Bitcoin Vaults: How to Put an End to Bitcoin Theft


Recall that we introduced the Bitcoin Vault abstraction last week. This new abstraction allows you to move the coins that you do not need immediately into a special kind of account called a vault. If they are stolen from the vault, you get to use a recovery key to get them back from the hacker. If the recovery key is also stolen, then you can convert the funds into mining fees, ensuring that the hacker does not benefit from the theft. Vaults do not affect fungibility or irreversibility of regular Bitcoin transactions; they solely improve your personal protection. (The paper has the details).

We recently answered some questions from the press regarding vaults. The questions were quite interesting and insightful -- so much so that they can be used as an FAQ list. Our response did not go out in time to make it into the article, so here it is, a vault FAQ.

  • What's the impact of vault transactions on fungibility and irreversibility of Bitcoin transactions?

Vaults do not affect fungibility at all, nor do they affect the irreversibility of regular transactions.

Vaults are a personal defense mechanism: you take the coins that you want to protect, the coins that you want to keep in a cold wallet, and put them in a vault address that you create (call it V). In doing so, you give up the ability to spend them quickly in return for theft prevention. When you want to spend the coins, you unvault them from V into your hot wallet (W). This operation takes time to complete -- it takes exactly as long as the unvaulting period you specified when you created your vault. Once the coins have arrived at W, you pay a merchant M from W. Only coins in your possession can be vaulted; coins cannot be vaulted retroactively; and they can only be unvaulted back to your possession. You can't trick someone into accepting a vault payment and then take your coins back! Merchants will readily detect that they are being paid with a vault payment, and will not accept such payments. So a vault user can only take the coins out of the vault into her own hot wallet, and then, after that unvaulting is complete, issue payments from the hot wallet to merchants. Consequently, the irreversibility of regular transactions remains untouched. Overall, the entire design revolves around adding a new feature for improving one's own security, without disturbing any of the rest of Bitcoin's properties.

  • Are you, or your students, working on the code to implement it and offer it to bitcoin through perhaps a pull request? Does the code require fundamental changes or can it easily be implemented?

Yes, we have the full vault functionality implemented. We plan to submit a pull request and a corresponding BIP. The changes required are incredibly modest: just a single new opcode that is easy to implement.

  • What's the difference between using a hardware wallet like a Trezor or a vault?

Vaults are complementary to hardware security mechanisms such as Trezor hardware wallets. Note that it is not good practice to store a key solely in a Trezor, as it may be physically lost or damaged. Vaults are orthogonal to protections against key loss and should always be accompanied by backups/multisig strategies that protect against that. The keys should be replicated, and the replicas need to be protected -- the more replicas there are, the greater the attack surface. If the funds do not need to be spent immediately, such protection is best achieved with a vault.

  • I notice you introduced the matter to the mailing list. What do you think of bitcoin's development process? Is it open/close, welcoming, you think ideas are judged on merit, etc?

We think very highly of the Bitcoin core developers and the Bitcoin development process, which follows open source principles. At the moment, the maximum block size debate seems to have tied up many cycles over a very important, but ultimately short term, battle. We hope the maximum block size debate can get settled quickly so we can all focus on more interesting developments that will go beyond the scalability question, such as how to expand Bitcoin's functionality and fulfill its promise of delivering a new kind of digital money with new capabilities.

  • Any general comments in regards to the specific bitcoin vault proposal and more generally in regards to bitcoin development?

For years now, we have been watching people lose their coins to hackers. And it's just not their fault: our operating systems are nowhere near secure enough for highly valuable assets. Regular people cannot be expected to know and follow the incredibly complicated opsec procedures to maintain a bulletproof device. Worse, there is no help on the horizon. The Microsofts, Apples and Googles of the world are not going to be able to improve the state of client-side operating system security -- they have been trying for years, and what we have today is the best they've got: the computer security problem is just too hard.

Vaults allow Bitcoin users to step around this problem. It's Bitcoin users' way of saying "ok, I realize that a determined hacker can get into my machines, that I might lose my key or I might have a temporary lapse, but I will be able to keep my coins despite occasional failures of this kind."

We believe that this can be game changer for cryptocurrencies and their mainstream adoption.

Share on Google+
Share on Linkedin
Share on Reddit
Share on Tumblr
comments powered by Disqus