{"id":22717,"date":"2018-01-19T16:07:04","date_gmt":"2018-01-19T16:07:04","guid":{"rendered":"http:\/\/ci027cfe7a10042697"},"modified":"2018-01-19T16:07:04","modified_gmt":"2018-01-19T16:07:04","slug":"cornell-ic3-researchers-propose-solution-bitcoins-multisig-paralysis-problem","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/culture\/cornell-ic3-researchers-propose-solution-bitcoins-multisig-paralysis-problem","title":{"rendered":"Cornell IC3 Researchers Propose Solution to Bitcoin\u2019s Multisig \u201cParalysis\u201d Problem"},"content":{"rendered":"
<\/div>
<\/figure>\n

Owning cryptocurrency comes with its own set of challenges. One of the biggest of those challenges is managing the private keys that enable you to spend funds. Lose your private keys, and your money is gone.<\/p>\n

In a business environment, a common way to manage funds owned by multiple people is via what\u2019s called a multisignature (multisig) address<\/a>, a type of smart contract requiring two or more parties to sign off on a transaction to move the funds. <\/p>\n

This can be problematic, however. Let\u2019s say you have a three-of-three multisig that requires you and two business partners to sign off on a transaction. If one person dies, disappears or becomes incapacitated, those assets become frozen \u2014 a risk some might feel uncomfortable with when dealing with tens of thousands of dollars or more. <\/p>\n

One way to ameliorate that risk might be to opt for a two-of-three multisig, where only two instead of all three individuals need to sign off on a transaction. But that\u2019s not a complete solution either. Two players could conspire against the other one and run off with the money.<\/p>\n

What now? If your funds are on the Ethereum blockchain, you could write a smart contract that would allow you to free the funds if one person in your trio disappeared.<\/p>\n

However, Bitcoin with its limited scripting language makes things more difficult. \u201cThis seems like an unsolvable problem if you think about the traditional tools,\u201d said Ari Juels, a professor at Cornell Tech and co-director of the Cornell Initiative for Cryptocurrencies and Contracts (IC3).<\/p>\n

Paralysis Proofs<\/h3>\n

In a paper titled \u201cParalysis Proofs: How to Prevent Your Bitcoin from Vanishing,\u201d researchers Fan Zhang, Phil Daian, Iddo Bentov and Ari Juels from the IC3 outline how to deal with what happens when a party is unable, or unwilling, to sign off on a multisig transaction in Bitcoin. The solution involves a combination of blockchain technology and trusted hardware \u2014 Intel SGX, in this case. <\/p>\n

Trusted hardware allows you to run code inside a protected enclave. Even a computer\u2019s own operating system is unable to access data inside an enclave, so if your computer were to be hacked, the code in the enclave would remain secure.<\/p>\n

IC3\u2019s solution proposes replacing a trusted third party, such as a lawyer or a bank, who would put money in an escrow, with a trusted hardware solution that retains control of a master key to the funds. <\/p>\n

If one of the three people in the contract dies, the other two initiate a \u201cparalysis proof.\u201d That proof is based on a challenge sent to the missing third person. If the missing person responds to the challenge, the money stays put. If the missing person does not respond, the trusted hardware releases the funds to the remaining two players. <\/p>\n

Trusted hardware is only part of the solution, however. If the third person were to try and respond to the challenge request with an indication she is still alive, conceivably, the other players could intercept that message. To ensure that does not happen, the second half of IC3\u2019s solution involves sending the message via the blockchain, which provides a tamper-proof and censorship-resistant medium. <\/p>\n

\u201cBy combining these two [methods], we can achieve the exact properties we\u2019re after,\u201d Juels explained to Bitcoin Magazine<\/em>. \u201cWe can enable trusted hardware to determine whether or not somebody is alive, and there is no way to prevent a relevant message from getting transmitted if it is coming through the blockchain.\u201d <\/p>\n

How It Works<\/h3>\n

Put simply, this is how to achieve a paralysis proof as outlined by the IC3 researchers:<\/p>\n