Crypto
Saving Private Keys From The Courts
This is an opinion editorial by Christopher Allen, founder and executive director of the Blockchain Commons.
*Quotes from this article stem from sources here and here.
Increasingly, attorneys in the United States are asking courts to force the disclosure of cryptographic private keys as part of discovery or other pre-trial motions, and increasingly courts are acceding to those demands.
Though this is a relatively recent phenomenon, it’s part of a larger problem of law enforcement seeking back doors to cryptography that goes back at least to the U.S. government’s failed introduction of the Clipper Chip in 1993.
Unfortunately, today’s attacks on private keys in the courtroom have been more successful, creating an existential threat to digital assets, data and other information protected by digital keys. That danger arises from a fundamental disconnect between this practice and the realities of technologies that leverage public-key cryptography for security: private-key disclosure can cause irreparable harm, including the loss of funds and the distortion of digital identities.
As a result, we need to support legislation that will protect digital keys while allowing courts to access information and assets in a way that better recognizes those realities. The private-key disclosure law currently being considered in Wyoming is an excellent example of the sort of legislation that we could put forth and advocate for in order to maintain the proper protection for our digital assets and identities.
Wyoming Senate Filing 2021-0105
“No person shall be compelled to produce a private key or make a private key known to any other person in any civil, administrative, legislative or other proceeding in this state that relates to a digital asset, other interest or right to which the private key provides access unless a public key is unavailable or unable to disclose the requisite information with respect to the digital asset, other interest or right. This paragraph shall not be interpreted to prohibit any lawful proceeding that compels a person to produce or disclose a digital asset, other interest or right to which a private key provides access, or to disclose information about the digital asset, other interest or right, provided that the proceeding does not require production or disclosure of the private key.”
The Realities of Private Keys
The forced disclosure of private keys is deeply harmful because it fundamentally runs at odds with how private keys work. Attorneys (and courts) are usually trying to force the disclosure of information or (later) the relinquishment of assets, but they’re treating private keys just like they’re physical keys that they can demand, use and give back.
Private keys do not match any of these realities. As Wyoming State Legislature Senate Minority Leader Chris Rothfuss says:
“There is no perfect analog for a modern cryptographic private key in existing statute or case law; it is unique in its form and function. As we build a policy framework around digital assets, it is essential that we appropriately recognize and reflect the characteristics of the underlying public / private key and cryptographic technologies. Without clear, unambiguous legal protection for the sanctity of the private key, it is impossible to ensure the integrity of the associated digital assets, information, smart contracts and identities.”
That appropriation recognition and reflection requires us to understand that:
1. Private keys are not assets.
Private keys are fundamentally the way we exert authority in the digital space, an interface between our physical reality and the digital reality. They may give us the ability to control a digital asset: to store it, to send it or to use it. Similarly, they may give us the ability to decrypt protected data or to verify a digital identity. However, they are not the assets, the data nor the identity themselves.
It’s the obvious difference between your car and your electronic key fob. The one is an asset, while the other lets you control that asset.
As Jon Callas, Director of Technology Projects at the Electronic Frontier Foundation (EFF), says:
“They don’t even want the key, they want the data; asking for the key is like asking for the filing cabinet rather than the file.”
2. Private keys are not the proper tool for discovery.
Treating private keys as a tool to ensure the discovery of information fundamentally misunderstands their purpose. Private keys are not how we see something in digital space, but instead how we exert authority in digital space!
Turning back to comparisons, it’s the difference between a ledger and a pen. If you wanted accounting information, you’d ask for the ledger; you wouldn’t ask for the pen — especially not if it was a pen that allowed you to write undetectably in the handwriting of the accountant!
Former federal prosecutor Mary Beth Buchanan, when offering testimony in favor of Wyoming’s private-key disclosure law, said:
“The court could order a disclosure or an accounting of all the digital assets that are held, and then those assets could be disclosed and the location of whether they are held across different platforms or even different wallets. But giving the key is actually giving access to those assets. That is the difference.”
Fortunately, there is an electronic tool that meets the needs of discovery: public keys.
Wyoming has recognized that in their legislation, which says that a private key should never be required if a public key would do the job (and they parenthetically noted at hearings that their current understanding is that a public key will always do the job). If our concern is revealing information that will help to catch and prosecute criminals, then public keys are the answer.
