[bitcoin-dev] Bitcoin vaults with anti-theft recovery/clawback mechanisms
Bryan Bishop
kanzure at gmail.com
Thu Aug 8 01:16:42 UTC 2019
Replying to two emails below.
On Wed, Aug 7, 2019 at 7:27 PM ZmnSCPxj <ZmnSCPxj at protonmail.com> wrote:
> > - Re-vaulting transaction. This is where the magic happens. The
> re-vaulting
> > transaction is signed during transaction tree setup, before
> constructing the
> > delayed-spend transaction for the parent vault. The re-vaulting
> transaction is
> > broadcasted when someone wants to prevent a coin withdrawal during
> the public
> > observation delay period. The re-vaulting transaction spends the
> delayed-spend
> > transaction outputs. It has a single output with a script created by
> running
> > the entire vault setup function again. Hence, when the re-vaulting
> transaction
> > is confirmed, all of the coins go back into a new
> identically-configured vault
> > instead of being relinquished through the delayed-spend transaction
> timeout for
> > hot wallet key signing.
>
> As transactions need to be signed in reverse order, it seems to me that
> there is a practical limit in the number of times a vault can be used.
> Basically, the number of times we run the vault setup function is the
> limit on number of re-vaultings possible.
>
> Is my understanding correct?
>
Yes, that is correct. When setting up the vault, plan it "all the way to
the end" like next 100+ years. With exponential backoff on the relative
timelock values, the total number of pre-signed transactions isn't really
that high. With a few thousand pre-signed transactions (more than enough),
you can have high resolution timelocks well into the future.
On Wed, Aug 7, 2019 at 4:19 PM Dustin Dettmer <dustinpaystaxes at gmail.com>
wrote:
> Does revaulting vault up with the same keys, or new ones?
> Are they new derivation paths on the same key?
>
Honestly, no idea. The answer to that might depend on each individual vault
user. If the user doesn't want to deal with the expense of managing a bunch
of unique keys and other data, then it might make more sense to use the
same values and have a small blob that has to be stored for a long time,
rather than many different blobs stored in different places to deal with.
- Bryan
http://heybryan.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190807/8b220b88/attachment.html>
More information about the bitcoin-dev
mailing list