Author: Bryan Bishop 2019-08-07 13:48:06
Published on: 2019-08-07T13:48:06+00:00
The article proposes a method for implementing bitcoin vaults without the need for soft-forks or software upgrades. This method, called pre-signed vaults, binds both the user and attacker to using a public observation and delay period before a weakly-secured hot key is allowed to arbitrarily spend coins. The delete-the-key pre-signed transaction concept is critical, where only a single transaction is (pre)signed before deleting the key. Vaults are particularly useful as a bitcoin cold storage security mechanism because they enable a publicly observable delay period during which a user could be alerted by a watchtower that a thief might be in the process of stealing their coins. The delayed-spending transaction would have a single output with a script and different keys, enabling various choices for recovering/clawing back coins from the delayed-spend transaction. The security of this scheme is enforced by pre-signing transactions and deleting private keys, or with the help of SIGHASH_NOINPUT, where private keys are provably never known. Definitions for transactions and components like hot wallet key, re-vaulting key, 4-of-7 multisig, nuclear abort key, etc., are provided.The article also discusses the use of pre-signed transactions as a way to emulate covenants in Bitcoin. A covenant is a condition between parties that must be fulfilled for a transaction to occur. This can be achieved using a series of pre-signed transactions with relative locktimes before the next transaction can be broadcasted. The article explains how fees for pre-signed transactions can be managed and how the delete-the-key trick can lock in a course of action. However, this trick does not work for multisig scenarios because nobody would trust that anyone else in the scheme has actually deleted the secret. Another technique to participate in a multisig scheme with provably-unknown ECDSA keys is also discussed. The article proposes a construction that allows scripts exceeding size limits to be deployed and explains how recursively-enforced multi-party multisig bitcoin vaults can be used to enforce a covenant.The article suggests using a script template that can be populated with different parameters instead of self-referential values to avoid dependency loops for improving financial privacy and security using vault constructions. The final transaction is created first, which is then used as input to the script template function, and so on. The article also proposes an early nuclear abort option and multisig variations to enhance security. Key rotation and single-use seals are suggested for better financial privacy. The article discusses handling change and emphasizes that it is important to fund the vault only once and with the configured amount when setting up the vault. The author acknowledges several people for their contribution to the proposal, including Jeremy Rubin, Bob McElrath, Andrew Poelstra, Joe Rayhawk, and Tadge Dryja. Finally, the article provides references to other related works and acknowledges the sources of inspiration for the proposal.
Updated on: 2023-05-20T20:53:27.680208+00:00