I still feel like you're better off getting rid of "hot wallets" and use
lightning-esqe networks to route orders. I don't think either speed or
flexibility is an issue there.
happening on the network now. By making "hot wallets" more "secure", we
crappy-security exchanges.
Because, ultimately, there's no security that will prevent an inside job.
jobs.
And centralization is the actually demon that needs slaying here.
A client-side library with P2P order routing, tether.to + bitcoin .... and
you've got a decentralized exchange... with orders matched to users
directly, and channel-trades executed instantly. And "market makers"
running nodes to facilitate routing, etc.
No center... nothing to shut down or sue... and no one holds your funds.
That's a real Bitcoin exchange.
Post by Matthew Roberts via bitcoin-devI'm wondering if we're fully on the same page here. What I was thinking
was that this protection mechanism would be applied to the coins in the hot
wallet (I wasn't talking about moving coins from the cold wallet to the hot
wallet -- though such a mechanism is also needed.)
With the hot wallet you would have an output script that only allowed
coins to be sent to a new transaction whose output script was then only
redeemable after N confirmations (the output is relative time-locked) but
which can also be recovered to a fixed fail-safe address before the
time-lock is reached (exactly like TierNolan already listed only the
time-locked destination shouldn't be completely fixed.) So the private key
for this hot wallet can still sign valid transactions to withdraw coins to
any known destination and these transactions still reach the blockchain.
The key difference from a regular transaction is that the destination only
has access to the coins -after- the relative time-lock is reached (N blocks
after first confirm) so everyone knows where withdrawals are suppose to be
going and how many coins are being withdrawn at any given time. Deposits to
the hot wallet would therefore need to be encumbered by the same protection
so that from then on this time-lock to redeem coins can be applied to every
new transaction trying to move coins (withdrawn by a user of the exchange
or sent to the cold wallet.)
Notice we don't care about the destination in the TX script for the hot
wallet because to process user's withdrawals we can't know ahead of time
where they need to be sent (so it isn't possible to use a fixed address
here â though you might want to remove the clearing phase and set a fixed
address for coins sent from the hot wallet to the cold wallet.) The benefit
here comes from being able to see what withdrawals are being cleared,
matching those up to our expectations, and being able to "cancel"
withdrawals if they look suspicious, and you get the benefits for transfers
made from the hot wallet to the cold wallet and visa-versa.
1. Wallets could be built that grouped coins into different "accounts"
with different time-frames required for clearing / unlocking coins. Your
savings or investment account would say -- take up to a week to clear --
whereas your everyday account used for smaller purchases (with less money)
would only take a few hours. This could all be linked up to services that
notified you of your money being moved + made any phone calls needed to
verify any larger transfers.
The service could also be entrusted with the âcancellationâ key which can
only be used to move money to your offline fail-safe address. This would be
quite an interesting way to mitigate fraud without the user having to be
trusted to do anything (except I suppose â not storing their recovery keys
online ⊠but this could be partially solved with BIP 32-style âmasterâ
public keys + hardware wallets + multi-sig, N factor auth, etc ...)
2. Gambling websites that process a lot of Bitcoins also have a hot wallet
which could be better protected by this.
3. Various other e-commerce websites also accept Bitcoins directly. (Deep
web markets come to mind -- hey, people breaking the law need good security
too.)
4. Provable dead man's switches on the protocol level is another idea --
no need to keep special time-locked transactions around and rely on them to
be broadcast = more reliable escrow services.
5. And obviously exchange hot (and cold) wallets - enemy number 1.
I hope that makes sense. I think I initially managed to confuse a lot of
people by talking about revoking transactions / âsettlement layersâ, etc.
But IMO: all of this needs to take place on the blockchain with a new set
of OP_CODES and other than the fixed address issue with OP_SPENDTO, I think
the general idea would still work.
tl; dr, A pseudo-reversal mechanism for transactions would mean that
stolen private keys were no longer such an issue. This is desperately
needed for exchanges, wallets, and other services that are forced to manage
private keys, and whose users (I argue) already expect for this to be
possible (or at least will when they're hacked.)
On Sat, Aug 6, 2016 at 9:13 PM, Tier Nolan via bitcoin-dev <
Post by Tier Nolan via bitcoin-devOn Sat, Aug 6, 2016 at 11:39 AM, s7r via bitcoin-dev <
Post by s7r via bitcoin-dev* reversal of transactions is impossible
I think it would be more accurate to say that the requirement is that
reversal doesn't happen unexpectedly.
If it is clear in the script that reversal is possible, then obviously
the recipient can take that into consideration.
Post by s7r via bitcoin-dev* keep private keys private and safe. Lose them, it's like losing cash,
you can just forget about it.
Key management is a thing. Managing risk by keeping some keys offline is
an important part of that.
Post by s7r via bitcoin-dev* while we try hard to make 0-conf as safe as possible (if there's no
RBF flag on the transaction), we make it almost impossible or very very
expensive to reverse a confirmed transaction.
BitGo has an "instant" system where they promise to only sign one
transaction for a given output. If you trust BitGo, then this is safe from
double spending, since a double spender can't sign two transactions.
If BitGo had actually implemented a daily withdrawal limit, then their
system ends up similar to cold storage. Only 10% of the funds at Bitfinex
could have been withdrawn before manual intervention was required (with
offline keys).
Who will accept
Post by s7r via bitcoin-devsuch an input and treat it as a payment if it can be reversed during the
settlement layer?
Obviously, if a payment is reversible, then you treat it as a reversible
payment. The protection here relates to moving coins from the equivalent
of cold storage to hot storage.
It is OK if it takes longer, since security is more important than
convenience for coins in cold storage.
Post by s7r via bitcoin-devThe linked page describes that merchants will never accept payments from
'vaults', and it will take 24 hours for coins to be irreversible moved
outside the 'vault'.
This relates to the reserves held by the exchange. A portion of the
funds are in hot storage with live keys. These funds can be stolen by
anyone who gets access to the servers. The remaining funds are held in
cold storage and they cannot be accessed unless you have the offline keys.
These funds are supposed to be hard to reach and require manual
intervention.
I think this is a wrong approach. hacks and big losses are sad, but all
Post by s7r via bitcoin-devthe time users / exchanges are to blame for wrong implementations or
terrible security practices.
Setting up offline keys to act as firebreaks is part of good security
practices.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev