> Cotten possessed the only key to the online vaults where his customers’ investments were supposedly stored.
This is very important. Due to strong cryptography it's safe to assume the cryptocurrencies can't be moved without the secret key. What happens if the owner of the key dies? My father asked me about this once and I had no answer. Something to really think about.
We currently think of secret keys as expendable. Compromised or lost? Just make a new one. Nobody shares or inherits keys, everyone has their own set. The dead won't be encrypting or signing any messages and there is generally no reason for anyone to retain the ability to impersonate them.
Traditional key discipline relies on the assumption keys are worth nothing. All this goes out the window when these are the keys to assets worth thousands, millions. A new key discipline needs to be developed.
One solution is to have the key on paper in a safe, and then let the lawyer know the key is in the safe. If you die they can drill the safe. The nature of the private key makes digital solutions possible, but they aren't necessary. It doesn't have to be handled differently from any highly valuable small object.
Depending on the amount, split the key across paper across multiple bank vaults and lawyers, with direction to contact all of them and bring the key together at your death.
But good luck finding someone you can trust to actually handle the money once they have the key.
One cool aspect of Shamir's Secret Sharing is you can set any threshold for how many fragments are required to recover the secret. This reduces the risk of one losing the secret due to fragments being lost. The scheme also has perfect secrecy, so gaining a few fragments, but not the threshold amount, gives an attacker no information about the secret.
I wouldn't split the key because as another comment noted, you don't need all the pieces to brute-force the rest. Rather I would have several "keys" that when you XOR them all together, you get the real key. That way, any piece is useless without all the rest.
Unless, this is what you meant by "split" in which case I agree.
Even just putting half the key on paper and not putting the rest could make brute-forcing the rest feasible. Even knowing just 1 bit makes brute-forcing 2x as easy. 8 bits? 256x easier, etc.
One would use a scheme like Shamir's secret sharing [1], not literally cutting the exact bits of the key into strips.
> To unlock the secret via Shamir's secret sharing, a minimum number of shares are needed. This is called the threshold, and is used to denote the minimum number of shares needed to unlock the secret. An adversary who discovers any number of shares less than the threshold will not have any additional information about the secured secret-- this is called perfect secrecy. In this sense, SSS is a generalisation of the one-time pad (which is effectively SSS with a two-share threshold and two shares in total).
(Shamir’s scheme is delightfully straightforward, but if polynomial interpolation over finite fields isn’t a thing you feel in your bones, try inventing an n-of-n-shares scheme that only uses xor and a random-number generator. Gb nyy ohg bar bs gur cnegvpvcnagf, tvir n puhax bs enaqbz qngn nf ybat nf gur frperg; gb gur ynfg bar, tvir gur kbe bs gur frperg naq gur enaqbz puhaxf. You probably don’t want that in production, but it’s nice to figure it out and even utterly simple to prove it secure, provided you understand the proof for one-time pads.)
This immediately came to mind as a possible tactic because polynomial interpolation is covered nicely in A Programmer's Introduction To Mathematics[1] which I started reading recently. Highly recommended.
Oh yeah, I know about that. I meant to intentionally release only part of the key specifically to make brute-forcing easier for your heirs. I mean, hey, they gotta work for it, you just give them a leg up! :)
You can connect to obituary oracle on chainlink and release data to prespecified law firm upon proof of death. Then make sure the law firm validates the death before opening. Wallets and Keys inside. Or secret pass phrases inside.
This isn't that ironic, as there are often safe deposit boxes with contents more valuable than the cash on hand of the bank branch itself.
Yes, ironic that digital currency is being protected by physical bank, but that's really stretching for something to be haha. It's SOP for banks really.
I was more referring to the (somewhat fair) crusade against big banks in the crypto community in general. Tweeting against banks all day and talking about "code is law" while paying a safe deposit box fee and leaning on the traditional legal system (wills, etc) and banks (the box) scales somewhere from ironic to hypocritical.
No it doesn’t, at least in a sensible understanding of the crusade. (I’m not sure cryptographic Byzantine consensus is the panacea it is touted to be, but agree with its proponents as to whether many of the things they call problems with the traditional system are in fact problems.) It’s nice to have a technical solution to things that do not actually need human interpretation, and it’s nice to expand the set of these things. Whether you actually want human interpretation for the act of transferring money is questionable.
