Community-Driven Theft Prevention Feature Proposal for Bitcoin Network
Abstract:
Quick look at Bitcoin's security aspects and the vulnerabilities linked to theft.
Introduction of a proposed reversible transaction feature.
Overview of the benefits and goals behind this proposal.
1. Introduction
A brief rundown of Bitcoin and its key principles: decentralization, security, and transparency.
Discussion around the ongoing problems with theft and fraud affecting the network.
Explanation of why we need a reversible transaction system.
2. Identifying the Problem
In-depth look at the theft problems within the Bitcoin ecosystem.
Notable examples of major theft cases and how they’ve impacted users and the network.
Shortcomings of the current Bitcoin protocol in tackling these theft issues.
3. Proposal Breakdown
Introduction to a community-driven system for reversible transactions.
Basic outline of how this mechanism would function.
Initial perks and possible downsides of implementing it.
4. Technical Plan
Flagged Transactions:
Structure and elements of a FlaggedTransaction. How to start a FlaggedTransaction.
Community Verification Nodes (CVNs):
What CVNs do and how they’re chosen. Roles and functions of CVNs.
Reversal Transactions:
Situations that would trigger ReversalTransactions. Security measures to protect ReversalTransactions.
Blockchain Integration:
Necessary changes to the current blockchain protocol. Information on the soft fork needed for integration.
There don't seem to be too many technicalities in this proposal, which makes it very readable and easy to understand. I must first commend you for the hard work in putting this proposal together. I am a none developer, but I have understood everything in the best way I can, so do well to correct me if I misunderstood anything.
One thing that makes people like Bitcoin is its level of decentralization, security, transparency, and immutability. Bitcoin theft is rampant, but the introduction of this proposal if accepted by the community, will reduce the level of decentralization and trigger centralization.
Bitcoin, as we all know is pseudonymous, which means transactions can be traced, but the real identities of the owners are not revealed. If the reversibility of transactions is added, we would see more influence from the government and agencies, as the power to halt anyone's transaction would be possible. Transaction reversibility wouldn't be used only for the specified purposes but would be exploited beyond that, trust me.
This is unlike banks that can perform reversibility with ease because they are centralized. Filing a complaint about a false transaction would be handled in a centralized way, which would require you to provide lots of details about yourself and prove you didn't initiate the transaction. In most cases, you have to visit the bank in person to clarify your claims. This is why implementing the same on Bitcoin, where there is no central authority, would be very difficult to manage.
I also think that this implementation will cause massive problems for the community, resulting to trust issues between all Bitcoin holders, miners, and developers.
I also think that the implementation might not work for everyone if it were to happen. Only major attacks involving massive amounts would be considered. Just imagine someone stole your 0.1 BTC. Would you expect massive action compared to when an exchange loses 120,000 BTC?
The only solution to solving this is never to introduce it in any way. This will reduce the pressure and opportunity for manipulation from the government or other parties. It is also a clear way of saying NO to centralization.
The issue of fund theft through various means has been ongoing for a long time and will likely continue. This theft does not only affect Bitcoin but also other valuable assets like alts, fiats, etc. Addressing Bitcoin theft has mainly been to improve wallet security and educate users on how to protect their keys. But there are still loopholes that attackers exploit due to regular discoveries. We can trace these vulnerabilities to the level of security and human error by those who end up being the victims.
My opinion on an instance where the community wants to consider the proposal.
Just as I said earlier, I really like Bitcoin for its decentralization, immutability, security, and transparency. If we are considering reversible transactions on Bitcoin, then we should determine at what level this might be possible. Ideally, when a transaction is initiated (whether by an attacker or the real owner), it must be validated, which means it sits in the mempool and waits for its turn. After the completion of its validation, the transaction ends up sealed in a block, which is aligned with other blocks.
There are two points I can pick from that process:
1. There might be a possible chance for reversal when the attacked transaction is in the mempool waiting to be confirmed. This chance might be possible if the victim flags the transaction before confirmation. If the transaction is flagged on time, the attacked transaction should be set aside for clarification.
2. When the transaction is already placed in the block and attached to the chain, then I don't think we should be talking about any transaction reversal.
Am not a developer, which means I won't be part of those making decisions for the approval. I hope to see this as a BIP on the community GitHub, so I can do my follow up on the decisions taken. You can also share regular update on this thread or board, as I visit here most often .
