Taproot vs. Security Threats. Bitcoin Tech Talk #267

Jameson Lopp wrote an article in Forbes about the different security threats to holding Bitcoin. By his reckoning, the biggest threats are accidental loss, digital theft, government seizure, physical theft and inheritance planning. I’ve been writing code to upgrade the buidl-python library to have Taproot support, so I read the article with some of the possible improvements in mind. After reading, I came to the realization that Taproot helps in each of these security threats.

The biggest problem, by Jameson’s reckoning is accidental loss. Usually, wallets have some seed phrase that you can back up. This can be done digitally, on paper, on steel or even in your brain. But what if you lose both the wallet and the seed phrase? Is there a way to still access your coins?

With enough foresight and planning, it turns out that you can add additional backup options. Taproot has, in addition to the normal single-key spend, an option to add a whole set of different scripts that can also spend, called scriptspends. This means wallets can now give users more recovery options.

Want to recover your UTXOs with a 2-of-5 multisig of 5 friends that don’t know each other? You can do that. Want to recover your UTXOs after a timelock of 1 year and locked to a key belonging to a known service like Unchained or Casa? You can do that. Want to recover using a gracefully degrading multisig of 3 of your family members where 3-of-3 is for immediate recovery, 2-of-3 after 6 months and 1-of-3 after a year, you can do that. Want to have all of them as options in the same UTXO? You can do that.

Taproot essentially allows you to have as many alternative conditions for unlocking your Bitcoins as you want, making the addition of recovery options to be easy. Best part is that you only have to reveal the recovery method when you spend using it, so your friends don’t even have to know that they’re part of your backup plan! You just have to present them with what needs to be signed. This means you have to backup and secure the taproot descriptor, but that’s not nearly as catastrophic as leaking your private key, so you can store it in a less safe place.

The second biggest security threat is digital theft. Because Taproot makes alternate recovery so easy, it incentivizes users to hold their own keys. Having a fail-safe, like having 2-of-3 multisig using 3 different Bitcoin key services, should make people a lot more confident about holding their own Bitcoins. If the Bitcoins are then leaving exchanges, digital theft on exchanges is going to be much less a threat. As wallets integrate Taproot with different recovery options, I expect a lot more people to hold their own Bitcoins when they wouldn’t before.

The third biggest security threat is government seizure. This is far more likely if the coins are on an exchange, but as I’ve argued above, this is less incentivized in a Taproot future. Furthermore, even in a physical capture scenario, enough planning can make it impossible for governments to seize the funds. The keypath could be a 3-of-3 requiring your lawyers from 3 different jurisdictions to agree to sign (which could be done in such a way that they wouldn’t do so without seeing you in person) and the normal spend could be locked to your private key, but only after 2 years.

Similarly, with physical seizure, planning with locktimes in mind will make thieves wait on a locktime to expire even with your keys while one of your recovery options can make it on-chain first. For example, your UTXOs can have varying locktimes so your loss can be mitigated even in the worst case, while still giving you flexibility to spend some maximum amount. Wallets will have to design UIs that will take some maximum amount spendable into account and lock the rest in timelocks to mitigate physical seizure.

Lastly, inheritance planning becomes much easier as your UTXOs can be unlocked to your heirs after a certain amount of time. A will could simply be a taproot descriptor of your UTXOs which are already distributed to your inheritors’ keys.

The details of Taproot are still not fully understood by the developer community or the ecosystem in general. As they start to fully comprehend the benefits, it will be obvious that Taproot is a huge security improvement against all the threats that matter.

Bitcoin

Waxwing discusses how coinjoin can be done right. The post goes into why Cross-Input Signature Aggregation may not be the kind of coinjoin that we really need in order to preserve privacy. Then he gets into how an actual privacy-preserving economically incentivized coinjoin would look like, including using Lightning to pay certain parties to properly incentivize coinjoins. The post is great for really understanding the difference between merely coinjoining and really using it for privacy.

Alekos Filini published how he made the first TapRoot scriptspend using the new OP_CHECKSIGADD op code. The post goes through how he used rust-bitcoin, rust-miniscript and a bunch of changes not merged into either project to create a 2-of-2 multisig scriptspend. The post is instructive for learning all the details of what goes into a scriptspend, particularly with merkle paths and the new SIGHASH_DEFAULT. Wallet developers are going to want to review this closely to understand Taproot practicalities.

Square has published a whitepaper for tbDEX, a protocol for decentralized exchange of Bitcoin, fiat and real world goods. The main idea in the whitepaper is the use of decentralized identifiers (DIDs) and trust relationships using verified credentials (VCs) to do trades peer-to-peer. The concept has been around a while with networks like Bisq. The difference here is the use of DIDs to have some way of verifying that you have a path of trust between yourself and the other person. This is the answer to a very oft-repeated question of “what if the government bans exchanges?” The market is bound to start using something like this.

Lightning

Galoy has a great blog post on lessons learned from Bitcoin Beach. The post is a great overview of how we need to rethink Bitcoin in the context of non-first world countries. The people of El Zonte simply don’t have good banking services and Bitcoin, especially on Lightning, was a game changer. The main lessons like education being paramount, are good ones as Lightning adoption expands in places with little to no banking services.

