Basic idea: store ether in a contract, which holds a vault key and recovery key. Vault key can restore the ether to your hot wallet account, with a 24-hour delay. Recovery key can reverse the vault key, putting the contract back in long-term storage status.
基本思路:創建一個合約來保存以太幣,并保存一個開鎖密鑰和一個恢復密鑰。開鎖秘鑰可以將以太幣返還到你的熱錢包賬戶中,并有24小時延遲。恢復密鑰可以重置開鎖密鑰的操作,將合約恢復為長期保存狀態。
If both vault key and recovery key are compromised, the owner and attacker can keep reversing each other. However, the recovery key can also destroy the ether. So with total compromise of all three keys, you still lose your ether, but you can at least prevent the attacker from getting it, reducing the incentive to attack.
因為開鎖密鑰和恢復密鑰為折中關系,它們可以互相撤銷對方的操作。盡管如此,恢復密鑰還可以銷毀以太幣。所以,根據這三點的折中,你依然會可能失去以太幣,但是你至少可以避免以太幣被攻擊者獲得,減少了被攻擊的動機。
Edit: totally untested code I just threw together:
完全未經過測試的,剛剛倉促完成的代碼:
contract Vault {
address public hotwallet;
address public vaultkey;
address public recoverykey;
uint public unvaultedAmount;
uint public redeemblock;
bool public destroyed;
modifier only_vaultkey() {
if (msg.sender != vaultkey) throw;
_
}
modifier only_recoverykey() {
if (msg.sender != recoverykey) throw;
_
}
event Unvault(uint _amount);
event Redeem();
event Recover(address _newwallet);
event Destroy();
function Vault(address vault, address recovery) {
hotwallet = msg.sender;
vaultkey = vault;
recoverykey = recovery;
destroyed = false;
}
function unvault(uint amount) only_vaultkey {
if (amount + unvaultedAmount > this.balance) return;
unvaultedAmount += amount;
redeemblock = block.timestamp + 24 hours;
Unvault(amount);
}
function redeem() only_vaultkey {
if (destroyed || block.timestamp < redeemblock) return;
hotwallet.call.value(unvaultedAmount)();
unvaultedAmount = 0;
Redeem();
}
function recover(address newHotwallet) only_recoverykey {
unvaultedAmount = 0;
hotwallet = newHotwallet;
Recover(newHotwallet);
}
function destroy() only_recoverykey {
destroyed = true;
Destroy();
}
}
原文:https://www.reddit.com/r/ethereum/comments/484lm0/new_proposal_for_secure_bitcoin_vaults_with_a_new/
譯者:@u2
如何實現安全的比特幣保險柜
How do you store your bitcoins? Sure, the coins are registered on the blockchain, but how do you store the private keys that secure your funds? If you don’t have any Bitcoin now, how would you keep your private keys, the small files that have direct monetary value, safe from both loss and hackers? Given that key security is one of the major obstacles to mainstream adoption of cryptocurrencies, and every single coin hacking event is a black eye for the entire cryptocurrency community, a lot rides on the answers to these questions.
你是如何保存比特幣的?當然,比特幣登記在區塊鏈上,但是你是如何保存你的私鑰來保證你的資金安全的?如果你現在還沒有比特幣,你會如何保存你的私鑰,這個小小的文件有著直接的貨幣價值,如何防止丟失和黑客?保持密鑰的安全是大眾接受密碼貨幣的阻礙之一,每一次貨幣的丟失事件都給整個加密貨幣社區帶來不好的名聲,這些問題有各種不同的答案。
Ask any cryptocurrency veteran and they’ll tell you that you need to create the keys using well-written software and true sources of randomness. And they’ll tell you to use multisig to divide up your keys such that hackers need to break into not just one, but multiple machines to gain access to your funds. And such safeguarding is quite difficult. The conventional method to keep private keys safe is to follow a 37-step operational security guidelines that involve air-gaps, dedicated laptops, and epoxied ports. But what kind of “Internet currency” needs to be kept on an air-gapped, dedicated laptop, potentially in a pyramid with a false burial chamber? It’s no wonder that mere mortals often opt-out of this decision by trusting a large exchange to keep their coins. Of course, that just outsources the problem to that exchange’s security, which faces exactly the same challenges, only with much (much) higher stakes.
