Traditional banks as bitcoin custodians: Security challenges and implications

Giacomo Zucco

video: https://www.youtube.com/watch?v=eCE2OzKIab8&t=4h8m

https://twitter.com/kanzure/status/1005545022559866880

Our next speaker is Giacomo Zucco. Yeah, have fun.


As you can hear, there are a lot of italians here. Okay. So, good afternoon everyone. I am Giacomo Zucco.

I am a theoretical physicist. I worked at Accenture as a technology consultant and now I work at BHB Network which is a bridge between free open-source development and research on the bitcoin protocol, and the world of the incumbents. These guys have the money, the other guys have the knowledge, and we try to do arbitrage between these two worlds, completely win-win. That's what we do.

Today I am going to talk about the security challenges and implications of this relationship between bitcoin technical knowledge and financial income, which is the relationship between traditional banks and the activity of being a bitcoin custodian.

You know about these memes about-- a t-shirt, from cryptograffiti, that says "bitcoin because fuck banks". This is some shared rhetoric. We believe that bitcoin will be a funny problem for central banks including China, eventually. And there could be some kind of problem for commercial banks in the long run. But what is not maybe apparent for everyone is that in the short run they could be interested or have positive direction between traditional banks and bitcoin activity.

To try to explain this, I will rule out immediately the idea that I'm going to be talking about blockchain-based tools for traditional assets (double facepalm). I was searching for a facepalm emoji but I decided to use the double facepalm Star Trek meme. There could be something interesting there, maybe banks can use blockchain tools, maybe in the future. But in the short-run, what's really interesting and underestimated is the other way around-- the use of traditional established banking tools in order to manage and to serve blockchain-based assets. When I say blockchain-based assets, I just mean bitcoin of course. But it's a sexy way to say it. There could be something there, but we're focused, maybe on the latter, yeah. We're focusing here for this talk.

What is a bitcoin user? I will try to make the point htat there are at least two kinds of bitcoin users. One kind of bitcoin user is the direct bitcoin user. He's basically looking for financial sovereignity and censorship resistant and permissionless finance from the black markets to the international ecommerce to machine-to-machine payments.. all the markets that are too new to comply with regulation, or too global to be fully compliant with all the regulations, or that they don't want to be compliant with regulations. That's a perfect application. This drives a demand for bitcoin because people do need permissionless finance and they do need bitcoin and nothing else. Since they do need bitcoin and we have a scarce supply of bitcoin, the price of bitcoin rises. But there is another category of user.

These other users are what I call type 2 bitcoin users-- bitcoin investors. They live in a country which so far does not have inflation problems or capital seizure problems, or maybe they can pay for their daily coffee with a credit card. They have many ways to store money. The ywant to invest in an asset because they are speculating that it will go up, or even just because it's not correlated. So even if the price is not always going up, the non-correlation with traditional asset classes is very interesting for investors. This kind of bitcoin user is interesting and beneficial to the bitcoin ecosystem because they put money into the bitcoin ecosystem, and we own bitcoin, and that's good.

The first type of user needs a lot of stuff-- like a safe way to store their private keys. If the private key is not guarded well, then anyone can steal it and have high plausible deniability. If they are more careful than the Empty Gox money launderer then they might not even be caught. If they store the private key too safely, then the money wont be available at all. They need to use open-source heavily reviewed software. If you don't know twhat the software is doing, you're screwed. These users need some basic understanding of the technology otherwise they will mess up with security, coin selection or other issues. There are a lot of issues for direct bitcoin users. There will be a long road for mass adoption of these tools. Users are going to have to learn.

For the investor type, what they need in order to invest in bitcoin is their goold old usual established boring financial intermediary. They want to take the fun and manage this existing asset class, call a bank and ask please invest in bitcoin it's non-correlated and going to the moon.

In order to serve these kinds of investor users, if you don't want to call them bitcoin users, then just call them bitcoin investors. If you are going to serve them, then there are two possible approaches. You could have a bitcoin startup- here the rocket of the startup, and you have a lot of assets and pro's, like some technical knowledge, you have some knowledge of the market, OTC sellers, you love risk and tkaing risk, but maybe you don't have a strong marketing instrument like traditional financial incumbents, you don't have the trust of the traditional investor, and you're naive about this specific domain. I pretend to know what a bank account is, but I have no idea. There was nothing about that on bitcointalk so I didn't learn. There's a lot of regulatory risk that they are not prepared to assess or understand. They don't have the insurance policy or complex security protocols.