IMO there's almost no chance your proposal will be applied on Bitcoin network. Anyway, your proposal is very long and there are many questionable technical detail. Here are few of those,
How many FlaggedTransaction can be created by someone? How does it handle TXID which involve multi-sig address where multiple people may be involved?
How exactly reputation score is determine? Is there any minimum Bitcoin amount before someone can submit a proof of stake? What happen if CVN doesn't bother do it's role? What if someone wish to become CVN without any on-chain blockchain history?
Does all CVN have same vote weight or the weight determined based on amount of staked Bitcoin?
how long do they have to create such a transaction because what if alot of time has elapsed such as weeks or months? and the initial transaction utxos have been spent and created a huge chain of utxos are you going to go and cancel all of them starting from the original suspicious transaction? what if the money was sent through bitcoin mixers how are you going to know whose utxos to put a freeze on? you could end up hurting innocent people then. and the bad guys still get away...
i'm not so sure this thing has been thought through well enough if that's the case.
Without going into detail, there is little benefit to encumbering the Bitcoin protocol with these new features because your proposal can already be implemented using the current protocol. The transfers would be done using Bitcoin, and the rest would be implemented outside of Bitcoin.
One possibility might be something like a 2-of-3 multisig Lightning channel.
The decentralized and trustless setup of Bitcoin is there to exactly prevent the intervention of some centralized authority for whatever reason. I'll come to apparent problems later.
Private keys can be handled securely (hardware or airgapped wallets, multi-sig). User needs security awareness, education and practice.
Software security at exchanges is more difficult as those tend to show off with all sorts of fancy features that may become a security nightmare.
Phishing and social engineering is again related to user's awareness, education and knowledge of secure best practices.
Denial of Service possible when one CVN refuses to vote. How is that handled?
How is this supposed to actually happen? Your whole construct seems to be built around the fact that a theft is immediately detected, merely before a transation is confirmed, isn't it? What if coins were moved and confirmed, possibly multiple times, before a theft is detected? How do you expect to reverse transactions that are burried under multiple blocks?
Assume all coins were stolen, the victim doesn't have any more coins, might be broke. How is the victim supposed to cover the Flagging Fee?
To potentially get back 90% of the stolen coins is certainly better than 100% loss. But still, the victim has to afford another 10% of the stolen mass to initiate the process where it isn't garanteed that he get's the supermajority of votes for the reversal. Worst case for the victim is a 110% loss!
So, total KYC for CVNs is a mandatory feature? Good luck with that...
No way!!
I will stop here for now as it's a lot of material.
Then it becomes alot more problematic potentially. You run into not only freezing the scammer's funds but also innocent peoples' funds. I don't think this is an acceptable thing in bitcoin.
by hurting innocent people potentially that is how.
i'm surprised they didn't require KYC from someone that is filing a claim of lost bitcoins. if they are going to have a decentralized portal where people upload things to substantiate their claims i can almost guarantee one of those things might be an ID...
trying to turn bitcoin into a centralized service with overlords is what it looks like to me. i dont need anybody freezing some of my bitcoin because of some tainted history.
The proposal indeed introduces a mechanism that could be seen as a shift towards centralization. However, the design specifically incorporates decentralized decision-making through Community Verification Nodes (CVNs) that are elected by the community and operate under strict guidelines and transparency. The goal is to create a balance where the community can act in cases of clear theft without undermining the decentralized nature of Bitcoin.
This is a critical concern. The structure of the reversible transaction feature is designed to limit the scope of reversibility strictly to cases flagged by users and verified by multiple independent CVNs. This multilayered approach aims to protect against unilateral misuse of power. Furthermore, transparency in the CVN decision-making process and the ability for the community to audit and contest CVN decisions are intended to guard against potential government overreach or other exploitative behavior.
The proposal aims to cover theft of any size, not just large-scale thefts. The community-driven aspect of the mechanism allows for flexibility in addressing various scales of theft, ensuring that even smaller amounts can be contested if deemed significant by the affected parties.
Your point about flagging transactions while still in the mempool introduces an interesting layer of prevention. This early intervention could indeed be a critical component of the mechanism, allowing for quicker responses and potentially halting theft before it is cemented into the blockchain. This aspect will require further technical exploration and could be a key feature to enhance the responsiveness of the proposed system.
As you suggested, the next steps would indeed involve drafting a Bitcoin Improvement Proposal (BIP) and submitting it for community review on GitHub. Continuous updates and discussions like this one are crucial, and your active participation, even as a non-developer, is invaluable. The communitys broad range of perspectives strengthens the proposals development and ensures that it addresses the concerns of all stakeholders.