Fiat money is uniquely susceptible to repressive governments in a way that nothing was when people actually thought about countering those in a practical way, and bank transfers are even more so—see today’s news from Canada for an example that’s chilling whether or not you agree with the actual politics in play. That needs to be fixed, I think. It could be fixed by making money more resilient to government intervention or by making governments less likely to make malicious interventions, probably both. These approaches, and even approaches to these approaches, have different implications, so history will have to find the balance, but I’d be loath to just dismiss the former out of hand.
But death is a thing that needs human interpretation, at least for the foreseeable future, and thus those arguments don’t apply here. The current banking and actuarial system isn’t that insane for the most part, for a system that has to operate under the constraint of needing human interpretation. It’s just that I refuse to stop thinking about the extent to which such a constraint is actually present in any particular situation. In strongbox rental, it is. Great! And I say that as someone with an experience of withdrawing the contents of a safe deposit box from a branch of a failing bank, on the day before the doors of said branch were locked and tagged.
(Nothing about a strongbox rental business even needs to be connected with loans or securities in any way, it’s just that banks sort of organically grew both functions. No problem with that, but also no problem with somebody dissatisfied with any aspect of modern macroeconomics having no gripes against safe deposit boxes.)
I think the parent was pointing out at the irony that every hour of effort spent on the crypto space so far has only made banks and other institutions even more critical in the end, because the death rate will be 100% for the forseeable future, like it always has been.
It’s effectively backloading risk onto the very things claimed to be outmoded and replaceable.
Not ironic at all. It's a fact that banks have great physical security, no reason to not take advantage of that. If you have a cryptocurrency paper wallet in the bank, they don't know about it, it's not on their books, they can't lend it out without your knowledge and inflate the economy with it.
Note that banks usually require you to sign away all liability for anything placed in a safe deposit box, even if negligence or fraud on their part leads to the items being stolen or destroyed.
> If you didn't trust anyone with the keys to it while you were alive, why should anyone have it?
Wills and inheritance have been a part of human society since the beginning of civilization, I think it’s more likely we will need to find a way to make new technology adapt to society and not the other way around
Yeah, but inheritance law has changed a lot over the centuries: before the French revolution only the first child (possibly son, I don't recall right now) could inherit, then the revolutionary government made a big deal of splitting properties equally among siblings in order to break up large estates. After WWII most Western countries had very punishing inheritance taxes, and that's been dialed back in the 70s. Some economists (Piketty and co) make a big deal of bringing back high inheritance taxes and using them to finance a universal basic capital to be disbursed at a young age.
In a sense, due to the deflationary nature of most crypto, dying without telling anyone what the key to your wallet is, is equivalent to redistributing all your funds to everyone in a way that is proportional to the amount everybody already owns. So it's kinda regressive, which seems to align well with the current crypto political climate...
Then again maybe this addresses the inheritance tax issue. Instead of debating how much money goes to heirs vs the state, folks net worth could just "evaporate" on death, thereby slightly (presumably) reducing the supply of whatever currency was held at the time of death.
In this case, it wasn't his money! It was the Quadriga customer wallet!
Besides, "how do I ensure my wife and/or children get my wealth when I die" is a question humans have been addressing for thousands of years. Only a bitcoiner could be so nihilist to not care.
> Only a bitcoiner could be so nihilist to not care.
I feel like the people I know who are most enthusiastic about Bitcoin are the ones who care most about generational wealth and the long-term mindset. There are tons of ways to establish backups for family members (multi signature wallets, time locked wallets.)
Most people don't trust their adult children with access to their wealth, and yet they leave it as an inheritance to them when they die. Often even accompanied by a will
> What's wrong, if your wealth distilled to the limits of abstraction dies with you?
What do you mean, what's wrong? Everything is wrong.
If I have children, I absolutely want them to inherit everything I own when I die. I want them to use it all to reach even further than I have and be more successful and richer than I was. This is how wealth is built across generations.
