From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sat, 14 Jun 2025 18:35:45 -0700 Received: from mail-oa1-f64.google.com ([209.85.160.64]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1uQcHg-0004CQ-PR for bitcoindev@gnusha.org; Sat, 14 Jun 2025 18:35:45 -0700 Received: by mail-oa1-f64.google.com with SMTP id 586e51a60fabf-2e9b1f85b2bsf2496158fac.0 for ; Sat, 14 Jun 2025 18:35:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1749951339; cv=pass; d=google.com; s=arc-20240605; b=GgHZQPT49+9bCcOws3Q1gPWzYwlDd+KMP04YVV92W+hw17w3H79Q34b5S/rbT5udqi JRUAhptrdoRFURKVugq/b5ekEuOt5jtlEl3lMLuxf0ZqxVjJiWvQ2ucyTN9c99pfpfN/ LbqoRv+2ZOR55c/o2OLTFhKIzf/n+2E/7eprHm5RvhuYh/XHXBb+y2zY8qYRokxYZENM AbPV5nGOLXxuGP7tb7luHnhir2JjYcZPoW0ot7UnylkJ4I5P5Zo1kfQqpdhsZ4MarYAh EZttUin4OOF8soYjlOu76d6ItqvpI+DY4Xbs1BuFhUJJaKSkEuWrgTG9bUu6kTNE4Ses zU7w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=aiHlSbfXDv3XLJHUALo32tU0X98x0AdZpEvAgCFBvS8=; fh=CYvGWH220E1oAkoCVG536Tb4J2OJWaNGXzGC3qSsAt0=; b=ehYI+C17PViIixGb7h4OwtWm0D5CkbeG0q+SmKv5hkm5zzoY65SGPZ4X7g9Fo9I6R/ suSYKrW8cq9SQbk4HJTpMxJxOaUop2Z3JHioVh5Kc7Bs2svmHUZfvZav5UTRLbw+ZR0k 1W/1RRfGwkVYnctM709qmr90wzvGc/Ig6FQBXJyUmM1BBBoaXmDOihCVIjmd4Lei0/ll lsw+KLygnzMp2RQ93LSWPtA2IhHGLGrHNRk/LkD7DutNkmSGU7xW2XUJ7MqVLcc8D47o 6ohh/PJWqBEiKD9kcBAa/gBTf7yLLeKXLGak9kPZ4tVsW7canoXSEe5s5UqpRWun6ECE C9Ew==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="lam/Dxpd"; spf=pass (google.com: domain of gmaxwell@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) smtp.mailfrom=gmaxwell@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1749951339; x=1750556139; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=aiHlSbfXDv3XLJHUALo32tU0X98x0AdZpEvAgCFBvS8=; b=L1XsX+HJ2OkUc0zb4apTzCR2dAZ1IVjTsS/j295CaikGCVYuLSPJui+zcGTd59ykv9 DtQ3xC5MziEVO98StbO2cL1gtHIjKpYLSaTN+z7lZzJJOmKI58NdQg6WmN7SIUCL2ucz SLGQI9fzfqEIlyIjv8leDnXL/LQnGgzrRs9M8w+lgdGLK2/wH2LK76BAiyXXiL6rQPBb 1OaI3TVnX+C30z8XNCgLN9He1vRlqcKHnC1dZerY8rCbshuowH4kBy2RkTDLadzpIXDi ojanIEd0MN9aqI/UYkZRKP3ujqzvdx6ZYAluDQp0flPpExjdfFIfmY8P2iV2abQMOpi4 2luA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1749951339; x=1750556139; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=aiHlSbfXDv3XLJHUALo32tU0X98x0AdZpEvAgCFBvS8=; b=MkRL5MZcp+7O6tC05hHCzOQSeQ/noBWwMQ0AEtoD2PVD0H1ph2tDQKiYuuaJTBE3+E jQvRvxc36qCCvkOeQ24RLtqgiCmaCajqSbqUiPStFCN1RcOLiC+HeIH7tWpuBTGTPrAp MJlBwl64elwGAIiaI7d1Ec8Mt+7Wr4KpG6eP0XA/rmAsMERFiYAiNf+TSqeIIsLPOA7z BpuqIMJtMWkjNABocC0PtR8mmcKWR100JTEd1UyN1eIxj/3Ber54EyO4OQ3a70aabhOv sPKhT5dAXWwDeJP5t2uMBuCaJ9SEeKaUEGZSxAu1NYLDU5DA1hIAPJ+nATX5t1yRBn4Z VZQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749951339; x=1750556139; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=aiHlSbfXDv3XLJHUALo32tU0X98x0AdZpEvAgCFBvS8=; b=ONv1RBNeaLz+mBsqYBcFarPTTFraXn67Z1poTXkGIVtOQoEIxbvfew7K9EDJcKDxse 