Re: [bitcoin-dev] Bitcoin vaults with anti-theft recovery/clawback mechanisms

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Bryan Bishop <kanzure@gmail•com>
To: ZmnSCPxj <ZmnSCPxj@protonmail•com>,
	Dustin Dettmer <dustinpaystaxes@gmail•com>,
	 Bryan Bishop <kanzure@gmail•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Bitcoin vaults with anti-theft recovery/clawback mechanisms
Date: Wed, 7 Aug 2019 20:16:42 -0500	[thread overview]
Message-ID: <CABaSBay8hBkStv5rLPhHMmwnGjMhEjwdR_LeovQ8GMqRg0vxMA@mail.gmail.com> (raw)
In-Reply-To: <japBRkZAIadJ9g0xOFbixrzJv4hk67ONKrjO6QuWARaeMtdIhNb7rDT_8NroxDCIVKFTjcAqukSt4sApPsJ0U9ori3bkCKmEW_jJMcXWMqc=@protonmail.com>

[-- Attachment #1: Type: text/plain, Size: 2181 bytes --]

Replying to two emails below.

On Wed, Aug 7, 2019 at 7:27 PM ZmnSCPxj <ZmnSCPxj@protonmail•com> wrote:

> > -   Re-vaulting transaction. This is where the magic happens. The
> re-vaulting
> >     transaction is signed during transaction tree setup, before
> constructing the
> >     delayed-spend transaction for the parent vault. The re-vaulting
> transaction is
> >     broadcasted when someone wants to prevent a coin withdrawal during
> the public
> >     observation delay period. The re-vaulting transaction spends the
> delayed-spend
> >     transaction outputs. It has a single output with a script created by
> running
> >     the entire vault setup function again. Hence, when the re-vaulting
> transaction
> >     is confirmed, all of the coins go back into a new
> identically-configured vault
> >     instead of being relinquished through the delayed-spend transaction
> timeout for
> >     hot wallet key signing.
>
> As transactions need to be signed in reverse order, it seems to me that
> there is a practical limit in the number of times a vault can be used.
> Basically, the number of times we run the vault setup function is the
> limit on number of re-vaultings possible.
>
> Is my understanding correct?
>

Yes, that is correct. When setting up the vault, plan it "all the way to
the end" like next 100+ years. With exponential backoff on the relative
timelock values, the total number of pre-signed transactions isn't really
that high. With a few thousand pre-signed transactions (more than enough),
you can have high resolution timelocks well into the future.

On Wed, Aug 7, 2019 at 4:19 PM Dustin Dettmer <dustinpaystaxes@gmail•com>
wrote:

> Does revaulting vault up with the same keys, or new ones?
> Are they new derivation paths on the same key?
>

Honestly, no idea. The answer to that might depend on each individual vault
user. If the user doesn't want to deal with the expense of managing a bunch
of unique keys and other data, then it might make more sense to use the
same values and have a small blob that has to be stored for a long time,
rather than many different blobs stored in different places to deal with.

- Bryan
http://heybryan.org/

[-- Attachment #2: Type: text/html, Size: 2978 bytes --]

next prev parent reply	other threads:[~2019-08-08  1:18 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-07 13:48 Bryan Bishop
2019-08-07 20:32 ` Bryan Bishop
2019-08-07 21:19   ` Dustin Dettmer
2019-08-08  2:09     ` Sergio Demian Lerner
2019-08-08  3:03       ` ZmnSCPxj
2019-08-08  0:27 ` ZmnSCPxj
2019-08-08  1:16   ` Bryan Bishop [this message]
2019-08-12 14:40 ` [bitcoin-dev] Single-use-Seal Implementation Peter Todd
2019-08-12 15:01 ` [bitcoin-dev] Bitcoin vaults with anti-theft recovery/clawback mechanisms Peter Todd
2019-08-13  2:09   ` Bryan Bishop
2019-08-13 14:15     ` Peter Todd
2019-08-13  2:44 ` Praveen Baratam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CABaSBay8hBkStv5rLPhHMmwnGjMhEjwdR_LeovQ8GMqRg0vxMA@mail.gmail.com \
    --to=kanzure@gmail$(echo .)com \
    --cc=ZmnSCPxj@protonmail$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=dustinpaystaxes@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox