public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: "Swambo, Jacob" <jacob.swambo@kcl.ac.uk>
To: "bitcoin-dev@lists.linuxfoundation.org"
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: [bitcoin-dev] Distributed Delegated Pre-Signed Transactions (DDPST)
Date: Mon, 22 Jun 2020 15:07:41 +0000	[thread overview]
Message-ID: <AM6PR03MB542597B9DFD8060860BE35F1CC970@AM6PR03MB5425.eurprd03.prod.outlook.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 3902 bytes --]

I am building a solution for distributed, delegated pre-signed transactions (DDPST). This post introduces what DDPST are and why I think they are relevant for multiple applications. If you are working on application that can benefit from such a construction and want me to use your application in the proof of concept code, please reach out. All feedback is welcome on the concept in general.

Pre-signed transactions (PSTs) are utilized in numerous off-chain protocols including Lightning Network, non-custodial trading, Statechains, and custody protocols. PSTs are useful because they enable restricted access to funds and their custody can be *delegated* with limited risk. Compare this with the arbitrary control over funds that comes with access to the private keys. It is conceivable then that a broad class of applications would benefit from a mechanism to securely delegate PSTs. A mechanism to *distribute* custody of PSTs across multiple entities can act as a practical countermeasure for numerous attacks (e.g. denial-of-service, bribery, blackmail, etc.). Moreover, systems of accountability among the custodians, with proofs of correct and incorrect behaviour, form a foundation for engineering incentive structures that align with the objectives of the application at hand. Finally, distributed custody of PSTs could enable new trust models for the privacy of delegated PSTs using multi-party computation.

# Examples

Consider first the example of vault-custody protocols [1], where there is a requirement for a distributed network monitoring and response system to detect breeches and trigger a recovery process. It is critical to protect against denial-of-service (DoS) attacks that seek to compromise a monitoring node in order to force the custody operation into a recovery process. In this attack the adversary broadcasts the recovery transaction and reduces the accessibility of the wallet owner's funds. A method for distributing custody of the recovery transaction offers defence-in-depth, and a method for delegating custody enables outsourcing the monitor and response service (see Watchtower implementations currently under development [2,3]). A further improvement for the protection of PSTs, that comes from distributing custody, is that *proactive* security models can be instanciated such that successful attacks must occur in a limited time-frame [4].

Consider next the example of justice transactions in the current Lightning Network model. Here, it is critical that justice transactions are broadcast in a timely manner in response to detecting that either party is attempting to close the channel with a prior state. Attacks rely on disrupting the broadcast of the justice transaction through, for example, bribing the watchtower to wait. The watchtower can broadcast late and claim that it was an honest failure due to network issues. The victim has no recourse to punish the watchtower nor the malicious channel participant. If instead the justice transaction was distributed among a set of independent watchtowers, and an accountability system was in-place for their actions, a more robust incentive structure could be engineered. Moreover, distributing custody of the justice transaction can provide a new privacy mechanism for both operational security of a business but also to mitigate targeted attacks such as bribery.

Best regards,
Jacob

# References

[1] Jacob Swambo, Spencer Hommel, Bob McElrath, and Bryan Bishop. Custody Protocols Using Bitcoin Vaults. 2020. https://arxiv.org/abs/2005.11776

[2] The eye of satoshi - lightning watchtower. https://github.com/talaia-labs/python-teos

[3] Private altruist watchtowers. https://github.com/lightningnetwork/lnd/blob/master/docs/watchtower.md

[4] Ran Canetti, Rosario Gennaro, and Amir Herzberg. Proactive security: Long-term protection against break-ins. CryptoBytes, 3:1–8, 1997.

[-- Attachment #2: Type: text/html, Size: 5649 bytes --]

                 reply	other threads:[~2020-06-22 20:41 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=AM6PR03MB542597B9DFD8060860BE35F1CC970@AM6PR03MB5425.eurprd03.prod.outlook.com \
    --to=jacob.swambo@kcl.ac.uk \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox