Frozen Storage BIP Lockdown Mode BIP (ETF Fasttrack) (Please VOTE in Poll)

Cruz

New member
Instead of cold storage a lockdown mode address or Frozen Storage address could be added to bitcoin.

This is how it would work.

If person A wants their coins locked down more secure than cold storage they simply generate an address which has a special prefix on it (maybe the number 4 which would mean segwit + frozen storage).

Anytime a transaction is sent from an address with this prefix on it they can be a delay of time i.e: (3 days) before the miners mine it and give it a confirmation.

This way if attacker gets Person A's private key and attempts to steal their coins A can veto the spend before 1st confirmation as they will be able to detect it and the transaction will be reversed and not mined. They will have 3 days or so to detect it too.

If attacked and person A reverses the payment, the attacker may attempt transfer again or reverse A's attempts to transfer coins out of their locked storage and end up in vicious cycle where the coins can't be spent by either party resulting in a stand-off / DOS.

If this occurs an annual or 6 monthly hard fork can correct the issue by:

Person A legally applying for it, proving they are the true owner and generating a new address where the coins in stand-off will be moved to.

The fact these hard forks are scheduled and occur rarely will minimize disruptions.

Miners can confirm the reversals given are correct by confirming the details from both the bitcoin.org site and the results of court decisions on government websites. These sites will have to be as secure as humanly possible.

A bad actor can not abuse this because:
1. These occurrences will be rare.
2. The changes made will be verifiable.
3. There will be time to confirm everything from the update sent out to the validity of the changes made.
4. Only coins proven to be in a lockdown mode/frozen storage address AND are in a standoff for more than 12 months will be changed.
5. Other safe coins put into lockdown mode can be transferred to a new lockdown mode address before 12 months to prevent any bad actor abusing this system as then it won't ever be considered for changes.

Decentralization/Mining concerns:
1. Miners should be paid a fee for the hardfork update for each tx by those whose coins entered into a standoff.
2. Miners would not be incentivized to mine a lockdown mode address early as they could earn more in the event of a standoff and they will earn an tx fee anyway once the time delay expires.
3. Prevention of abuse prevents any harm to decentralization.
4. Having to move coins from one lockdown mode address to another before 12 months does not mean now we have to do this to prevent a bad actor from abusing this system, it actually means we now have a way to prevent any bad actor from stealing our coins which is more secure and cheaper than hardware wallets and more secure than paper wallets.
5. If a rogue miner confirms the transaction before the delay period the other miners can check this and reject adding it to the blockchain before the delay period has expired.

Benefits of doing this:
Ultra secure.
Solves custody problem which paves the way for bitcoin ETF approval by SEC.
Eliminates problem of hard forks taking back coins from legitimate users who unknowingly purchase stolen cryptocurrency from an attacker.
Even if private key is obtained coins are still safe.
Exchanges could offer users ability to store majority of their coins in this mode improving security and seriously minimizing damage from attacks that somehow manage to get an exchanges cold wallet private key.
Cheaper than hardware wallet, many people can not afford hardware wallets and if bitcoin is truly to become global reserve currency costs of securing coins must come down.
More secure than hardware wallet, if someone steals your hardware wallet or recovery seed they still won't be able to steal your coins provided you have a backup.

Why is this more secure than cold storage:
A hardware wallet or recovery seed can be stolen, PIN can be stolen too via monitoring software/hardware.
A hardware wallet or recovery seed can be forcefully removed from you and you can be threatend to reveal your PIN to an attacker.
A paper wallet can be stolen or forcefully removed from you.
A paper wallet's keys would eventually be stored on a system that is impossible to 100% verify the clean state of. (Even a clean install does not mean a clean state, they are many ways a computer can be compromised.)
TEMPEST attacks(leaks of emanating emissions) are theoretically possible on both paper wallets and hardware wallets without adequate shielding installed and tested.
Shielding from these attacks may be inadequate.
Even when adequately shielded it is not 100% known if they exists unknown or non-public ways to still be able to read this emissions.
User mistakes happen too in any step of a security process.
Hardware wallets can suffer from attacks on firmware, on chip etc... all that may be needed is physical possession without needing PIN.
Insider attacks are still possible.
Some form of 2FA before sending a transaction is not as secure as frozen storage/lockdown mode because the 2FA device can be compromised or stolen.

