Security Advancements and New Developments from the Mycelium Project

Post Update: December 18, 2014:
The Mycelium iOS Wallet is now available from the iTunes Store (free).


Since 2009, Mycelium has been developing a range of innovative bitcoin-related products: the Mycelium android bitcoin wallet; Entropy, an Indiegogo-funded, hardware-based paper wallet generator; and the secure Bitcoincard that can sign transactions offline or on a mesh-network. This past week, Dmitry Murashchik beamed into the Decentral Toronto Bitcoin Meet-up to discuss these projects and give us some insights into what’s coming down the development pipeline.


Some of you may recall that Entropy raised over $31,000usd on Indiegogo this year, a campaign that was notable in part because it also included the option to support the project using bitcoin. The Entropy device itself is a USB-based hardware module that you can plug into a printer to generate paper wallets, and includes the option to print 2-of-3 split keys using Shamir’s Secret Sharing algorithm. For security, it uses static-RAM (SRAM) cells to generate completely random states, and hence produces a high degree of entropy. How much entropy? Over 9000 bits. Of course, all of this is for naught if your printer stores a copy of what gets printed; choose a cheap printer (one you’re sure doesn’t store data), instead of a networked office printer to print your private keys.


Dmitry also gave us an update on the Mycelium Bitcoin wallet, which just received a 2.0 upgrade. The most notable new feature is Heirarchical Deterministic (BIP0032) address generation, a feature that improves anonymity and security by generating a new public address for each transaction; it also makes wallet backups a lot easier than with the previous version.


One of the features that has been retained in the wallet app, fortunately, is LocalTrader, a localbitcoins-like feature that connects buyers and sellers directly. Despite the impressive potential here, Dmitry mentioned that it hasn’t seen as much usage as he and the team would like. At the moment, LocalTrader charges a 0.2% fee per transaction, but Dmitry says that Mycelium is looking into lowering transaction fees in the near future, based on feedback from clients; hopefully that will help increase adoption.


Dmitry also touched on developments regarding the highly anticipated Bitcoincard. This type of “debit card” system is the cornerstone of the Mycelium project. This was the first project that the Mycelium team started working on, but their other projects jumped the queue and have been released before this one. Part of reason for the the delay, according to Dmitry, is that this card is “a technology ahead of its time.” He explained that this sort of innovation is very difficult in terms of development.


The goal of the card is to be a wireless and self-sustainable “stand-alone device that acts as an electronic wallet” without need for an immediate internet connection. When it’s released, each card will have a range of 300 metres and can be used as part of a “mesh” network, enabling users to sign and send bitcoin transactions without being directly connected to the internet. Aside from acting as a hardware wallet, this card should make using bitcoin possible anywhere on the planet and under any political or technical situation (such as in cases where there is physically no internet access or access has been blocked by a government regime). No projected price range for the cards was given, but it is expected to be quite low to allow for reasonably widespread adoption.


On the software side, we’ll also start to see many new features in future releases, including CoinJoin support, a plan to move the transaction broadcast servers to Tor, multi-sig options in the app, and 2-factor authentication. Their focus, quite clearly, is security and privacy — something we all welcome.

Highlights from the Ethereum Update

Excitement over the Ethereum project continues to grow. Speaking in front of a packed room at the Toronto Decentral meet-up, Paul Paschos delivered the latest news from the team.


According to Paschos, the projected launch date for Ethereum is still on track for this winter: between December 21st, 2014 and March 21st, 2015. Here are some of the other highlights:


  1. A new, more navigable, user-friendly website has been launched for developers, containing a wealth of resources including tutorials, videos, and articles.
  2. Both Gavin Wood (ÐΞV) and Vitalik Buterin (Ethereum inventor) have emphasized that the project will not release the genesis block until they (and many others) are satisfied with the project’s security and reliability. “We will likely stick with ASIC-resistant proof of work…and look at moving to a more comprehensive proof of stake model over time.”
  3. So far:
    • PoC7 released
    • Protocol finalized and frozen
    • Alpha release series set to begin
    • Internal and External Security Audit set to begin in early December
    • Whisper, Solidity, Mist and other core Dapps are all being developed concurrently.
  4. Included at this point:
    • Ethereum Client (Basic contract development environment)
    • Mist – the Ethereum browser, based on Google’s Chromium browser
    • Several other core Dapps
    • Command-line tools (Paschos showed us what some of these would look like thus far)

Paul Paschos invited everyone to get involved in the project and stay on top of new developments through social media (r/ethereum, #ethereum, and #ethereum-dev) and by joining the Toronto Ethereum Meet-up Group (


For a better sense of all the exciting developments, watch the original presentation here: (

This Week’s Guest Speaker: Andreas Antonopoulos

Wed. Oct 29, 2014. 7pm

This week we are very excited to announce that Andreas Antonopoulos will join us via Skype. Andreas Antonopoulos is a public speaker, author, coder, entrepreneur, and one of the most prominent and well-respected figures in bitcoin. Of special note he recently appeared in front of the Canadian Senate and gave an exceptionally articulate and knowledgeable speech advocating for Canadian legislators “to resist the temptation to apply centralized solutions to this decentralized network,” and instead look into adopting decentralized regulatory tools like decentralized audits and algorithmic proof-of-reserves.


He is also the author of “Mastering Bitcoin”, currently available on github, and soon to be published in print by O’Reilly Publications.


Space for this event is limited to 50 people.

Andreas Antonopoulos on the Canadian Senate Hearings and Mastering Bitcoin

By 6:00 pm on Wednesday night, a small crowd had begun to gather on the front steps of 64 Spadina, as excitement built in anticipation of Andreas Antonopoulos’s Skype address. By the time the highly-respected bitcoin guru and advocate began speaking, the crowd had filled every one of the 40+ chairs and taken over most of the standing room along the perimeter. Another 80+ watched the feed online.
Host and moderator, Anthony Di Iorio, encouraged general participation in the Q&A, in keeping with the decentralized theme of the evening. He initiated the discussion by asking Antonopoulos about his recent address to the Canadian Senate Committee on Business, Trade and Commerce and how he prepared for the event.
Antonopoulos said that the Senate approached him to speak in the same way that anyone else would: through a link on his website that fields requests for speaking engagements. So he looked into the previous senate hearings on the topic, and was encouraged to see that they seemed to have a fairly “open-minded” attitude. Then, in true grassroots style, Antonopoulos took to social media to ask the Canadian bitcoin community if they thought he ought to go. “The overwhelming respsonse was yes!” he said.
<img src=”” width=”500″ />
As for preparation, Antonopoulos pointed out that his years of doing meet-ups and Q&As in front of community groups, bankers, developers, and newcomers to the bitcoin space had served as “continuous preparation” for addressing the Senate. None of their questions were surprising — he’d heard them all before.
As for follow-up from the event, he laughed about having to submit his expenses by fax (!) and then having to wait for someone in Ottawa to send him a paper cheque via snail mail so that he could deposit it in “an esteemed banking institution” where it would languish for 3-5 business days — thus poetically demonstrating the superiority of bitcoin as a payment system.
However, Antonopoulos later reminded the audience that because of infrastructure limitations, bitcoin isn’t ready to serve everyone around the world. This is especially true of developing countries where the disenfranchisement of the unbanked is most keenly felt. In order for a community to participate fully, it needs a decent infrastructure, as well as a certain level of economic and financial literacy. In turn, bitcoin technology itself needs to become less technologically complicated, perhaps following the mPesa model.
Antonopoulos described the way forward for bitcoin adoption as a continuous feedback loop. “We need to downtech bitcoin at the same time as these [developing] communities uptech.”
While Antonopoulos is now known as the fellow who “wrote the book on Bitcoin,” (literally — Mastering Bitcoin will be in stores in January 2015), his focus for the future seems to be shifting to accessibility and promoting educational opportunities around digital currencies. He spoke of the need to integrate cryptocurrency technology and coding into post-secondary and advanced degree programmes — even into high school curriculae. Some of his future projects might include working with the boards of educational organizations and curriculum developers. He was excited about the work of C4 — the CryptoCurrency Certification Consortium with its mandate to provide guided education and continuous learning for aspiring cryptocurrency professionals. A repeated motif throughout the evening focussed on the importance of “investing in skills to develop for the future.”
“The most important investment you can make in digital currencies and decentralized currencies…is a skills investment, and that investment will generate a significant return on investment for many years to come.”
He added that “any time spent on developing skills is an investment” since no matter what turns the technology takes down the road, those skills will be universally applicable.
When asked earlier about the lack of developers in the space, Antonopoulos had stressed that those who develop these skills, especially new tech developers and engineers, will find themselves in high demand as start-up companies expand, creating more and more job growth opportunities.
The event concluded on a high note of optimism which continued in various conversations among meet-up guests who mingled and networked late into the evening.
If you want to attend one of Decentral’s future meet-up dates, please be sure to join the Bitcoin Decentral Meet-up group and reserve your spot, due to their increasing popularity.

Michael Perklin: All about security

In 2010, Michael Perklin was a digital forensic investigator who focused his efforts on computer security and security theory. He first came across the term “Bitcoin” on a security mailing list. It was being touted as a “totally secure digital money system.”


“I scoffed at it,” says Perklin. As a graduate of Sheridan College with a Bachelor’s Degree in Information Sciences (BaISc) and a Masters degree in Information Assurance (MSIA), he and his classmates had toyed around with notions of digital currencies and decide that they weren’t feasible because a central ledger was always required.


“So I set out to prove how stupid it [the Bitcoin protocol] was.” At that point, bitcoins were selling for around $1.00. He spent the next few months reading everything he could about Bitcoin, and trying to find ways of discrediting it, drawing on his background in classical security. Over the course of that one long winter, he exhausted as many strategies – covering all seven classes of attacks – as he could.


Perklin’s conclusion: “I went from thinking it was the stupidest thing I’d ever heard to thinking it was the most brilliant thing I’d ever heard.” In the meantime, the price of one bitcoin had gone up to $4.00.


As Bitcoin research started to consume all his off-hours after work, he began reaching out to the local bitcoin community and attended an early Toronto Bitcoin meet-up with his friend and colleague, Josh McDougall. Their first meet-up featured Peter Todd as a guest speaker who spoke about off-chain transactions: Perklin and McDougall peppered him with questions, challenging his points throughout the presentation. At the end of the session, meet-up organizer Anthony Di Iorio approached Perklin with a proposition.


“Anthony thought I made some good points and got the impression I knew what I was talking about. He told me about the new Bitcoin Alliance of Canada that was in the works — maybe I should run for a board member position.” Eventually, in June of 2013, Perklin was indeed elected as one of seven inaugural Alliance board members.


By that point, Perklin had begun to combine his two specialized areas of interest — Bitcoin and cybersecurity — and started up Bitcoinsultants in 2012. The company draws on the talents of a pool of professionals, including developers, cryptographers, source-code auditors, and penetration testers who are well-acquainted with the nuances of cryptocurrencies and their cybersecurity needs.


The company offers tech advice and consultation for companies who want their developers to integrate Bitcoin into their current ways of doing business. “People who know Bitcoin don’t always know classical security,” says Perklin. They may know that they want to integrate Bitcoin into their general payment processes, but they might not have considered storage options once they’ve collected the payments, for example. Bitcoinsultants can help companies create all the necessary related policies and procedures surrounding these integration issues.


They also offer investigative services, law enforcement support, and government/regulatory advice. Perklin himself is a popular and well-respected speaker on all things Bitcoin. He has spoken at conferences and information seminars, educating “anybody who needs to understand what [Bitcoin] is and how it works.” In October of 2014, he was one of three representatives who spoke before the Canadian Senate on behalf of the cryptocurrency community in Canada.


What began with Perklin approaching various exchanges and offering his services, has now grown to a business with a sterling reputation. It works with a number of gambling websites, but also counts CaVirtex and Ethereum among its most prestigious clients. Bitcoinsultants has operated out of the Decentral co-work space in Toronto since it opened in January 2014.

How Dell, Expedia and Others Accept Bitcoin Payments

Dell recently announced that they are accepting Bitcoin as a means of payment. Expedia announced last month they’ll start rolling out Bitcoin payments for their services. How are these companies implementing Bitcoin payments online?


Dell and Expedia use Coinbase is a popular US service for buying, selling and storing Bitcoins (they’re an exchange and offer a wallet). Unfortunately Coinbase is not available for Canadian customers.


NewEgg and TigerDirect (online electronics stores) use BitPay is targetted at developers rather than business people. BitPay is like Stripe for Bitcoin. BitPay can be used by Canadian businesses.


The three main Canadian exchanges have their own merchant integration services (with varying ease of use):


CaVirtEx (the largest exchange in Canada)

QuadrigaCX (here’s a video aimed at merchants that they published today:

Vault of Satoshi (the most complicated API)

Stripe, a popular credit card payment integration service, has announced that they will soon offer a Bitcoin payment method but it’s currently in beta.