5D8EIncgAn1PIYR1j0iG4KOgNi1nOUQowwLMfOG9nBkNBRKFf5VzYhyQkNR5ytZfB+xq HoaLLAhUizu3CYd00Mtsg7P8F8Y1OGr2+79zNUxd6AF9d/8nSizA0UpaAplq1Nvqvd0i FSAFjRQffidJXBmG+6JYY1B0Aec9Dth+Bt9V/PX7KvxBqR3XrWbH+4wXyxM/hqHJMlbm 5zYP1aVPVF7yVPqnlK3iDh+mxg65KRTfQCBNViVNqcBnDnZeLcmBI21kqoOyqVNPwKPx ObpA== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCWZ6XxWGzhFz3HXWBP7b6pWomHnMOSvi/ipHGwAA7khyZBrQyF6l4Agq3vX4hIKvaUiL2ZlHepPEOvv@gnusha.org X-Gm-Message-State: AOJu0Yyr4iDGPv8nx7lxubS7LR7LEUzWbkNzcY+iquWPKdMp7E7sPLlr 3I9m3gZdAeRfaJ/HWdqeaqdGGNViyy36bLMt3TB46sZMbm3ojJKnf9Gf X-Google-Smtp-Source: AGHT+IGkEpIotGPZRMCn7UXC+4UDEoe90Q1XDvaP9x5AZ3Yr1CxRUFrsvMPI42lAQQxw+D11rBNgyA== X-Received: by 2002:a05:6870:8196:b0:2b8:3c87:b491 with SMTP id 586e51a60fabf-2eaf08bcc6dmr3002269fac.26.1749951338560; Sat, 14 Jun 2025 18:35:38 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZch9bA2hbSpThmMLznB2y+23NB3z1j70Wbf9jK6c0bjdg== Received: by 2002:a05:6871:c683:b0:2da:fbc:5e7 with SMTP id 586e51a60fabf-2eab6b62848ls1161219fac.0.-pod-prod-07-us; Sat, 14 Jun 2025 18:35:33 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVo/Gxba80cBDT6KCrIC+Vin/F7VXuXU6y/X5Qhdb7zLE0BBhB0BCuWRtVXSrHneM3P17s4QeV/KGyX@googlegroups.com X-Received: by 2002:a05:6808:23c2:b0:408:fbed:c39f with SMTP id 5614622812f47-40a7c17a027mr3418584b6e.26.1749951333855; Sat, 14 Jun 2025 18:35:33 -0700 (PDT) Received: by 2002:a05:6808:505e:b0:3fa:da36:efcd with SMTP id 5614622812f47-40a719c5e4bmsb6e; Sat, 14 Jun 2025 17:01:47 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXAQHkDppL/+lUxDk+uMj5qUqjSgeTKvQGgNj3IIJhNGgqwaaWRasDTI0ODnHQSm0OQzS4Y7HrDNDCr@googlegroups.com X-Received: by 2002:a17:90a:c107:b0:311:fc8b:31b5 with SMTP id 98e67ed59e1d1-313f1ca1398mr7999614a91.14.1749945706403; Sat, 14 Jun 2025 17:01:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1749945706; cv=none; d=google.com; s=arc-20240605; b=Y8t3/wtDygCIufFnc2BFMaQLg/NZajpvTI1iHqEXhpLhsyiP1sHcigHyb4b4jNQtAx RME4b3scJHltG51+8fucpRXRNk+uNXhFRLZdixs4UZv5Fz6vwZ/WxcZf8tsWa3QFshmt ubqoDzKKTWIKAuahHLIOgVfPn/OKeidPVGJtSwfGlCWAitB4F6q1IdwuEd3nX41N/0Nl k0NqacNir+8gMK1T1umKkrh4UxLWqxJCeAiPVIBLMqiWBjAQufHcQQ3VSWB4qFtNUU7V 7tdLCgB/npdOQ15PA6N/IuDe8mkOUOwF1TDXF8JWXUqDTnSp73u9ORshLaiEfYytFPNR f1aQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=6UdAZ/Y8WicOw7ZzGBFZfP8nGRBapRMa3jaGvCYgR64=; fh=ip2rQc3aJB6j+9kRU1Ku1yIxzc+KnTi8hUTrWLyjU+0=; b=A4DbKdhxN75kynVjNoAuiw0zTdRQA6naVMhFINqJwZiKkYaTR457KnvyzjnYw4FpW2 47wmMnowmg6UYW1sVEZ9evQa2hxS1PQ3UisY83biIN5K59ti+/ioTsy/5vukMcy9QTtI s6ZmJZM8i4n2+jleMd4hRb+e5bx8BERiH1hD7Yqg95aeBnaGhC+gcJmE0jvel8RHrWsb BP83SkXcX5tYOZfVaE0yDXM0/4kuGgQd1KrtI3/ypp7MZAkmb78o1Ytv/3n1lIpFKrlJ kxDGrW+yHc0X9Y2eT1RFaC4BEvTFwq090AVdziiXr9OKC++eSAdY97RJ5a3Ln8VU1a62 s5qw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="lam/Dxpd"; spf=pass (google.com: domain of gmaxwell@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) smtp.mailfrom=gmaxwell@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com. [2607:f8b0:4864:20::1033]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-313a687539esi323622a91.1.2025.06.14.17.01.46 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 14 Jun 2025 17:01:46 -0700 (PDT) Received-SPF: pass (google.com: domain of gmaxwell@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) client-ip=2607:f8b0:4864:20::1033; Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-313910f392dso3057013a91.2 for ; Sat, 14 Jun 2025 17:01:46 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCWYWVtUNtdzR2v4JznH24FnJAEMRTOf2V98/23XssKNeYW82u5dslh0BgyTgF4X/xuz2dmTSET2Y/vR@googlegroups.com X-Gm-Gg: ASbGncsjh6QVTAw+L2QFlIWLDDHDRd8Od38yXJmxUFPwCGOso3ywSFWtrERv/siUW57 XDixS3/VMQ7eTfQc/XGRzAfBwK9YrkReNaoHzVhgvQcqAer/AMdCRJnWPvmA12pij9QepEYw1f+ qxKna6YJ4TFqIKbd0vsStnuxsXugN8dxZkt0lOIf7SzMY= X-Received: by 2002:a17:90b:3903:b0:312:1c83:58e9 with SMTP id 98e67ed59e1d1-313f1c6f6a0mr6094907a91.5.1749945705856; Sat, 14 Jun 2025 17:01:45 -0700 (PDT) MIME-Version: 1.0 References: <46349b6c-ccec-4378-8721-aecec22752e7@mattcorallo.com> <8d158e3d-b3cc-44b6-b71b-ab2e733c047c@mattcorallo.com> In-Reply-To: From: Greg Maxwell Date: Sun, 15 Jun 2025 00:01:34 +0000 X-Gm-Features: AX0GCFtswJO2SZ-c5-49aWb36cBEyFKcDaiYbm5zm8KkbE1SOXnoyiLQpXZabqA Message-ID: Subject: Re: [bitcoindev] CTV + CSFS: a letter To: Sanket Kanjalkar Cc: Jameson Lopp , Antoine Poinsot , Matt Corallo , Andrew Poelstra , Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="0000000000002c8423063790fcdb" X-Original-Sender: gmaxwell@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="lam/Dxpd"; spf=pass (google.com: domain of gmaxwell@gmail.com designates 2607:f8b0:4864:20::1033 as permitted sender) smtp.mailfrom=gmaxwell@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --0000000000002c8423063790fcdb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Jun 14, 2025 at 11:50=E2=80=AFPM Sanket Kanjalkar wrote: > Do you mean arbitrary output address that is unknown at commitment time? > Otherwise, I think the current CTV vault does allow abort/allowing from > "stage area" to "hot area" or abort to "rescue area". While general purpo= se > recursive vaults will allow funds back into same "cold area", I think it = is > possible to also move funds back into same back under the same cold keys > with a bounded recursion CTV provides. > Moving funds back to the initial key that the attacker already has demonstrated the ability to release from doesn't seem useful to me. -- though that is a thing the presigned example I gave doesn't