NONE of these security concerns exist with frozen storage/lockdown mode.

How could this be used:
Well basically some of your coins would be in cold storage, some in frozen storage/lockdown mode and some for use on your phone or on LN or in a wallet where an exchange/website manages the security of the funds.

If someone attempts to steal coins then it simply wont happen, this will shutdown the majority of stealing/hacking of peoples crypto.


This situation would be a rare occurrence as coins located at lock down mode addresses would be unlikely to be attacked.


edit: please read entire thread as more concepts added later

edit:
i was in such a rush when i wrote this all..

it should also be noted that in decentralization/mining concerns section:


"4. Having to move coins from one lockdown mode address to another before 12 months does not mean now we have to do this to prevent a bad actor from abusing this system, it actually means we now have a way to prevent any bad actor from stealing our coins which is more secure and cheaper than hardware wallets and more secure than paper wallets."

this manual transfer before 12 months is actually not neccesary to prevent abuse because as described in the "A bad actor can not abuse this because:" section

4. Only coins proven to be in a lockdown mode/frozen storage address AND are in a standoff for more than 12 months will be changed.

so this is not a concern and means less to worry about when implementing this

edit:
it should also be noted that initially just the bitcoin etf account awaiting approval by the SEC needs this special feature as it does bring complications of application process for hardfork in the ultra rare situation that this is needed.

instead of a legal/court process it could be just an online application process and only a court decision given there are 2 or more people claiming legitimate ownership of the coins (this is extremely extremely unlikely as the attacker probably won't file for ownership or be prepared to identify themselves via legal means as they would risk prosecution).

hope that helps...

edit: rememember read entire thread so you understand thoroughly the concept

edit: please if voting NEVER state reasons why
 

Juan

Member
Why don't you use HLTC or bitcoin's timelock (CSV, CLTV, nLocktime or nSequence) which already exist and can be alternative to your idea.

Also, there are 3 important questions :
1. Assuming a transaction is reversed, that means blocks would become invalid since it's hash (along with all next blocks) will become invalid. How do you plan to solve this problem?
2. Attacker might able to steal private key after user make a transaction from special address, how do you plan to prevent this accident?
3. How do someone veto a transaction which made by attacker where we can verify who's the owner/attacker without compromise owner privacy?
 

Kingston

Member
vit05 these is a semicolon after your quotation marks & it continues on please read on. i hope that helps clear any confusion you have.

ETFbitcoin i will try address your points and questions as fast as possible as i have little time.

firstly yes i guess nLockTime could be used for part of this & it is a good idea to do so, but here we are adding a new veto method which cancels the unconfirmed transaction altogether instead of RBF. so the idea is new although existing features can help ease its implementation definitely. thank you for that.

so detecting a leak of private key and using your veto powers to cancel any transactions made is what is possible here.

as for 3 important questions

1. this is not a problem, blocks aren't effected and no confirmed transactions are reversed, only unconfirmed transactions stuck in a standoff which is quite unlikely to occur for the suggested time period of 6-12 months.

2. if key is stolen after legitimate transaction and used to veto your transaction then you are able to detect that you have been compromised and take action, i.e: generate new keys & new secure lockdown mode transaction address for standoff reversal if the situation comes to it which is unlikely, an attacker is likely to not target these addresses to start with and in the event of standoff eventually back down. this is a failsafe security method not a preventative one although given the failsafe exists it does prevent a lot of hacking/theft.

3. this is a legitimate concern, however there is i believe a reasonable solution, in the event of a standoff for greater than 12 months or 6 months depending on the decided scheduled hardforks the privacy of the owner can still be protected via legal means. also the legitimate owner will have to weigh up the cost of disclosing their identity to a few individuals vs losing the coins altogether and weigh up and make a decision, there is not any legitimate cases where this compromise would be unacceptable that i can think of.
 

Ashton

Member
furthermore to prevent transaction spam if an address stays in standoff mode for a certain amount of time it can be automatically rejected for a certain time period n to discourage any dos or transaction spam.

also users may be able to pre-setup on a different system another frozen storage address to transfer to in the event of a detected standoff to minimize hardforks.

this separate address will have to be setup on an entirely different system so only a hardfork legal application need be applied for if both the original frozen storage key is breached and the secondary one.

this is probably never going to happen but knowing that failsafe is there brings peace of mind.
 

