Dhruv Bansal, Co-Founder and CSO of Unchained Capital rejoins me in this episode to talk about some bitcoin open source contributions Unchained Capital are making, as well as Unchained Capital products and services. Learn more about multi signature, Shamir’s secret sharing, and how Unchained are applying Bitcoin to financial services.
- Multisig Vaults
- Open sourced multisig software
- Hermit – Shamir’s Secret Sharing
- Dhruv Bansal: https://twitter.com/dhruvbansal
- Unchained Capital: https://www.unchained-capital.com/
- Hermit blog post: https://www.unchained-capital.com/blog/a-hermit-emerges/
- Unchained Capital Github: https://github.com/unchained-capital
SLP Bitcoin Custody Series:
- Kraken: http://www.kraken.com/?utm_source=podcast&utm_medium=stephanlivera
- Unchained Capital: https://www.unchained-capital.com/?utm_source=Stephan%20Livera&utm_medium=Referral&utm_campaign=Affiliate
Stephan Livera links:
- Follow me on twitter: https://twitter.com/stephanlivera
- Show notes and website: https://stephanlivera.com/
- Subscribe to the podcast: https://plinkhq.com/i/1415720320
- Rate and Review the podcast: https://itunes.apple.com/podcast/stephan-livera-podcast/id1415720320?mt=2
- Orange Coin Good and other Merchandise @ Layer One BTC Store: https://layeronebtc.com/collections/stephan-livera-podcast
- Email contact: email@example.com
Podcast Transcript by GiveBitcoin.io:
Stephan Livera: Dhruv, welcome back to the show.
Dhruv Bansal: Thank you, Stephan.
Stephan Livera: Yeah, I know you guys are doing a lot of work with Open Source, Multisignature, Bitcoin, Custody. There’s all these different pieces that are interrelated here. But maybe it would be best to just start with a bit of discussion around collaborative custody and what you guys are doing with Unchained Vaults. Then maybe that can be the base line for the listeners to understand what’s going on here and what are we talking about? Did you want to just give a quick overview on what the Unchained Vault product is and how it works for the listeners?
Dhruv Bansal: Yeah, absolutely. I think of Unchained Capital as a technology company that’s delivering financial services. It means we do a little bit of both. We started out giving loans, so Bitcoin backed collateralized loans. In order to do that, we chose to deliver those services via some technology, which was at the time a little bit newer and is now coming in to I think mainstream a lot more. That is Multisig cold storage. We always have this technology backing our loan products, and earlier this year, we launched a dedicated Vault product. I still think of it as a financial service, ultimately. We’re working with people’s money to help keep it safe and to bring it adjacent to the other services like loans and others that we’re going to plan in the future. But the core of the way we provide all these services still remains Multisignature cold storage.
Dhruv Bansal: That’s what we call collaborative custody, which we think goes a little bit beyond just Multisig and just cold storage, which already are pretty powerful tools to achieve security. And recognizes that the way that we do security is collaborative. That’s true in our physical universe, our physical security relies on collaboration with our friends, neighbors, government employees in our neighborhoods. It’s the same online and it’s the same about with digital information. If we act collaboratively with each other, and let’s say in Bitcoin, that means using Multisig passing out keys to different parties that represent different interests in a given financial product or instrument of Vault alone, we can create some really interesting and compelling structures. In which social security, like the security we have as individuals in society who know each other can be used to increase our Bitcoin security.
Dhruv Bansal: That’s really, really powerful. Because, remember, Bitcoin has no idea who we actually are, it only cares about public and private keys. If we’re overly reliant on ourselves or any one person or entity, we lose some of the benefits of collaborating and acting as checks on each other. What’s really nice is that because Bitcoin is very forward thinking, all this stuff is built in from the beginning. The ability to have multiple keys and to build these custom custodial arrangements is totally possible, it’s just challenging. Where Unchained comes in is that software layer, that professional company to help our customers achieve Multisig in the way that they want, whether that’s collaborating with us, collaborating with each other, or a combination of both.
Stephan Livera: Excellent, and let’s just outline for the listeners the difference between if they are an individual or if they are an institution. Just, I guess, talking through what it looks like, if I’m an individual, I come to Unchained-Capital and I sign up. I’ve got, say, one Trezor and one Ledger hardware wallet and the general setup there would be I hold two of the three keys and Unchained holds the third key in that setup. Then in the institution case, it’s more like the institution would hold one of the hardware keys. Another third party would hold the second key and then Unchained holds the third key. Can you just elaborate on that for us and the different setup?
Dhruv Bansal: Yeah, that’s a great example of the kind of flexibility that I was talking about. We’re not a big believer here at Unchained that every single customer looks the same. People have different security needs, businesses and individuals have different security needs. Different businesses and different individuals in each group have different needs from each other, and so we offer a lot of flexibility with how we allow our customers to consume these services. The difference that you’re alluding to is one of the two main flavors of our Vault product. The first one you described in which the customer has two out of the three keys, which are required to move funds from the Vault is what we call our client controlled model.
Dhruv Bansal: The second model, in which there are three different parties, a customer Unchained and an independent third party key agent. Each of whom has one of the three keys required, and this is still two out of three arrangement, that’s what we call multi-institution. Definitely, there is a pattern where individuals tend to prefer the client controlled model. As individuals, they’re already in supreme authority over their Bitcoin, they don’t want to give that up when they work with a partner like us. Institutions may be managing other people’s Bitcoin. They may not be comfortable for very many reasons with having the same kind of control and authority that an individual would demand. These models are designed, not necessarily for businesses and individuals, I think we do have some individuals who, like the multi-institution model, that’s an interesting way to deal with issues like inheritance and retirement planning.
Dhruv Bansal: We do have businesses that want to use the customer controlled model, because they are capable and willing to take on that risk and ownership. But very much these models are designed for, “Do you want to have all the keys, or do you want to have sufficient keys to spend on your own, or do you want to prevent yourself from doing that?” There are people who want both, and sometimes the same person wants both in different contexts in their life or in their business. Yeah, that’s one of the first ways that we offer to customize this experience. We also have some more advanced features that we’re prototyping with some early customers, especially, those who are interested in more group settings to be able to share keys with each other in various interesting ways. An example might be a husband and wife or two partners, both have a key each and they’re able to independently sign up at Unchained Capital.
Dhruv Bansal: Each get their own account, each upload their own key, and then they’re able to find each other on the platform and connect and say, “Will you essentially be each other’s…” they’ll be each other’s key agents. They’re going to nominate each other to have some control together collaboratively over the same Vault, and then they’ll build out a two of three Vault with us but they’ll each have one of the keys. That’s a pretty interesting structure and that’s something that we enable already today. There are analogs of that in the business context, so whether you pick the multi-institution model or whether you pick the customer control model, you have some interesting ways to further change on your end who actually holds these keys.
Dhruv Bansal: Remember, keys can be duplicated, keys can be split up, we’ll talk about it I think a little bit later in this conversation with Hermit and SLIP-39. But there’s a lot of interesting patterns that people adopt with keys, and our aim is to enable that, not prevent that from happening. While at the same time creating a simple shared context for all the communication and all the collaboration, and that’s really what Unchained does best.
Stephan Livera: Excellent, and I think another point that listeners would want to understand is just this point around authentication. Because, obviously, we’re living in this world now with deepfakes and all this different stuff. I guess the listener might be thinking, “Okay, if I sign up with Unchained, how does Unchained verify that I truly want them to cosign on this transaction? Or in the institutional model case, what’s the typical way it would work if, let’s say, I want to use the institutional model, right? I would hold one of the three keys and another third party key agent and then Unchained, how would they authenticate or verify that this is truly who I want to spend to, for example, and it’s not an attacker trying to bluff as me, for example?
Dhruv Bansal: I think you’ve cut right to the heart of the matter there. As I said earlier, bitcoin doesn’t know who we are, it only knows about our keys. As long as those keys show up in the right transaction, the network will take it, it’s valid. A really important question becomes the who? Who is this person and what is their actual intent? We think about it as the core issue here is identity and intent verification. I think an important thing to realize about identity is that identity is not something, in many ways, that we get to decide. I’ll come back to this theme. Identity is something that exists, whether we realize about ourselves or not. I’m always going to be responsible, even if I forget that fact about myself. Our identity comes from the social context in which we’re embedded in a lot of ways.
Dhruv Bansal: I’ll come back to that as we talk about KYC and some of the other issues around identity management and financial services. But here we’re really talking about the verification of a known identity. It really depends on what you mean by an identity, some websites, which are designed around automation, say that identity is your user account. That’s not sufficient for us, right? There’s lots of ways to get into somebody’s user account just by stealing their password, by hacking their email. We like to go, we like to at least have things like two factor authentication and have several layers to protect user accounts. But even if someone were to get through all those layers, that shouldn’t be sufficient for us to feel like that’s really who this person is.
Dhruv Bansal: With that said, we start to run into privacy issues. We want to go further than merely using the existence of an account on our site as sufficient verification, but we don’t want to force customers into a channel of communication that they don’t want to use. For example, we offer, we can text you and call you, that’s a minimum that we would like to be able to do. It’s part of the reason we collect phone numbers on our accounts, sign up pages, so that we can be able to reach out to you, email of course as well. Ideally, we like customers to video themselves saying what they would like to be done. We have a program, our verification video program on our site, once you’ve signed up, you can opt into literally recording a video of yourself establishing your identity saying, “This is Dhruv Bansal, this is today’s date. Using this is my real image and voice, and please use this as a reference when I make further recordings like this.”
Dhruv Bansal: Then later on when you want to spend funds from your Vault, you can optionally set it up such that such a video would be required before Unchained or whatever countersigned with you. Again, you get to customize what level or percentage of the Vault asset that will trigger on, and you get to, in that moment, be recorded and we will, as your partners in this, as human beings who are collaborating with you, be able to use our minds, not software, to evaluate whether these two videos really are the same person. That’s a very strong indicator of identity. Now, I think things like deepfakes and video that is fake, but is so close to being real that it fools people, these are real threats. They are happening, they’re getting easier and easier.
Dhruv Bansal: In that sense, I don’t want to present anything I’m saying today as a final solution, especially, for listeners who might be hearing this episode months or years from now, security is a fast moving space, especially, in the Bitcoin area. Today, I think the risk of fake videos is somewhat low, realistically. Stephan, we got a little siren here outside. I might just hold.
Stephan Livera: No, that’s fine. Yeah, so you’re saying, basically, the risk of deepfakes right now is low, but as you’re saying, things could change in the years to come?
Dhruv Bansal: Yeah, exactly. Now, I think, ultimately, as long as we are ahead and you are ahead as a user of most people out there, that’s a really good start. For certain individuals, some of whom work with us already, who believe they are larger targets, there are further things that we are willing to do. I won’t, for obvious reasons, get into all the details of that but a simple example is customers who might say, “Look, I never ever will reach out to you remotely. If I need you to sign, I will come to your office and I’m willing to wait the days that would be required to arrange something like that and I won’t go back on this. You can record that information.” Since we’re a company with resources and the eagerness to work account to account with our customers, we can entertain customer requests like that.
Dhruv Bansal: I think companies which are intending to serve millions of customers at a relatively smaller per customer value point have difficulty extending that level of care and support to their customers. But in our case, it’s we’re willing to do whatever it takes to make customers feel comfortable. They’re the ones who ultimately understand their own spending habits the best, and frankly, this is a really good customer research for us. It helps us understand the directions we need to develop our product in. I guess I’m trying to say there is no permanent answer to this question of how do we verify identity because it’s an arms race and it always changes and there’s no one size fits all answer. It’s going to depend on how much of your own privacy you’re comfortable exchanging for better verification, and exactly on the threats that you perceive you suffer from.
