27 Aug 2016

ChainCloud Overview

Bither is a secured Bitcoin wallet recommended by https://Bitcoin.org , and our team are good at offline signing, cold wallet solution, cryptographics, and blockchain technologies.

Currently we are working on our new platform called ChainCloud. This new platform is an open API service, and helps companies and individuals to easily build up their bitcoin/blockchain assets management system. Customers have no need to understand “How to develop with the bitcoin/blockchain technology?” and “How to keep bitcoin/blockchain assets safely?”. They can just use ChainCloud API, and we will take care of the security.

Official website : chaincloud.com

Official documents : docs.chaincloud.com

1. Architecture

Let’s take a look at the ChainCloud’s architecture:


In this diagram:

  • Your Website is your company’s website.

  • ChainCloud API is our API service.

  • HSM-Hot and HSM-Cold are specially designed HSMs(Hardware Security Module). Hot means online, Cold means offline, and HSM-Cold has a built-in SMS module, can provide verification services through SMS messages.

  • We also designed a V-Device(an Android phone running with our open-sourced App: chaincloud-v) for data verification purpose. With this verification device, our customers can easily gain the “2-Step Verification” security protection.

  • V-Device will periodically exchange verification data with HSM-Cold through SMS. All your requests should be signed by V-Device with this verification data, and HSM-Cold will verify the signature at last. If the signature is wrong, your account will be closed and warning message will be sent to the administrator.

2. Cold Receiving:

Our customers can retrieve addresses(for receiving bitcoins in the future) from our API. All private keys of these addresses are cold and stored offline, that means hackers can not have the chance to access these private keys.

After retrieving batches of addresses, we have provided an advanced way for verification. V-Device can directly ask our HSM-Cold for addresses verification signature, and with this signature, you can verify all addresses are correct. So even if ChainCloud API has been hacked, and the hacker has provided “fake addresses” to you, you still have the abilities to check the correctness of these addresses directly with our cold device, so your money are still safe.

This is our designing policy, we should presume all online servers could been hacked, so we should not depend our securities on these servers, we should provide other data verification method to ensure the safety.

We have also provided other monitoring and reporting APIs for our customers, and they can easily monitor their balance, transactions and even confirming status.

For the depositing bitcoins in these cold receiving addresses, we will periodically settle them to our customers, and all these settlements are done by mannually offline transaction signing.

3. Hot Sending:

Our customers can have another type of account for hot sending. If there are enough balance, you can use hot sending APIs for real-time sending bitcoins.

For example, you want to send 1 BTC to Alice, 1.1 BTC to Bob, and 1.3 BTC to Cindy, and you have prepared the sending request on your website. V-Device will automatically check whether there are pending requests or not, and if the request can pass the V-Device check(you can have your own check logic here), V-Device will sign the request and send the request with the signature to ChainCloud API.

The request will pass through ChainCloud API to HSM-Hot, and finally reach to HSM-Cold. HSM-Cold will check the signature of your request, to confirm it is signed by your V-Device. If the signature is correct, HSM-Cold will sign the transaction, and if wrong, it means that your website has been hacked, HSM-Cold will lock your account, and send the warning message to adminstrator.

With this design, we have ensure the security model of our customer’s cold receiving wallet and hot sending wallet. The logic of this design is thorough, and even both your website and ChainCloud API have been hacked by one hacker, he still cannot take a dime from both of your hot and cold wallets.

Also, now we are working on supporting different blockchain, such as ETH/ETC, Litecoin, Dogecoin and so on. So our customers can easily manage different blockchain assets with the same method through ChainCloud API.