Kaiden

Member
i was in such a rush when i wrote this all..

it should also be noted that in decentralization/mining concerns section:


"4. Having to move coins from one lockdown mode address to another before 12 months does not mean now we have to do this to prevent a bad actor from abusing this system, it actually means we now have a way to prevent any bad actor from stealing our coins which is more secure and cheaper than hardware wallets and more secure than paper wallets."

this manual transfer before 12 months is actually not neccesary to prevent abuse because as described in the "A bad actor can not abuse this because:" section

4. Only coins proven to be in a lockdown mode/frozen storage address AND are in a standoff for more than 12 months will be changed.

so this is not a concern and means less to worry about when implementing this

i will edit original post to reflect that now
 

Giovanni

Member
it should also be noted that initially just the bitcoin etf account awaiting approval by the SEC needs this special feature as it does bring complications of application process for hardfork in the ultra rare situation that this is needed.

instead of a legal/court process it could be just an online application process and only a court decision given there are 2 or more people claiming legitimate ownership of the coins (this is extremely extremely unlikely as the attacker probably won't file for ownership or be prepared to identify themselves via legal means as they would risk prosecution).

hope that helps...
 

Jesus

Member
I am not going to discuss technical details here since your suggestion requires applying many modifications to the bitcoin core.

But did you take in consideration the next scenario!:
The wallet owner buys something using his wallet, receives the goods or service then asks to reverse the payment. What will happen then as he can easilly prove he is the owner of the wallet.
 

Calvin

Member
the scenario you talk of is impossible.

your scenario: "the wallet owner buys something using his wallet, receives the goods or service then asks to reverse the payment. What will happen then as he can easilly prove he is the owner of the wallet."

in reality and with the frozen storage concept a payment like this can never be reversed, 0-conf would never be considered secure from a frozen storage address and 1+ confirmation from a frozen storage address would be considered legitimate & could never be reversed from this concept.

also RBF(Replace By Fee) discourages 0-conf so no one would ship or give goods or service to someone without at least 1 confirmation.

hope that clears things up for you
 

Stone

Member
it should also be noted that the resolution process could be made easier by an AI that detects if applicant is human, has proof of keys & some other form of proof of ownership (blockchain history of transfer to frozen storage address & proof of purchase, proof of mining reward etc, proof of private purchase (legal signatures etc)).

the worst case scenario where massive amount of cases where there is a dispute between two applicants and a legal process is neccesary should really not occur as an attacker is extremely unlikely to go ahead with the legal process. frozen storage addresses probably would not be targeted at all after some time, it just doesn't pay off to the hacker they are more likely to target hot wallets and daily use wallets.

even in the case of a huge burden on the court system in the worst case scenario it can be processed via joint action as it could also be likely the attackers are the same for multiple victims so this really is not an issue.

if anyone has any legitimate concerns about this concept please feel free to reply to this post.
 

Jair

Member
it should be noted that the file containing list of transactions to cancel in the event of a successful application/court order over property dispute between true owner & attacker can be digitally signed and best security practices etc..

also anti spam can be further improved by only allowing a limited amount of transactions from a frozen storage address per time period t

this way creating a lot of frozen addresses incurs transaction cost thus deflecting spam

also please if you are voting and saying never please state reasons

remember this does not centralize but decentralizes the network as the biggest threat to the centralization of the network is hackers (a central entitity) taking others cryptocurrency
 

Ahmir

Member
as my account is new to this forum i can not vote yet, however my vote is on the yes side..

please if you vote no state your reasons, im hoping to see them stated clearly i can think of a few such as:

hardware wallets will get cheaper for everyone (not as cheap as frozen storage))
multi user hardware wallets will make them even cheaper for families etc.. (still not as cheap as frozen storage)
exchanges and major ETF's will have top notch security etc (nothing is 100% though)
hardware wallets can implement some anti physical theft features (i.e: not storing private key on device except when used plus built in delay) (still recovery seed can be stolen and there is physical attacks on the chip)
major exchanges/etfs will have adequate shielding (nothing is 100% here, talk to well experience security focused i.t experts in the field & there is still the possibility of insider atacks)

also adequate shielding from side channel attacks is not practical for average users

all these arguments against aren't 100%

please share if you have more

permissibility is important here as some can't afford hardware wallets and are locked out of using crypto because of threats to security

decentralization is also important here as attackers/hackers are centralized entities.
 
Top