Topic: in case of death; mandatory bitcoin deathswitch Dead man's switch (Read 448 times)

My wife shares the knowledge of where things are stored and the backup plates are stored separately in the event of my demise, that's prudent planning. But I am not trusting a third-party app with my keys.


The comment about abandoned accounts of over 40 years was interesting, that's something that should be discussed.

I like this proposal even more than the nLocktime feature. With Andriian's solution, there is no need to re-create the timelocked transaction after a certain period has passed. To invalidate the old one, you would have to spend one of the inputs thereby creating additional transaction costs. Not that big of a deal, but still. Or if you don't want to do that, you can create a timelocked transaction for a decade in advance, but you would be leaving your heirs waiting for a long time to get to the coins.   

But with Andriian's method, the sender would only need to create a new timelocked transaction if the receiver tried to broadcast it while the sender is still alive. In other cases, the sender only checks the status. That's good and it doesn't even have to be done that often. If the transaction timelock expires in one year, the sender would only have to check the status one time during that period.

But there are some negatives as well. No wallet uses Andriian's proposal. It only works in a testing environment and on a mobile wallet. If you wanted to use it, both parties would be required to use that one and only wallet. There is no desktop solution yet. Even if it was live on mainnet, it would have to be thoroughly checked and tested for bugs and vulnerabilities before being recommended.

But I hope he succeeds in creating this. It looks really interesting.     

Mandatory how?  Who will enforce this rule? This is a decentralized, global technology. Anybody anywhere, with some software engineering knowledge, can create their own wallet software and make it available for others to use. How are you going to force every programmer in the world that creates any type of wallet software to require all of their users to provide 3 addresses? Are you going to employ a police force that will hunt them down and arrest them? Will you also arrest the people that choose to USE a wallet software that doesn't require 3 addresses? What if someone doesn't have any friends or family that they trust? Do they get to use bitcoin?

Bah. You want to use a wallet with a multi-sig system? Go ahead, nobody is stopping you. But you aren't going to force your personal preference on the entire world.

o_e_l_e_o already answered for me - the point is that you can replace the nLocktime transactions regularly.

Just wanted to add that there is another variant I linked in my earlier post in this thread, invented by forum user Andriian and implemented in an experimental version of a mobile wallet, which in some situations can be even better:

You give your heirs an already signed transaction with two IF_ELSE options: a CSV timelock (after the expiration they can access the coins freely) and a condition that you can move the coins with your own key when you want. They can broadcast it at any time, but when they broadcast it, they need to wait for the timelock to expire to move the coins, for example for a year.

So they can broadcast it as soon you've died and will have access after the timelock expires. If they maliciously broadcast the transaction while you're still alive, you can move the coins yourself (and speak some serious word with your heir, which may not be a heir anymore in this case ).

This variant has a little bit more trust involved, because in theory you could imagine rare situations where you won't be able to move your coins in time (while still alive, e.g. on a long extreme tourism trip) and your heir could abuse that, but is easier to implement because you don't need to replace transactions as long as you don't move your coins - so it's excellent for a longterm HODL wallet. Even if someone steals the transaction (which could be a paper with a QR code) from your heir and broadcasts it, you will have enough time to react.

The biggest risks for the heirs not being able to access the coins (as I see it) is either them not being able to access the timelocked transactions, or losing access to the address which the timelocked transactions send all your coins to. Probably the most simple way to mitigate these risks would be to combine the methods above, and store a copy of your timelocked transaction in your safe as well as handing them a copy to store, so there is not a single point of failure for the timelocked transaction. This would obviously necessitate the "spend an input to invalidate the transaction" method for replacing the timelocked transactions. And while you are at it, they could hand you a copy of the seed phrase or private key for the target address to back up for them (assuming they don't use that wallet for anything else) in a location they know about, although you shouldn't keep this in the same place as the timelocked transactions for obvious reasons.

You could also circumvent this by using SIGHASH_NONE and SIGHASH_ANYONECANPAY, which would allow your heir to specify the output of the timelocked transaction to any address they like. This however introduces an additional risk in that anyone with access to the timelocked transaction could steal the funds after the timelock expires.

Other risks would be you forgetting to invalidate and replace the timelocked transactions, or messing up and creating an incorrect timelock without realizing it.

I know, it was a rhetorical question.

I thought about these 2 proposals of yours and I can't come up with anything better; they hit a nice balance of usability, security and low risk of the heirs not being able to access the coins. I also don't find them very impractical or too inconvenient to implement in real life, so for now this would be my preferred solution for a 'dead man's switch'. Compared to other ideas it also doesn't involve any custom crypto, which is great.

