Basic idea: store ether in a contract, which holds a vault key and recovery key. Vault key can restore the ether to your hot wallet account, with a 24-hour delay. Recovery key can reverse the vault key, putting the contract back in long-term storage status.
基本思路:创建一个合约来保存以太币,并保存一个开锁密钥和一个恢复密钥。开锁秘钥可以将以太币返还到你的热钱包账户中,并有24小时延迟。恢复密钥可以重置开锁密钥的操作,将合约恢复为长期保存状态。
If both vault key and recovery key are compromised, the owner and attacker can keep reversing each other. However, the recovery key can also destroy the ether. So with total compromise of all three keys, you still lose your ether, but you can at least prevent the attacker from getting it, reducing the incentive to attack.
因为开锁密钥和恢复密钥为折中关系,它们可以互相撤销对方的操作。尽管如此,恢复密钥还可以销毁以太币。所以,根据这三点的折中,你依然会可能失去以太币,但是你至少可以避免以太币被攻击者获得,减少了被攻击的动机。
Edit: totally untested code I just threw together:
完全未经过测试的,刚刚仓促完成的代码:
contract Vault {
address public hotwallet;
address public vaultkey;
address public recoverykey;
uint public unvaultedAmount;
uint public redeemblock;
bool public destroyed;
modifier only_vaultkey() {
if (msg.sender != vaultkey) throw;
_
}
modifier only_recoverykey() {
if (msg.sender != recoverykey) throw;
_
}
event Unvault(uint _amount);
event Redeem();
event Recover(address _newwallet);
event Destroy();
function Vault(address vault, address recovery) {
hotwallet = msg.sender;
vaultkey = vault;
recoverykey = recovery;
destroyed = false;
}
function unvault(uint amount) only_vaultkey {
if (amount + unvaultedAmount > this.balance) return;
unvaultedAmount += amount;
redeemblock = block.timestamp + 24 hours;
Unvault(amount);
}
function redeem() only_vaultkey {
if (destroyed || block.timestamp < redeemblock) return;
hotwallet.call.value(unvaultedAmount)();
unvaultedAmount = 0;
Redeem();
}
function recover(address newHotwallet) only_recoverykey {
unvaultedAmount = 0;
hotwallet = newHotwallet;
Recover(newHotwallet);
}
function destroy() only_recoverykey {
destroyed = true;
Destroy();
}
}
原文:https://www.reddit.com/r/ethereum/comments/484lm0/new_proposal_for_secure_bitcoin_vaults_with_a_new/
译者:@u2
如何实现安全的比特币保险柜
How do you store your bitcoins? Sure, the coins are registered on the blockchain, but how do you store the private keys that secure your funds? If you don’t have any Bitcoin now, how would you keep your private keys, the small files that have direct monetary value, safe from both loss and hackers? Given that key security is one of the major obstacles to mainstream adoption of cryptocurrencies, and every single coin hacking event is a black eye for the entire cryptocurrency community, a lot rides on the answers to these questions.
你是如何保存比特币的?当然,比特币登记在区块链上,但是你是如何保存你的私钥来保证你的资金安全的?如果你现在还没有比特币,你会如何保存你的私钥,这个小小的文件有着直接的货币价值,如何防止丢失和黑客?保持密钥的安全是大众接受密码货币的阻碍之一,每一次货币的丢失事件都给整个加密货币社区带来不好的名声,这些问题有各种不同的答案。
Ask any cryptocurrency veteran and they’ll tell you that you need to create the keys using well-written software and true sources of randomness. And they’ll tell you to use multisig to divide up your keys such that hackers need to break into not just one, but multiple machines to gain access to your funds. And such safeguarding is quite difficult. The conventional method to keep private keys safe is to follow a 37-step operational security guidelines that involve air-gaps, dedicated laptops, and epoxied ports. But what kind of “Internet currency” needs to be kept on an air-gapped, dedicated laptop, potentially in a pyramid with a false burial chamber? It’s no wonder that mere mortals often opt-out of this decision by trusting a large exchange to keep their coins. Of course, that just outsources the problem to that exchange’s security, which faces exactly the same challenges, only with much (much) higher stakes.
如果问任何一个加密货币老手,他们都会告诉你一个事实,你必须使用非常成熟的软件和真正的随机数来生成你的私钥。并且他们会告诉你使用多重签名来拆分开你的私钥,这样黑客必须破解不是一个,而是多个机器来获得你的资金。这种保护是很复杂的。经典的保存私钥安全的方法是遵循37步操作安全准则 ,这里涉及到物理隔离,专用笔记本和断开网络接口。但是“互联网”类的货币也需要物理隔离,专用笔记本和隐藏在使用假墓室的金塔里?所以,不足为奇的是,凡人常常选择比较大的交易所来保存他们的币。当然,这只是将安全问题外包为交易所的安全,但是面临完全相同的问题,只不过有更高的赌注。
The fundamental tradeoff between availability (which requires more replicas) and security (where more replicas mean more risk) means that regular users face a difficult decision. At the extremes, one either stores the keys on multiple devices, where they are vulnerable to theft, or keeps a single encrypted copy in air-gapped secure storage, which the user needs to visit, reconnect to the internet ever so briefly, and recite a full-paragraph password to recover the password.
