SPEECH TITLE: Life is short, Bitcoin is forever
SPEAKER: Daniela Brozzoni
CONFERENCE: HCPP 2022

Introduction

Let’s start with something obvious. We all die eventually. This is something we should not forget, but most people imagine death or a person dying as someone dying in their sleep when they’re 80, with all the family around them, just dying peacefully. But that’s not how it works all the time. We should remember that death happens and you can’t really expect it. Some people die in car accidents, some people just trip, fall and die. There are many ways of dying. Some people die when they don’t even expect it. Maybe they don’t even realize they’re dying, and then they’re just gone. Stoic philosophers created this sentence “Memento Mori” which means “remember your death”. Stoics wanted to remember this every single day of their life because if you remember that life is short, that it’s finite, you’re more likely to focus on what’s good and right. You’re not going to waste your time doing useless stuff. If you remember that you’ll eventually leave this world forever. Stoics would take a coin or something, put it in their pocket (I don’t know if they had pockets, but let’s say they did) and every time they reached to take something, they would touch the object and remember that life is finite.

There’s a book “The Denial of Death” by Becker, he’s a psychologist and a philosopher, and he says that death makes us really sad, we fear death, and we avoid acknowledging death. As a society, we always find new ways to forget that death is even a thing.

My point is, we do die eventually, so I don’t think we should remember that every single minute of our life, as Stoics wanted to, but we should every now and then remember death. Just check how you’re doing, where you want to go and stay focused on what’s right. Death brings a lot of problems but today, I’m just going to talk about death and Bitcoin.

One obvious problem we have with death is that most people want to pass on the coins to their loved ones. They don’t want their coins to be lost, and that requires some work. As devs, we really need to focus on this. A bit of a disclaimer before starting, I’m not going to give you many solutions. This is because we don’t actually have many solutions for this problem. What I’m going to do is, I’m going to give you some ideas, some of them are super basic, some of them are super complicated, and they need to be improved, many of them are not really mature. It’s just going to be a talk where I give you some inspiration, some ideas, some things that I hope they’ll be worked on in the future. If you’re looking for the perfect solution, you won’t find it in this talk. But you might take these ideas and try to mix and match them until you find something that works for you. Also, I didn’t integrate this with any custodian service or a trusted third party (When you insert third parties in the equation, things just get boring). But you can always do that, and many problems that we’ll see in the solutions I’m going to present actually just go away if you assume, “Okay, I’m just going to trust a lawyer or a company to do this and that.”

The other disclaimer is, whichever solution you pick, you need to back it up. And I don’t mean you need to back up the secrets (of course you do) but you also need to write somewhere what’s the solution itself, what you did, what infrastructure you have, because many people have this super complex infrastructures, and then they forget. Just write down exactly what you did, and consider how skilled you and your relatives are. Just be humble, don’t overdo it. As long as you have a system that is somewhat secure (e.g. don’t post your seed on Twitter), the risk of being hacked is quite low, and the risk of just forgetting whatever you did is quite high. But, it’s just a claim, maybe it’s not true. Also, I’m going to give many different ideas, and we need some way of just judging them and seeing how they score.

I picked these four metrics.

1. UX: How easy to use this? If it has good UX, even a non-technical person can use it.

2.    How cheap is it? A cheap idea is one where every time you spend your bitcoin, you don’t spend in fees more than what you’d spend with a single seed. Some ideas are extremely cheap; others are not.

3.    Privacy: Will my relatives know how rich I am? That’s crucial if you have many coins, you don’t want to create the incentive for them to just kill you and take everything.

4. Do I have to trust my loved ones to not steal everything from me while I’m alive? Some of these ideas require great level of trust, which you might not have if you’re really, really rich.

Let’s start with some ideas.