There are easy ways around this, as I briefly explained here: https://bitcointalksearch.org/topic/m.59853530. To elaborate:

The first scenario would involve me keeping the timelocked transactions secret, such as locked in a safe in my house or a safe deposit box at a bank. My family know about where they are stored, but would only be able to access them after I die. For added security they could be encrypted with a key only my family know. I create and sign a timelocked transaction, locked 1 year (for example) in the future, and hide it in my safe. If I am still alive in 11 months, then I create and sign a new timelocked transaction a year in the future from now, destroy the old one, and and replace it with the new one. Repeat every year and your family will never have to wait more than a year to claim your coins (or whatever time frame you choose). If you wanted you could even make up decades worth of timelocked transactions in advance, with a new one unlocking every month (for example), and just destroy them one by one as time goes on.

The second scenario would involve me sharing the timelocked transactions with my family as soon as I sign them. Again, 11 months in the future, I move a single input from the timelocked transaction, thereby invalidating the entire transaction (I could even keep a single input of a few thousand sats which I repeatedly use only for this purpose), and then create and sign a new one and hand it over to my family.

Another problem is that you don't know when you are going to die. Let's assume you want to leave your coins to your children. You set up a timelock with nLocktime at a future block around the time you will turn 70. But if you suffer a heart attack and die at 60, your children will have to wait 10 years to get access to the coins. It would be great if timelocked transactions could be edited to broadcast earlier upon showing the needed cryptographic proof. I don't have much knowledge of the subject, maybe they already can. 

I have heard of examples where Facebook has given the parents of a missing child access to their Facebook account in order to see if they can retrace their last steps or find some clues from the messages with their friends. In a way, social media accounts are inheritable. I don't see why that couldn't work for email accounts as well.

LN (and other layer 2 protocols) will make it less necessary, and less common for particular outputs to be spent.

If you have a sufficient number of channels, and if your counterparties are cooperating, you may never need to close your channels because you can just rebalance your various channels.

Further, there are always security risks associated with accessing your private keys and spending your coin, so individuals should generally not spend their coin unless they need to.

It can't. Period.

If someone wants to, they could create a nLockTime transaction that is valid a very long time in the future, that is intended to be sent to an address created for their next-of-kin. This is ultimately something that the owner of any coin should decide.

---

I would point out that some wealthy people choose to not give any money to their heirs.

Even though we do not know when we are going to die, it may happen in 40 or 50 years from now, when the technology might be obsolete. Now, I know people will adapt to the chances whilst they are alive, but what happens if the "death switch" fails and it takes a couple of years to access those coins.

In that time, a lot could change.... we might have a hard fork to counter quantum computing attacks or we might need some major changes to the protocol that negate a new attack vector that might be found.

You do not want the coins/tokens locked up due to a faulty "death switch" or if your relatives has no idea how to access the coins. (The death switch might transfer the coins to their addresses ...but they might not know how to access it safely.)  

Everyone pays a price for a lesson, just gotta make the lesson worth it.

I think this goes against some of the principles Bitcoin was built on (namely, anonymity). The best thing to do is, if someone is really afraid that their Bitcoins will be lost upon their death, that they should take it upon themselves to individually ensure that they won't be lost. A lot of people are already doing this.
If we were to look at this collectively, I don't think that losing Bitcoins hurts Bitcoin itself. It's value grows the more scarce it gets. But maybe people would be able to tell us more in about 50 years or so.

I agree.
Not everyone will be convinced by the argument though, so it's useful to go through the other arguments too.

The debate/argument will happen on a grander scale some day. It's worth having arguments written down now without the occlusion of being in the moment.

One more point on anonymity: To do this removes anonymity. If you expect people to have wealth, then you need some level of anonymity. A lack of anonymity when someone owns more than others, which is impossible to avoid, can put that person at risk. Fair enough that we need accountability too, especially for great wealth, and bitcoin seems to strike that balance (I think).

I was thinking more of scenario where the chip thinks you are dead when you are not, and then broadcasts a transaction which moves all your coins to someone else's address.

I don't necessarily disagree with your other points, but this really is the only one which matters. If you set up a centralized mechanism whereby a small group of people choose how and when to redistribute coins belonging to other people, then bitcoin is no longer decentralized. We've seen it happen to other coins, where a small group of people decided that some transactions were not allowed or that some people were not allowed to own some coins. If you go down that route with bitcoin, then it becomes just another scammy altcoin.

A required dead man's switch would be a non-anonymous currency.
I'm guessing OP is pro-anonymity?


There are several reasons why you shouldn't do this.

What would be the point, anyways?

