Athena Bitcoin Wallet Technical
No, neither Athena Bitcoin Wallet nor any third party can access the private keys, or even the public addresses and transactional meta data of any users. Private and public keys are generated on the user’s device and encrypted using THEIR login/password (Athena Bitcoin Wallet has no ability to decrypt the data). The encrypted data is then stored on their device and backed up to peer-to-peer cloud servers with a very high level of redundancy. User’s can access their funds from any compatible iPhone or Android device using the Athena Bitcoin Wallet mobile app and the same login & password.
2-Factor Authentication (2FA) is a key security feature for online accounts that has been largely neglected due to the difficulty and tedious nature of its operation. 2FA refers to the two factors required to authenticate with an online service. One factor is typically something a user knows, such as a login and password. A second factor is something a user has, such as a mobile device with an app such as Google Authenticator or Authy. This second factor prevents unauthorized access to an account by an attacker that has the correct username and password, but does not have the user’s device.
We’ve accomplished this simplicity by basically merging the functionality of Google Authenticator into Athena Bitcoin Wallet. Upon enabling 2FA, the Athena Bitcoin Wallet app will share a random token with the Athena Bitcoin Wallet servers. Instead of copy and pasting a 6 digit PIN every time you want to login, Athena Bitcoin Wallet will simply generate a one time use password from the shared token, and send it with each server interaction. This effectively ties your account to your current device.
Should the user lose their device, they can still attempt a login using another device and request a 2FA reset. The reset will require 7 days, during which, a notification will be sent to the device of the user to prevent a fraudulent reset. This leaves one question, why aren’t you using two factor authentication for all of your online services?
To retrieve your private key you will first need to get the Wallet Private Seed. After retrieving the Wallet Private Seed, you can enter that into https://Athena Bitcoin Wallet.co/recovery/ to get your private key.
To retrieve your Wallet Private Seed and Private Key follow these steps:
Log into your Athena Bitcoin Wallet account
Go to your Wallets Screen
On the top right, tap the 3 dots
Tap Wallet Private Seed (advanced)
Enter your password and then you will be able to Print, Save to SD Card, and/or View it
Go to https://Athena Bitcoin Wallet.co/recovery/
Enter your Wallet Private Seed
A list of all your public addresses, private keys, and balances will be displayed
You will be able to sweep any of the addresses that has funds on them
In the event that a user needs to recover funds from his or her Athena Bitcoin Wallet wallet, the user can recover the funds by entering the the Wallet Private Seed here: https://Athena Bitcoin Wallet.co/recovery/
Mining fees have historically been determined by the amount of traffic on the network. These fees can change depending on how much volume the network is experiencing and the exchange rate. As they change so do the recommended fees set by our app. Our app determines the recommended mining fee by looking at multiple factors to reduce the cost to the user.
The app’s recommended fee is dynamic, based on the network’s recommended fee, and factoring the amount of bitcoin the user wants to send.
Since bitcoin transaction fees are a based on the size of the transaction in bytes of data, the primary fee calculation that needs to be made is to determine the fee per byte, usually expressed as satoshis per byte.
We start by querying several public bitcoin nodes and retrieving their estimated fee/byte for getting a confirmation. The nodes return estimated fee amounts based on the number of blocks for a confirmation. We record the amounts for confirmation in 1 through 7 blocks. Fees are higher for confirmation in 1 block vs 7 blocks with ranging fees in between.
Athena Bitcoin Wallet defaults to a “Standard” fee setting which targets a confirmation between 2 to 5 blocks. The wallet chooses between the 2 through 5 block fee estimate based on the amount of bitcoin the user is trying to send. Higher amounts will send fees closer to the 2 block estimate, smaller amounts will send fees closer to the 5 block estimate. This is an attempt at lowering fees for smaller value transactions. As of this writing (2017-03-14) the current network fee estimates were as follows:
1 block -> 240 sat / byte
2 block -> 220 sat / byte
3 block -> 200 sat / byte
4 block -> 180 sat / byte
5 block -> 163 sat / byte
6 block -> 163 sat / byte
7 block -> 148 sat / byte
To determine the fee estimate for the Standard setting, we start by taking the amount the user wants to spend in satoshis and multiply it by .001%. The value is then restricted between the parameters of the estimated fee for 2 blocks and 5 blocks.
