From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 51407C016F for ; Mon, 22 Jun 2020 20:41:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 393E1874C3 for ; Mon, 22 Jun 2020 20:41:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RPpieMiLAY65 for ; Mon, 22 Jun 2020 20:41:43 +0000 (UTC) X-Greylist: delayed 03:59:50 by SQLgrey-1.7.6 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2102.outbound.protection.outlook.com [40.107.22.102]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 4843D874B0 for ; Mon, 22 Jun 2020 20:41:43 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kOUdQMl2rN9jcbTutylQOBPYchnLzBYzG3BRfSS6Rf8qlynw3vq7dG0hczZ8M/nbzbNlKadFh/5d/4l5qm1hePaiU5Gu6KzQPJtCwdnmIcsg5PYx9+6TCp9svjzu4SbmQz2I5TybyhMnD5vYljPUkYMoRa1OT0bk97k8rTo/kDsJclUHEalq1CGy2Vle+x1MPr0flF9YSCRJ+JPd8EjuslxAoE90xQdhkAXUfSXjPoYCpjuJnGDuYskLcurfvHOLkQMCFtUETHSndAZEUqOutIqzHEzByib5+Pog5fqJ9teVZiIL1vGYcZ+h0H26dDBKNNc25ALuP4siXwF7pYJogg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vtWdrW8J4i4dukCd/eMOSon9khYFtlctXSDa3MzPZwk=; b=bpIhpl9vI/pY474wAL8DSlxTB05brDZdvuGbKADNnWpSYrk+cVZ96Mlumk046VGALzRTK7nOLAVAJMzggeo124eYN4j0h9+yaZPEr3+Q6sK9/jO55BOJyUgjcN/nIg4KMTwSN09P7HVpp81mTIgOey/WZkkY7BzL9GUClwnwJlXFXI5k3RkDhJxvEAbzVkLClddp6/EY0l30SP0a8rckd+5D1VF+9acEhkIsUoCTj4lbeBV0qg/TVSrU6kAPukUJaQviPDbg7FqDKAVyL8kdw3CBU0nPxFmY2bHXEbor7WWtdx8SDN0AzTQW2DVWEUlhoEaKarS5RunD2bno2b9CZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kcl.ac.uk; dmarc=pass action=none header.from=kcl.ac.uk; dkim=pass header.d=kcl.ac.uk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kcl.ac.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vtWdrW8J4i4dukCd/eMOSon9khYFtlctXSDa3MzPZwk=; b=IatwBb2/Ha9Dhig6NkxY/zroXNbn7YUYkkfr1XnvhMnrSbRz04LIUjHRzrIDTLwINfJoz7Essqr7ZDRF51+bfUhuDuIBSo2X4hvEDffskBUPiR0JpTS21JiLLO+jRsbyfziReHqiC37dt8zKOOhBkYb8G5YG7aK//emywLy3NlQ= Received: from AM6PR03MB5425.eurprd03.prod.outlook.com (2603:10a6:20b:c6::15) by AM6PR03MB4230.eurprd03.prod.outlook.com (2603:10a6:20b:1::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.23; Mon, 22 Jun 2020 15:07:41 +0000 Received: from AM6PR03MB5425.eurprd03.prod.outlook.com ([fe80::2935:6505:a466:d26d]) by AM6PR03MB5425.eurprd03.prod.outlook.com ([fe80::2935:6505:a466:d26d%7]) with mapi id 15.20.3109.027; Mon, 22 Jun 2020 15:07:41 +0000 From: "Swambo, Jacob" To: "bitcoin-dev@lists.linuxfoundation.org" Thread-Topic: Distributed Delegated Pre-Signed Transactions (DDPST) Thread-Index: AQHWSKX/nV9c147V3U+Bwnh3Jd2aug== Date: Mon, 22 Jun 2020 15:07:41 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: lists.linuxfoundation.org; dkim=none (message not signed) header.d=none;lists.linuxfoundation.org; dmarc=none action=none header.from=kcl.ac.uk; x-originating-ip: [176.26.238.178] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a7294ae7-f75b-48d3-555e-08d816be02ac x-ms-traffictypediagnostic: AM6PR03MB4230: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0442E569BC x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: K+ZqdqCJjSj5PB+iOmY9G4xwWB5QaHsoT51JnHau97WAI1UxM1Bbl8vE4vi9prbgf5UJ7a37tKkoRrroyrM6tp10YCC9GyIFIQ8xBOUDSmukb1bKw3iKsqeczfpSg/wrYhmtiwInmxp50C9Ou+7pfKcEneVYGw30mhxmSx0znoF7ox3cfNC6YMux4udhmOWrgkCyBDcSWnCnveijvMGp5e2we4IfFbNux74yUf0qi3YlzNXGYavoqfEz3rGVuV3kry24vUzDgmtm+mOK2TduX0DVkpKUH+8IfjlcyqQq8/nJO6rZXFtT8WKEEb5i176zCvXmf+4tBq7bfW2bb5FwuSOt/lDz5Cn67qkbUjPnNbOPWUH+buyu8f1JKmGurerG2hBhADGoFwL0OE5vL/Ffew== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR03MB5425.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(346002)(396003)(39860400002)(376002)(366004)(6916009)(52536014)(33656002)(9686003)(55016002)(76116006)(66476007)(83380400001)(66946007)(91956017)(66556008)(64756008)(66446008)(86362001)(5660300002)(7696005)(6506007)(66574015)(786003)(966005)(2906002)(186003)(316002)(26005)(478600001)(8676002)(71200400001)(8936002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: jSLejdED01CqF74f0lj2uRzr8gSaJPn/TXOBwVpxlCZO7RnUlXCr8GMVGpVeBpVx75ANM593rDZEdfVfQWszGxFmAdidFp8MUPd372xtufjxkAKxGA3BsiHjfWvUn4ZPUkjRaC9LQyfkYpvYW86jYE4N38ZQbCO6ZVChgMKftzAlRTS44V0XKpLpsx2TDFgD8FKRhFq1UhSJTTXrOMKzOnpmC5JAWHQ4HXd0fsd/k0nwyBy8G6aEGtv8+arMOMdNAyniQo8QF40SjomZ6A7wFvdmwGjhmtD5TmcJ5bf+rKia7r/lZZmi6fLm1QJDUIBLblt3X4OkU3pr0zLbrK8xPOrC8RqgWp+qrpTW2ib4OCaB2vV2qxx+Y1itfdDcVCIgdUV5a7g1Ih5HhZHv0j3hBr0JUpCMsHtXOeGULCNQG1/Eo1BuqGcEsZ2moG/oocwpxHkVkY1LA2SFZayC76oveOYdtBFmHEu9q2sRHotfpI8oEyJS8qSkOXLWaJn/tv4h x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_AM6PR03MB542597B9DFD8060860BE35F1CC970AM6PR03MB5425eurp_" MIME-Version: 1.0 X-OriginatorOrg: kcl.ac.uk X-MS-Exchange-CrossTenant-Network-Message-Id: a7294ae7-f75b-48d3-555e-08d816be02ac X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2020 15:07:41.6991 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8370cf14-16f3-4c16-b83c-724071654356 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: d8lQ3mivqQ9w5x6Lqm6oq1MzdnOTptClUSJUpnQuY8zNOP2iwRJFh/0yWJaHDmw+kXwTMnu3cFMRlqDOiiArJw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR03MB4230 X-Mailman-Approved-At: Mon, 22 Jun 2020 20:47:43 +0000 Subject: [bitcoin-dev] Distributed Delegated Pre-Signed Transactions (DDPST) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2020 20:41:46 -0000 --_000_AM6PR03MB542597B9DFD8060860BE35F1CC970AM6PR03MB5425eurp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable I am building a solution for distributed, delegated pre-signed transactions= (DDPST). This post introduces what DDPST are and why I think they are rele= vant for multiple applications. If you are working on application that can = benefit from such a construction and want me to use your application in the= proof of concept code, please reach out. All feedback is welcome on the co= ncept in general. Pre-signed transactions (PSTs) are utilized in numerous off-chain protocols= including Lightning Network, non-custodial trading, Statechains, and custo= dy protocols. PSTs are useful because they enable restricted access to fund= s and their custody can be *delegated* with limited risk. Compare this with= the arbitrary control over funds that comes with access to the private key= s. It is conceivable then that a broad class of applications would benefit = from a mechanism to securely delegate PSTs. A mechanism to *distribute* cus= tody of PSTs across multiple entities can act as a practical countermeasure= for numerous attacks (e.g. denial-of-service, bribery, blackmail, etc.). M= oreover, systems of accountability among the custodians, with proofs of cor= rect and incorrect behaviour, form a foundation for engineering incentive s= tructures that align with the objectives of the application at hand. Finall= y, distributed custody of PSTs could enable new trust models for the privac= y of delegated PSTs using multi-party computation. # Examples Consider first the example of vault-custody protocols [1], where there is a= requirement for a distributed network monitoring and response system to de= tect breeches and trigger a recovery process. It is critical to protect aga= inst denial-of-service (DoS) attacks that seek to compromise a monitoring n= ode in order to force the custody operation into a recovery process. In thi= s attack the adversary broadcasts the recovery transaction and reduces the = accessibility of the wallet owner's funds. A method for distributing custod= y of the recovery transaction offers defence-in-depth, and a method for del= egating custody enables outsourcing the monitor and response service (see W= atchtower implementations currently under development [2,3]). A further imp= rovement for the protection of PSTs, that comes from distributing custody, = is that *proactive* security models can be instanciated such that successfu= l attacks must occur in a limited time-frame [4]. Consider next the example of justice transactions in the current Lightning = Network model. Here, it is critical that justice transactions are broadcast= in a timely manner in response to detecting that either party is attemptin= g to close the channel with a prior state. Attacks rely on disrupting the b= roadcast of the justice transaction through, for example, bribing the watch= tower to wait. The watchtower can broadcast late and claim that it was an h= onest failure due to network issues. The victim has no recourse to punish t= he watchtower nor the malicious channel participant. If instead the justice= transaction was distributed among a set of independent watchtowers, and an= accountability system was in-place for their actions, a more robust incent= ive structure could be engineered. Moreover, distributing custody of the ju= stice transaction can provide a new privacy mechanism for both operational = security of a business but also to mitigate targeted attacks such as briber= y. Best regards, Jacob # References [1] Jacob Swambo, Spencer Hommel, Bob McElrath, and Bryan Bishop. Custody P= rotocols Using Bitcoin Vaults. 2020. https://arxiv.org/abs/2005.11776 [2] The eye of satoshi - lightning watchtower. https://github.com/talaia-la= bs/python-teos [3] Private altruist watchtowers. https://github.com/lightningnetwork/lnd/b= lob/master/docs/watchtower.md [4] Ran Canetti, Rosario Gennaro, and Amir Herzberg. Proactive security: Lo= ng-term protection against break-ins. CryptoBytes, 3:1=968, 1997. --_000_AM6PR03MB542597B9DFD8060860BE35F1CC970AM6PR03MB5425eurp_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

