Topic: Bitcoin Vault proposed by Emin Gun Sirer (Read 697 times)

reversing a tx is about BEFORE its confirmed into a block. no one should treat unconfirmed transactions as immutable.

i dont see a reasonable security need to give the masterkey to a third party as that kind of defeats the purpose of the feature
EG master key defends against strangers moving funds. so hand the masterkey to a stranger(third party).. it makes no sense from a security point of view at all.
afterall... it (sarcasm) worked so well for bitfinex and the so called third party vaults of bitGo.!..right?

though i can see the feature having utility as an independent tool for people to have their own masterkey.. to control funds if their hotkey got found out by hackers.
but then we start to see it being used by chargeback scammers as another way to double spend. and merchants yet again have to rely on confirmations to treat a deposit as settled.
things like RBF, CPFP and this feature have literally replaced the malleability issue which everyone previously hated because of its utility to cause chargeback scams(double spends) of unconfirmed transactions.

we are no further forward in devs promises of making unconfirmed transactions more trustable. we are actually taking steps backwards..
(though personally you should never trust a transaction until its confirmed anyway("if its not on the blockchain. its not a bitcoin"))

i am against anything that is starting to sound even a little bit centralized and this "vault" idea is one of those in my opinion and also is open to exploitation.
escrows and other things similar are good for bitcoin usage and it should be used only through the options bitcoin itself provides like a multisig address (2 out of 3).

and talking about option to reverse a transaction, lol, what is that, did he read bitcoin paper before saying this term?

As my Bitcoins get larger and larger in value the more I want more control on them. Why would I trust all my Bitcoin savings on a 3rd party service which the usual goal is to gain some relevance? For an investment of a couple hundred of $ all my Bitcoins are all safe in a hardware wallet that I hold and control.

i will prefer like to go on the disagreement side.i do not think bitcoin needs more security than this sorry no offence but if you need more security then make it for yourself there are many hardware wallets avalible by a vault is more like a bussiness. securing the security which is not quite necessary till you protect you private keys well

Blockstream published a post on there website regarding the vault:

https://blockstream.com/2016/11/02/covenants-in-elements-alpha.html

Here is it explained

Funds locked by a Moeser-Eyal-Sirer vault are accessible by one of two keys: a hot key, intended to reside on-line, and a cold key that is intended to be kept safely off-line and only used for recovery purposes. Under normal circumstances, the hot key is used to create a transaction that spends coins from the vault, but whether the hot key or the cold key is used, funds spent from the vault must first pass through a time lock that holds the funds for some fixed period of time, for example, 24 hours. The idea being that if a malicious party gets hold of the hot key, they must publicly broadcast this time-locked transaction on the blockchain before they can take ownership of the funds. This gives the vault owner 24-hours to detect that their funds are being moved by a malicious party and recover those funds. This is where the cold key come in.

During the 24-hour time lock period, the script allows the funds to be redirected to another address using the cold key. However, even when the cold key is used to redirect the funds, that transaction must pass through another 24 hour time lock. The cold key can be used to redirect the funds again during this second time lock, and so on. The idea here is that even if the malicious party gets hold of the cold key, they still cannot get access to the funds. The owner and the malicious party can continue to use the cold key to redirect the time locked funds back and forth between addresses. As long as they both remain active the funds will remain caught in this vault loop indefinitely.

A Moeser-Eyal-Sirer vault is composed of two scripts. The first script is the main vault script that locks the funds with the hot and cold keys. The second script contains the 24-hour time lock which allows the cold key to be used to redirect the funds. Because this second script can redirect the funds back to the same 24-hour time locked script, we call this the script the vault loop script.

if used by people to have the second key offline(still in sole control). thus only risking 1 key online.. then great. they have an override if they spot a hacker using first key, without needing the silly game of RBF&CPFP bidding war using just fee's as the decider.

but i agree. if then entrusting a third party with the keys.. then its no better than just having a traditional priv&pub key and just deposit funds into the third parties control
good feature for sole control.
but not good as a selling point for a business

I am not in favour of any reliance on third party services to access your bitcoins. This is the model that are being used by services like

banks and PayPal. The old motto that you should be in control of your own private keys, without the need for any third party services to

make transactions, will be the best option for most. A good Podcast {30 min} but a bad idea in my opinion. 

ok.. the bait (idea)

this is how i feel it is proposed.

the LBT podcast is talking more about making unconfirmed tx's reversible(while they sit in mempool)
think of it as a third option to what RBF and CPFP does. lets call it 2PO1P (2parents override 1 parent)
(all involve playing with what is in mempool before confirmation.. to decide what belongs on a block)