Screenshot of Coinbase merchant landing page.

Buying Bitcoin at Decentral

At Decentral we have a convenient bitcoin teller machine that makes purchasing bitcoin easy. To use the machine at our location, simply follow these steps:


  1. Click ”Start” on the main screen when you are ready to begin. The price per bitcoin displayed at this point will be your purchase price. Note, of course, that you can always buy fractions of a bitcoin, but the minimum amount per transaction is $5 Canadian.
    Enter your phone number and then the verification code that you receive by SMS message.
  2. Choose “Buy Bitcoin”
  3. Next, choose “Yes” if you already have a bitcoin wallet. Choose “No” if you would like the machine to print a paper wallet.
  4. Place the QR code for your wallet’s public receive address in the scanner; it’s the top-right horizontal slot.
  5. Start inserting your Canadian cash into the bill acceptor, which will have a green light activated to indicate that it is ready.
  6. After you’ve inserted your individual bills, click “I’m Done” to complete the transaction.
  7. Congratulations, you now have bitcoin! A confirmation of the transaction will be sent via SMS to your phone. You can also print a paper receipt for your records.
    Note that the machine will read only the QR code for your public bitcoin address; you cannot type the address in manually. Fortunately, all bitcoin wallet systems on your phone or computer are able to display a QR code for the wallet’s public receive address.


If you have any questions about the process, please come by Decentral and we’ll help you get started. 64 Spadina Ave. Toronto, ON. Canada.

What You Need to Know About the New Canadian “Bitcoin Law”

This post was written by Addison Cameron-Huff, a tech lawyer who works for Decentral. Addison is a lawyer but he is not your lawyer. You should seek legal advice before acting on any of the legal information presented in this article.


What’s Happened?

A Canadian federal law affecting Bitcoin passed last Thursday. Bill C-31, an omnibus budget act, contains provisions that will eventually bring certain Bitcoin businesses into Canada’s anti-money laundering regime. The new rules are not in effect yet.


Who Will Be Affected?

In short: anyone engaged in the business of buying or selling of virtual currencies and who has Canadian customers.


Any person or business who “ha[s] a place of business in Canada and that [is] engaged in the business of providing … the following [service]: … dealing in virtual currencies”.


Also affected: any person or business who “do[es] not have a place of business in Canada, that [is] engaged in the business of providing at least one of the following services that is directed at persons or entities in Canada, and that provide those services to their customers in Canada: … dealing in virtual currencies.”


Citations for above: Bill C-31, s. 256(2): (pgs. 164-165).


What is “Dealing”?

Dealing isn’t defined in the act but generally means buying or selling. Coupled with the requirement that someone be “in the business of”, it’s likely that this law won’t affect people buying or selling for personal use or merchants using Bitcoin.


The law can be expected to be similar to how car dealing works: selling your own car doesn’t require a license but running a car dealership does.

What is “Virtual Currency”?

The new law doesn’t define “virtual currency”. The definition will be in the regulations that will eventually be passed (see below).


What Will the Rules Be?

Anyone covered by the new rules will have to register as a “Money Services Business” (MSB) and comply with the anti-money laundering regime (please see previous Decentral blog posts).


Probably the most significant MSB rule is that companies may only do business in amounts up to a certain threshold before requiring that customers provide identification. The threshold will likely be either $1000 (current MSB rules for the money transmission/remittance category) or $3000 (foreign exchange category).


The exact rules won’t be known until the corresponding regulations are published (here). The final rules will probably be preceded by a notice of proposed regulation posted in Part I of the Canada Gazette.


When Will the New Rules Take Effect?

The new rules won’t take effect until the government declares them in effect.


Section 298(3) of the law states that s. 256(2) (the key Bitcoin-regulating part of the law) will “come into force” (become a law people are required to follow) “on a date to be fixed by Order of the Governor in Council”.


What is an Order in Council? An Order in Council is one of the pathways by which laws can come into force. They are published on the Orders in Council site (hard to navigate/monitor) and in the Canada Gazette Part II (easier to monitor, it’ll be published as a “Statutory Instrument” [e.g. “SI/2014-XXX”]). The only way to know that an order has been published is to check every day and see if something’s been published.


What Should Bitcoin Businesses Do?

Find a lawyer and attempt to understand how money laundering rules apply to your business and what the registration/compliance steps are.