I don't want my money to be forever lost in the unimaginably large cryptographic search space. I certainly don't want my money to go to anyone other than my children, especially the government.
> If you haven't shared it with anyone, why would anyone get it?
This is the wrong model, technically it causes micro deflation that would be similar to distributing it to everyone weighted by their current amount. The rich get richer-er (in an absolute sense, but not in a proportional sense).
The effect is probably minuscule on a case by case basis, but if it were happening on nation scale it might make a difference.
I mean, another way to look at this is that wealth, assuming it’s reasonably liquid, can be exchanged for other goods (that is, after all, the only real point of wealth in the first place).
Surely you wouldn’t think it’s absurd to expect that if someone dies with some extra food, that other people ought to make use of that food, even if they hadn’t made a formal last will.
On the other hand, if money is destroyed and not replaced that then makes everyone else's money more valuable as no one else's wealth (and hence overall wealth) has been affected.
I doubt that’s true in any meaningful sense. You could say the same thing for food: if you make it more scarce at some point you will probably observe an increase in price of existing food. And yet you could have eaten the food instead of destroyed it.
I believe the parent here is making a distinction between "capital" and "money"; "money" being a claim against real physical "capital".
When a pile of "capital" is destroyed (i.e. a bushel of wheat spoils, or a factory burns to the ground, or the lyrics to Bohemian Rhapsody are somehow lost forever) then this is a loss to society in general and to the owner of that "capital" in particular. If a pile of "money" is destroyed (i.e. Pablo Escobar burns $2MM in currency, private key to crypto wallet is lost) there is no corresponding loss of real physical "capital". There is simply a reduction in aggregate outstanding claims against the unchanged real physical "capital". So the unaffected holders of the other claims see their purchasing power increase, i.e. they no longer have to outbid the person whose "money" was destroyed, they have now "cut out" the loser from claims against "capital".
> When a pile of "capital" is destroyed (i.e. a bushel of wheat spoils, or a factory burns to the ground, or the lyrics to Bohemian Rhapsody are somehow lost forever)…
Well, at least one of these examples is actually capital (the factory). Of the remainder, one is just plain property, not a capital good, and the other is information. Capital is property which serves as a means of production. Sometimes the term is used loosely to include highly marketable goods (money) which can stand in for the means of production (e.g. "raising capital"), or even more loosely as in "human capital" (referring to the capacity for labor as a means of production), but it does not include commodities consumed in the production process, such as the wheat; nor information, which is non-rivalrous and thus not property, much less capital.
With that said, you're basically correct about the difference between currency other forms of property—goods with utility beyond their use in trade. For the most part there is no advantage to society in having a larger or smaller amount of currency (in aggregate). For economic calculation it's best if the supply just remains constant; any variation will temporarily affect the allocation of other resources, but eventually the value of the currency will adjust so that the total purchasing power of the currency equals all the goods available for purchase. It can cause problems if the supply changes too rapidly, making prices unstable, or if so much currency is lost that it starts to impact divisibility. For example, if bitcoins grew in value to the point where one satoshi was worth a month of labor we would need to modify the protocol to add more significant digits, or introduce a parallel system for day-to-day transactions, much like silver vs. gold.
This is why I added "assuming it’s reasonably liquid" to my initial comment. If one's wealth is reasonably liquid, then I don't think it makes much sense to make a distinction between whether it's "capital" or "money." For the vast majority of people, I think this is a reasonable assumption. If you could liquidate the deceased person's estate and exchange it for consumables or capital and donate those to a good cause, is that really worse for society than the nebulous idea of increasing the value of everyone's money by destroying the deceased person's money? I guess I'm having trouble seeing the distinction between "destroying existing capital is bad" and "destroying money that could have been exchanged for capital or used to create capital is good."
> If you could liquidate the deceased person's estate and exchange it for consumables or capital and donate those to a good cause, is that really worse for society than the nebulous idea of increasing the value of everyone's money by destroying the deceased person's money?
That would depend on who gets to decide what counts as "a good cause". I can think of worse ways the purchasing power could be employed than distributing it widely among other users of the currency. Even assuming the best of intentions, you're still directing resources rather arbitrarily away from other goals in favor of the selected cause, which is not necessarily a net benefit to society.
In general it makes sense to follow the wishes of the deceased, if they are known—it serves no good purpose to distinguish between gifts made just before death vs. ones made at the time of death via a will, and doing so penalizes those who die unexpectedly before making their bequests. Beyond that, I see no reason why relatives of the deceased should have an automatic claim in the absence of a will—but their claim is stronger at least than any the state might make, so given the choice I'd rather see the property go to the heirs than the state. Personally, though, in the absence of a will I would just consider the property abandoned and available for anyone to freely use and thus claim for themselves via homesteading. In some cases that process may have already begun—for example, if the owner of a house dies without leaving a will then anyone else who was already living there (presumably the deceased's family) would have priority to assume ownership once the deceased's claim was abandoned. Their prior investment in the home didn't matter as long as it had an owner, but with that owner gone it should count in their favor for the homesteading process.
> That would depend on who gets to decide what counts as "a good cause". I can think of worse ways the purchasing power could be employed than distributing it widely among other users of the currency.
Yes, but the dependency on what counts as a good cause also applies to distributing wealth indiscriminately among all holders of a currency.
It applies to some extent no matter what you do, but with this approach the purchasing power is spread so widely that no one will even notice the difference. Also, destroying the currency or otherwise making it permanently inaccessible when the owner dies is for all practical purposes indistinguishable from the owner living and simply never spending it, so nothing really changes.
Yes, but again you could say the exact same thing about any capital or food the person had when they died, especially if they weren't extremely wealthy. But I thought we had agreed that destroying capital and food is not good. I'm just failing to understand the distinction between destroying a deceased person's capital, and destroying their money.
> I'm just failing to understand the distinction between destroying a deceased person's capital, and destroying their money.
"Capital" is the wrong word here. It doesn't include non-productive, consumable goods such as food, but it can include money as a stand-in for means of production. It doesn't make sense to contrast "capital" with "money" when what you really mean is "all goods which are not money".
In any case, the difference is utility. The value of money is (almost) entirely derived from its use in trade; it's not consumed and it doesn't directly serve as a means of production. If a factory burns down or food spoils then society is poorer for it, but if the amount of money in existence decreases then nothing of value is lost, provided it affects everyone holding currency equally. (In the case of someone dying the only one not affected equally is the deceased, who isn't around to object to the loss and thus doesn't count.) We still have all the consumable goods and means of production which we had before, and the purchasing power of the remaining currency will adjust to compensate for the change in the money supply.
This is a solved problem. Entities that have to custody large amounts of crypto use multi-sig wallets where N of M keys are needed to unlock them. The keys are given to a N people and kept in different locations. If someone dies, N of the remaining people can move the assets to a new wallet.
Note that this wasn't a case of the money being lost because the key was lost when the owner died as per the initial headlines - in this case the money simply wasn't there in the first place: "Quadriga likely never invested the funds entrusted to it, according to Chainalysis, ... Either the funds were never received or quickly went missing" and "Ernst & Young found five Quadriga cold wallet addresses, but they were empty, containing no cryptocurrency since April 2018."[0]
Key management is definitely difficult and is full of tradeoffs depending on the risks you want to protect against. There are some nice guides out there that go into some of the details[1][2] as well as inheritance plans, and it typically involves multisig wallets (2 of 3, 3 of 5, etc) with some of the keys stored with a lawyer or other trusted party. Some commercial solutions exist like Casa which can make it seemingly easier, but has increased risk as a result. If you don't plan ahead, it's likely gone, but the setup time/cost of these solutions really only makes sense for large amounts.
I recall reading at one point about future support for time locked multisig in Bitcoin that could maybe help with that but don't know the status of that capability or how it works, or how difficult it is to set up.
7 or so years ago, a friend of mine passed away. He had setup and explained a complicated encryption scheme to his wife that stored all their digital stuff. She didn't remember any of that, and then it was permanently inaccessible to her.
Seeing the challenge in this, I made a note for my wife which is "All of our nerd stuff, if I die" It contains instructions on how our network works, how to handle domain names, how our backup system works, etc. Passwords and such belong to our shared BitWarden, but for all the other "What now?" stuff, I feel better having given her at least some explanation.
