Custody Protocols Using Bitcoin Vaults

A bitcoin \textit{covenant} is a mechanism to enforce conditions on future bitcoin transactions. A bitcoin \textit{vault} is a specific type of covenant transaction that enforces a time-lock on the transfer of control of funds to a hot wallet, but enables an immediate transfer of funds into a deep cold recovery wallet. This paper demonstrates how to integrate a bitcoin vault into a custody protocol and demonstrates the security properties of that protocol. The vault is implemented using pre-signed transactions with secure key deletion (as proposed in \cite{Swambo2020cov}). It is shown that vault-custody protocols enable the wallet owner to specify their desired balance for an inherent trade-off between the security of and accessibility of bitcoin holdings by adjusting the length of time-locks used. It is also demonstrated that wallet owners have increased control of risk-management by compartmentalizing funds across numerous vault transactions. While it isn't realistic to completely prevent theft, the most likely theft scenarios (compromising the hot wallet) have severely limited profitability for an attacker, deterring attempts at theft from the beginning. The proposed architecture was designed to offer defence-in-depth through redundancy and fault-tolerant functionality as well as countermeasures for class breaks through diversity across hardware and software layers. Finally, the architecture employs a detection (a watchtower) and response system that enables fail-safe recovery from attempted or partial thefts through a second type of covenant transaction, a push-to-recovery-wallet transaction.