FINTRAC (the regulatory agency for anti-money laundering) offers some guidance for money services businesses on its website:


Registering as an MSB is free and quite straightforward. Compliance is complicated and will likely affect involve hiring a lawyer.


What’s Going to Happen?

  1. Canadians may be banned from some online virtual currency services. Although Canada is a base for many Bitcoin businesses, Canadians are a small market. The money laundering rules have such severe penalties that probably services will just not allow registration by Canadians rather than attempt to comply.
  2. Some Bitcoin businesses may have business models that aren’t compatible with the new regulatory regime. They’ll have to adapt their model to the new environment.
  3. Small businesses may not be able to afford the compliance costs. This may lead to consolidation in the industry.
  4. The new regulatory regime may provide a big boost to the Canadian Bitcoin industry. Canada will soon have the world’s first nationally regulated virtual currency industry.


Photo by @spettacolopuro.

Decentralized Bitcoin Exchanges: A Solution with Three Big Challenges

The author, Addison Cameron-Huff, is a lawyer who serves as part-time in-house counsel for Decentral. Decentral is Canada’s main decentralized application business development centre.


Bitcoin Exchanges

Bitcoin exchanges are businesses that connect buyers and sellers of Bitcoin to each other and the banking system. Exchanges pose three problems:

  1. they sometimes go out of business and lose everyone’s money + bitcoins (“counterparty risk”); and,
  2. they are easy targets for regulation that can be easily and suddenly shut down by authorities (they are “centralized”); and,
  3. they have a limited number of options for accepting payment (e.g. a US exchange is unlikely to support M-Pesa transfers).

Decentralized Exchanges: Solution?

Many cryptocurrency enthusiasts think decentralized exchanges are the solution to the problems that Bitcoin exchanges currently pose.


A decentralized exchange is an exchange that uses peer-to-peer (P2P) networking technology to enable users to directly trade with each other. Although a regular Bitcoin exchange allows users to trade with each other they can only do so with the exchange as an intermediary.


When thinking about the difference between a decentralized exchange and today’s exchanges, it’s helpful to think about the difference between Napster and BitTorrent. Napster worked by having a central server that every user’s computer checked in order to see what files were available to download from other users. Napster was shut down in 2001 by a court order that forced them to turn off the central servers. BitTorrent can’t be shut down because users connect directly to each other and not through an intermediate central server.


A decentralized Bitcoin exchange would solve problem #2 (see above) because there wouldn’t be a central server. Problem #1 would be solved with respect to the exchange itself but a decentralized exchange would (depending on how it works) probably introduce a new form of counterparty risk: the risk of dealing with other users. Problem #3 would probably also be solved because users could find the payment methods that work for them in their jurisdiction.


At a high level it would appear that decentralized exchanges are the solution to the problems identified at the beginning of this post but the devil is in the details. The devil lies especially in the details of how a decentralized exchange would handle the interface between “fiat” currency (e.g. Canadian dollars) and Bitcoin.


Canadian Dollars to Bitcoin

A hypothetical decentralized Bitcoin exchange would probably operate along these lines for a $ to BTC transaction:

  1. Alice and Bob agree on price and quantity (e.g. $3000 for 2 bitcoins) through the decentralized order matching system
  2. Alice sends $3000 to Bob
  3. Alice sends a message indicating payment sent
  4. Bob receives $3000
  5. Bob sends a message indicating payment received
  6. Bob sends 2 bitcoins to Alice
  7. Bob sends a message indicating the bitcoins have been sent
  8. The system marks the transaction as complete


The steps above pose at least three big challenges:

  1. What does step #2 mean? How will Alice send the money to Bob? Will the decentralized exchange interface with the thousands of payment systems around the world?
  2. How can Bob be sure that the money he receives in step #4 won’t be taken back by Alice after step #8? If Alice uses a payment method like a credit card then Alice can later reverse the transaction and potentially get back her money and keep the bitcoins. There are very few methods of payment that can’t be reversed.
  3. How will disputes be handled? What if Alice didn’t actually send the money? What if Bob doesn’t send the bitcoins? How can Alice prove she sent the payment? What if Alice backs out of the transaction before sending payment? Who will be responsible for offline enforcement?


Flickr photo shown on laptop is by @jalavega

Located in the heart of downtown Toronto, we are the innovation hub for decentralized and blockchain technologies.