Skip to content
Square's Bitcoin Cold Storage solution.
Branch: master
Clone or download
mbyczkowski Merge pull request #81 from square/bump-jinja2
Address CVE-2019-10906 in Jinja2
Latest commit 932aed6 Apr 15, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
core Merge pull request #78 from square/alok/unsigned Apr 5, 2019
docs Address CVE-2019-10906 in Jinja2 Apr 15, 2019
dvd_label [dvd_label] Use Go modules instead of Glide Feb 25, 2019
java Add endpoint to derive addresses Mar 11, 2019
live-usb-creator s/plutus/subzero Mar 9, 2019
.gitmodules fix submodule Feb 12, 2019
.travis.yml Subzero open source! Oct 22, 2018 Subzero open source! Oct 22, 2018
LICENSE logo stuff Nov 20, 2018
logo.png logo stuff Nov 20, 2018
logo_alternate_1.png logo stuff Nov 20, 2018

HSM Cold Storage

For security, Square stores a reserve of Bitcoins in an offline setting. By having these funds offline, we reduce attack surface and risk of theft.

Square's solution is unique, specifically, we leverage FIPS certified Hardware Security Modules (HSMs) to protect the private key material. We decided to use such HSMs because we already own, operate, and trust these devices for other payment-related needs.

Funds can be sent from online systems to the cold storage at any time. Moving funds out of cold storage requires a multi-party signing ceremony. In addition, the offline HSMs are able to enforce business logic rules, for instance we only allow sending funds to Square-owned addresses. Such a scheme is usually called defense in depth or an onion model. We maintain the online/offline isolation by importing transaction metadata and exporting signatures using QR codes.

HSMs have the ability to share key material. This enables the ability to store our backups in encrypted form and restore a wallet at any location.

This repo contains our design documents as well as specific technical information. We are sharing our source code, with the caveat that the code is currently only useful if you have the exact same hardware setup. We are willing to make the code more modular over time, as long as the broader community shows interest to implement support for additional hardware vendors.

See also Open Sourcing Subzero (blog post)



Copyright 2018 Square, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.
You can’t perform that action at this time.