Stephan Livera: An insightful answer, and I think the other point that listeners might want to know here is just that when you sign into the website, you can still have things… it would mean if someone were to try and hack you or attack you, they would still need to have your username, they’ll still need to get past the two factor authentication as well, which is their phone authenticator app rather than like an SMS one. These are components of it as well. I think it might also be interesting now just to talk about what some of the benefits are of having that collaborative custody structure. One example that I know of is that if you put your bitcoins into collateral, you can see them on the blockchain, so to speak. So that you know they’re there.
Dhruv Bansal: Yeah, that’s exactly right. There’s a really nice way to structure the loans. Indeed, the very first product we launched into the market was the idea of using a Multisig address that sits on the blockchain and wish the balance never moves as a form of very visible and very transparent collateral. With a multi-institution collaborative custody, where our customers are actually holding a key that is part of the Multisig that protects those funds, they can even go further. We share redeemed scripts and BIP32 path for all keys that’s a little bit of technical jargon. But it helps customers be able to verify in a very, very direct and strong sense cryptographically that they are still able to spend the funds that are in that address.
Dhruv Bansal: Now, of course, they can’t do it wholly on their own, they’re just one of the three keys when they’re participating and alone. But most customers are doing, in a Vault context, have a sufficient case do this on their own. That’s actually another way in which Unchained gets a benefit that oftentimes we’re only protecting one key, especially, in a Vault context. Even in a multi-institution context with collateral and loans, we’re only ever one key in that quorum. So what that means is not only does the customer have to go through all these layers of protecting themselves in their own account, but they have their own keys. That is the fundamental protection that any customer has against hacks. This other issue really just shows up when the customer has already been hacked, an attacker has already gotten one of their keys at least and then has to go further and convince Unchained to sign falsely.
Stephan Livera: Gotcha. Yeah, and let’s talk a little bit now about you are trying to open source or you are open sourcing the Multisignature solution, and there’s a UI for that. Can you just give us some background on that?
Dhruv Bansal: Yeah, absolutely. The projects that we’ve been working on as internally has been codenamed Caravan. That’s going to be the name of the open source web application that we’ll be releasing I hope here just in a few weeks. I just gave a demo of it last week here in Austin at a local Bitcoin meetup. It is exactly as you describe it, you can think of it as an open source version of the kind of thing you can already do at Unchained Capital. It’s a little bit more flexible than our commercial application, it’s designed to be a little bit more broad reaching. It’s also a little harder to use. There’s a lot more state management that you have to do because you’re doing everything on your own without any company or other entity helping you necessarily.
Dhruv Bansal: Why did we put this out there? Partly, because we love open source and we think the best and most secure code bases in the world are open source codebases. As much as we love and are proud of our own closed source codebase, and as much as we’ve had it audited and reviewed by experts, we think the best possible thing to do is to get the way that we do transaction authoring, signatures, hardware wallet interactions out there into the open. One, it gives us a chance to show off some of our learnings. We’ve been doing this stuff a lot longer than a lot of the other people in the space and we’ve learned a lot about the right ways you need to wrap hardware wallet UIs, the right way you need to communicate about change addresses. A lot of the minutiae of just getting actual stuff off the ground in Bitcoin, and especially, in Multisig and cold storage.
Dhruv Bansal: We get to show that off, we get to get feedback from the community around our solutions. Hopefully, we get some buy-in from other developers who say, “Hey, the libraries that are packaged into Caravan, which are of course open source, are really cool. I want to use these.” If we can get other people to use this stuff, that helps us tremendously. It means that there are more people using the same code that we’re using, more eyes means fewer bugs, more users means more attention from hardware wallet manufacturers when we ask for bugs to be fixed. For us, this is a way of getting a lot of stuff that was happening privately harder to see but for the customer and for our partners, and not creating as much of an impact since it was just being run by us and getting it out there into the open. That’s one of the big internal benefits.
