Topic: Is there pitfalls in making a vault by time locking a transaction? (Read 105 times)

Extremely helpful, especially in terms of clarifying what has now become so obvious to me but previously not understood - that every set up I can access, I can be forced to access by an attacker.

Thanks a lot, o_e_l_e_o!

There is not one. Any set up which you can access yourself, you can be forced to access by an attacker if the consequences for not doing so are great enough, either to yourself or to your family. Even in the timelocked set up you describe where it is utterly impossible for you to access the coins sooner, there is no way for you to prove that to an attacker in order to get them to stop their attacks, and as Loyce says, they can just kidnap you and wait. They can force you to access any back up, unlock any wallet, log in to any account, or contact any third party with a gun to your head.

The best way to protect your funds from robbery is to have no evidence that they exist, and to be able to hand over something to an attacker in order to satisfy them. This means at least one wallet which no one knows about, created in a completely airgapped manner, with no evidence left behind, stored completely separately to your other wallets (including its back ups). It also means this wallet is funded only with coins which have no link to your other coins. You can't just empty 5 BTC out of your hot wallet and send it straight to this cold wallet, since it will be clearly obvious from looking at the blockchain what you have done. It needs to be funded with well mixed or coinjoined coins, preferable bought peer-to-peer and not via a centralized exchange. You also need to have other wallets you can hand over to an attacker. You might already have a hot wallet on your phone you can hand over, but the attacker will still expect that you have a cold wallet too. So you need a decoy cold wallet or two with an amount which could reasonable be "your stash" which you could also hand over in such an event, while your real cold wallet(s) remain hidden.

Dear LoyceV,

Your arguments are very strong and highly appreciated.

I started changing my point of view while you described the reasonable "5 dollar wrench attack" outcome, and you finally convinced me not to TimeLock with the argument of not to delete the wallet (in addition to the potential "sending the funds to deleted wallet" reason, I personally stick to that point because it keeps a proof of historical possession in case of a taxation event or any other not-known for now cases, but forgot it when developing the scheme. There are likely other reasons which I am not aware of).

I agree with you that not telling anyone about your cold storage is the best practice, but it is so happened that I am involved in a public bitcoin educating and can easily become an attack target. So for now I haven't been able to figure out robbery-safe vault setup, except for the 2-of-3 MultiSig with one key kept on my PC and backed up at home, the second - at geographically distant friend's place and the third - in a safe deposit box in a bank. But this setup is also prone to robbery as the attacker will just have to force me to call a friend to co-sign the transaction.

If you have any additional setups or best practices to share - it would be very appreciated.

Better if the signed raw transaction to your cold-storage has higher fee rate enough to replace the other transaction.
But since full-rbf still isn't widely used yet, set the original transaction as 'replaceable' in case you need to replace it with the back-to-cold-storage txn.
That will give you a few minutes to "cancel" that transaction.

People have lost much more funds from hot wallets than from wrench attacks, so I don't think sending funds from cold storage storage makes it safer.

---

---

I think it's much safer to keep your cold storage private. Don't tell anyone about it, and make sure nobody can find your backups.

To safeguard at least one part of my bitcoin vault I have decided to sign a postdated transaction, e.g. three months from now, made with Electrum, addressed to my "hot" Electrum wallet address.

As another security measure I have decided to sign another similar transaction dated a little earlier, addressed to my cold storage address, to prevent spending in case of a potential "5 dollar wrench attack" makes me disclose the original transaction's hash and the "hot" wallet keys to an attacker.

After that being done - to delete the signing wallet file and the seed and make several backups of the transaction's hash including an online encrypted backup, risking some privacy to ensure the transaction's hash is available.

Is there any pitfalls in such a scheme?

Thank you!

P.S.: I think that the "Insufficient Transaction Cost" issue is addressed by the ability to use the "Child Pays For Parent" function in Electrum.
The "Network will change a lot by the time of unlocking" issue is addressed by relatively short period of locking.
The "Necessity to spend some funds" issue is addressed by locking only 1/3 or 1/2 of a vault in such a scheme.
Please correct me if I am wrong.