On the ohter hand, traditional banks- these guys have some problems like they don't know the market, but they can learn pretty quickly. They don't know the tech and they will be slow to learn it. They are more risk adverse, they don't like legal risk. They are not sure they want-- everyone wants to be second in this business, nobody wants to be first. There's a lot of deep thought about whether to do this or not. But the thing is that this is a race. They both want to target these users. Some kind of bitcoin startups are trying to become more and more similar to banks, and some kinds of banks are trying to get a little bit more free and to address this type of bitcoin investor.

We think- as you can see by the count of pro's and con's-- our vision is that the bitcoin startups, at least in some parts of the world, probably have the stronger hand in this race because they have more assets than these other guys, and the types that they are missing they can probably correct their absence easily. Actually, this is happening now. This is not a theoretical speech. We have contracts with 4 banks in Lugavo, 2 banks in Geneva, 2 banks in Zurich, 1 bank in Norway, 1 bank in Italy, and some banks in Australia. This might represent some geograpihc bias but there's a systemic reason for this. There was a bank in Norway, integrating with Coinbase. There is a bank in Italy we just signed a few days ago. And there are some banks in Australia doing something like this but it's a little bit more complex and I'm not going to talk about htat.

What are the security implications? The security implication of this scenario are not actually really bad at all. For this kind of investor user, we're not facing the option between trust forming... or just having them not accessing their investment.. They will invest in bitcoin and have the choice between doing that using untrusted unskilled counterparties, and skilled trusted counterparties. There are many different implications nad models.

The first model that I try to sum up in this presentation is that exchange-based model, like the Norwegian bank. You have the users buying bitcoin through a bakn, through different banks, and all the banks are integrating with a bitcoin exchange, buying bitcoin on the exchange, storing bitcoin on the exchange, and in the previous presentation showed that this doesn't end well due to MtGox concerns. Usually you have this bank at the center-- the central counterparty. We have many banks, many little banks, that are trying to address this business case, and you have very few regulated exchanges that can interact with this. There are 3 strictly regulated exchanges that can operate in Europe so far. Using an integration like this is actually concentrating the risk of the industry, it adds more irsk into a situation which is already very risky, which is a full-custodian exchange which might have fractional reserve. This model is being pursued in some cases. But I'm arguing it's not super optimal.

The other model is a vault-based model where instead of using an exchange as a vault, a bank will use different exchanges to trade and buy and sell, and then rely on a bitcoin startup which only does vault and storing. Something like, I don't want to tell names... this is the bitcoin-based startup, they own the keys, their job is to hold the keys, but they are not regulated, they are not insuring it, they have a lot of challenges that their counterparty will not have.

The third model is the provider-based model. In this model, the banks are keeping their keys in their business and their IT infrastructure but they are using single security infrastructure from a bitcoin security startup, maybe something Bitgo style, which provides all the security infrastructure. I am arguing that this is not the best model.

The best model is a knowledge-based model in at least in the medium-run, the banks and the IT departments of the banks will be able to manage the infrastructure themselves with the keys and everything, only loosely interacting with bitcoin startups for the best selection of best practices and standards and glacier protocol, ledger vault, there's lots of good example sof practices and standards. They should probably just learn the best standards and interact with many different bitcoin startups to build in their next years their own bitcoin infrastructure instead of relying on a single bitcoin central counterparty.

This is the general philosophical take on what is happening. I am not sure if everything I'm saying is true. We'll discover what's good and bad over time. We want to decentralize the risk and the attack surface. The first model concentrates the risk over a single point of failure.

Right now we are providing a simple model. It's a manual procedure using Bitcoin Core nodes. There are 7 consumer-grade hardware wallets, with 3 different producers. There's 1 "eternal backup". There's a multisig scheme using 5-of-7 or checklocktimeverify of 1 year. And there's manual accounting. These banks are waiting to see how this market is going, so they just want to see, in order for us to provide them a security procedure, some knowledge or workshop where we explain the best open-source software, what's the best consumer-grade hardware they could use like the ledger hardware wallets or some bitcoin core instances with multisig and checklocktimeverify. We're providing something safe enough in our opinion and we're trying to ask other people in helping us with this kind of assessment. If this stuff goes well, we'll probably be able to in a few months see the development of enterprise-grade software and enterprise-grade hardware for those wallets with advanced functions like time-control over withdrawals or stuff like that. These scenarios could also have a semi-custodian scenario which is a hybrid between the two bitcoin users. Myabe you're a bitcoin user that wants to control the key, but you want a counterparty to provide the second signature, or you want a backup signature so that your bank will sign for you, or there is still something like this even if it is not retrievable at first.