For example, if a user wanted to send 0.25 BTC = 25,000,000 satoshi * .001% = 250
250 is greater than the 2 block fee estimate of 220 sat/byte so 220 sat/byte is used.
If a user wanted to send 0.17 BTC = 17,000,000 satoshi * .001% = 170
170 is in between the 2 block estimate of 220 sat/byte and the 5 block estimate of 162 sat/byte so 170 sat/byte is used
If the user sets a “High” fee settings, Athena Bitcoin Wallet will use the 1 block fee estimate. If the user sets a “Low” fee settings, Athena Bitcoin Wallet will use the 7 block fee estimate.
The final fee is calculated by multiplying the size of the transaction in bytes by the fee estimate. Most transactions are approximately 230 bytes so given a fee estimate of 170 sat/byte, the final fee would be 39100 sat = 0.391 mBits = .000391 BTC or approximately $0.50 at an exchange rate of $1250/BTC. Note that many transactions may end up being much larger than 230 bytes. See this FAQ for details
The Athena Bitcoin Wallet mobile wallet is something known as an HD(Hierarchical Deterministic) wallet. This means we switch up receiving addresses for you every time you want to receive some bitcoin. Imagine having an unlimited number of email addresses that all go to you. This helps protect your privacy which we take very seriously.
And yes, you can reuse addresses an unlimited number of times but by default they will automatically change after each use.
No! Our 2FA is different than others and more secure in that it makes it such that only that specific device can login into that account and no other device can log into your account even if the username and password is compromised.
Athena Bitcoin Wallet uses AES256 for encryption and the keys are generated from the user’s login + password. The login & password are combined then hashed using Scrypt with a minimum set of (N,r,p) parameters of (16384,1,1) which is many orders of magnitude stronger than most other wallets, especially web wallets which typically only use a SHA hash with a few thousand rounds. Scrypt is way more memory and CPU intensive per round.
The minimum parameters of (16384,8,1) are only on slow iPhone 4 or old Android devices. On faster phones the parameters can go as high as (128000,8,1) which are extremely difficult to brute force.
Also note that no Scrypt ASIC miners can hash Athena Bitcoin Wallet passwords as ASIC miners only use parameters (1024,1,1).
Random number generation is a critical aspect to cryptography, and Athena Bitcoin Wallet utilizes several sources of entropy to provide randomness. First is the operating system random number generator. Athena Bitcoin Wallet calls directly into the core of the OS, bypassing potential issues with libraries such as those present in an earlier version of the Java library. Entropy is also added from various system sources such as free memory, time/date, and file system info. This combination protects from a compromise of any one of the entropy sources.
Users’ private keys are created and stored on the users’ local device, encrypted at all times. Upon account and wallet creation, private keys are encrypted and backed up to our peer-to-peer, high redundancy backup servers. The location of the encrypted data for any specific account is only known by the client application on the user’s device. Not even Athena Bitcoin Wallet can determine the exact file storage of any specific user’s data.
Yes. Athena Bitcoin Wallet believes in complete transparency and our source code is open for use and review by anyone.
You can find it here on github.com/airbitz/
Athena Bitcoin Wallet uses a modified BSD license which freely permits viewing and usage of the source code but requires permission to use modified code.
Athena Bitcoin Wallet made a conscious decision to restrict our wallet to native mobile applications. Website infrastructures are notoriously difficult to secure as there are many different attack vectors allowing hackers access to users’ credentials.
These include but are not limited to:
* Fake URL phishing attacks
* Man-in-the-middle attacks
* Rogue browser plug-ins
* Keyboard or screen loggers
Note that with the exception of keyboard or screen loggers, Athena Bitcoin Wallet is not susceptible to any of the above attacks. Fully compromised Airbitz servers or even the network around a user’s device does NOT give an attacker any access to user data or funds. We have carefully designed the client-server architecture with this in mind as we know Bitcoin security is a paramount concern and is critical in achieving mass adoption.