tldr: The new default output type includes a second key from a semi-trusted “recovery service”, which can be any user but will by default be the wallet service provider chosen by the user, which gains access to all outputs after 60 days and spends the tokens back to the user in case the user has lost their keys. To prevent the recovery service from gaining access to your tokens, simply log in at least once per 60 days and rotate your keys.
There are two types of wallets:
Most users of cryptocurrency use custodial wallets, and I see no reason why that will change with EarthBucks.
That said, the first wallet I am building is self-custodial because it is very important for users who actually do want to manage their own keys that this service exists. It is particularly important for businesses who want to offer custodial services for their users.
One of the things I learned building Bitcoin wallets for more than 10 years is that even highly sophisticated and technical users will lose their keys and therefore lose access to their tokens.
To account for the extremely frequent scenario of key loss, and also for what I
expect will be frequent cases of key loss through inactivity because all UTXOs
on EarthBucks expire, I have added a new
script type to EarthBucks called recovery
. The recovery script is a way for a
semi-trusted third party to recover outputs after 60 days if the user has lost
their key or if they are simply inactive.
The way it works is like this:
I have previously explained how all UTXOs expire. In this post, I would like to explain how the recovery script works.
The new standard script type is called PKHXR 90D 60D
which means the output
will expire completely after 90 days if it is not spent and it will be taken by
whichever mine mines that block. The 60 day period is when the recovery key
becomes active. Technically, the recovery service can do anything it wants with
the tokens after 60 days, but the default wallet software will simply send the
tokens back to the same keys, minus a fee. The user will agree to a Terms of
Service with the recovery service (their wallet) that will specify the behavior.
If the user has lost their keys, the user will authenticate with non-key material such as phone, email, and government ID, and they will tell the recovery service (their wallet) that they have lost their keys. In that case, the next time the recovery period is active, the recovery service will send the tokens to a new user key.
The script relies on CHECKLOCKRELVERIFY
with a total of three cases triggered
by the spend script:
The PKHXR 90D 60D
output script looks like this:
OP_IF
OP_DUP
OP_DOUBLEBLAKE3
OP_PUSHDATA1
[32 bytes: the user's pub key hash]
OP_EQUALVERIFY
OP_CHECKSIG
OP_ELSE
OP_IF
OP_PUSHDATA1
[2 bytes: the number 8640]
OP_CHECKLOCKRELVERIFY
OP_DROP
OP_DUP
OP_DOUBLEBLAKE3
OP_PUSHDATA1
[32 bytes: the recovery service's pub key hash]
OP_EQUALVERIFY
OP_CHECKSIG
OP_ELSE
OP_PUSHDATA1
[2 bytes: the number 12960]
OP_CHECKLOCKRELVERIFY
OP_DROP
OP_1
OP_ENDIF
OP_ENDIF
Note:
The default spend script, created by the user, and expected to be used from 0 - 60 days, looks like this:
OP_PUSHDATA1
[65 bytes: the user's signature]
OP_PUSHDATA1
[33 bytes: the user's public key]
OP_1
The recovery spend script, created by the recovery service, and which becomes possible after 60 days, looks like this:
OP_PUSHDATA1
[65 bytes: the recovery service's signature]
OP_PUSHDATA1
[33 bytes: the recovery service's public key]
OP_1
OP_0
The expiry spend script, created by a mine, and which becomes possible after 90 days, looks like this:
OP_0
OP_0
The recovery service has a 30 day window to do whatever it needs to do to get the funds back to the user. The default behavior is to re-spend the output back to the user minus a fee, however, other behaviors are possible. For instance, the recovery service could collect all recovery outputs in a 30 day window and merge them after 30 days to decrease the total number of transactions. Any other behavior is possible within the range. The recovery service may take a fee per output, or the fee could be paid some other way, such as a monthly fee by the user.
Note that the recovery script is optional. The user can use “PKHX” transaction outputs, which are also standard, and do not have a recovery key. However, those outputs also expire after 90 days. The recovery type is strictly better, because in both cases, active users have exclusive access to their funds. Only in the recovery case is there a way to recover tokens in the event the user loses their keys or becomes inactive. In the standard case, users will lose their tokens after 90 days. This is why recovery is the default behavior.
It is extremely common for users to lose their private keys, even for
sophisticated, technical users. On EarthBucks, it is expected it will also be
common that users become inactive and lose access to their funds through expiry.
The solution to both of these cases is the recovery output type, PKHXR 90D 60D
, which enables a recovery service chosen by the user to recover funds
after a 60 day window. This both enables token recovery for lost keys and also
prevents accidental expiry. Recovery is the default type and it is expected all
users will use a recovery service, unless they are a sophisticated user, such as
a business, with a specific need for alternate script types.