> This is very important. Due to strong cryptography it's safe to assume the cryptocurrencies can't be moved without the secret key. What happens if the owner of the key dies? My father asked me about this once and I had no answer. Something to really think about.
One option would be to create a multi-signature wallet, where for example three keys exist, while two keys are needed for transactions. This would allow scenarios where the widow and the notary can access a wallet after the owner died. At the same time, no single party would be able to run with the money with only one key.
There’s already a practice of businesses storing a paper copy of a critical infrastructure password in a safe for emergencies. I don’t see why the same concept couldn’t be used here.
I know you're facilitating a conversation about key discipline, and I don't mean to derail you from that, but it's not clear that the problem here was really an inaccessible wallet. You can read the Ontario government report on it [1].
Cotten was treating all customer deposits as ostensibly a single asset pool, paying expenses and customer withdrawals out of the same pot, using that same pot to speculate on bitcoin on external exchanges, and using fake accounts to boost volume or liquidity. When Bitcoin crashed in 2017 he had way more BTC and way less CAD than his customers were owed and had paid much more for it than he could sell it for. It was a classic Ponzi scheme. Add in all of the money he had spent on personal assets out of the same pot and there is no need to speculate about a mythical missing wallet. They found 4 paper cold wallets and all of them were empty, presumably because the contents had been sold to pay other customers.
So what happens to these digital coins in the face of loss of keys? Actually, what do banks do as well? If someone dies with a large sum in an account, how is it different than a digital currency at that point? There's no physical tangible good that has value. It's just a number in a digital ledger for crypto or typical bank. Is the only difference in this case the encryption, otherwise typical banking rules would apply?
Look up “unclaimed property”, there is a whole complicated bureaucracy dedicated to tracking this stuff and letting heirs claim it. Each state of the US has a separate web site where you can search for anything left in a dead relative’s accounts.
Claiming it is easy for small values. It gets more complicated as the value rises, I have enough left in this situation from a grandparent that I am putting off getting something called a “judgement of possession” to acquire some funds.
This bureaucracy does not, of course, exist for cryptobucks; creating one probably will be mandatory if it is to become an actual part of the financial system instead of a cascading pile of scams, and it will involve a whole lot of things that are anathema to the anti-government attitudes a lot of crypto true believers have.
The short answer is inheritance happens. If there's no co-signers, named beneficiaries, will or heirs, the state will eventually appoint an executor who will settle any outstanding debts of the estate against the account, and then I think the state itself is the ultimate inheritor.
Most states have a notion of "unclaimed funds", and you can check to see if you have any money sitting in the state coffers from a dead relative or a settlement.
I'll add to that the issue that it's extremely unlikely for there to be no heirs, as even if you made no family and your parents are dead, there's still likely to be e.g. some third-degree cousins. There are some cases (e.g. related to the Holocaust or immigrants where all the local family is dead and there are no contacts with the overseas relatives) but generally there's quite some time for distant relatives to apply until eventually the state (i.e. the general public) takes it over.
My favorite conceptually is a dead-man switch. For example, something will have a password only you have, as long as you input you are alive every x days. If you die, eventually it switches to another password someone else might have.
It really is amazing to think how hard it is to keep something safe, once you are tasked with it.
would it be possible to program a smart contract tied to the key owner's death in some provable way, in order to release a key retrieval mechanism to their heir?
I suppose you could surgically implant a private key inside your body that could be used to decrypt a cache of your other or private keys. It'd have to be somewhere that can't be accessed without killing you, though.
This is very important. Due to strong cryptography it's safe to assume the cryptocurrencies can't be moved without the secret key. What happens if the owner of the key dies? My father asked me about this once and I had no answer. Something to really think about.
We currently think of secret keys as expendable. Compromised or lost? Just make a new one. Nobody shares or inherits keys, everyone has their own set. The dead won't be encrypting or signing any messages and there is generally no reason for anyone to retain the ability to impersonate them.
Traditional key discipline relies on the assumption keys are worth nothing. All this goes out the window when these are the keys to assets worth thousands, millions. A new key discipline needs to be developed.