The unsuitability of presigned transactions for vaults

The recent discussions on delvingbitcoin.org have brought to light the complexities and challenges associated with implementing vaults in cryptocurrency custody, specifically through the use of presigned transactions. This approach, although theoretically feasible, presents significant usability issues that hinder its widespread adoption. Presigned transaction vaults require the generation of ephemeral keys for each transaction, a process that not only demands a high level of technical sophistication but also poses security risks due to the difficulty of convincingly destroying these keys after use. The pregeneration of transaction graphs leads to several other problems, such as the risk of burning coins if they are accidentally sent to an already sealed vault address, cumbersome UTXO management due to the need for repeated secure ephemeral key generation, and the challenge of managing transaction fees upfront without the flexibility to adjust them based on network conditions.

Furthermore, the inflexibility of this system results in inefficient chain usage as each deposit necessitates its own transaction, significantly increasing the cost and complexity of managing vaulted funds. Also, the requirement to indefinitely preserve "toxic" vault data introduces additional burdens on users, making the entire scheme impractical for anyone but the most technically capable and financially resourceful operations. Despite these challenges, there is evidence of large custodial operations both emulating vaults with automated multisig signing and implementing them with presigned transactions, though these efforts are not widely publicized. Notable projects attempting to utilize current scripting capabilities for vaults include Revault, Liana, and Bryan Bishop's prototype code, which can be found at this GitHub repository.

In an attempt to address these limitations, the implementation of a prototype using CTV (CheckTemplateVerify) was explored, aiming to simplify the vault creation process by eliminating the need for ephemeral key generation and the indefinite storage of critical data. However, this solution was still plagued by the inherent problems associated with presigned transactions. This experience led to the development of OP_VAULT, a new primitive proposed to overcome the usability challenges detailed in the vaults paper available at jameso.be/vaults.pdf. In conclusion, while the idea of using presigned transactions for vaults presents a novel approach to securing cryptocurrency assets, its practical application is fraught with difficulties that severely limit its utility. The exploration of alternatives like CTV and OP_VAULT underscores the ongoing search for more viable solutions in the field of cryptocurrency custody.