Some call him a genius. A hacker of 25 years, professor at Cornell University, one of the few in the bitcoin space who can see what others can not, Emin Gün Sirer announced today a new invention designed to make bitcoin thefts if not impossible, highly unlikely.
By utilizing bitcoin’s inbuilt script system to create what he calls a covenant, special transactions can be created to send your bitcoin to a vault, a saving account which requires no banks, no middle men, no intermediary. Unlike normal transactions, this saving account is designed to have a recovery key so that if your bitcoins are stolen you can use the recovery key to in effect undo any transaction by the hacker. Thus making theft impossible.
This is a decentralized undo button, he says, the equivalent of calling your bank to report a stolen credit card.
“An attacker who knows that he will not be able to get away with theft is less likely to attack in the first place, compared to current Bitcoin attackers who are guaranteed that their hacking efforts will be handsomely rewarded.”
If the hacker manages to steal your recovery key as well as your vault key, a back and forth is possible where he can undo your transaction while you can undo his transaction. Game theory kicks in at this point as either of you can in effect burn the bitcoins, so no one gets the money, greatly reducing the incentives to steal from a vault in the first place as a hacker can expect to not be able to spend the bitcoins.
Some worry however that this may introduce a general chargeback feature, but in responding to a number of questions we put forward the professor reassuringly stated: "If I try to pay a merchant with a vault transaction (i.e. a transaction that retains the right to recall the coins later), it'll be incredibly obvious to the merchant, who will refuse such a payment. It's like writing a check that says "THIS CHECK CAN BE RECALLED" with big bold letters on it. There's no way to fool a merchant, or to make regular transactions reversible -- and that's by design".
We are informed that the vault functionality is ready to be implemented, with the Cornell team planing to submit a pull request and a corresponding BIP which requires few changes to bitcoin, "just a single new opcode that is easy to implement", says Mr Sirer.
"We believe that vaults are a huge step forward in terms of securing coins. For years now, we have been watching people lose money to poor opsec, and it's just not their fault: our systems are nowhere near secure enough for highly valuable assets. And Microsofts and Googles of the world are not going to be able to improve the state of client-side security -- they have been trying for years, and what we have today is about what mankind is able to deliver at the moment, the problem is just too hard. So vaults allow Bitcoin users to step around this problem. It's Bitcoin users' way of saying "ok, I realize that I might lose my key, but I can still recover my funds after I lose it."
This invention can be a game changer for bitcoin security which since inception has been plagued with thefts. In early 2014 Mt Gox, at the time the biggest bitcoin exchange, shocked the bitcoin community by announcing that approximately a million bitcoins, worth around a billion dollars at the time, had been stolen. Bitstamp, one of the bigger bitcoin exchanges, announced last year that approximately 5 million dollars’ worth of bitcoin had been stolen. On a smaller scale it has become a somewhat common occurrence to read forum post complaining about stolen bitcoins, with many suggesting that security is one of bitcoin’s greater weaknesses.
However, if this new invention can allow bitcoin "saving accounts" to be secured by a recovery key while in no way affecting merchant payments and if the professor can deliver on his promises with bitcoin vault, prevalent bitcoin theft may be a thing of the past.