如果問任何一個加密貨幣老手,他們都會告訴你一個事實,你必須使用非常成熟的軟件和真正的隨機數來生成你的私鑰。并且他們會告訴你使用多重簽名來拆分開你的私鑰,這樣黑客必須破解不是一個,而是多個機器來獲得你的資金。這種保護是很復雜的。經典的保存私鑰安全的方法是遵循37步操作安全準則 ,這里涉及到物理隔離,專用筆記本和斷開網絡接口。但是“互聯網”類的貨幣也需要物理隔離,專用筆記本和隱藏在使用假墓室的金塔里?所以,不足為奇的是,凡人常常選擇比較大的交易所來保存他們的幣。當然,這只是將安全問題外包為交易所的安全,但是面臨完全相同的問題,只不過有更高的賭注。
The fundamental tradeoff between availability (which requires more replicas) and security (where more replicas mean more risk) means that regular users face a difficult decision. At the extremes, one either stores the keys on multiple devices, where they are vulnerable to theft, or keeps a single encrypted copy in air-gapped secure storage, which the user needs to visit, reconnect to the internet ever so briefly, and recite a full-paragraph password to recover the password.
在可用性(需要更多的備份)和安全性(更多的備份意味著更大的風險)的權衡中,一般的使用者會難以抉擇。極端情況下,要么將私鑰保存在多個設備上,這樣就容易被盜,或者只保存一份編碼私鑰在物理隔離的保險庫,如果用戶需要訪問,需要臨時地重新連接網絡,并且需要一段密碼來還原私鑰。
As a result, cryptocurrency archives are full of “sorry for your loss” events where coins were lost by mistake, or where hackers stole private keys and got away with substantial sums. This happens to savvy users, too. A colleague, a CS graduate student who was an early Bitcoin miner, lost around 10,000 coins. Another friend chose a very very good password. It was so good that he could not recall it after a couple of years, even with the help of hypnosis and brute force attacks on his password-choosing strategy.
結果,加密貨幣的的歷史里記載了很多起丟失貨幣的悲劇,要么因為自己的錯誤丟失貨幣,要么黑客偷走了私鑰而盜走多部分金額。這樣的事情同樣發生在聰明人身上。一個計算機系畢業的大學生,是早期的比特幣礦工,丟失了差不多10,000個比特幣。另外一個朋友選擇了一個非常非常好的密碼,好的以至于在一些年后他不能回憶起這個密碼,甚至使用催眠和根據他的密碼選擇習慣的暴力破解也無濟于事。
Overall, our computing infrastructure is nowhere near safe enough for storing high-value assets. Bitcoin has become a universal bounty, where hackers break into machines and immediately reap financial rewards. What we need is a way to lock up coins in a way that is impervious to hackers and thieves.
總的來講,我們的計算機設施在安全保存高價值的資產方面遙遙無期。比特幣已經變成一種普遍的黑客的“福利”,因為他們可以侵入你的電腦盜走你的財富。我們需要一種方式去鎖定我們的比特幣,讓黑客和小偷不為所動。
Bitcoin Vaults
比特幣保險柜
At the Bitcoin workshop in Barbados, Malte M?ser will present our solution to the Bitcoin private key management problem. Specifically, our paper describes a way to create vaults, special accounts whose keys can be neutralized if they fall into the hands of attackers. Vaults are Bitcoin’s decentralized version of you calling your bank to report a stolen credit card -- it renders the attacker’s transactions null and void. And here’s the interesting part: in so doing, vaults demotivate key theft in the first place. An attacker who knows that he will not be able to get away with theft is less likely to attack in the first place, compared to current Bitcoin attackers who are guaranteed that their hacking efforts will be handsomely rewarded.
