Hybrid Custody™ using Layer 2 Smart Vaults™ makes Bitcoin and other similar Altcoins Unstealable, Unlosable and Unconfiscatable for all practical purposes.
While securing one’s private-keys might seem trivial at first but ensuring safety i.e. preventing data loss (lost private-key) along with absolute security i.e. preventing data theft (stolen private key) is very difficult if not impossible. It is a balancing act and one has to sacrifice a bit of security to increase safety and vice versa. Eg. Increasing the number of places where you store copies of your private-keys increases safety but decreases security as they can now be stolen from more places than before.
Several methods and devices were proposed and implemented to alleviate this problem at least partially but none are as flexible and secure as one would desire them to be.
Moreover, most devices, platforms and frameworks we use to generate our private-keys, store them securely and sign transactions with them have many known and unknown vulnerabilities. Relying solely on these contraptions and OPSEC to secure our Bitcoin can be risky to say the least.
Inheritance planning has also been a pain point for Crypto adoption. Self Custody of Bitcoin necessisates that we share the credentials and more with our beneficiaries before hand complicating OPSEC and personal lives for everyone involved. Many a times, sharing credentials with beneficiaries is not even practically possible. Eg. Children.
This protocol and framework assumes that our private-keys will be lost or stolen, sooner than later, and provides recourse even in those situations while handling inheritance seamlessly.
Smart Vaults™ (Layer 2) are like Multisig or MPC Vaults on steroids. Key difference is that you can assign priorities to private-keys participating in a Smart Vault™.
- "Unlocking" and "Spending" from your Smart Vaults™ are distinct events (transactions) with a programmable delay between them unlike MultiSig/MPC Vaults.
- The mandatory "Unlock" which is visible on-chain as a transaction alerts all participants of a Smart Vault™ to take corrective actions if the unlock was not initiated by them in the first place.
- When
m private-keys
are presumably used by an adversary to unlock-and-spend from your Smart Vault™ locked withn private-keys
, you can use anym+1 private-keys upto n
to override the malicious unlock-and-spend attempt and recover your Bitcoin before the preset delay expires i.e.m-to-n of n
. (Assuming all private-keys have equal priority.) - Stealing becomes impossible unless adversaries have all the
n private-keys
. - Can be customized to allow some private-keys and combinations to override other private-keys and combinations.
- Use simple yet powerful Zero-Knowledge Proofs to determine which private-keys and combinations take precedence over other private-keys and combinations.
- Protects against hacks, social engineering, insider fraud, etc.
- Optional on-chain “Out of Band” Authentication & Autherization with Hardware Tokens (proprietary technology).
- Even
1 private-key
is enough to recover your Bitcoin from Smart Vaults™ locked withn private-keys
i.e.1-to-n of n
. - Can tolerate loss of
n-1 private-keys
- Useful for disaster management, accidental loss, unexpected death and factors beyond control.
To put it briefly, Hybrid Custody™ is a framework built on top of Smart Vaults™ and combines the best of "Self Custody" and "Managed Custody".
You have absolute control of your private-keys and coins just like "Self Custody" and you can recover your Bitcoin even when all your private-keys are lost or stolen as if you opted for fully "Managed Custody" and you never needed to manage your private-keys to begin with. It's almost magic!
With just a simple MultiSig transaction and a couple of Partially Signed Bitcoin Transactions distributed rather cleverly between the participants, Hybrid Custody using L2 Smart Vaults drastically increases the safety/security of your Bitcoin and even handles inheritance for you without any prior arrangements with your beneficiaries. (Watch videos linked below for detailed explanation of the Layer 2 protocol)
This repository demostrates the feasibility and steps involved during setup, termination and recovery from Smart Vaults™ in their most basic form with just one private-key from "User" and one private-key from "Ledger" who doubles up as a Hybrid Custody Provider.
When User's private key is lost, he can recover his Bitcoin using just Ledger's private key as with any Managed Custody Provider.
And when User's private-key is stolen and used to initiate the unlock-and-spend process, User can cosign a spending transaction with Ledger, override the attempt and safely recover his Bitcoin.
Lastly, if Ledger tries to steal User's Bitcoin using it's private-key, User can always override that unlock-and-spend attempt and safely transfer his Bitcoin to wherever he wishes using just his private-key.