What are the security challenges? The security challenges are mainly three in our opinion. The first one is trivial but important- it's a tradeoff between usability and security. This is a hard problem. Bank IT departments from banks especially Swiss banks and Italian banks- is not exactly cutting-edge tech. In general, IT sector doesn't like to learn new stuff, they don't like to learn new technological stuff and they don't like to learn new technological security-related stuff, and bitcoin-stuff especially. It's very hard to do that. The problem is that the more secure the procedure is, the more difficult, at the basic level, it would be to implement. The more you do the procedure, the more simple it is, you ask the user to trust you, and you become a single point of failure. If you just say on the right side, of the tradeoff, we don't care about usbaility then the bank will have to suffer no pain no gain and please become a bitcoin expert. The problem is that if you ask this from them then what you will get is the opposite effect, they will ignore your procedure, they will start to bypass your procedures, and they will behave in the most insecure ways. On the other hand, if you go too easy, you're basically skipping important security requirements. This is a difficult problem to solve. I don't think we've seen yet an optimal balance between these two approaches. Usually in hte bitcoin world, the good guys are here, and they are discovering the best security procedures, and they don't really care about usability. From a marketing perspective, those guys don't have any clue about this. So there's a very immature tradeoff here.

The second security challenge is more subtle. It's counterparty risk vs market risk. In my speech, I'm assuming basically that if the Swiss banks for example is able to store the physical gold of a client in their vault then they may as well be able to store the physical bitcoin in their cold wallet. From a legal point of view, it should be the same. It should be similar from a regulatory point of view. From a security point of view it should be similar. They are already putting in effort to defending the depoistory. So there is a tradition there about physical security. But it's not really like that, because bitcoin is adding up a lot of counterparty risk as any bearer instrument would do, especially since it's easy to steal. There's also market risk. Assume a gold vault, you have a lot of counterparty risk because you can have the pirates or the thiefs coming in to steal your gold, and you have plausible deniability about that, you can't undo a physical gold transaction, you can have an assault to the car transporting the gold.. but you don't have a lot of market risk with physical gold storage. Physical gold has, compared to bitcoin, a very easy to manage market price volatility. In the long run, gold will go down and up, there will be asteroid mining and bitcoin competition, but it's been around for thousands of years, and the long run movement is going to be pretty smooth we can imagine that. In the short run, volatility, it's almost never a problem for Swiss banks for guarding physical gold. When you move the gold from one counterparty to another, you have to manage the financial budget of that. The price of gold wont change drastically while you move it from one counterparty to another, not at the same pace as bitcoin at least. With bitcoin, it's going to be better in the long run, but you have a lot of volatility you have to manage, and you have hard-forks and splits. Imagine you have some Chinese gold mining equipment oligopolist, and he wants to create a magic enhachment that will split all the gold coins, every gold atom, into a gold atom and a scamgold atom. This is probably not going to happen, I'm a physicist not an alchemist. It's probably unlikely. We don't have this huge market risk to find our physical gold splitting into one gold atom and one scamgold atom. This can be a problem. The worst case scenario is that you have a symmetric split where you have 2 gold atoms and now for each one you have 2 scamgold atoms, and you don't know which one is the real one, and it's different, and that's a mess. But you can have asymmetric splits, where you have the original gold atom and the scamgold... you have to manage your relationship with the investor or the real owner, and assuming you need a new kind of security vault to manage the new gold, are you forced to build a new vault to comply with custome rrequests? It's a mess. This is assuming an honest split. What about a dishonest split? What about a gold jewelry venture cpaital guy wants to create a new thing, and it's going to be called gold or something... and now if this happens, and now you have this communication problem about what "gold" means.. you have a problems with attacks on fungibility. Physical gold is pretty fungible, if you melt it. But with bitcoin, we're working on that. There could be blacklist attacks or other things like that. Banks, are already able to manage this kind of risk. Very illiquid derivative instruments. They usually manage this kind of risk because a financial derivative is not easy for an employee to steal and hide it, or for a pirate to break into a bank and steal all the derivatives, because they are stored at another counterparty. You can re verse the transaction and track it.

The final challenge is, who is the expert? If we want to teach the incumbents on how to do stuff in a good way, we have to tell them to ask the experts. Ask Ledger, ask Blockstream. But who is the expert? It's circular. They are the expert because I tell the bank they are. But I'm the expert because they tell the bank that I am. It's a web-of-trust game which is very difficult to bootstrap. Eventually there will be external validation, trial and error. But right now, banks will just believe anyone who says they are an expert on bitcoin.