I am building a solution for distributed, delegated = pre-signed transactions (DDPST). This post introduces what DDPST are and wh= y I think they are relevant for multiple applications. If you are working o= n application that can benefit from such a construction and want me to use your application in the proof of co= ncept code, please reach out. All feedback is welcome on the concept in gen= eral.

 

Pre-signed transactions (PSTs) are utilized in numer= ous off-chain protocols including Lightning Network, non-custodial trading,= Statechains, and custody protocols. PSTs are useful because they enable re= stricted access to funds and their custody can be *delegated* with limited risk. Compare this with the arbitr= ary control over funds that comes with access to the private keys. It is co= nceivable then that a broad class of applications would benefit from a mech= anism to securely delegate PSTs. A mechanism to *distribute* custody of PSTs across multiple entities can a= ct as a practical countermeasure for numerous attacks (e.g. denial-of-servi= ce, bribery, blackmail, etc.). Moreover, systems of accountability among th= e custodians, with proofs of correct and incorrect behaviour, form a foundation for engineering incentive struc= tures that align with the objectives of the application at hand. Finally, d= istributed custody of PSTs could enable new trust models for the privacy of= delegated PSTs using multi-party computation. 

 

# Examples

 

Consider first the example of vault-custody protocol= s [1], where there is a requirement for a distributed network monitoring an= d response system to detect breeches and trigger a recovery process. It is = critical to protect against denial-of-service (DoS) attacks that seek to compromise a monitoring node in order to force = the custody operation into a recovery process. In this attack the adversary= broadcasts the recovery transaction and reduces the accessibility of the w= allet owner's funds. A method for distributing custody of the recovery transaction offers defence-in-depth, = and a method for delegating custody enables outsourcing the monitor and res= ponse service (see Watchtower implementations currently under development [= 2,3]). A further improvement for the protection of PSTs, that comes from distributing custody, is that *pro= active* security models can be instanciated such that successful attacks mu= st occur in a limited time-frame [4].

 

Consider next the example of justice transactions in= the current Lightning Network model. Here, it is critical that justice tra= nsactions are broadcast in a timely manner in response to detecting that ei= ther party is attempting to close the channel with a prior state. Attacks rely on disrupting the broadcast o= f the justice transaction through, for example, bribing the watchtower to w= ait. The watchtower can broadcast late and claim that it was an honest fail= ure due to network issues. The victim has no recourse to punish the watchtower nor the malicious channel partici= pant. If instead the justice transaction was distributed among a set of ind= ependent watchtowers, and an accountability system was in-place for their a= ctions, a more robust incentive structure could be engineered. Moreover, distributing custody of the justi= ce transaction can provide a new privacy mechanism for both operational sec= urity of a business but also to mitigate targeted attacks such as bribery.&= nbsp;

 

Best regards,

Jacob

 

# References

 

[1] Jacob Swambo, Spencer Hommel, Bob McElrath, and = Bryan Bishop. Custody Protocols Using Bitcoin Vaults. 2020. https://arxiv.o= rg/abs/2005.11776

 

[2] The eye of satoshi - lightning watchtower. https= ://github.com/talaia-labs/python-teos

 

[3] Private altruist watchtowers. https://github.com= /lightningnetwork/lnd/blob/master/docs/watchtower.md

 

[4] Ran Canetti, Rosario Gennaro, and Amir Herzberg.= Proactive security: Long-term protection against break-ins. CryptoBytes, 3= :1=968, 1997.

--_000_AM6PR03MB542597B9DFD8060860BE35F1CC970AM6PR03MB5425eurp_--