Author: Nadav Ivgi 2022-04-28 23:14:03
Published on: 2022-04-28T23:14:03+00:00
The discussion revolves around the use of wallet vaults as a means of securing keys for Bitcoin transactions. The purpose of a vault is to keep primary wallet keys in deep cold storage, with geographically distributed shares and a cumbersome process for collecting them. This is made possible because these keys are not supposed to be used frequently, except for extraordinary circumstances such as theft. Users can then use a warmer model for the keys they use more frequently. These keys can also be cold and/or multi-sig, yet more accessible. For example, a 2-of-2 with standard hardware wallets that can be reached within one's apartment. If a user has a cold wallet that needs to be accessed every 2-3 months, using a scheme to secure the covenant-encumbered keys may improve overall security. The primary keys can be secured using a colder and more secure scheme under the assumption that they will only have to be accessed at most once every several years. The discussion also touches on the viability of using a CTV vault where the hot key signer is a multisig to get both advantages. However, some argue that you do not get the advantages of both; rather, you get none of the advantages and still have all the downsides associated with a multisig wallet. The COV proposal in MES allows you to check that the output's scriptPubKey matches the corresponding script item from the stack, but the script item's value additionally allows some wildcard values. In particular, it makes use of the otherwise reserved opcodes OP_PUBKEY and OP_PUBKEYHASH as wildcards representing any 32-byte or 20-byte push value. These wildcards would be third-party malleable if COV were used by itself, but signing the transaction with the hot wallet key removes the malleability.
Updated on: 2023-06-15T19:38:24.521958+00:00