在巴巴多斯的比特幣工作室里,Malte M?ser 展示了我們的比特幣私鑰解決方案。特別的是,我們的論文描述了一種方式來新建“保險庫“,它是一種特殊的帳戶,一旦私鑰落入攻擊者手里,這些私鑰達成的交易也可以被抵消。保險柜是比特幣的一種去中心化的方式,讓你可以申請銀行丟失信用卡來撤銷攻擊者的交易。這里有一些有趣的地方:這樣的話,保險柜在根本上是使私鑰盜竊行為失去動機。攻擊者知道如果他們不能拿走比特幣的話,首先就會很少去攻擊,對比當前情況,比特幣攻擊者可以保證他們的攻擊行為能夠獲得可觀的回報。
Operationally, the idea is simple. You send your money to a vault address that you yourself create. Every vault address has a vault key and a recovery key. When spending money from the vault address with the corresponding vault key, you must wait for a predefined amount of time (called the unvaulting period) that you established at the time you created the vault -- say, 24 hours. When all goes well, your vault funds are unlocked after the unvaulting period and you can move them to a standard address and subsequently spend them in the usual way. Now, in case Harry the Hacker gets a hold of your vault key, you have 24 hours to revert any transaction issued by Harry, using the recovery key. His theft, essentially, gets undone, and the funds are diverted unilaterally to their rightful owner. It’s like an “undo” facility that the modern banking world relies on, but for Bitcoin.
在操作上,思路也很簡單。你發送你的資金到你自己創建的保險柜地址。每一個保險柜地址有一個開鎖密鑰和恢復密鑰。當你使用開鎖密鑰從保險柜花費時,你必須等待預先設置的時間(非保險期),它是你創建保險柜時創建的,比如說24小時。當一切順利的話,在不保險期之后,你保險柜里的資金是未鎖定狀態,你可以將它們轉移到其他地址,然后像往常一樣去花費它們。現在,假使Harry一個黑客掌握了你的開鎖密鑰,你也有24小時的時間使用恢復密鑰撤銷Harry發起的交易。這次偷盜行為本質上講是失敗的,資金會轉移到正確的擁有者那里。它有點像現代銀行依靠的“撤銷”功能,但是是在比特幣世界。
Now, the astute reader will ask what happens when Harry is really really good, and he lies in wait to steal not just your vault key, but also your recovery key. That is, he has thoroughly pwnd you and, as far as the network is concerned, is indistinguishable from you. Vaults protect you even in this case. The recovery keys have a similar lock period, allowing you to perpetually revert every transaction Harry makes. Unfortunately, at this point, Harry can do the same and revert every transaction you make. To avoid a perpetual standoff, the recovery keys can also burn the funds, so no one gets the money. The upshot is that Harry is not going to be able to collect a dime of proceeds from his theft. And this, in turn, means that Harry is unlikely to target vaults in the first place, because there is no positive outcome where he gets to keep the proceeds.
現在,精明的讀者會問,如果Harry是非常非常聰明,他不僅偷走了開鎖密鑰也偷走了恢復密鑰,會怎樣。那樣的話,他已經完全攻陷你,就網絡而言,他和你已經沒有區別。即便如此,保險柜依然可以保護你。恢復密鑰同樣有一個類似的鎖定期,允許你永久性的撤銷Harry所有的交易行為。不幸的是,在這種情況下,Harry也可以做同樣的事,撤銷你做的所有交易。為了避免反復的僵局,恢復密鑰也可以燒掉資金,這樣就你沒有人能得到這筆錢。結局是Harry從他的偷盜行為中不能夠得到任何回報。這樣實際上意味者Harry首先就不會把保險柜列為目標,因為如果這樣做他不會有任何收入。
Building Vaults on Bitcoin Covenants
在比特幣契約之上構建保險柜
Implementing the vault mechanism in Bitcoin is far from trivial. One could implement a special purpose facility just for vaults -- with special address types for vault addresses, many new opcodes, and the like -- but we believe that architectural changes should be both minimal and general. We therefore propose a simple change to Bitcoin, called Bitcoin Covenants. As in legal covenants, a Bitcoin covenant checks a condition on the spending of a transaction. In essence, a covenant is a restriction placed on the shape of a future transaction. Because covenants can be recursive, they can self-perpetuate, or they can be limited in time, allowing one to implement a range of rich semantics.