2PO1P is a way to not need RBF: which if a hacker sent a tx. RBF allows the original owner to send a tx with the same key but with higher fee to change the destination while unconfirmed. and the cheapest fee tx gets dropped out of mempool.
2PO1P is a way to not need CPFP: which if a hacker sent a tx. the original owner had to send 2tx's one with a change the destination. second using the destination with large fee to enforce the funds get to the change of destination by prespending the destination aswell.

flaws:
the problems with RBF CPFP is that the hacker has the privkey. he can counteract the counteract by doing his own RBF CPFP with an even higher fee again to change the destination back to his while there conflicting in the mempool.

it becomes a cat and mouse game of who can send tx's faster than the other with the highest fees .. which is just ending up as a fastest finger first game
same game theory as upping your bid at the last few seconds of a paypal auction hoping to be the highest bidder

now lets explain 2PO1P(2Parent Overrules 1Parent)
before utilizing 2PO1P you need to set it up
you make a transaction to yourself that has a X block locktime using a multisig address that is Nof2 keys, both owned by you.
when its added on the blockchain..the funds are obviously locked in for X blocks..

ok now that it is set up.. lets explain
the rule(smart contract) is that you can broadcast a transaction using just 1of2 keys.
but a 2of2tx overrules 1of2tx, causing the 1of2 to get dropped out of the mempool.

by locking funds in for X blocks to allow time/delay for the owner to see a possible 1of2 tx to still have time to send out a 2of2 to overrule tx
and this works by not having the second key in the same hackable location as the first. thus a hacker cannot do a 2of2 to start a cat and mouse game


ok.. the switch (idea)
at the 20th minute of the podcast they start talking about "businesses" having control of the 2nd key. lol (facepalm)

People should actually read what this is about before saying stupid shit.

It seems only OP and I have read what 'Bitcoin vaults' is about, everyone else just shitposting in this thread.

However this idea may get rejected by majority of community members as this involve reversible transaction and all love bitcoin because bitcoin is untraceble as well as non-reversible.

Yeah, only "vault" u need is cold storage. In Bitcoin you are your own bank, no need for 3rd party here.

This is an amazing idea, it would make exchange thefts useless, no more hacks life Bitfinex would happen.

And also very useful for holders, it would prevent the majority of thefts.

Hope to see this implemented as soon as possible.

All the honest Bitcoiners hate PayPal's way to reverse transactions. And now somebody proposes that directly in Bitcoin? Why?! No.
For merchant solutions there are the multisig wallets, they can be used nicely and safely. You need at least 3 keys: seller's, buyer's and one for the person that could do arbitrage if needed.

For safekeeping your money, I don't see why you need more than one key. If you want to do keep them safe, print some paper wallets and you are done (edit: and companies/exchanges SHOULD use cold storage as much as possible). Or you can use multisig, but you would just make your life more complicate...

This is very interesting but I dont agree with reversing a transaction. My always question is the scurity of the coins. I'm not negative about this but I'm open for a little more dicussion to improve this.

There have been attempts at Bitcoin banks/vaults before and they all got hacked. BitGo's isn't a Bitcoin bank, but its multisig technology was mean't to provide 100% security for Bitfinex's funds. Although I have not yet read an explanation of how it was done Bitfinex's coins were stolen despite BitGo's technology.

I wouldn't trust a Bitcoin vault's technology to secure my funds any more than I would trust BitGo's technology.

I will not support this idea as reversing bitcoin transaction is completely not what bitcoin is popular for that is irreversible and fast transaction where when transaction get few network confirmation merchant can be sure that they will not get any refund claim later on. This idea may come useful for cold wallet of big trading platform or holders but lots of testing may require to make this proposal working and also to get trust from the users that it will work as proposed.

My understanding is that you cant pay a merchant with such a vault address otherwise you could always reverse a transaction after you have paid a coffee. You need to unlock the vault, wait a specific time which you have determined (e.g. 24 hours) and then you can pay someone.

I'm unable to play the sound in the link you gave me but unless users will have full control over their private keys , I don't support the idea, reversing transactions is also another thing that shouldn't be in BTC.

Guys, have you heard about the Bitcoin Vaults proposed by Gun? For me it sounds like a very elegant solution and I think it would very enhance the Bitcoin network. We need a better security!!

Who wants to dive in to this proposal I would recommend to listen to this podcast:

https://letstalkbitcoin.com/blog/post/lets-talk-bitcoin-306-bitcoin-vaults-and-selective-reversibility-as-a-virtue

My question now:

1: He is talking about two keys. The first key to unlock the vault and the second key to reverse a transaction in case your first key has been compromised. However, he is also talking about to "burn" the coins in case your first and e coins? Is there a third key?

2: Do you see any negative regarding the Bitcoin Vaults?

Thanks for your opinion!