Author: Adam Back 2018-02-28 23:36:05
Published on: 2018-02-28T23:36:05+00:00
In a recent discussion on bitcoin-dev, Kalle proposed the idea of a software-only time-lock vault. Another participant commented that Root compatibility would not be an issue as long as the key is deleted and a delegated signature cannot bypass the CSV timeout restriction. However, marking keys as Rootable vs not in a sighash sense could lead to privacy/fungibility loss and erode the uniformity advantage of Root when the delegate is not used. One potential drawback of this proposal is that deleting keys may prove difficult to assure with HD wallet seeds setup-time backup model.Anthony suggested a simpler though less robust model of having a third party refuse to co-sign until a pre-arranged time which would not require two on-chain transactions. With bulletproofs and CT rangeproofs / general ECDL ZKPS, there is the possibility to prove things about the private key or hidden attributes of a public key in zero-knowledge. There is a need to place private key covenants where one must prove that they are met without disclosing them. For example, there is a hidden CSV and it is met OR there is no hidden CSV so it is not applicable.To solve the issue raised by Kalle regarding graftroot breaking the time-lock function, Anthony suggested making the graftroot key a 2-of-2 muSig with an independent third party that commits to only signing CLTV scripts. He also proposes that making it 3-of-3 or 5-of-5 could be even better if multiple independent services can be found to do it.
Updated on: 2023-06-13T00:52:18.283741+00:00