Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 68562C002D for ; Mon, 9 Jan 2023 16:06:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 41FD3410BB for ; Mon, 9 Jan 2023 16:06:41 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 41FD3410BB Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=BU6EoGZq X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FR3ZyN5iEJgs for ; Mon, 9 Jan 2023 16:06:39 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C3C3C410A3 Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com [IPv6:2607:f8b0:4864:20::330]) by smtp4.osuosl.org (Postfix) with ESMTPS id C3C3C410A3 for ; Mon, 9 Jan 2023 16:06:39 +0000 (UTC) Received: by mail-ot1-x330.google.com with SMTP id v15-20020a9d69cf000000b006709b5a534aso5398718oto.11 for ; Mon, 09 Jan 2023 08:06:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=bFdIiMJqMuMuw2GoZnwrPl/6uLoaQ4bNyd6x69/4VnU=; b=BU6EoGZqc1bGPcPrBrm+1oyFQ0aizVe2IYBWozndGYKbZ2pyYLaABy7bCKOB6TJaQs 63W/zCVSTixtFXI+pJObu0BCObYQbEUkg93gKsDhZtEoAYiHmO1A4FNK3lTapRM91EoF PouPW+inbekSdyC28SBivIBS1Yn5KBb55jkz7EL2v6PzsF7POSlV1XTzxgDy1QQabZTU EeSNeFBVDuHK6rpk4s08Wtw9mw2GsuTkNnNqxtFbv6JBz5DIs0AUf3ztbtTXV0M3QbA2 GvTBpyxFKDxNCue8WGbAM6y52MmQM3C3/yI6V/bWi/GK6qOc6hbfamZUtM51Zp05lTYt tlBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=bFdIiMJqMuMuw2GoZnwrPl/6uLoaQ4bNyd6x69/4VnU=; b=KTPBytgHnXFqwTa5c1L+ROiXDL4p0GYcDD8Vz6ZT8SmXiQ+5+1s4BOwyRmCh+WTUIp 0ZJq12ZJBBhY9kRbMJVX/qKElVqbpDs0pkSYvToqzIi0VOU/z+DRUkECUD27Qa7HF/W5 hBq9j5lNx6pi28gPTKSecckxucu4kGpGc/lSoWN0NtvJMjk86v48aq55taAHIQAEivnZ i4IV9TXYCn4HFgmKcQgY2r0yuyfG75XlOTWztOj/aPrkxo7mhh5FouJSLPuiWDLpCfxV ZCpgez5LnMftDp5PHZfTxK0aBQ0dFVUYyICqOCgMAzzyMovNU0Qoz9goLn/87YkHBava Y5PQ== X-Gm-Message-State: AFqh2kreCKAfvAhEf3YUtkDbG9/LcHAfU7h9bQrbX/1Kf4TgMwgwkyHY raOWqKFLMu6RktgGfLTNQsWKN9i4q3tFS/WwkQEZCOJ+Nx4= X-Google-Smtp-Source: AMrXdXtpd/vJOBhgfbO0kckyoPg7FIcwf81K/1CYxvenGI9mUZWGFT7EvXr9rK3CSHS6G6f6Eaxl3DL/6z0O9FJOM7g= X-Received: by 2002:a9d:6a48:0:b0:678:23c0:5f3e with SMTP id h8-20020a9d6a48000000b0067823c05f3emr4128994otn.347.1673280398235; Mon, 09 Jan 2023 08:06:38 -0800 (PST) MIME-Version: 1.0 From: "James O'Beirne" Date: Mon, 9 Jan 2023 11:07:54 -0500 Message-ID: To: Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000bf1ab505f1d6f320" Subject: [bitcoin-dev] OP_VAULT: a new vault proposal X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2023 16:06:41 -0000 --000000000000bf1ab505f1d6f320 Content-Type: text/plain; charset="UTF-8" For the last few years, I've been interested in vaults as a way to substantially derisk custodying Bitcoin, both at personal and commercial scales. Instead of abating with familiarity, as enthusiasm sometimes does, my conviction that vaults are an almost necessary part of bitcoin's viability has only grown over the years. Since people first started discussing vaults, it's been pretty clear that some kind of covenant-enabling consensus functionality is necessary to provide the feature set necessary to make vault use practical. Earlier last year I experimented with using OP_CTV[1], a limited covenant mechanism, to implement a "minimum-viable" vault design. I found that the inherent limitations of a precomputed covenant scheme left the resulting vault implementation wanting, even though it was an improvement over existing strategies that rely on presigned transactions and (hopefully) ephemeral keys. But I also found proposed "general" covenant schemes to be unsuitable for this use. The bloated scriptPubKeys, both in size and complexity, that would result when implementing something like a vault weren't encouraging. Also importantly, the social-consensus quagmire regarding which covenant proposal to actually deploy feels at times intractable. As a result, I wanted to explore a middle way: a design solely concerned with making the best vault use possible, with covenant functionality as a secondary consideration. In other words, a proposal that would deliver the safety benefits of vaults to users without getting hung up on trying to solve the general problem of covenants. At first this design, OP_VAULT, was just sort of a pipe dream. But as I did more thinking (and eventually implementing) I became more convinced that, even if it isn't considered for soft-fork, it is a worthwhile device to serve as a standard benchmark against which other proposals might be judged. I wrote a paper that summarizes my findings and the resulting proposal: https://jameso.be/vaults.pdf along with an accompanying draft implementation: https://github.com/bitcoin/bitcoin/pull/26857 I might work on a BIP if there's interest. James [1]: https://github.com/jamesob/simple-ctv-vault --000000000000bf1ab505f1d6f320 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
For the last few years, I've been interested in vaults= as a way to
substantially derisk custodying Bitcoin, both at personal a= nd commercial
scales. Instead of abating with familiarity, as enthusiasm= sometimes
does, my conviction that vaults are an almost necessary part = of bitcoin's
viability has only grown over the years.

Since p= eople first started discussing vaults, it's been pretty clear that
s= ome kind of covenant-enabling consensus functionality is necessary to
pr= ovide the feature set necessary to make vault use practical.

Earlier= last year I experimented with using OP_CTV[1], a limited covenant
mecha= nism, to implement a "minimum-viable" vault design. I found that = the
inherent limitations of a precomputed covenant scheme left the resul= ting
vault implementation wanting, even though it was an improvement ove= r
existing strategies that rely on presigned transactions and (hopefully= )
ephemeral keys.

But I also found proposed "general" c= ovenant schemes to be
unsuitable for this use. The bloated scriptPubKeys= , both in size and
complexity, that would result when implementing somet= hing like a vault
weren't encouraging. Also importantly, the social-= consensus quagmire
regarding which covenant proposal to actually deploy = feels at times
intractable.

As a result, I wanted to explore a mi= ddle way: a design solely concerned
with making the best vault use possi= ble, with covenant functionality as a
secondary consideration. In other = words, a proposal that would deliver
the safety benefits of vaults to us= ers without getting hung up on
trying to solve the general problem of co= venants.

At first this design, OP_VAULT, was just sort of a pipe dre= am. But as I
did more thinking (and eventually implementing) I became mo= re convinced
that, even if it isn't considered for soft-fork, it is = a worthwhile
device to serve as a standard benchmark against which other= proposals
might be judged.

I wrote a paper that summarizes my fi= ndings and the resulting proposal:
https://jameso.be/vaults.pdf

along with an accompanying draf= t implementation:
https://github.com/bitcoin/bitcoin/pull/26857

I might work o= n a BIP if there's interest.

James

= [1]: https://github= .com/jamesob/simple-ctv-vault
--000000000000bf1ab505f1d6f320--