Dhruv Bansal: I think for, externally, that was a benefit to Unchained, but more broadly, to users out there. If you are just someone who wants to be doing Multisig, but let’s say you don’t want to work with a company like Unchained or any other entity, you’re going to want to do this privately on your own and you want to do it with open source, this is I think the way to do it. There, of course, are existing solutions for open source, Multisig, cold storage out there. Electrum is chief amongst them and probably a great choice. But Electrum does a lot, a lot of things, and it’s an older piece of software and you can see that in the way it’s architected. You can think of Caravan as the next generation past Electrum, learned a lot from Electrum learned a lot from other stuff that came before, and really simple and focused on just Multisig.
Dhruv Bansal: It’s not Ethereum, it’s not any other currency, it’s just Bitcoin. It’s not trying to be the best payments engine, it’s not trying to be a node, it’s not trying to be a hardware wallet, it’s a transaction planner designed for Multisig that’s made to be easy to test and to build on. And to serve as an environment where Unchained can put our best foot forward and hopefully other folks can start to use it so this whole thing scales. Standardization is a big hope of ours, and something I’d like to talk about a little bit more in this conversation. But Multisig really suffers today because there aren’t good standards or well followed or well understood standards. By creating these kinds of open source example applications that real people can use and solve real problems, we’re hoping to cast more light on the lack of those standards and start conversations with other developers and other companies in the space about how to standardize.
Stephan Livera: Great, and I think it might be good to now just for the sake of understanding for the listeners, so I guess just for comparative sake. A listener who wants to “roll their own” right now, they might be doing something like Bitcoin Core full node. Then on top of that they might be running one form of an Electrum server being either Electrum Personal Server, Electrum X, or Electrum Rust Server. Then back on their laptop or their desktop computer, they would have the Electrum client. Then on the Electrum client, there’s a Multisignature UI and so on. They would plug in the Trezors and Ledgers, and so on and, basically, that’s the stack. Can you outline what that would look like with Caravan?
Dhruv Bansal: Yeah, there’s a tripartite structure to that stack that might not be apparent to all listeners. I think the way that I conceptualize it is that there’s three things there, the first is the consensus like what is the state of the network? What are the addresses that exist? What is the current balance or status of this UTXO? That’s coming from bitcoind, or rather, on some level, you want that to come from bitcoind. Because bitcoind has already solved a problem of how do you create trust this consensus? It’s called Bitcoin and the software that does it is bitcoind, that’s your full node. If you don’t want to run a full node, you don’t have to, you should be able to get that consensus from a different source. Maybe a block explorer.
Dhruv Bansal: You’re choosing to trust that block explorer, but that might be easier or better for you than trying to run your own bitcoind now which just might not be possible for you. There’s a dimension here of consensus and you have choices. There is a second dimension, which is keys, “Where’s the actual private key stored when I interact with my Bitcoin?” Sometimes the answer is it’s just on my computer because I’m running a software wallet, Electrum allows you to do that. That’s not the safest answer, especially, if that computer is the same computer that is trying to achieve consensus and is connected to the network. That’s the easiest choice, and that’s where bitcoind started on day one but that’s not the safest choice. Things like hardware wallets tried to be another option for you on the key side here, so you can keep your key just in the hardware wallet and it solved just that one problem and you have to handle everything else.
Dhruv Bansal: There are other tools, Hermit is one that we’ve made that focuses on that part of the problem. Then there’s a third category, right, so the first two are consensus and keys. The third category is this idea of what I would call a transaction planner. The thing that knows how to talk to the blockchain, look at consensus, find balances, author transactions, construct signature requests, combine signatures from keys, and push it back out into the world of consensus. Now, having those three roles of consensus, keys, and planner be separate things feels more complicated but it’s also more modular and that creates its own benefits. Software like Electrum and bitcoind implement all three of those functionalities really.