3. Private keys are not physical.
Electronic private keys and physical keys are very different. A physical key could pass through many hands and there could be the expectation that it was very likely not duplicated (especially if it were a special key, such as a safe-deposit box key), and that when the key was returned to the original holder, they would once again have control of all of the linked assets. The same is not true for a private key, which could be easily duplicated by any of the many hands it passed through, with no way to ascertain that that had happened.
Returning to the example of a car’s key fob, it would not be appropriate to force the disclosure of the unique serial number stored within a car fob for the same reason it’s not appropriate to force the disclosure of a private key. Doing so would give anyone who gets that serial number the ability to create a new fob and steal your car!
4. Private keys serve many purposes.
Finally, private keys are likely to have a lot more purposes than physical keys, especially if a court decides to go after not just a specific private key, but the root key from an HD wallet or a seed phrase. Root keys (and seeds) might be used to protect a wide variety of assets as well as private data. They may also be used to control identities and to offer irrefutable proof that the owner agreed to something through digital signatures.
The authoritative uses of private keys are so wide and all-encompassing that it’s hard to come up with a physical equivalent. The closest analogy, which I explained at one of the Wyoming hearings, is that this would be like if a court demanded access to a hotel room by requiring the hotel’s master key, which can provide access to all rooms. But, a private key is more than that; it would be as if the court also required that someone with signatory powers at the hotel sign a bunch of blank contracts and blank checks. The potential for harm with the disclosure of a private key is just that high for someone who is using it for a variety of purposes — and there will be more and more people doing so as the importance of the digital world continues to increase.
The Realities Of Courts
Going beyond the fact that a private key is the wrong tool for courts and that it’s often being used in the wrong way, there are a number of other problematic realities related to the courts themselves and how and when they’re trying to access private keys.
5. Courts are not prepared to protect private keys.
To start with, courts don’t have the experience needed to protect private keys. This danger is made worse by the fact that a single private key is likely to pass through the hands of many different court staff over time.
But, this isn’t just about courts. The problem of creating safe ways to transfer private keys is far bigger. It’s something that the cryptographic field as a whole does not have good answers for. I attested in Wyoming that the “immense difficulties of transferring a private key are a risk that allows bearing of false witness.” Putting courts, without cryptocurrency expertise, in the middle of the problem could be catastrophic.
Perhaps cryptographers will resolve these issues in time, and perhaps someday courts will be able to share in that expertise if they decide doing so is a good use of their time and resources, but we need to consider keys whose disclosures are being forced now.
6. Courts are requiring premature disclosure.
The current situation with key disclosure is even more problematic because it’s occurring as part of discovery or other pre-trial motions. Discovery rulings are almost impossible to appeal which means that in today’s environment key holders have almost no recourse for protecting the token of their own authority in digital space.
7. Courts are more demanding of digital assets than physical assets.
We recognize that courts should be able to require the usage of a key. Compelling usage is nothing new, but the private key is not required for that; a simple court order is enough.
If someone refuses to use their private key in a way compelled by a court, that’s nothing new either. The physical world already has plenty of examples of people refusing such orders, such as by hiding assets or just refusing to pay judgements. They are handled with sanctions such as contempt of court.
Asking for more from the electronic world is an overreach of traditional judgements that also creates much greater repercussions.
The Repercussions Of Disclosure
Using the wrong tool for the wrong reasons and putting it in hands not ready to deal with it will have calamitous results. Here are some of the most obvious repercussions.
1. Asset Theft.
Obviously, there is a danger of the assets being stolen, as a private key gives total control over those assets. These assets could go far beyond the specifics of what a court is interested in because of the multitude of uses for keys.
2. Asset Loss.
Beyond the problem of purposeful theft, keys could be lost, and with them digital assets. Former federal prosecutor Mary Beth Buchanan raised this concern in her testimony, saying:
“Evidence is lost all the time.”
If that evidence was a private key, which might hold a variety of assets, information, and proofs of identity, the loss could be tremendous.
3. Collateral Damage.
Thefts or losses resulting from the disclosure of a private key could also go far beyond an individual before the court. Increasingly, assets are being held in multisignatures, which may grant multiple people control over the same assets. By requiring the disclosure of a key, a court could negatively impact people entirely unrelated to the proceedings.
