Assets accounted for on blockchains, such as digital currencies and various value-bearing tokens, are becoming increasingly popular vehicles for investment. However, safekeeping large amounts of crypto assets on behalf of others is still a challenge for exchanges and traders without a satisfactory, go-to solution: large-scale theft both by insiders and outsiders do happen from time to time.
In this article, I am going to explore the challenges of creating such a service. There are technical, organizational and legal challenges, of which I am focusing on the first two aspects. One difficulty is dealing with the simultaneous threats of theft and loss of access. The basic tradeoff here is making access sufficiently difficult to prevent unauthorized withdrawals, but at the same time not to prevent access to funds in case of loss or destruction of some credentials or other pieces of information or hardware. Another important challenge is making the solution incentive-compatible. In plain English, it means making any attack substantially more costly for individuals than the expected gains from such attacks.
I believe that successful solutions should have the following properties:
- Withdrawals and credential-issuing require at least two-party authorization.
- Any one set of credentials can be lost without permanently losing access.
- Credentials must be regularly used for early detection of loss.
- Credentials must be regularly renewed for invalidating leaked credentials.
- Rate of withdrawal is technically limited.
- There is sufficient reaction time between commitment to withdrawal and actual withdrawal.
- Such commitments are easily reversible, even with one-party authorization.
- Potentially colluding insider attackers must have reasons to distrust one another.
With assets on fully programmable blockchains such as Ethereum and Ethereum Classic, most of these properties can be enforced by smart contracts and credentials can be even as simple as password-protected private keys on some reasonably secured general-purpose online hardware (such as laptop computers or mobile devices, not used for other purposes).
However, Bitcoin and Bitcoin-derived blockchains pose a much more difficult challenge, which is not even due to the limited expressive power of Bitcoin script (that would be sufficient for such purposes); the reason is that output conditions cannot impose constraints on the conditions of the spending transaction. That is, if conditions are met, no matter what they are, the spending transaction will get into the blockchain with arbitrary conditions of spending its outputs.
This implies that some of the above enumerated properties (such as withdrawal rate limits) might need to be enforced by machinery that is hardened against all sorts of attacks. In particular, it might require offline (air-gapped) hardware composing only particular types of transactions, without ever outputting the signing private key(s). Or it might require decentralized enforcement by participants though well-designed protocols and procedures. In either case, a depository for Bitcoins and similar assets is a much more complicated and costly endeavor.
Image from Pixabay.