Yes, we’re hoping Cerberus of generates some interest in a secure Bitcoin self storage and I think if that takes off then we’d be very interested in helping companies set up their own storage whether it’s with Cerberus or modifications of it. Then as well, perhaps in the future, we’d also like to re-explore the Shared Storage more than we originally conceived.

Stephan Livera: At the time that we’re recording this right? September 2019. If you want to do your own multi sig right now, the only way is Electrum or if you’re more technical you might be able to do it with hardware wallet interface. But again, that’s requiring a custom to use like the fork of Bitcoin rather than using direct Bitcoin core.

Stephan Livera: It looks to me like there are new options that are around the corner, but they’re not quite here yet. Justin Moon has his junction project, Stepan Snigirev and the CryptoAdvance team have the Spectre project as well, which hopefully will provide viable options that people can just do their own multi sig ideally with multiple hardware wallets and maybe those could also make this whole thing a little bit easier for everyone.

Neil Woodfine: Yes, definitely. There’s lots of people working on lots of interesting things. I want to make sure that a Cerberus is kind of a live document that we develop over time. We’ll be doing our best to incorporate some of those into making it more secure and more user friendly.

Stephan Livera: Fantastic. Well look, I think they’re the key points to touch on with Cerberus … Did you have anything else you wanted to mention?

Neil Woodfine: I think we’ve covered everything. There’s some really good questions there.

Stephan Livera: Great. Okay, well look, just for the listeners who aren’t familiar, can you just tell them where they can find all the relevant links and find you as well.

Neil Woodfine: You can find me on Twitter @nwoodfine also the Cerberus Protocols available at and then for anybody that’s looking to contribute or make some very kind of cutting comments and ask us some difficult questions, you can find us on github@clavestone/cerberus. We really welcome any kind of extra eyes on the project. We’ve already had some fantastic feedback from some of the people we know in the industry. Hoping we can get some more of that.

Stephan Livera: Excellent. Well, thanks for joining me today, Neil.

Neil Woodfine: Yes, thanks a lot, Stephan. Always a pleasure.

Leave a Reply