在可用性(需要更多的备份)和安全性(更多的备份意味着更大的风险)的权衡中,一般的使用者会难以抉择。极端情况下,要么将私钥保存在多个设备上,这样就容易被盗,或者只保存一份编码私钥在物理隔离的保险库,如果用户需要访问,需要临时地重新连接网络,并且需要一段密码来还原私钥。
As a result, cryptocurrency archives are full of “sorry for your loss” events where coins were lost by mistake, or where hackers stole private keys and got away with substantial sums. This happens to savvy users, too. A colleague, a CS graduate student who was an early Bitcoin miner, lost around 10,000 coins. Another friend chose a very very good password. It was so good that he could not recall it after a couple of years, even with the help of hypnosis and brute force attacks on his password-choosing strategy.
结果,加密货币的的历史里记载了很多起丢失货币的悲剧,要么因为自己的错误丢失货币,要么黑客偷走了私钥而盗走多部分金额。这样的事情同样发生在聪明人身上。一个计算机系毕业的大学生,是早期的比特币矿工,丢失了差不多10,000个比特币。另外一个朋友选择了一个非常非常好的密码,好的以至于在一些年后他不能回忆起这个密码,甚至使用催眠和根据他的密码选择习惯的暴力破解也无济于事。
Overall, our computing infrastructure is nowhere near safe enough for storing high-value assets. Bitcoin has become a universal bounty, where hackers break into machines and immediately reap financial rewards. What we need is a way to lock up coins in a way that is impervious to hackers and thieves.
总的来讲,我们的计算机设施在安全保存高价值的资产方面遥遥无期。比特币已经变成一种普遍的黑客的“福利”,因为他们可以侵入你的电脑盗走你的财富。我们需要一种方式去锁定我们的比特币,让黑客和小偷不为所动。
Bitcoin Vaults
比特币保险柜
At the Bitcoin workshop in Barbados, Malte Möser will present our solution to the Bitcoin private key management problem. Specifically, our paper describes a way to create vaults, special accounts whose keys can be neutralized if they fall into the hands of attackers. Vaults are Bitcoin’s decentralized version of you calling your bank to report a stolen credit card -- it renders the attacker’s transactions null and void. And here’s the interesting part: in so doing, vaults demotivate key theft in the first place. An attacker who knows that he will not be able to get away with theft is less likely to attack in the first place, compared to current Bitcoin attackers who are guaranteed that their hacking efforts will be handsomely rewarded.
在巴巴多斯的比特币工作室里,Malte Möser 展示了我们的比特币私钥解决方案。特别的是,我们的论文描述了一种方式来新建“保险库“,它是一种特殊的帐户,一旦私钥落入攻击者手里,这些私钥达成的交易也可以被抵消。保险柜是比特币的一种去中心化的方式,让你可以申请银行丢失信用卡来撤销攻击者的交易。这里有一些有趣的地方:这样的话,保险柜在根本上是使私钥盗窃行为失去动机。攻击者知道如果他们不能拿走比特币的话,首先就会很少去攻击,对比当前情况,比特币攻击者可以保证他们的攻击行为能够获得可观的回报。
Operationally, the idea is simple. You send your money to a vault address that you yourself create. Every vault address has a vault key and a recovery key. When spending money from the vault address with the corresponding vault key, you must wait for a predefined amount of time (called the unvaulting period) that you established at the time you created the vault -- say, 24 hours. When all goes well, your vault funds are unlocked after the unvaulting period and you can move them to a standard address and subsequently spend them in the usual way. Now, in case Harry the Hacker gets a hold of your vault key, you have 24 hours to revert any transaction issued by Harry, using the recovery key. His theft, essentially, gets undone, and the funds are diverted unilaterally to their rightful owner. It’s like an “undo” facility that the modern banking world relies on, but for Bitcoin.
在操作上,思路也很简单。你发送你的资金到你自己创建的保险柜地址。每一个保险柜地址有一个开锁密钥和恢复密钥。当你使用开锁密钥从保险柜花费时,你必须等待预先设置的时间(非保险期),它是你创建保险柜时创建的,比如说24小时。当一切顺利的话,在不保险期之后,你保险柜里的资金是未锁定状态,你可以将它们转移到其他地址,然后像往常一样去花费它们。现在,假使Harry一个黑客掌握了你的开锁密钥,你也有24小时的时间使用恢复密钥撤销Harry发起的交易。这次偷盗行为本质上讲是失败的,资金会转移到正确的拥有者那里。它有点像现代银行依靠的“撤销”功能,但是是在比特币世界。
Now, the astute reader will ask what happens when Harry is really really good, and he lies in wait to steal not just your vault key, but also your recovery key. That is, he has thoroughly pwnd you and, as far as the network is concerned, is indistinguishable from you. Vaults protect you even in this case. The recovery keys have a similar lock period, allowing you to perpetually revert every transaction Harry makes. Unfortunately, at this point, Harry can do the same and revert every transaction you make. To avoid a perpetual standoff, the recovery keys can also burn the funds, so no one gets the money. The upshot is that Harry is not going to be able to collect a dime of proceeds from his theft. And this, in turn, means that Harry is unlikely to target vaults in the first place, because there is no positive outcome where he gets to keep the proceeds.