4. Identity Theft.
Because private keys might also protect the identifier for digital identity, their loss, theft or misuse could put someone’s entire digital life at risk. If a key was copied, someone else could pretend to be the holder and even make digital signatures that are legally binding for them.
Support This Legislation
Protecting private keys is one of the most important things that Blockchain Commons has ever worked on. As I said:
“I find the protections of this Private Key Disclosure bill crucial for the future of digital rights.”
Wyoming State Legislature Senate Minority Leader Chris Rothfuss affirmed this, adding:
“Christopher Allen has been an invaluable member of our blockchain policy community, bringing a lifetime of technical expertise to advise our committee work and inform our legislative drafting. Mr. Allen has emphasized the particular importance of protecting private keys from any form of compulsory disclosure.”
We need your help to make it a reality.
If you’re an experienced member of the cryptocurrency or digital asset field or a human rights activist, please submit your own testimony in support of the Wyoming Select Committee on Blockchain, Financial Technology and Digital Innovation Technology. The bill will be coming up for further discussion on September 19-20 in Laramie, Wyoming.
But, Wyoming is just the start. They are doing an excellent job of leading the way, but we need other states and countries to follow. If you have connections to another legislature, please suggest they introduce legislation with similar language to Wyoming’s bill.
Even if you don’t feel comfortable talking with a legislature, you can help by advocating for the protection of private keys as something different than assets.
Ultimately, our new world of digital assets and digital information will succeed or fail based upon how we lay its foundations today. It could become a safe space for us or a dangerous Wild West.
Properly protecting private keys (and using public keys and other tools for legitimate judicial needs) is a keystone that will help us to build a sturdy edifice.
This is a guest post by Christopher Allen. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
El Salvador’s Minister of the Economy Maria Luisa Hayem Brevé submitted a digital assets issuance bill to the country’s legislative assembly, paving the way for the launch of its bitcoin-backed “volcano” bonds.
First announced one year ago today, the pioneering initiative seeks to attract capital and investors to El Salvador. It was revealed at the time the plans to issue $1 billion in bonds on the Liquid Network, a federated Bitcoin sidechain, with the proceedings of the bonds being split between a $500 million direct allocation to bitcoin and an investment of the same amount in building out energy and bitcoin mining infrastructure in the region.
A sidechain is an independent blockchain that runs parallel to another blockchain, allowing for tokens from that blockchain to be used securely in the sidechain while abiding by a different set of rules, performance requirements, and security mechanisms. Liquid is a sidechain of Bitcoin that allows bitcoin to flow between the Liquid and Bitcoin networks with a two-way peg. A representation of bitcoin used in the Liquid network is referred to as L-BTC. Its verifiably equivalent amount of BTC is managed and secured by the network’s members, called functionaries.
“Digital securities law will enable El Salvador to be the financial center of central and south America,” wrote Paolo Ardoino, CTO of cryptocurrency exchange Bitfinex, on Twitter.
Bitfinex is set to be granted a license in order to be able to process and list the bond issuance in El Salvador.
The bonds will pay a 6.5% yield and enable fast-tracked citizenship for investors. The government will share half the additional gains with investors as a Bitcoin Dividend once the original $500 million has been monetized. These dividends will be dispersed annually using Blockstream’s asset management platform.
The act of submitting the bill, which was hinted at earlier this year, kickstarts the first major milestone before the bonds can see the light of day. The next is getting it approved, which is expected to happen before Christmas, a source close to President Nayib Bukele told Bitcoin Magazine. The bill was submitted on November 17 and presented to the country’s Congress today. It is embedded in full below.
This is an opinion editorial by Joakim Book, a Research Fellow at the American Institute for Economic Research, contributor and copy editor for Bitcoin Magazine and a writer on all things money and financial history.
I don’t.
That’s it. That’s the article.
In all sincerity, that is the full message: Just don’t do it. It’s not worth it.
You’re not an excited teenager anymore, in desperate need of bragging credits or trying out your newfound wisdom. You’re not a preaching priestess with lost souls to save right before some imminent arrival of the day of reckoning. We have time.
