Divorce bitcoin exchange rates
23 commentsSlide episode 10 after bitstamp
How do you store your bitcoins? Sure, the coins are registered on the blockchain, but how do you store the private keys that secure your funds? Given that key security is one of the major obstacles to mainstream adoption of cryptocurrencies, and every single coin hacking event is a black eye for the entire cryptocurrency community, a lot rides on the answers to these questions.
And such safeguarding is quite difficult. The conventional method to keep private keys safe is to follow a step operational security guidelines that involve air-gaps, dedicated laptops, and epoxied ports.
The fundamental tradeoff between availability which requires more replicas and security where more replicas mean more risk means that regular users face a difficult decision. At the extremes, one either stores the keys on multiple devices, where they are vulnerable to theft, or keeps a single encrypted copy in air-gapped secure storage, which the user needs to visit, reconnect to the internet ever so briefly, and recite a full-paragraph password to recover the password.
This happens to savvy users, too. A colleague, a CS graduate student who was an early Bitcoin miner, lost around 10, coins. Another friend chose a very very good password. It was so good that he could not recall it after a couple of years, even with the help of hypnosis and brute force attacks on his password-choosing strategy. Overall, our computing infrastructure is nowhere near safe enough for storing high-value assets.
Bitcoin has become a universal bounty, where hackers break into machines and immediately reap financial rewards. What we need is a way to lock up coins in a way that is impervious to hackers and thieves.
Specifically, our paper describes a way to create vaults , special accounts whose keys can be neutralized if they fall into the hands of attackers. An attacker who knows that he will not be able to get away with theft is less likely to attack in the first place, compared to current Bitcoin attackers who are guaranteed that their hacking efforts will be handsomely rewarded.
Operationally, the idea is simple. You send your money to a vault address that you yourself create. Every vault address has a vault key and a recovery key. When spending money from the vault address with the corresponding vault key, you must wait for a predefined amount of time called the unvaulting period that you established at the time you created the vault -- say, 24 hours.
When all goes well, your vault funds are unlocked after the unvaulting period and you can move them to a standard address and subsequently spend them in the usual way. Now, in case Harry the Hacker gets a hold of your vault key, you have 24 hours to revert any transaction issued by Harry, using the recovery key. His theft, essentially, gets undone, and the funds are diverted unilaterally to their rightful owner.
Now, the astute reader will ask what happens when Harry is really really good, and he lies in wait to steal not just your vault key, but also your recovery key. That is, he has thoroughly pwnd you and, as far as the network is concerned, is indistinguishable from you. Vaults protect you even in this case. The recovery keys have a similar lock period, allowing you to perpetually revert every transaction Harry makes.
Unfortunately, at this point, Harry can do the same and revert every transaction you make. To avoid a perpetual standoff, the recovery keys can also burn the funds, so no one gets the money. The upshot is that Harry is not going to be able to collect a dime of proceeds from his theft.
And this, in turn, means that Harry is unlikely to target vaults in the first place, because there is no positive outcome where he gets to keep the proceeds. Implementing the vault mechanism in Bitcoin is far from trivial. One could implement a special purpose facility just for vaults -- with special address types for vault addresses, many new opcodes, and the like -- but we believe that architectural changes should be both minimal and general.
We therefore propose a simple change to Bitcoin, called Bitcoin Covenants. As in legal covenants , a Bitcoin covenant checks a condition on the spending of a transaction. In essence, a covenant is a restriction placed on the shape of a future transaction. Because covenants can be recursive, they can self-perpetuate, or they can be limited in time, allowing one to implement a range of rich semantics.
In fact, we took the name covenants from an old tongue-in-cheek post by Greg Maxwell that suggested an unlikely mechanism and asked for preposterous use cases. It's critical to note that vaults do not affect coin fungibility or the irreversibility of regular transactions in any way. Vaults are a personal defense mechanism: In doing so, you give up the ability to spend them quickly in return for theft prevention.
When you want to spend the coins, you unvault them from V into your hot wallet W , and you pay a merchant M from W. Only coins in your possession can be vaulted, and they can only be unvaulted back to your possession. You can't trick someone into accepting a vault payment and then take the coins back.
The entire design revolves around personal protection for chosen coins in one's possession, without disturbing any of the rest of Bitcoin's properties. Overall, our suggestion is a simple yet powerful addition to the scripting language that is easy to reason about, and opens the door to a variety of constructs.
We hope that vaults will make it easier for people to safely keep their funds online, knowing that they can always undo a theft, and, more importantly, to deter the thefts in the first place. Research Assistant at the University of Muenster, interested in cryptocurrencies. My Research Interests are distributed systems and algorithms, specifically distributed storage algorithms, the distributed aspects of Bitcoin, and reliable aggregation in distributed sensor networks. Hacker and professor at Cornell, with interests that span distributed systems, OSes and networking.
Building Vaults on Bitcoin Covenants. Fungibility is Not Affected It's critical to note that vaults do not affect coin fungibility or the irreversibility of regular transactions in any way. Related The Bitcoin Covenants paper has all the nitty gritty details of the implementation.