The proposal includes a safeguard to prevent abuse through the implementation of a fee structure for initiating FlaggedTransactions. This fee is designed to be significant enough to deter frivolous claimsset at 10% of the transaction value or a minimum fixed amount, whichever is greater. The exact value can be adjusted based on community consensus to ensure it serves as an effective deterrent without being prohibitively expensive for legitimate claims. This fee is non-refundable, which further ensures that only serious cases are brought forward. For multi-sig transactions, all signatures required by the wallet configuration must agree to initiate the FlaggedTransaction, maintaining the decentralized and democratic ethos of the network.
The reputation score is calculated based on past activities and contributions within the network. A minimum amount of Bitcoin is required to stake to become a CVN, aligning their incentives with the network's health. If a CVN fails to perform their duties, they risk losing their stake and damaging their reputation, which can disqualify them from future participation. New participants can build their reputation through smaller, verifiable actions on the network before applying to become a CVN.
All CVNs have equal voting weight, regardless of the amount of Bitcoin they have staked. This is to ensure fairness and prevent wealthier nodes from having disproportionate control over the reversal process.
The timeline for initiating a FlaggedTransaction is a critical component of this proposal, and it is designed with several factors in mind to address the concerns youve raised:
1. Time Limit for Flagging: There is a proposed time window during which a FlaggedTransaction can be initiated. This is typically set to a few days or weeks from the original transaction date to ensure that it is practical to trace the subsequent chain of transactions. The community can adjust this period based on consensus to balance responsiveness with practicality.
2. Handling Long Transaction Chains: The Bitcoin Core protocol tracks UTXOs (Unspent Transaction Outputs) efficiently, and this system does not inherently allow for the reversal of entire chains of transactions once UTXOs are spent. In cases where UTXOs have been transferred multiple times, the reversible transaction mechanism would focus only on the most recent transaction where the original UTXOs were still unspent at the time of flagging. This avoids the complication of unraveling long transaction chains.
3. Dealing with Mixed Transactions: Bitcoin mixers complicate the traceability of funds. In situations where mixed or shuffled funds are involved, the CVNs (Community Verification Nodes) would employ advanced forensic tools that analyze transaction patterns and mixer outputs. However, reversing transactions involving mixed funds would be approached with extreme caution to avoid affecting innocent users. Decisions in such cases would likely require additional layers of verification and possibly a higher threshold of CVN consensus.
4. Technical Mechanism in Bitcoin Core: Within the Bitcoin Core software, transactions are validated against the current state of the UTXO set stored in the `chainstate` database. FlaggedTransactions would involve checks against this database to verify the current status of the relevant UTXOs at the time of flagging. If the UTXOs have already been spent, the system would not allow a reversal but would instead focus on recovery or tracing the subsequent transactions, depending on the circumstances.
5. Protection of Innocent Parties: The proposal includes mechanisms to safeguard non-involved parties, primarily through selective freezing of transactions identified with high confidence as linked to the theft. This would be managed through a judicious review process by the CVNs, who would be required to assess not only the evidence of theft but also the potential impact on third parties.
The technical feasibility and ethical considerations of implementing such a feature in a system as complex and decentralized as Bitcoin require thorough vetting and robust community discussion. The goal of this proposal is not to provide an all-encompassing solution but to open up possibilities for mitigating theft while respecting the fundamental principles of blockchain technology. Your points highlight the need for careful implementation and continuous evaluation of the system's impact, ensuring it serves the community effectively without unintended consequences.
Thank you for bringing up the potential of using existing Bitcoin technologies such as multisig and the Lightning Network to address issues of unauthorized access and theft. Indeed, these tools offer powerful ways to enhance security and provide mechanisms for dispute resolution without requiring significant changes to Bitcoin's core protocol.
2-of-3 Multisig Approach: Utilizing a 2-of-3 multisig setup could indeed serve as a preventive measure against theft. In this scenario, one key could be held by the user, another by a trusted third party or service, and the third could act as a recovery key in cases of dispute or loss. This setup provides a balance between security and recoverability, allowing transaction reversals under agreed conditions without needing protocol changes.
Lightning Network Channels: The Lightning Network offers another layer of security for transactions that can be reversed within the channel under certain conditions. For instance, a 2-of-3 multisig Lightning channel could facilitate faster dispute resolutions and provide a layer of reversibility for transactions before they are settled on the blockchain.