Dhruv Bansal: I’m one of the believers that the way that bitcoind should evolve going forward is it should stop being a wallet, it should stop being a transaction planner, it should really focus on a consensus part. That might be controversial but that’s just my personal opinion. I love the idea of dedicated key devices, hardware wallets, Coldcards, Trezors. Like these are great examples of things that do one thing really, really well, they hold keys. There hasn’t really been a good example of a dedicated planner software. There are some developers who know about them, but users tend to be focused on software, which does more than one of these three things at once. Electrum is probably the chief example of such software. It can be its own source of consensus, you can use an Electrum server.
Dhruv Bansal: It can hold keys because you can have a software wallet in there and it can also, of course, plan transactions for you. Now, I’m not saying that’s bad, that’s super convenient and that’s clearly the first thing that happened historically as software got laid on this space. But that second generation looks at this and says like that’s really monolithic. I really worry about the architecture there. I want to draw some clean lines and separate out those responsibilities and give my users the choice of which key they plug in or which transaction planner they plug in or which source of consensus they plug in. So with that framework, I think of Caravan, the project that we are about to release, is very much a transaction planner. You can plug in your own bitcoind node to it or you can have it just automatically go talk to Blockstream.
Dhruv Bansal: You can plug in your hardware wallets, you can plug in other sources of keys, or you can just paste in directly signature data and other kinds of cryptographic representations. It’s really not very opinionated around consensus and keys, it’s just trying to solve that one problem of how do we really make an elegant simple to use secure transaction planner, especially, when focused on Multisig where there isn’t a lot of support from other wallets.
Stephan Livera: Excellent, and actually can you just touch on, you mentioned that standards earlier and obviously a big key one in this case is PSBT, Partially Signed Bitcoin Transactions. Can you touch on your thoughts there around is Caravan using PSBT and just any other thoughts around some of the open standards that you’re trying to either use or create?
Dhruv Bansal: Yeah, I think PSBT is a great example of a great standard. There are some issues with it that I can cite that I don’t think are, sometimes hold it back a little bit, but I think it’s otherwise a really well designed standard and I hope to see it achieve greater adoption. We’re pushing towards it in all our tools but we don’t support it almost anywhere at the moment. Caravan does not speak PSBT at the moment, we’d like to get it to. I actually think one of the first areas that we’ll see that happen in is with Coldcard. Currently, Caravan supports Trezors just like our own Unchained Capital commercial platform. Caravan supports Trezors, Ledgers, Hermit, which is an open source shorting wallet that Unchained’s been working on and it supports just raw signatures, as I mentioned.
Dhruv Bansal: The number one thing we’d like to probably add to it is Coldcard, that’s where we received the most requests from customers asking for support on that wallet. Coldcard, I think as some of the audience may know, it uses PSBT, and we’re hoping that by learning how to integrate Coldcard into this open source application, that will be our first really area where we’ll get to move over time the whole application to just use PSBT as an internal standard. Then convert to whatever it needs to for non-PSBT speaking wallets like Trezor or Ledger or others. But right now the PSBT standard itself is somewhat new, and so that’s a great example of where we hope to take the lead through Caravan and other software and really push some of these standards.
Dhruv Bansal: Another great example would be BIP32 paths. There’s a lot of inconsistency. For listeners that may be less familiar, you can think of BIP32 path almost as like, “Well what file, what directory on your computer do you want to store this in?” It’s always one of those questions we’re like, “There’s really no wrong answer, like any directory will do.” But the more organized you are about it, the more standards that are emerged on how to organize the directories on your computer, probably the better off you’ll be long-term. Same idea here that in theory any BIP32 path works but it’s important to have some conventions that make it easier to be interoperable. Electrum, for example, has some very distinct and different conventions around Multisignature BIP32 paths that are emerging in more recent wallets and more recent standards.
Dhruv Bansal: Part of what Caravan tries to do is, first of all, act as a debugging tool and lets you put in any crazy standard you like just to see what’s going on to explore. Because I do have historical experiences working with customers in weird address formats or weird tools, migrating back and forth between things. It’s nice to have a tool that’s not opinionated. But, at the same time, Caravan does understand standards, and if you want to follow standards, it will very much say this is exactly the right BIP32 path you should be using and force you into a certain pattern. Again, it’s meant to serve as an example, I think, for the community of what we think are the right standards around Multisig, and frankly, also spur wallet providers. I think what’s been really nice recently is having something like Coldcard show up and take the lead on something like PSBT that’s usually something I would expect to see from the folks at SatoshiLabs or Trezor.
Dhruv Bansal: It’s really, really nice to have that third big player enter the wallet space and push on this cool new feature that’s driving standardization and seeing other folks have to respond to that. I’m all for new keys and new players, especially, when they drive standardization. That helps everybody.
Stephan Livera: That’s great. I guess for the listener, if they’re thinking, “Okay, how do I use Caravan?” Is it basically just a software client with a GUI that they would use for Windows, Linux, or Mac?
Dhruv Bansal: It’s actually a web application, so we’ll be hosting a copy of it and anybody can go to the URL with the copy we host on GitHub. But you can also just download it yourself and just run it in your own browser. We call Caravan the stateless multisig wallet that’s a little bit a pun on the idea of it has no internal state. That it doesn’t store any files on your computer. Every time you reload the page, it’s completely blank and fresh like a calculator almost. You have to insert the state, you have to bring your keys, you have to bring your source of consensus. In that way, it’s totally stateless and it just runs in a browser. Our goal there is maximum compatibility across platforms just to make it as easy as possible for folks to plug into.
Stephan Livera: Yeah, and then if it’s a web app, can you help me understand how does it connect with say my Bitcoin Core?
Dhruv Bansal: Right, actually, just through the internet. You’re able to talk to local devices that a web browser is able to talk to devices on the local computer that it’s running on. That’s, in fact, how your Trezor works. That behind the scenes, there’s a piece of software called the Trezor Bridge, which your browser winds up talking to and then that winds up talking directly to your Trezor. There are, of course, other ways to achieve stuff like this, but that’s just an example of one. Similarly, your browser can just talk to your bitcoind node. It just sends a web request to it, and gets back an answer. Now, of course, you have to do some setup and this is what I mean about statelessness, you have to ensure that first of all, you have a bitcoind node that is running at the URL that you input into Caravan to reach. That you input the correct username and password if there’s one that’s necessary. That your node is totally synced and caught up with the network.
Dhruv Bansal: In particular, since if you’re using Caravan, you’re probably doing Multisig that’s not native in the bitcoind wallet. The bitcoind is not going to really know about the addresses that are in your Multisig wallet unless you actually import them. You have to import those addresses manually yourself in a bitcoind, and then finally, you have a primed and ready source of consensus. This is actually a good example of why sometimes allowing a little bit of trust and using a company or a provider like a block explorer or like a multisig provider like Unchained, it saves you a lot of hassle. That doesn’t always mean that you shouldn’t take the hassle, sometimes for certain individuals, it’s worth it to manage all this stuff yourself. For many others, it’s just not. The part that really matters is the keys. That’s where Unchained’s current product really pitches itself.
Dhruv Bansal: But you can see us trying really hard to get out as much open source software as we can to make our own product better. But also to give folks who are never going to work with us, because we’re a private company and they value anonymity, give them a chance to do multisig in an excellent way as well.
Stephan Livera: Great, and while we’re on the topic of web interface, it might also be good to discuss… now this is a risk again, but again there are security trade-offs in however, whichever way you choose to set up your software. But there is a risk of malicious extensions. Did you want to just comment a little bit around if the user has a malicious browser extension that may, I guess, there are probably two main risks. Probably one key one is around replacement of an address. The user goes to the web interface, and they think, “Okay, I want to deposit bitcoins into my multisig vault.” But then the malicious hacker has put in an extension that replaces the address with the hacker’s address. Can you just outline some of your thoughts around that and what are some defenses or mitigations against that?