在比特幣中實現這樣的保險柜機制是遙不可及的。一種可行的方案是,為保險柜專門設計的工具,使用專門的地址為保險柜,更多的操作代碼。但是我們相信架構的變更,應該是最小并且通用。因此,我們提出對比特幣進行一個小的變更,稱之為“比特幣契約“。就像法律契約,比特幣契約會檢查交易花費的條件是否成立。本質上講,契約是未來交易形式的一種約束。因為契約可以遞歸,可以保持自我永存,或者可以某段時間進行限制,它應當允許一個人實現一系列豐富的語義自定義。
The idea to extend the power of the scripting language isn’t new. In fact, we took the name covenants from an old tongue-in-cheek post by Greg Maxwell that suggested an unlikely mechanism and asked for preposterous use cases. It’s a recommended read.
擴展腳本語言的想法并不是新近提起。事實上,我們命名為契約源于一篇Greg Maxwell發表過的文章隨便說說的文章,他建議了一個不大可能的機制并且提到一些奇怪的案例。這篇文章很值得一讀。
Fungibility is Not Affected
不可逆轉性不會被影響
It's critical to note that vaults do not affect coin fungibility or the irreversibility of regular transactions in any way. Vaults are a personal defense mechanism: you take the money that you want to keep safe and put them in a vault address that you create (call it V). In doing so, you give up the ability to spend them quickly in return for theft prevention. When you want to spend the coins, you unvault them from V into your hot wallet (W), and you pay a merchant M from W. Only coins in your possession can be vaulted, and they can only be unvaulted back to your possession. You can't trick someone into accepting a vault payment and then take the coins back. The entire design revolves around personal protection for chosen coins in one's possession, without disturbing any of the rest of Bitcoin's properties.
很重要的要指出,保險柜不會影響比特幣交易的不可逆轉性。保險柜是個人資金的保護機制:你可以將你希望安全保存的資金放到你自己創建的保險柜地址。這樣做的話,你放棄了迅速消費它們的能力換來防盜。當你想使用這些幣時,你可以將它們從保險柜轉移到你的熱錢包,你用你的錢包進行支付。只有你自己擁有的錢可以被保存到保險柜,它們也只能轉回到你的所有權下。你不能欺騙某人接受一筆來自保險柜的交易,然后再將這些幣收回。整個的設計關系到個人資產的保護,這將影響到他們選擇哪種幣來保存個人資產,保證比特幣上的資產不會讓人產生任何不安。
Overall, our suggestion is a simple yet powerful addition to the scripting language that is easy to reason about, and opens the door to a variety of constructs.
總的來講,我們的建議是一種簡單而強大的對腳本語言的擴展,這很容易推斷出,它將開啟更加豐富的設想的大門。
Vaults are one of the first use cases of covenants, a solution to a problem that has perennially plagued every Bitcoin user ever since the first day of the system’s release. We hope that vaults will make it easier for people to safely keep their funds online, knowing that they can always undo a theft, and, more importantly, to deter the thefts in the first place.
保險柜是契約的第一個用例,它解決一個自比特幣系統第發布以來就一直困擾每一個比特幣用戶的問題。我們希望保險柜可以使人們可以安全的保存它們的線上資金,知道他們總是遠離被盜,更重要的是它從根本上斷除了偷竊的想法。