do. > Finally, on the usefulness of vaults; based on my own observation of all > the hacks (bitcoin and wider crypto), in most cases it is not the key tha= t > is stolen but rather the authorization process or UI/UX hacks or somethin= g > else up the signing stack is compromised. Having reactive security to > "undo" feels valuable in this scenario. > Is there an example of a hack that has been defeated by one? It would be interesting to see the exact workflow. If the scheme is just released into a 'hot area' and the hot area keys have the power to send the coins anywhere, presumably the attacker will attack the hot area keys and wait for funds to be moved there and instantly sweep once they're there. If the hot area keys are presumed secure, then they can be multisig on the release from 'cold'. --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CAAS2fgTj3o%3DBSUQhCJT4pk_YpSkfT6%2Bw%3DYmss3CntHst3y_DpQ%40mail.gmail.com. --0000000000002c8423063790fcdb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sat, Jun 14, 2025 at 11:50=E2=80=AFPM = Sanket Kanjalkar <sanket1729@gma= il.com> wrote:
Do you mean arbitrary output address that is u= nknown at commitment time? Otherwise, I think the current CTV vault does al= low abort/allowing from "stage area" to "hot area" or a= bort to "rescue area". While general purpose recursive vaults wil= l allow funds back into same "cold area", I think it is possible = to also move funds back into same back under the same cold keys with a boun= ded recursion CTV provides.

Moving funds back to the initial key that the attacker already has d= emonstrated the ability to release from doesn't seem useful to me.=C2= =A0 -- though that is a thing=C2=A0the presigned example I gave doesn't= do.

=

Finally, on the useful= ness of vaults; based on my own observation of all the hacks (bitcoin and w= ider crypto), in most cases it is not the key that is stolen but rather the= authorization process or UI/UX hacks or something else up the signing stac= k is compromised. Having reactive security to "undo" feels valuab= le in this scenario.=C2=A0

Is there an example of a hack that has been defeated by one?=C2=A0 It wou= ld be interesting to see the exact workflow.

If th= e scheme is just released into a 'hot area' and the hot area keys h= ave the power to send the coins anywhere, presumably the attacker will atta= ck the hot area keys and wait for funds to be moved there and instantly=C2= =A0sweep once they're there.=C2=A0 If the hot area keys are presumed se= cure, then they can be multisig on the release from 'cold'.







--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.co= m/d/msgid/bitcoindev/CAAS2fgTj3o%3DBSUQhCJT4pk_YpSkfT6%2Bw%3DYmss3CntHst3y_= DpQ%40mail.gmail.com.
--0000000000002c8423063790fcdb--