1.    I hate everyone

The first one is extremely easy. “I don’t like my loved ones, so I don’t care. I’ll die and my coins will be lost. That’s it, thank you”. This is good for bitcoiners because it creates some deflation, and bitcoin will be worth a bit more when you just burn yours, but it also creates a small problem. Every time you burn coins, you’re increasing the UTXO set size. So, every full node in the network, even the pruned ones, need to keep in their database a set of all the unspent transaction outputs, and the reason for that is, every time they receive a new block, they need to check that all the inputs in all the transactions were actually unspent. So every time you just send coins to some address and then forget the key, your spend transaction output will be unspent forever, and it will be in the UTXO set of every node forever. I was talking on Twitter with Ruben, and he was like, ‘Oh yeah, you could do this super complicated thing where basically your coins just go to miners after like 100 years of not being spent’. It was just a funny parenthesis. You can complicate even this kind of ideas, but let’s go back to the easy one, just burn everything and let’s see how it runs. It’s easy to implement, it’s cheap to use because it’s just whatever wallet you already have. Your relatives have no idea of how rich you are and they can’t steal anything. That seems like the perfect idea.

2.    I trust my relatives

The second one is just trusting your relatives, just telling them, ‘Hey, my mnemonic is in that specific place when I’m gone, you’re free to take it and just steal everything.’ It’s easy, it’s cheap obviously, but you need to trust them not to take the seed while you’re alive, and if they do, they can know A) how rich you are, and B) they can just steal everything. Not perfect.

3.    Mnemonic splitting

The third idea is splitting your mnemonic into N parts, give each part to a loved one, and then M are required for reconstructing your initial mnemonic. Let’s say, you have five loved ones. You split the mnemonic into five parts and give each part to one. When you die, three of them are needed for reconstructing your initial mnemonic. If two lose the split part, it’s still okay. If three of them lose it and you have only two, well, they can’t recover the money anymore.

There are various algorithms available. There’s Shamir secret sharing, and there’s also seedxor. The second one is the easiest to use and implement because the algorithm is a bit easier (If you want to try this out, just Google it and do your own research). It’s kind of easy to implement. It’s not as easy as the first ones obviously, but you just have to put your mnemonic in a program, and it’s going to give you the

various parts. It’s cheap to use, but if your relatives collide, they can know how rich you are, and they can just steal everything.

4.    Presigned transactions

Let’s start to look into the more exotic ideas. An idea I had is about pre-signed transactions. You sign some valid Bitcoin transaction, but you don’t broadcast it immediately. There are some protocols built on top of pre-signed transactions. The most famous one is Lightning Network. Every time you send a payment in Lightning, you don’t see what’s happening behind the hood, but you’re now designing some transaction. The other part is now designing some transactions, but they’re not publishing it because it’s expensive.

So you can use pre-signed transactions in some cool ways and build some cool protocols. I’m going to show you a protocol which is just really, really shitty. I’m being honest. You should really avoid it because it’s so complicated. But if you pick this idea and start working on it, you can come up with something less complex.

Let’s say you have three coins, A, B, and C. What you want to do is build a transaction which has A, B, and C as inputs and as outputs it just sends everything to your relatives. There’s a small clock here which means that you put a time lock on the transaction, which basically means that the transaction can be broadcasted only when the time lock is expired. For example, you put a 10-year time lock, that means that for 10 years, the transaction, if someone broadcasts it, is not valid yet. Then you give that transaction to your relatives. And when you eventually pass out, they’re all going to be sad, but then eventually the time lock will expire, and they’ll be able to have the money and be happy again. But the relatives have to store the transactions somewhere safely. If they lose it, it’s game over. Every time you spend even a single one of your coins, you need to recreate the transaction and reshare with them because the previous one wasn’t valid because of double spend. And if you notice that the tx’s time lock is expiring and you’re still alive, you need to spend some of your coins to make the old transaction not valid, otherwise, your loved ones might just steal everything from you while you’re still alive. So, it doesn’t have a great ranking. It’s not easy to implement. It’s quite cheap, but you need to redeposit every once in a while. Your relatives know exactly how rich you are because you’re giving them a transaction spending all your money, so they can just look at it. And if you don’t forget to redeposit, they can’t steal anything. But if you forget, they can just take everything from you.

