From: "Emin Gün Sirer" <el33th4x0r@gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Cc: "Malte Möser" <malte.moeser@uni-muenster.de>,
"Ittay Eyal" <ittay.eyal@cornell.edu>
Subject: [bitcoin-dev] Bitcoin Vaults.
Date: Fri, 26 Feb 2016 11:05:20 -0500 [thread overview]
Message-ID: <CAPkFh0vuLsoNQUEdH-kGqXYvFJt1tXLvt0eMEuFZGm7Pus-_2g@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2655 bytes --]
At the 3rd Bitcoin Workshop being held in conjunction with the Financial
Cryptography Conference in Barbados, my group will be presenting a new idea
for improving Bitcoin wallet security and deterring thefts today.
The write-up is here:
http://hackingdistributed.com/2016/02/26/how-to-implement-secure-bitcoin-vaults/
The paper with the nitty gritty details is here:
http://fc16.ifca.ai/bitcoin/papers/MES16.pdf
The core idea:
Our paper describes a way to create vaults, special accounts whose keys can
be neutralized if they fall into the hands of attackers. Vaults are
Bitcoin’s decentralized version of you calling your bank to report a stolen
credit card -- it renders the attacker’s transactions null and void. And
here’s the interesting part: in so doing, vaults demotivate key theft in
the first place. An attacker who knows that he will not be able to get away
with theft is less likely to attack in the first place, compared to current
Bitcoin attackers who are guaranteed that their hacking efforts will be
handsomely rewarded.
Operationally, the idea is simple. You send your money to a vault address
that you yourself create. Every vault address has a vault key and a
recovery key. When spending money from the vault address with the
corresponding vault key, you must wait for a predefined amount of time
(called the unvaulting period) that you established at the time you created
the vault -- say, 24 hours. When all goes well, your vault funds are
unlocked after the unvaulting period and you can move them to a standard
address and subsequently spend them in the usual way. Now, in case Harry
the Hacker gets a hold of your vault key, you have 24 hours to revert any
transaction issued by Harry, using the recovery key. His theft,
essentially, gets undone, and the funds are diverted unilaterally to their
rightful owner. It’s like an “undo” facility that the modern banking world
relies on, but for Bitcoin.
The technical trick relies on a single new opcode, CheckOutputVerify, that
checks the shape of a redeem transaction. Note that fungibility is not
affected, as the restrictions are at the discretion of the coin owner alone
and can only be placed by the coin owner ahead of time.
We suspect that this modest change could actually be a game-changer for
bitcoin security: clients and keys are notoriously hard to secure, and a
facility that allows you to possibly recover, and if not, permanently keep
the hacker from acquiring your funds, could greatly deter Bitcoin thefts.
As always, comments and suggestions are welcome.
- egs, Ittay Eyal and Malte Moeser.
[-- Attachment #2: Type: text/html, Size: 3049 bytes --]
reply other threads:[~2016-02-26 16:05 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPkFh0vuLsoNQUEdH-kGqXYvFJt1tXLvt0eMEuFZGm7Pus-_2g@mail.gmail.com \
--to=el33th4x0r@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=ittay.eyal@cornell.edu \
--cc=malte.moeser@uni-muenster.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox