The CryptoCurrency Certification Consortium (C4) has developed a set of rules to assign bitcoin companies different levels of security.
A new proposal has been submitted for public discussion on February 11th, 2015, at the DevCore, Boston. Stating that “security has been a long-standing issue within our community” and citing such examples as Mt. Gox and Bitstamp, C4 presented a new set of security standards for the bitcoin community elaborated with the help of the bitcoin security platform BitGo. The idea is to have a point of reference that would classify a bitcoin company as satisfying the requirements of one of the three security levels.
The cryptocurrency security standards (CCSS) include ten different aspects: Key/Seed Generation, Wallet Creation, Key Storage, Key Usage, Key Compromise Policy, Keyholder Grant/Revoke Policies & Procedures, Third-Party Security Audits, Data Sanitization Policy, Proof of Reserve, Audit Logs. The security requirements for each of the three levels are detailed in relation to every aspect.
For instance, to satisfy Level 1 standards for Wallet Creation, a company should create unique wallets for every transaction. Level 2 requires multi-sig wallets with redundant keys stored in different locations. To classify as Level 3, the keys must be stored by different organizations.
Another example is the Proof of Reserve. Level 1 requires an independent audit proving that the company holds sufficient funds to eliminate the risk of fund loss were all users to make simultaneous withdrawals. To get to Level 2, a company needs to conduct regular audits. Finally, Level 3 requires no audit because the company uses an open ledger allowing anyone to conduct an audit independently.
According to C4, these security standards will “benefit everyone”. When they are implemented, established organizations should be more willing to join the bitcoin space, insurance companies will have a tool to verify risk levels, and investors will be able to understand how ready and mature a given bitcoin project is. Michael Perklin, one of the leaders of C4, doubts whether governments are ready to regulate bitcoin because they still have much to learn about cryptocurrencies. According to him, the bitcoin community must learn to regulate itself.
Currently, the company is waiting for feedback from bitcoin companies all over the world to modify its proposal.
C4 is a non-commercial organization led by four Canada-based cryptocurrency developers: Michael Perklin of Bitcoinsultants, Vitalik Buterin of Ethereum, Russell Verbeeten of CryptAcademy, and Joshua McDougall of Coindroids. They have previously created a set of exams to validate bitcoin knowledge and assign the status of a Certified Bitcoin Professional. The initiative has been praised by some members of bitcoin community, notably Andreas Antonopoulos who was one of the first to pass the test to show his support of the idea.