5.    Timelock magic

Let’s look at my favorite idea about time locks. Every Bitcoin wallet has some kind of policy. A single-sig wallet has a policy attached which is “you can spend the money if you own a certain private key”. A single-sig is the easiest case but there are more complex wallets. For example, this wallet has quite a big policy, which means,

I’m going to spend my coins 99% of the time, I just need a certain key. But 1% of the time, my son will be able to spend it if the coin hasn’t been spent in a thousand blocks. This is a way of giving everything to your son. You usually just spend using this certain path, but if you don’t redeposit the coins for a while, then your son will be able to spend them. You can make it even more complex and do a bigger script. This basically is saying, “I’m going to spend 99% of the time, but 1% of the time, my relatives will be able to spend”.

This construction has a threshold. It means all of my relatives have to wait for a thousand blocks. So if I haven’t moved my coins in a thousand blocks, a 3of3 between all my three relatives can spend them. Or two of my relatives need to wait for 2,000 blocks. Or one of my relatives needs to wait for 3,000 blocks. That’s called a decaying multi-sig. Basically, from 3of3, you go to 2of3 and 1of3, just waiting longer.

This is obviously a huge script. It’s easy to implement on the dev side. There are many tools that just help you, and on the user side, you need to redeposit coins every once in a while. But it’s really expensive because the script is really big and it’s all going on-chain, which means that you’re paying the fees for all of this stuff. And the relatives still know how rich you are because they have to know the whole script, and they can see the money even though they can’t spend them (If you don’t forget to redeposit).

Let’s take this idea and make it a bit less expensive by using Taproot. Basically, you can have this huge script, but Taproot transactions have a key spend and a script spend. When you spend from the key spend, you don’t even reveal the script. You basically put this thing in the key spend condition. Every time you spend your own money it’s as if you were spending from the single-Sig. The Bitcoin blockchain doesn’t even see this huge script, it just sees this little part, and everyone looking at your transaction will think that you don’t even have a backup solution. But this part is still going to be there, hidden in the script spend. When you need to spend using the script path, and by that I mean when you’re dead and your relatives will have to do it, they will reveal the whole script and spend. This is fairly cheap because until you’re dead, no one has to reveal the script and they just spend as if it was a single-Sig. Easy to implement, cheap, relatives still have to know the whole script and they still know how rich you are, but they can’t steal anything from you.

This is a summary of the various ideas I propose. You can see that they all kind of suck in a way. Unless you just tell your relatives to fuck off, they will all know how rich you are, which is not good.

As I was saying at the start of this talk, this was just proposing some ideas, but devs still really have to build on this. We’re still pretty early. These ideas haven’t been really explored, and the problem hasn’t really been tackled yet. There are various things you can do if you’re non-technical. For now, just stick to the easy solutions like splitting the mnemonic, it works great actually. Or you can also use a custodian service. In many of the final ideas, your relatives can know how rich you are if you just say, “Okay, this lawyer will release this certain secret after my death”.

At the moment, there are many companies that offer inheritance solutions, and if you’re non-technical, maybe you should stick to those. But at the same time, try to hype devs, try to ask them to work on something non-custodian, and when they do, just be on Twitter and be happy and like and retweet and things like that. Just hype devs. If you’re a dev, we really need you to work on this kind of stuff, so I encourage you to try out MiniScript, to just play with bullet policies, explore, be creative and build stuff, because we really need it, and I hope this rather sad talk somehow inspired you.

Watch the original content: Click here
Also read: The future of Bitcoin smart contracts (Simplicity of Liquid)

Disclaimer: Transcripts provided on bitlyrics.co represents solely the opinion of the speaker and is not by any means financial/legal advice or an opinion of the website. The content has been transcribed with maximum accuracy. Repetitions and fill words have been amended in order to enhance the reading experience. The full text may not be confirmed by the speaker. Please, refer back to the above-provided source of content for more certainty. If you are a speaker and wish to confirm/amend your speech please contact us.