1) You can't reinstate lost coins without introducing crazy entropy into the system. So, what happens when larger versus smaller accounts get 'released'? You'd cause big changes in the market due to that variability. This is undesirable for a currency.
2) This would be unfair to the miners just before or after major peaks of those releases. At least with something constant or predictable, you get some level of fairness.
3) Even if in 40 years people might be dead, many people here will be in their golden years and need that savings.
4) Depending on what the lead time is on this, you may be forcing people to spend their coin 'early'. It could cause them to spend it in non-optimal circumstances that force reveal the originators/inheritors and cause safety concerns.
5) Any currency that can't last that long without retaining a reasonable portion of its value, isn't worth it.
6) Who decides? Instead of inflation and governments forcing the loss of your savings, you would have a loose group of individuals decide that fate?
7) If those coins are dead, it doesn't matter. If those coins are really in the care of someone, then it's hurting the owners. They were fairly mined.
8] If you 'negate' the coin, then you lose that history.
9] You might wreak havoc on the system if there is the possibility that large values of coin come back to life that were otherwise dormant. Can you imagine?
10] You would get people who game the system. Do you think people would game a system for 40 years? If a crypto took off like people here think, then yes, gaming would happen, especially with some non-constant variable like this.

You can increase the mining reward if you think the current system is unfair, remove the limit on the number of bitcoin that can be mined, or institute another cryptocurrency.

But negating the value from addresses that fairly mined them before?
Both play with the economics of the system.


Money is inherently selfish. I doubt there is anyone that has given their main home carefree to a group of homeless individuals to live on the street themselves. There are people starving some place in the world, and yet you choose to eat? How selfish! Neither pure selflessness nor selfishness can solve the world's problems - some mix is good.

There's a religion about this..

It's a fun thought experiment. What should we do to leave behind something to help our great great descendants? Maybe we can leave a buried nuclear reactor with stone carved instructions on how to derive energy from it and see the history as we thought of it projected on radiation hardened electronics? And somewhere near, leave seeds and genomes of all catalogued species? Would they be stone men and women rebuilding a civilization and have to figure it out, or would they be some super advanced civilization who thought it was cute but used it for their archaeology classes?

Now I want to see a movie that plays in a distant, far post-apocalyptic future, where a lot of technology was destroyed, governments and banks don't exist anymore, however hobbyist-run nodes on smartphones and laptops with 128TB SSDs are still up and running and connected through an off-grid mesh network. They are just lying around in the destruction and some still run.

Then in the rubble, underneath a destroyed building, someone finds these two huge golden plates (insert some reference to Moses, because movies always do this shit). After getting excited about its value and sudden realization that he can't easily trade or transact with this gold and there is no banks to sell it to, he realizes there are seed words to hundreds of BTC on them...

Almost everyone had forgotten about Bitcoin by that time, but it still ran as a background service on some devices and they were even still mining at super efficiency in the background. However he remembers something his grandfather told him about this government-independent money, in a time where before the apocalypse, the world was completely authoritarian and there was no way around paying with a face scan in store which would directly credit that amount from your state-controlled bank account. A few members of the resistance still ran these nodes though and it seems like the only way out now...

I don't know if you ever wondered what would happen to all your email addresses and online accounts if you die without leaving your backup passwords to your family members or lawyer.
It's similar thing with Bitcoin and private keys or seed words, and I don't think we need to have bitcoin-babysitters for that.
Even if you had bunch of gold plates hidden in undisclosed secret location and you never tell anyone about that, it is lost for your family forever when you die.

It's your own responsibility and there is no automation in Bitcoin.
If you want to leave hidden treasure to your family you live them map with instructions how to find it, same thing applies for bitcoin.

Here we can talk about a lot of people thinking that there is too little Bitcoin (max supply only 21 million) for someone to allow that after someone’s death it happens that his BTC practically goes to the grave with him. The OP says it would be mandatory to avoid this in some way, but fortunately there is no law to regulate that problem in crypto, even when it comes to assets in banks to which no one is entitled. In Germany alone, it is estimated that there are between 2 billion and as much as 9 billion EUR in such bank accounts, with the difference that sooner or later the money will go to the state if no one responds and claims their inheritance rights.


This has become quite common, so sometimes we can say that it is better for family members not to be familiar with some things, because a lot of money means a lot of discord, quarrels, and even violence.

I mean its your decision at the end of the day, I don't anyone claiming it to be selfish has any real weight behind it. Personally, I do think its a good idea to set something up, although I think there might be better ways that going through it via coding it in, or even using a dead mans switch. Ultimately, it depends on your threat model. Whenever we are talking about major wealth, then having a multisig setup could potentially be dangerous, you only have to look around you to see how far some people are willing to go to get their hands on wealth.

Even families can turn against each other, so I wouldn't listen to anyone saying you're being selfish.

Chip malfunctions, all your coins are gone, sorry!

Two ways around this step. First of all, you don't have to move all your coins to invalidate the transaction. Moving just a single input would invalidate a transaction with many inputs. So you could create a transaction sending money from (for example) 5 cold storage addresses and 1 hot wallet address, and you would only need to send the small amount of coins out of the hot wallet address to invalidate the entire transaction without having to touch the cold storage coins. The second option is you simply don't share the timelocked transaction with anyone. Create it, sign it, and then store it (again, for example) in a safe in your house that your relatives would break in to after you die. Whenever the timelock is approaching, destroy your transaction and replace it with a new one further in the future.