Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
ethereum_social_custody [2023-03-18 12:58] nikethereum_social_custody [2023-03-18 13:00] (current) nik
Line 12: Line 12:
  
 Two key questions in using multisig wallets and social recovery wallets securely are: (i) whom do you choose as guardians, and (ii) what instructions do you give them? This post will outline how I think about this issue. The ideas here should mostly apply equally to multisig and social recovery wallets being used to secure funds for individuals and for organizations. Two key questions in using multisig wallets and social recovery wallets securely are: (i) whom do you choose as guardians, and (ii) what instructions do you give them? This post will outline how I think about this issue. The ideas here should mostly apply equally to multisig and social recovery wallets being used to secure funds for individuals and for organizations.
-What do we want out of guardians?+ 
 +====What do we want out of guardians?====
  
   * Minimize the chance that they lose their keys   * Minimize the chance that they lose their keys
Line 19: Line 20:
  
 This answer is simple and short, but it guides all of the choices that I make with regard to guardians. This answer is simple and short, but it guides all of the choices that I make with regard to guardians.
-It's okay for some of the guardians to be your own devices, but not too many+ 
 +====It's okay for some of the guardians to be your own devices, but not too many====
  
 It makes natural sense to have at least one guardian be a wallet on one of your own devices - it doesn't reduce decentralization to do that, and after all, it is your money. Once you go above one guardian controlled by yourself, however, you get into a tricky tradeoff: you get to trust other people less, but you're also concentrating more power into yourself, which can create a risk if you get hacked, coerced, or incapacitated or die. It makes natural sense to have at least one guardian be a wallet on one of your own devices - it doesn't reduce decentralization to do that, and after all, it is your money. Once you go above one guardian controlled by yourself, however, you get into a tricky tradeoff: you get to trust other people less, but you're also concentrating more power into yourself, which can create a risk if you get hacked, coerced, or incapacitated or die.
  
 My rule of thumb is that enough guardians should be controlled by other people that if you disappear there are enough other guardians left to recover your funds. That is, you should control at least 1 guardian, and at most N-M guardians. Also, each guardian should be on a separate device (laptop, phone, old phone, etc). My rule of thumb is that enough guardians should be controlled by other people that if you disappear there are enough other guardians left to recover your funds. That is, you should control at least 1 guardian, and at most N-M guardians. Also, each guardian should be on a separate device (laptop, phone, old phone, etc).
-Choose guardians who do not often talk to each other or ideally do not know each other+ 
 +====Choose guardians who do not often talk to each other or ideally do not know each other====
  
 Ideally, the guardians should not know who each other are. This greatly reduces the risk that they collude, and furthermore there is no good reason for them to know each other. If something happens to you, they will still be able to find each other, because there are obvious standard protocols that naturally come to people's minds in such a situation (eg. contact your family). Ideally, the guardians should not know who each other are. This greatly reduces the risk that they collude, and furthermore there is no good reason for them to know each other. If something happens to you, they will still be able to find each other, because there are obvious standard protocols that naturally come to people's minds in such a situation (eg. contact your family).
Line 30: Line 33:
 Also, you want to minimize correlations between your guardians as much as possible: don't choose two guardians who live in the same city (or ideally even the same country), or two guardians who use the same type of wallet, and have a balance between different operating systems. Also, you want to minimize correlations between your guardians as much as possible: don't choose two guardians who live in the same city (or ideally even the same country), or two guardians who use the same type of wallet, and have a balance between different operating systems.
  
-Guardians should ask a security question before approving an operation+====Guardians should ask a security question before approving an operation====
  
 When you ask a guardian to approve an operation for you (in a multisig, this would be any transaction, and in a social recovery wallet, this would be resetting your account's key), they should not simply say yes immediately. This would be a disaster for security: if someone hacks into your chat account, they could scan your messages, figure out who your guardians are, contact each of them and ask them to confirm, and thereby steal your funds. When you ask a guardian to approve an operation for you (in a multisig, this would be any transaction, and in a social recovery wallet, this would be resetting your account's key), they should not simply say yes immediately. This would be a disaster for security: if someone hacks into your chat account, they could scan your messages, figure out who your guardians are, contact each of them and ask them to confirm, and thereby steal your funds.
  