Instead: just leave people alone. Seriously. They came to Thanksgiving dinner to relax and rejoice with family, laugh, tell stories and zone out for a day — not to be ambushed with what to them will sound like a deranged rant in some obscure topic they couldn’t care less about. Even if it’s the monetary system, which nobody understands anyway.
Get real.
If you’re not convinced of this Dale Carnegie-esque social approach, and you still naively think that your meager words in between bites can change anybody’s view on anything, here are some more serious reasons for why you don’t talk to friends and family about Bitcoin the protocol — but most certainly not bitcoin, the asset:
- Your family and friends don’t want to hear it. Move on.
- For op-sec reasons, you don’t want to draw unnecessary attention to the fact that you probably have a decent bitcoin stack. Hopefully, family and close friends should be safe enough to confide in, but people talk and that gossip can only hurt you.
- People find bitcoin interesting only when they’re ready to; everyone gets the price they deserve. Like Gigi says in “21 Lessons:”
“Bitcoin will be understood by you as soon as you are ready, and I also believe that the first fractions of a bitcoin will find you as soon as you are ready to receive them. In essence, everyone will get ₿itcoin at exactly the right time.”
It’s highly unlikely that your uncle or mother-in-law just happens to be at that stage, just when you’re about to sit down for dinner.
- Unless you can claim youth, old age or extreme poverty, there are very few people who genuinely haven’t heard of bitcoin. That means your evangelizing wouldn’t be preaching to lost, ignorant souls ready to be saved but the tired, huddled and jaded masses who could care less about the discovery that will change their societies more than the internal combustion engine, internet and Big Government combined. Big deal.
- What is the case, however, is that everyone in your prospective audience has already had a couple of touchpoints and rejected bitcoin for this or that standard FUD. It’s a scam; seems weird; it’s dead; let’s trust the central bankers, who have our best interest at heart.
No amount of FUD busting changes that impression, because nobody holds uninformed and fringe convictions for rational reasons, reasons that can be flipped by your enthusiastic arguments in-between wiping off cranberry sauce and grabbing another turkey slice. - It really is bad form to talk about money — and bitcoin is the best money there is. Be classy.
Now, I’m not saying to never ever talk about Bitcoin. We love to talk Bitcoin — that’s why we go to meetups, join Twitter Spaces, write, code, run nodes, listen to podcasts, attend conferences. People there get something about this monetary rebellion and have opted in to be part of it. Your unsuspecting family members have not; ambushing them with the wonders of multisig, the magically fast Lightning transactions or how they too really need to get on this hype train, like, yesterday, is unlikely to go down well.
However, if in the post-dinner lull on the porch someone comes to you one-on-one, whisky in hand and of an inquisitive mind, that’s a very different story. That’s personal rather than public, and it’s without the time constraints that so usually trouble us. It involves clarifying questions or doubts for somebody who is both expressively curious about the topic and available for the talk. That’s rare — cherish it, and nurture it.
Last year I wrote something about the proper role of political conversations in social settings. Since November was also election month, it’s appropriate to cite here:
“Politics, I’m starting to believe, best belongs in the closet — rebranded and brought out for the specific occasion. Or perhaps the bedroom, with those you most trust, love, and respect. Not in public, not with strangers, not with friends, and most certainly not with other people in your community. Purge it from your being as much as you possibly could, and refuse to let political issues invade the areas of our lives that we cherish; politics and political disagreements don’t belong there, and our lives are too important to let them be ruled by (mostly contrived) political disagreements.”
If anything, those words seem more true today than they even did then. And I posit to you that the same applies for bitcoin.
Everyone has some sort of impression or opinion of bitcoin — and most of them are plain wrong. But there’s nothing people love more than a savior in white armor, riding in to dispel their errors about some thing they are freshly out of fucks for. Just like politics, nobody really cares.
Leave them alone. They will find bitcoin in their own time, just like all of us did.
This is a guest post by Joakim Book. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
This is an opinion editorial by Federico Tenga, a long time contributor to Bitcoin projects with experience as start-up founder, consultant and educator.