The POC Implementation in this GitHub repo clearly demonstrates all these scenarios.
Once you get this, you can easily extend your undertanding to include more factors/private-keys as well as complex contingency planning using multiple factors/private-keys from multiple participants.
Disclaimer: Ledger's name is used hypothetically as a Hybrid Custodian for ease of understanding and no relation is implied to Ledger or with anybody at Ledger.
Proprietary Technology - See Legal Notice below!
Everything is explained in detail in the videos below.
https://youtu.be/g2tOAHZzqW8 (Click to play)
https://youtu.be/IQqM77cRdIM (Click to play)
- Download Bitcoin Core (v25) binary archive for your platform from here - https://bitcoincore.org/bin/bitcoin-core-25.0/
- Extract archive and add bitcoin-25.0/bin to PATH - bitcoind and bitcoin-cli should be available on PATH for this Demo to run a RegTest node
- Install python3, python3-pip / pip3 and jq. eg.
apt install python3 python3-pip jq
- Install cryptos module for python. eg.
pip3 install cryptos
- Clone or Checkout this repository -
git clone <url>
- Install Docker if not already installed - https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-22-04
- Clone or Checkout this repository -
git clone https://github.com/praveenbm5/SmartVaults.git
- Change working directory to cloned repo directory -
cd SmartVaults
- Important - Customize Dockerfile included in the repo to download appropriate bitcoin binary archive for the architecture and platform you are working on
- Build Image -
sudo docker build -t smartvaults .
- Run Image -
sudo docker run -it smartvaults
- Delete Image -
sudo docker images
to get<IMAGE ID>
andsudo docker rmi -f <IMAGE ID>
to remove the image once you are done exploring this demo.
- Open a shell/cmd in the project/repository's root directory. (SmartVaults)
- Inspect and run
./SmartVault.Demo.Setup_and_Recovery_Using_Option_1.sh
to understand Smart Vault™ setup (Participants: User & Ledger) and recovery using Option 1 which requires only User's private-key. Useful when Ledger has lost its private-keys due to unforeseen circumstances or when User wants to independently terminate the Smart Vault™ without any dependence on Ledger. - Inspect and run
./SmartVault.Demo.Setup_and_Recovery_Using_Option_2.sh
to understand Smart Vault™ setup (Participants: User & Ledger) and recovery using Option 2 which requires only Ledger's private-key. Useful when User has lost his private-keys. Option 2 has lower priority than Option 1. So User can override any attempt by Ledger to unlock the Smart Vault™ without his consent. - Inspect and run
./SmartVault.Demo.Setup_and_Recovery_Using_Option_3.sh
to understand Smart Vault™ setup (Participants: User & Ledger) and recovery using Option 3 which requires both User's and Ledger's private-keys. Option 3 has higher priority than Option 1 and Option 2. Useful when either User's or Ledger's private-key is presumed stolen and was used to unlock the Smart Vault™. - All demos are designed to run on a Bitcoin RegTest network and create a fresh RegTest node to communicate with. See SmartVault.Demo.Initialize_RegTest_Network.sh (executed inside above demo scripts) for more details.
- All demos follow the same Smart Vault™ setup process with "User" and "Ledger" as paritcipants. See SmartVault.Demo.Setup.sh (executed inside above demo scripts) for more info.
- All demos write detailed logs to respective log files in the
logs
folder and you can go through sample logs from the above demos in thelogs
folder to get an idea about how these demos work even before you run them on your machine.
This repository contains source code and other materials solely for the purpose of demonstrating a proprietary technology protected by patents. The technology described herein is confidential and proprietary.
-
No Copying or Modification: You may not copy, modify, or create derivative works based on the code provided in this repository.
-
No Publication or Distribution: You may not publish, distribute, or otherwise make the code publicly available.
-
No Reverse Engineering: Reverse engineering, decompiling, or disassembling any part of the code is strictly prohibited.
The code in this repository is provided "as is" without any warranties or guarantees. The owner of this repository shall not be liable for any damages arising from the use of this code. It is for demonstration purposes only.
The technology demonstrated in this repository is protected by one or more patents. Any unauthorized use, reproduction, or distribution may result in legal action.
More Info: https://www.coinvault.tech/patents/
By accessing or using this repository, you agree to abide by these terms and conditions. If you have any questions or need further clarification, please contact connect@coinvault.tech.