 My preferred protocol to avoid this is to instruct guardians to ask a security question. That is, when you ask for a confirmation on your operation, the guardian should ask you something that only the two of you and very few other people know (eg. "the last time we met, what kind of food did we have?"), and only confirm the operation if you give the correct answer. A natural alternative is voice or video calls, but in the age of AI deepfakes this is weaker evidence than before, and so you may want to combine the voice/video call with asking some kind of security question. My preferred protocol to avoid this is to instruct guardians to ask a security question. That is, when you ask for a confirmation on your operation, the guardian should ask you something that only the two of you and very few other people know (eg. "the last time we met, what kind of food did we have?"), and only confirm the operation if you give the correct answer. A natural alternative is voice or video calls, but in the age of AI deepfakes this is weaker evidence than before, and so you may want to combine the voice/video call with asking some kind of security question.
-If you're doing "degen" stuff, make sure to have guardians who can respond quickly. Otherwise, this doesn't matter+ 
 +====If you're doing "degen" stuff, make sure to have guardians who can respond quickly. Otherwise, this doesn't matter====
  
 If you're doing degen stuff with on-chain contracts, you may need to act quickly: pull money out if a contract gets a vulnerability, move money around if you are close to being liquidated, etc. If your needs include this, then you want to find guardians who can act quickly on short notice (and therefore also, guardians in different time zones, so enough guardians to complete a transaction are awake at all times) to protect your funds. If you do not do these kinds of things, however, then speed is not particularly important, and in fact may even be slightly harmful, because convincing people of the need to act urgently is a common social engineering tactic used by hackers and it can be good to have people who are by default mentally averse to that. If you're doing degen stuff with on-chain contracts, you may need to act quickly: pull money out if a contract gets a vulnerability, move money around if you are close to being liquidated, etc. If your needs include this, then you want to find guardians who can act quickly on short notice (and therefore also, guardians in different time zones, so enough guardians to complete a transaction are awake at all times) to protect your funds. If you do not do these kinds of things, however, then speed is not particularly important, and in fact may even be slightly harmful, because convincing people of the need to act urgently is a common social engineering tactic used by hackers and it can be good to have people who are by default mentally averse to that.
-Test each guardian at least once a year+ 
 +====Test each guardian at least once a year====
  
 Make a test operation at least once a year. Ideally, make two test operations each year, using half your guardians for one and the other half of your guardians for the other. This makes sure that your guardians haven't forgotten or lost their accounts. Make a test operation at least once a year. Ideally, make two test operations each year, using half your guardians for one and the other half of your guardians for the other. This makes sure that your guardians haven't forgotten or lost their accounts.
-Advanced: privacy+ 
 +====Advanced: privacy====
  
 One of the challenges with guardians today is that the tech does not yet exist to make it possible to protect your financial privacy from your guardians. However, this is a technical problem that can be solved technically: instead of guarding your account directly, the guardians guard a "lockbox" contract where the link between your account and the lockbox is hidden. Making the link stay hidden until a recovery needs to be made is pretty easy: for example, your account could have as a guardian a CREATE2 contract that only the lockbox can create. Making the link stay hidden even after a recovery, however, requires more advanced ZK-SNARK tech. Hence, this is a problem that I expect will slowly be solved over the next few years. One of the challenges with guardians today is that the tech does not yet exist to make it possible to protect your financial privacy from your guardians. However, this is a technical problem that can be solved technically: instead of guarding your account directly, the guardians guard a "lockbox" contract where the link between your account and the lockbox is hidden. Making the link stay hidden until a recovery needs to be made is pretty easy: for example, your account could have as a guardian a CREATE2 contract that only the lockbox can create. Making the link stay hidden even after a recovery, however, requires more advanced ZK-SNARK tech. Hence, this is a problem that I expect will slowly be solved over the next few years.
  • ethereum_social_custody.txt
  • Last modified: 2023-03-18 13:00
  • by nik