The term “smart contracts” predates the invention of the blockchain and Bitcoin itself. Its first mention is in a 1994 article by Nick Szabo, who defined smart contracts as a “computerized transaction protocol that executes the terms of a contract.” While by this definition Bitcoin, thanks to its scripting language, supported smart contracts from the very first block, the term was popularized only later by Ethereum promoters, who twisted the original definition as “code that is redundantly executed by all nodes in a global consensus network”
While delegating code execution to a global consensus network has advantages (e.g. it is easy to deploy unowed contracts, such as the popularly automated market makers), this design has one major flaw: lack of scalability (and privacy). If every node in a network must redundantly run the same code, the amount of code that can actually be executed without excessively increasing the cost of running a node (and thus preserving decentralization) remains scarce, meaning that only a small number of contracts can be executed.
But what if we could design a system where the terms of the contract are executed and validated only by the parties involved, rather than by all members of the network? Let us imagine the example of a company that wants to issue shares. Instead of publishing the issuance contract publicly on a global ledger and using that ledger to track all future transfers of ownership, it could simply issue the shares privately and pass to the buyers the right to further transfer them. Then, the right to transfer ownership can be passed on to each new owner as if it were an amendment to the original issuance contract. In this way, each owner can independently verify that the shares he or she received are genuine by reading the original contract and validating that all the history of amendments that moved the shares conform to the rules set forth in the original contract.
This is actually nothing new, it is indeed the same mechanism that was used to transfer property before public registers became popular. In the U.K., for example, it was not compulsory to register a property when its ownership was transferred until the ‘90s. This means that still today over 15% of land in England and Wales is unregistered. If you are buying an unregistered property, instead of checking on a registry if the seller is the true owner, you would have to verify an unbroken chain of ownership going back at least 15 years (a period considered long enough to assume that the seller has sufficient title to the property). In doing so, you must ensure that any transfer of ownership has been carried out correctly and that any mortgages used for previous transactions have been paid off in full. This model has the advantage of improved privacy over ownership, and you do not have to rely on the maintainer of the public land register. On the other hand, it makes the verification of the seller’s ownership much more complicated for the buyer.
Source: Title deed of unregistered real estate propriety
How can the transfer of unregistered properties be improved? First of all, by making it a digitized process. If there is code that can be run by a computer to verify that all the history of ownership transfers is in compliance with the original contract rules, buying and selling becomes much faster and cheaper.
Secondly, to avoid the risk of the seller double-spending their asset, a system of proof of publication must be implemented. For example, we could implement a rule that every transfer of ownership must be committed on a predefined spot of a well-known newspaper (e.g. put the hash of the transfer of ownership in the upper-right corner of the first page of the New York Times). Since you cannot place the hash of a transfer in the same place twice, this prevents double-spending attempts. However, using a famous newspaper for this purpose has some disadvantages:
- You have to buy a lot of newspapers for the verification process. Not very practical.
- Each contract needs its own space in the newspaper. Not very scalable.
- The newspaper editor can easily censor or, even worse, simulate double-spending by putting a random hash in your slot, making any potential buyer of your asset think it has been sold before, and discouraging them from buying it. Not very trustless.
For these reasons, a better place to post proof of ownership transfers needs to be found. And what better option than the Bitcoin blockchain, an already established trusted public ledger with strong incentives to keep it censorship-resistant and decentralized?
If we use Bitcoin, we should not specify a fixed place in the block where the commitment to transfer ownership must occur (e.g. in the first transaction) because, just like with the editor of the New York Times, the miner could mess with it. A better approach is to place the commitment in a predefined Bitcoin transaction, more specifically in a transaction that originates from an unspent transaction output (UTXO) to which the ownership of the asset to be issued is linked. The link between an asset and a bitcoin UTXO can occur either in the contract that issues the asset or in a subsequent transfer of ownership, each time making the target UTXO the controller of the transferred asset. In this way, we have clearly defined where the obligation to transfer ownership should be (i.e in the Bitcoin transaction originating from a particular UTXO). Anyone running a Bitcoin node can independently verify the commitments and neither the miners nor any other entity are able to censor or interfere with the asset transfer in any way.
Since on the Bitcoin blockchain we only publish a commitment of an ownership transfer, not the content of the transfer itself, the seller needs a dedicated communication channel to provide the buyer with all the proofs that the ownership transfer is valid. This could be done in a number of ways, potentially even by printing out the proofs and shipping them with a carrier pigeon, which, while a bit impractical, would still do the job. But the best option to avoid the censorship and privacy violations is establish a direct peer-to-peer encrypted communication, which compared to the pigeons also has the advantage of being easy to integrate with a software to verify the proofs received from the counterparty.