Blockstream researchers Warren Tagomi and Konstantin Nick have published a deck on PeerSwap, a LN balancing protocol. The idea is that instead of trying to do something complicated like a coordinated balancing using many peers, or opening new channels, the balance is simply paid on chain in exchange for the equivalent amount being shifted in the existing channel. This is a simple and elegant solution which Lightning Node management software should consider.

LND 0.14 is out and it has some interesting new features. The main one is the one I mentioned last week and that is reusable invoices. This should be a major use case for recurring payments and given that LND is very popular LN node software, this should allow the many different node-in-a-box manufacturers to have some sort of subscription model. Imagine, for instance, a human rights activist in Iran being able to receive Patreon-like support for their efforts using Lightning and no central authority being able to stop it!

Economics, Engineering, Etc.

Saifedean argues for Bitcoin from first principles in the Wall Street Journal. He dispels myths about Bitcoin not being for everyone, Bitcoin being unreal, Bitcoin not being secure and Bitcoin being unregulated. The article coincides with the release of his new book, The Fiat Standard. As he explains, these myths provide a tremendous amount of opportunity for those that understand Bitcoin. This is an excellent article to send to the financially minded.

Nik Bhatia compares the various interest rates available inside and outside Bitcoin. The post is a masterclass in understanding how banks actually work and why the repo rate is so crucial to how a bank does business. As he explains, the repo rate essentially allows the bank to make margin on money it does not have by pawning off US treasuries. The fact that a similar market in Bitcoin exists as a perpetual swap funding rate is strong evidence that Bitcoin is in the same class as US treasuries or real estate. This is a post well worth re-reading to understand what the real market is actually like and why it’s so leveraged.

El Salvador is planning a Bitcoin city. The main attraction will be zero capital gains taxes, zero income taxes, zero payroll taxes and zero property taxes. The city will be funded purely through a Value Added Tax (VAT) and a billion dollar bond which will be issued on the Liquid network and traded on Bitfinex. This is very much like what Michael Saylor did with Microstrategies, but at a nation-state level. The city will be located near the geo-thermal power sources to provide energy and is probably in response to the $1.5B loan from the IMF that was thought to be in jeopardy due to making Bitcoin legal tender in the country.

Speaking of El Salvador, Stephen Delorme has several informative blog posts about Bitcoin in El Salvador. The first is about Bitcoin adoption as he traveled in the country. In the second, he complains that UIs for wallets show balances too prominently. The third talks about the different wallets that he’s found being used there and the fourth is about the merchant experience. This is well worth reading and for those that are interested in improving the UX, there’s a whole UI toolkit for designing Bitcoin wallets.

Mark Goodwin explains what the Duck Curve is in energy production and how Bitcoin is poised to combat it. The main problem is that solar energy tends to produce the least amount of energy just as the grid has need of it and vice versa. Most people are not home in the middle of the day when the solar panels produce the most energy and are thus not using energy and vice versa when the sun sets because they turn on their lights. As the article points out, governments have essentially meddled in these markets to make them look more attractive. Bitcoin, Goodwin argues, will turn this back to a market process.

Reason opines that the environmental attacks against Bitcoin are fake news. Though much of what they say has been written in a lot of places, Reason is a major news outlet for libertarians and it’s good to see them defend Bitcoin. As they point out, the environmental attacks are losing steam and the elites are looking for other ways to attack Bitcoin. In other words, stay tuned, we’ve got a lot more fighting ahead.

Quick Hits

Marathon is getting into the issue-bonds and buy Bitcoin game that Michael Saylor pioneered.

Some Senators are trying to reverse the crypto provisions of the Infrastructure Bill.

The IRS thinks they’ll get billions.

The development standards at altcoins are even worse than you think.

Another week, another time when Bitcoin is pissing off the right people.

Events

I am planning to be in London for Advancing Bitcoin March 3-4, but there is some possibility I won’t be able to get into the UK. I am also going to be at Bitcoin 2022 in Miami April 6-8.

I’ll also be doing the Programming Blockchain seminars in London March 1-2 (subject to being able to get into the UK) and Miami April 4-5.

Podcasts, Etc.

On this week’s Bitcoin Fixes This, I talked to Lamar Wilson. We talked about diversity, Bitcoin and the changing nature of the community we’re finding ourselves in.

I read through last week’s newsletter which you can find here. I did an AMA on Stacker News.

I did a three-part series with Jean Rausis on Taproot. My talk about who controls Bitcoin at the Human Rights Forum with Stephan Livera is up. I also talked about the Little Bitcoin Book on AuthorCast.

Finally, I was on the Steve Deace show to talk about the new book:

My other books are here.

Unchained Capital is a sponsor of this newsletter. I am an advisor and proud to be a part of a company that’s enhancing security for Bitcoin holders. If you need multisig, collaborative custody or bitcoin native financial services, learn more here.

Fiat delenda est.