These solutions, while viable, rely heavily on external enforcement and trust in third parties, which might not align with the decentralized ethos of many Bitcoin users. The proposal aims to integrate a reversible tran
you're confusing. i don't understand the policy. now it seems like you're saying if the UTXOs were already spent you wouldn't be allowed to reverse them. But previously, you indicated you would try and reverse UTXOs that got spent through mixers. Which is it?
if something like this passes and gets into bitcoin it's about the worst thing that could ever happen and we need a new bitcoin ASAP. you can't just steal someone's bitcoin that used a mixer because you're sure to a high degree of probability. and then require them to KYC to you to prove their innocence and get it back.
The policy is that once UTXOs have been spent, we cannot reverse those transactions in the blockchain itself due to its immutable nature. When I mentioned reversing UTXOs that went through mixers, it was about tracking and potentially recovering those funds, not reversing the transaction in the traditional sense. The focus is on tracing where the funds have gone and working with exchanges or wallets to recover them, rather than altering the blockchain record.
The system is designed to protect innocent parties by ensuring that any action, such as freezing funds, is only taken when there is high confidence that those funds are directly linked to the theft. The CVNs will carefully review each case to avoid any negative impact on individuals who are not involved in the theft.
The intention behind this proposal is not to arbitrarily interfere with or "steal" anyone's Bitcoin. The goal is to create a community-driven process where actions are taken only with thorough verification and consensus to address the specific issue of theft. Any implementation would require broad agreement within the Bitcoin community and would be designed to enhance, rather than undermine, the security and trust in the system. The feature would be optional, only activating under consensus from the community and designed not to infringe on the rights of Bitcoin holders.
It may very well be that the best approach would be an alternative proposal and this post could simply be the spark that initiates the conversation which leads to a better idea.
well you can say that NOW but that's not what you said in the previous posting. Take a look:
you were acting like you MIGHT be willing to reverse transactions that went through mixers anyway but you would just be more careful aka "extreme caution". to me, this type of vagueness cannot be good. because it leads to confusion. you say one thing then you say another. you never clarify completely and then that leads to grey areas.
this whole paragraph doesn't even make any sense either. Since it seems to imply that there is some type of cutoff where if the UTXOs haven't been transferred more than a certain amount of times, you would have the ability and willingness to reverse the transaction. Very unfortunate how vague you are. What does "multiple times" mean? Two times? One time? Maybe you don't even know. But based on what you are saying now, you would only be able to reverse UTXOs that had not been transferred at all. So maybe you need to edit this paragraph.
The only scenario where I think high confidence exists is if someone can prove they know the private key to the stolen funds. And those funds have not yet been spent. Then you can reverse those UTXOs only. But once the UTXOs have been consumed, that's where you no longer have any confidence at all. So it would be good if you didn't try and reverse anything except the original unspent UTXOs. That's the only thing that I could even partially accept as part of bitcoin.
I've lost alot of faith in the community approval process based on things that have happened in bitcoin over the last 2 or so years. I'm not so sure there needs to be broad agreement for something to get shoved into bitcoin anymore.
also, why stop with cases of theft? if you can reverse transactions then you can probably do other things too like help people that lost their bitcoin due to losing their private key get their bitcoin back. all they would need to do is prove the bitcoin belonged to them. people like that guy whose bitcoin is stuck on a hard drive in a landfill. if it's ok to do one of them then it should be ok to do other too right?
10% of TX value? It sounds bad if all victim's Bitcoin got stolen. And is it really not refunded even if majority CVN agree to reserve transaction?
What kind of activity or contribution you're talking about? Sending Bitcoin? Receiving Bitcoin? Mining? Something else?
And what stop wealthier people or group from creating multiple CVN?
How is potentially recovering the transaction any different from a reversal?
The concept of reversal has to do with double spending which involves you having to cancel transaction from your wallet by using a higher fee to initiate the process of double spending right before any confirmation. Having to talk about reversal being of any difference doesnt apply. Thats because, once the confirmation states, its considered authentic and now belongs with the new owner.
It should be known that, having most of these vulnerabilities at the exchange level means, you deal with it using the exchange in question support system to flag this transactions once notified. When it comes to non custodian wallet, vulnerability can only arise as a result of your carefreeness. The decentralized nature of Bitcoin is what makes it Bitcoin.
Should there be any protocol to falling and potentially cancellation and recovery of a transaction, I think this would mean badly for the network with users being more carefree and banking on that for a double thought or not having to properly review address before initiating a transaction. Its wouldnt do much good in this regard.