MIME-Version: 1.0
From: Bryan Bishop <kanzure@gmail.com>
Date: Mon, 13 Apr 2020 10:50:00 -0500
Message-ID: <CABaSBazO6Pa8NyM5WWKbazJ5Eo=3H2wAc9_2jCDMue4+CmmTTw@mail.gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>,
 Bryan Bishop <kanzure@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000f5f1cc05a32e0f49"
Subject: [bitcoin-dev] On-chain vaults prototype
Precedence: list

--000000000000f5f1cc05a32e0f49
Content-Type: text/plain; charset="UTF-8"

Hi,

High-security protection against theft depends on multisig and timelocks,
but more tools are possible. Last year I discussed one method where
would-be attackers are discouraged by specially designed vault covenants
[1] allowing re-vaulting transactions, where a watchtower can override a
proposed delayed-spend transaction during a public observation delay
period. Splitting coins into multiple timelocked UTXOs can give a user time
to react to theft of a much smaller portion of the total amount.

If better and better cold storage designs can be shared openly, reviewed,
and used easily, this can increase security for all bitcoin users. When the
understanding among the general public includes "bitcoin is extremely
valuable" then it becomes more urgent that the understanding in the general
public also includes "bitcoin cold storage security is impenetrable".

Today I would like to announce the release of an open-source prototype for
on-chain bitcoin vaults using pre-signed transactions and secure key
deletion. I am hoping for feedback and discussion around these concepts. To
be very clear, this is a prototype and not fit for production use.

https://github.com/kanzure/python-vaults

During the delay period, this design allows initiation of a recovery or
clawback which triggers funds being moved to deeper cold storage.

Reviewers: Generally interested in your feedback about the concept. My hope
is that the prototype and its source code helps answer some questions about
how this might work. I would suggest to also pay close attention to the
script templates for both outputs and witnesses.

Also included is an implementation of this same bitcoin vault using bip119
OP_CHECKTEMPLATEVERIFY.

I have also been working with Spencer Hommel, Jacob Swambo, and Bob
McElrath on two related manuscripts, one addressing the topic of bitcoin
covenants and the other addressing the topic of vaults based on pre-signed
transactions. As part of that project, there is a separate vault
implementation that is already available on Fidelity's github account [2].
A more bare bones implementation of python vaults can be found at [3].
Also, Kevin Loaec has an unrelated implementation using pre-signed
transactions.

Thank you,

- Bryan

[1]
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017231.html
[2] https://github.com/fmr-llc/Vault-mbed
[3] https://github.com/JSwambo/bitcoin-vault

--000000000000f5f1cc05a32e0f49
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,<br><br>High-security protection against theft depends =
on multisig and timelocks, but more tools are possible. Last year I discuss=
ed one method where would-be attackers are discouraged by specially designe=
d vault covenants [1] allowing re-vaulting transactions, where a watchtower=
 can override a proposed delayed-spend transaction during a public observat=
ion delay period. Splitting coins into multiple timelocked UTXOs can give a=
 user time to react to theft of a much smaller portion of the total amount.=
<br><br>If better and better cold storage designs can be shared openly, rev=
iewed, and used easily, this can increase security for all bitcoin users. W=
hen the understanding among the general public includes &quot;bitcoin is ex=
tremely valuable&quot; then it becomes more urgent that the understanding i=
n the general public also includes &quot;bitcoin cold storage security is i=
mpenetrable&quot;.<br><br>Today I would like to announce the release of an =
open-source prototype for on-chain bitcoin vaults using pre-signed transact=
ions and secure key deletion. I am hoping for feedback and discussion aroun=
d these concepts. To be very clear, this is a prototype and not fit for pro=
duction use.<br><br><a href=3D"https://github.com/kanzure/python-vaults" ta=
rget=3D"_blank">https://github.com/kanzure/python-vaults</a><br><br>During =
the delay period, this design allows initiation of a recovery or clawback w=
hich triggers funds being moved to deeper cold storage.<br><br>Reviewers: G=
enerally interested in your feedback about the concept. My hope is that the=
 prototype and its source code helps answer some questions about how this m=
ight work. I would suggest to also pay close attention to the script templa=
tes for both outputs and witnesses.<br><br>Also included is an implementati=
on of this same bitcoin vault using bip119 OP_CHECKTEMPLATEVERIFY.<br><br>I=
 have also been working with Spencer Hommel, Jacob Swambo, and Bob McElrath=
 on two related manuscripts, one addressing the topic of bitcoin covenants =
and the other addressing the topic of vaults based on pre-signed transactio=
ns. As part of that project, there is a separate vault implementation that =
is already available on Fidelity&#39;s github account [2]. A more bare bone=
s implementation of python vaults can be found at [3]. Also, Kevin Loaec ha=
s an unrelated implementation using pre-signed transactions.<br><br>Thank y=
ou,<br><br>- Bryan<br><br>[1] <a href=3D"https://lists.linuxfoundation.org/=
pipermail/bitcoin-dev/2019-August/017231.html" target=3D"_blank">https://li=
sts.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017231.html</a><b=
r>[2] <a href=3D"https://github.com/fmr-llc/Vault-mbed" target=3D"_blank">h=
ttps://github.com/fmr-llc/Vault-mbed</a><br>[3] <a href=3D"https://github.c=
om/JSwambo/bitcoin-vault" target=3D"_blank">https://github.com/JSwambo/bitc=
oin-vault</a><br></div>

--000000000000f5f1cc05a32e0f49--