This model just described for client-side validated contracts and ownership transfers is exactly what has been implemented with the RGB protocol. With RGB, it is possible to create a contract that defines rights, assigns them to one or more existing bitcoin UTXO and specifies how their ownership can be transferred. The contract can be created starting from a template, called a “schema,” in which the creator of the contract only adjusts the parameters and ownership rights, as is done with traditional legal contracts. Currently, there are two types of schemas in RGB: one for issuing fungible tokens (RGB20) and a second for issuing collectibles (RGB21), but in the future, more schemas can be developed by anyone in a permissionless fashion without requiring changes at the protocol level.
To use a more practical example, an issuer of fungible assets (e.g. company shares, stablecoins, etc.) can use the RGB20 schema template and create a contract defining how many tokens it will issue, the name of the asset and some additional metadata associated with it. It can then define which bitcoin UTXO has the right to transfer ownership of the created tokens and assign other rights to other UTXOs, such as the right to make a secondary issuance or to renominate the asset. Each client receiving tokens created by this contract will be able to verify the content of the Genesis contract and validate that any transfer of ownership in the history of the token received has complied with the rules set out therein.
So what can we do with RGB in practice today? First and foremost, it enables the issuance and the transfer of tokenized assets with better scalability and privacy compared to any existing alternative. On the privacy side, RGB benefits from the fact that all transfer-related data is kept client-side, so a blockchain observer cannot extract any information about the user’s financial activities (it is not even possible to distinguish a bitcoin transaction containing an RGB commitment from a regular one), moreover, the receiver shares with the sender only blinded UTXO (i. e. the hash of the concatenation between the UTXO in which she wish to receive the assets and a random number) instead of the UTXO itself, so it is not possible for the payer to monitor future activities of the receiver. To further increase the privacy of users, RGB also adopts the bulletproof cryptographic mechanism to hide the amounts in the history of asset transfers, so that even future owners of assets have an obfuscated view of the financial behavior of previous holders.
In terms of scalability, RGB offers some advantages as well. First of all, most of the data is kept off-chain, as the blockchain is only used as a commitment layer, reducing the fees that need to be paid and meaning that each client only validates the transfers it is interested in instead of all the activity of a global network. Since an RGB transfer still requires a Bitcoin transaction, the fee saving may seem minimal, but when you start introducing transaction batching they can quickly become massive. Indeed, it is possible to transfer all the tokens (or, more generally, “rights”) associated with a UTXO towards an arbitrary amount of recipients with a single commitment in a single bitcoin transaction. Let’s assume you are a service provider making payouts to several users at once. With RGB, you can commit in a single Bitcoin transaction thousands of transfers to thousands of users requesting different types of assets, making the marginal cost of each single payout absolutely negligible.
Another fee-saving mechanism for issuers of low value assets is that in RGB the issuance of an asset does not require paying fees. This happens because the creation of an issuance contract does not need to be committed on the blockchain. A contract simply defines to which already existing UTXO the newly issued assets will be allocated to. So if you are an artist interested in creating collectible tokens, you can issue as many as you want for free and then only pay the bitcoin transaction fee when a buyer shows up and requests the token to be assigned to their UTXO.
Furthermore, because RGB is built on top of bitcoin transactions, it is also compatible with the Lightning Network. While it is not yet implemented at the time of writing, it will be possible to create asset-specific Lightning channels and route payments through them, similar to how it works with normal Lightning transactions.
Conclusion
RGB is a groundbreaking innovation that opens up to new use cases using a completely new paradigm, but which tools are available to use it? If you want to experiment with the core of the technology itself, you should directly try out the RGB node. If you want to build applications on top of RGB without having to deep dive into the complexity of the protocol, you can use the rgb-lib library, which provides a simple interface for developers. If you just want to try to issue and transfer assets, you can play with Iris Wallet for Android, whose code is also open source on GitHub. If you just want to learn more about RGB you can check out this list of resources.
This is a guest post by Federico Tenga. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