现在,精明的读者会问,如果Harry是非常非常聪明,他不仅偷走了开锁密钥也偷走了恢复密钥,会怎样。那样的话,他已经完全攻陷你,就网络而言,他和你已经没有区别。即便如此,保险柜依然可以保护你。恢复密钥同样有一个类似的锁定期,允许你永久性的撤销Harry所有的交易行为。不幸的是,在这种情况下,Harry也可以做同样的事,撤销你做的所有交易。为了避免反复的僵局,恢复密钥也可以烧掉资金,这样就你没有人能得到这笔钱。结局是Harry从他的偷盗行为中不能够得到任何回报。这样实际上意味者Harry首先就不会把保险柜列为目标,因为如果这样做他不会有任何收入。
Building Vaults on Bitcoin Covenants
在比特币契约之上构建保险柜
Implementing the vault mechanism in Bitcoin is far from trivial. One could implement a special purpose facility just for vaults -- with special address types for vault addresses, many new opcodes, and the like -- but we believe that architectural changes should be both minimal and general. We therefore propose a simple change to Bitcoin, called Bitcoin Covenants. As in legal covenants, a Bitcoin covenant checks a condition on the spending of a transaction. In essence, a covenant is a restriction placed on the shape of a future transaction. Because covenants can be recursive, they can self-perpetuate, or they can be limited in time, allowing one to implement a range of rich semantics.
在比特币中实现这样的保险柜机制是遥不可及的。一种可行的方案是,为保险柜专门设计的工具,使用专门的地址为保险柜,更多的操作代码。但是我们相信架构的变更,应该是最小并且通用。因此,我们提出对比特币进行一个小的变更,称之为“比特币契约“。就像法律契约,比特币契约会检查交易花费的条件是否成立。本质上讲,契约是未来交易形式的一种约束。因为契约可以递归,可以保持自我永存,或者可以某段时间进行限制,它应当允许一个人实现一系列丰富的语义自定义。
The idea to extend the power of the scripting language isn’t new. In fact, we took the name covenants from an old tongue-in-cheek post by Greg Maxwell that suggested an unlikely mechanism and asked for preposterous use cases. It’s a recommended read.
扩展脚本语言的想法并不是新近提起。事实上,我们命名为契约源于一篇Greg Maxwell发表过的文章随便说说的文章,他建议了一个不大可能的机制并且提到一些奇怪的案例。这篇文章很值得一读。
Fungibility is Not Affected
不可逆转性不会被影响
It's critical to note that vaults do not affect coin fungibility or the irreversibility of regular transactions in any way. Vaults are a personal defense mechanism: you take the money that you want to keep safe and put them in a vault address that you create (call it V). In doing so, you give up the ability to spend them quickly in return for theft prevention. When you want to spend the coins, you unvault them from V into your hot wallet (W), and you pay a merchant M from W. Only coins in your possession can be vaulted, and they can only be unvaulted back to your possession. You can't trick someone into accepting a vault payment and then take the coins back. The entire design revolves around personal protection for chosen coins in one's possession, without disturbing any of the rest of Bitcoin's properties.
很重要的要指出,保险柜不会影响比特币交易的不可逆转性。保险柜是个人资金的保护机制:你可以将你希望安全保存的资金放到你自己创建的保险柜地址。这样做的话,你放弃了迅速消费它们的能力换来防盗。当你想使用这些币时,你可以将它们从保险柜转移到你的热钱包,你用你的钱包进行支付。只有你自己拥有的钱可以被保存到保险柜,它们也只能转回到你的所有权下。你不能欺骗某人接受一笔来自保险柜的交易,然后再将这些币收回。整个的设计关系到个人资产的保护,这将影响到他们选择哪种币来保存个人资产,保证比特币上的资产不会让人产生任何不安。
Overall, our suggestion is a simple yet powerful addition to the scripting language that is easy to reason about, and opens the door to a variety of constructs.
总的来讲,我们的建议是一种简单而强大的对脚本语言的扩展,这很容易推断出,它将开启更加丰富的设想的大门。
Vaults are one of the first use cases of covenants, a solution to a problem that has perennially plagued every Bitcoin user ever since the first day of the system’s release. We hope that vaults will make it easier for people to safely keep their funds online, knowing that they can always undo a theft, and, more importantly, to deter the thefts in the first place.
保险柜是契约的第一个用例,它解决一个自比特币系统第发布以来就一直困扰每一个比特币用户的问题。我们希望保险柜可以使人们可以安全的保存它们的线上资金,知道他们总是远离被盗,更重要的是它从根本上断除了偷窃的想法。