1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
Return-Path: <kanzure@gmail.com>
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 21AE6C0172
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 13 Apr 2020 15:51:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by silver.osuosl.org (Postfix) with ESMTP id F3B9F203A0
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 13 Apr 2020 15:51:57 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id bG5+fPsiKbKS
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 13 Apr 2020 15:51:56 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com
[209.85.217.53])
by silver.osuosl.org (Postfix) with ESMTPS id BEB8D20006
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 13 Apr 2020 15:51:56 +0000 (UTC)
Received: by mail-vs1-f53.google.com with SMTP id j65so5660610vsd.12
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 13 Apr 2020 08:51:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=V00y60E9FTDtGwCXTyA3qmt8wGmuoQaCeglZOp29zY0=;
b=fe7Me+Ar48IGQGdDCzraLGu46x33YcIwkpC+THZ0eNwv4j3FxjBxrOEWT+Ke/yCvgf
bV879tgQEmrOgcQvrTgTfImLQZVpr9iRc8usIL2gtVTdUelhK6WZGu5wHoNlCslHGugw
e6hyNgMW5KXIpGCJSCcYsjDN7LM0iU02Mv/ICbILIuhd57gtOzThMqQ2aadkDNUCYSyO
KAd86Obo4PY3IiA4tAx+z3iMxAUm/AcCUWSDn6XbR6tJGZHAmmFX4Y4kbBHPGUSBDdC/
mL89k3gY/IQ0ACxowRbo6x78K6Td36SXTxfA7KeAl1ecM+Nxsjdjk2FeOpinZItUg6a3
28Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=V00y60E9FTDtGwCXTyA3qmt8wGmuoQaCeglZOp29zY0=;
b=BgOncVh8rLVF8PsNHmzT8MqH2uZp4RSTQxsnZDDiEmgU+s7MYPGwL5ZpCTr//B0dtS
NRlzfUP4y7nySTIfdSeUZcfHy5oJU7ITU8ar6c40//KGJ9DEZ/QK4yy7JkgWEmyYVAqI
YU9pSt5M9qIwKDYwD6R57y4eaLRsWqFA8mY0yiifNVj6Y0hd34D6ApA4jqqifPsphaVC
3SoH9asVRYLzdkBvEl7wJXl+MzfpjNAFTVnRixku+vz6dHkdavMEQDKmmP8gKsMyaOUo
O1MTMx3LQrzL9445brQXxdbkF2IyB+Ty5L8dmhXw1X4B52db4f3Gq9HzDVA9fG0ejj5E
9WrQ==
X-Gm-Message-State: AGi0PubZB5z7v3i4AnOSQumTRNhbWi0O+Rz+tVYsbg5/DCwfyNPNEs+e
PqIBwTzjYBpe2i0gEGcSAuqLvK8gGrTl/CPFqbC1KBMp
X-Google-Smtp-Source: APiQypIWiVrYtIXGPEppAxhNJzQ1PN9Xe6JNSyBlP7vbCy0cN97xzb4EevFutt4jYBvvQC8ERXXnKTW65C55p8FEolY=
X-Received: by 2002:a67:2dc5:: with SMTP id t188mr12215279vst.3.1586793115151;
Mon, 13 Apr 2020 08:51:55 -0700 (PDT)
MIME-Version: 1.0
From: Bryan Bishop <kanzure@gmail.com>
Date: Mon, 13 Apr 2020 10:50:00 -0500
Message-ID: <CABaSBazO6Pa8NyM5WWKbazJ5Eo=3H2wAc9_2jCDMue4+CmmTTw@mail.gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>,
Bryan Bishop <kanzure@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000f5f1cc05a32e0f49"
Subject: [bitcoin-dev] On-chain vaults prototype
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Apr 2020 15:51:58 -0000
--000000000000f5f1cc05a32e0f49
Content-Type: text/plain; charset="UTF-8"
Hi,
High-security protection against theft depends on multisig and timelocks,
but more tools are possible. Last year I discussed one method where
would-be attackers are discouraged by specially designed vault covenants
[1] allowing re-vaulting transactions, where a watchtower can override a
proposed delayed-spend transaction during a public observation delay
period. Splitting coins into multiple timelocked UTXOs can give a user time
to react to theft of a much smaller portion of the total amount.
If better and better cold storage designs can be shared openly, reviewed,
and used easily, this can increase security for all bitcoin users. When the
understanding among the general public includes "bitcoin is extremely
valuable" then it becomes more urgent that the understanding in the general
public also includes "bitcoin cold storage security is impenetrable".
Today I would like to announce the release of an open-source prototype for
on-chain bitcoin vaults using pre-signed transactions and secure key
deletion. I am hoping for feedback and discussion around these concepts. To
be very clear, this is a prototype and not fit for production use.
https://github.com/kanzure/python-vaults
During the delay period, this design allows initiation of a recovery or
clawback which triggers funds being moved to deeper cold storage.
Reviewers: Generally interested in your feedback about the concept. My hope
is that the prototype and its source code helps answer some questions about
how this might work. I would suggest to also pay close attention to the
script templates for both outputs and witnesses.
Also included is an implementation of this same bitcoin vault using bip119
OP_CHECKTEMPLATEVERIFY.
I have also been working with Spencer Hommel, Jacob Swambo, and Bob
McElrath on two related manuscripts, one addressing the topic of bitcoin
covenants and the other addressing the topic of vaults based on pre-signed
transactions. As part of that project, there is a separate vault
implementation that is already available on Fidelity's github account [2].
A more bare bones implementation of python vaults can be found at [3].
Also, Kevin Loaec has an unrelated implementation using pre-signed
transactions.
Thank you,
- Bryan
[1]
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017231.html
[2] https://github.com/fmr-llc/Vault-mbed
[3] https://github.com/JSwambo/bitcoin-vault
--000000000000f5f1cc05a32e0f49
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi,<br><br>High-security protection against theft depends =
on multisig and timelocks, but more tools are possible. Last year I discuss=
ed one method where would-be attackers are discouraged by specially designe=
d vault covenants [1] allowing re-vaulting transactions, where a watchtower=
can override a proposed delayed-spend transaction during a public observat=
ion delay period. Splitting coins into multiple timelocked UTXOs can give a=
user time to react to theft of a much smaller portion of the total amount.=
<br><br>If better and better cold storage designs can be shared openly, rev=
iewed, and used easily, this can increase security for all bitcoin users. W=
hen the understanding among the general public includes "bitcoin is ex=
tremely valuable" then it becomes more urgent that the understanding i=
n the general public also includes "bitcoin cold storage security is i=
mpenetrable".<br><br>Today I would like to announce the release of an =
open-source prototype for on-chain bitcoin vaults using pre-signed transact=
ions and secure key deletion. I am hoping for feedback and discussion aroun=
d these concepts. To be very clear, this is a prototype and not fit for pro=
duction use.<br><br><a href=3D"https://github.com/kanzure/python-vaults" ta=
rget=3D"_blank">https://github.com/kanzure/python-vaults</a><br><br>During =
the delay period, this design allows initiation of a recovery or clawback w=
hich triggers funds being moved to deeper cold storage.<br><br>Reviewers: G=
enerally interested in your feedback about the concept. My hope is that the=
prototype and its source code helps answer some questions about how this m=
ight work. I would suggest to also pay close attention to the script templa=
tes for both outputs and witnesses.<br><br>Also included is an implementati=
on of this same bitcoin vault using bip119 OP_CHECKTEMPLATEVERIFY.<br><br>I=
have also been working with Spencer Hommel, Jacob Swambo, and Bob McElrath=
on two related manuscripts, one addressing the topic of bitcoin covenants =
and the other addressing the topic of vaults based on pre-signed transactio=
ns. As part of that project, there is a separate vault implementation that =
is already available on Fidelity's github account [2]. A more bare bone=
s implementation of python vaults can be found at [3]. Also, Kevin Loaec ha=
s an unrelated implementation using pre-signed transactions.<br><br>Thank y=
ou,<br><br>- Bryan<br><br>[1] <a href=3D"https://lists.linuxfoundation.org/=
pipermail/bitcoin-dev/2019-August/017231.html" target=3D"_blank">https://li=
sts.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017231.html</a><b=
r>[2] <a href=3D"https://github.com/fmr-llc/Vault-mbed" target=3D"_blank">h=
ttps://github.com/fmr-llc/Vault-mbed</a><br>[3] <a href=3D"https://github.c=
om/JSwambo/bitcoin-vault" target=3D"_blank">https://github.com/JSwambo/bitc=
oin-vault</a><br></div>
--000000000000f5f1cc05a32e0f49--
|