Dhruv Bansal: Yeah, that’s terrifying, right? The idea of software that you use every single day being fundamentally insecure. It’s terrifying. Every programmer knows that that’s actually the reality of all computers. On some level, I don’t want to make light of this issue, like it is absolutely possible to have downloaded a browser extension that corrupts your browser in various ways either generically or specifically around Bitcoin or even specifically around Unchained Capital. It’s absolutely possible to engineer such exploits. Now, you as a user, of course, have to be tricked into installing those kinds of extensions, so I think one of the first protections is just to be a little cynical of the kinds of software you download and run and make sure it’s trusted by you and people that you trust to determine that before you run it.
Dhruv Bansal: That’s one of the first mitigations. I think another really simple mitigation is given that it’s a browser, it’s really easy to start a new browser, like a new browser tab or a new browser window or a new incognito or private browser window that has no extensions enabled in it, or to have different profiles in your browser, depending on the browser that you use, that like, “Here’s your work and here’s your play profile, here’s your work profile and here’s your super secure financial or Bitcoin profile.” And that you just don’t cross traffic or sites across those or extensions. There’s a lot of techniques to mitigate and make browsers more secure, but I think the real problem here is just computers. It’s browsers are just an example of computers being insecure and browser extensions are just one path by which you can hijack people’s browser experiences in poor ways.
Dhruv Bansal: I don’t know if you saw the news but just this week there was a hilarious example of [inaudible 00:32:49] because I know, I’m sure people suffered through this, but I just I enjoyed the vector by which this exploit was executed. I think it’s a bad Fortnite mod that if you download this Fortnite mod, it helps you auto aim and cheat a little bit and be better at the game relative to the other players. But if you were someone that downloaded that mod, it also had some malicious code running inside of it that hijacked your clipboard and analyzed it for things you copied and pasted onto there. Whether you got them from a browser, whether you got them from a terminal window, whether you got them from a completely isolated application, or email, whatever.
Dhruv Bansal: Would analyze that for Bitcoin addresses and live replace them or be able to do other things on your computer. There’s no browser that’s really involved in that exploit, it’s just, again, Fortnite, the game, I’m not trying to throw shade on Fortnite by any means, there’s lots of open doors in a modern operating system. That’s true on the PC, that’s true on the Mac, that’s true on Linux, probably, more true on PC if we’re being honest. Windows, it’s true on mobile devices. There are horrific exploits and ways to phish people through their mobile devices that are really terrifying. I don’t mean to paint a grim picture here for people, it is possible to feel relatively comfortable in your computing if you take some precautions. Things like, again, only installing trusted software, keeping your operating system up-to-date, don’t use pirated software, don’t get software from locations that are shady, be minimalistic.
Dhruv Bansal: Do you really need that little toolbar that you didn’t pay for, and you wonder how they make money. Be a little cynical about what you install. But all of this really avoids the, I think, main issue. We know computers are insecure. Satoshi knew that computers were insecure, that’s why Bitcoin is so different than traditional banking and software is that it deeply incorporates cryptography into its definition and tool set for security. Instead of overly worrying about the browser or the operating system or the hardware that your computer is running on, I like to really think about something I maybe first read years ago in the Trezor security model like how can you conduct secure transaction on a computer that you haven’t noticed compromised? Let’s say you know there is a key locker and a bunch of viruses on there, how might you still achieve some form of security?
Dhruv Bansal: The answer is always isolate the thing that you want to protect and put it on a really, really simple system that obeys a more limited set of rules. A hardware wallet is a great example of that, an air gapped wallet that operates via cameras and QR codes, for example, like Hermit or many others is an example of that. There are a lot of techniques you can use to fundamentally move keys off of these fundamentally insecure devices like computers. Then this is the final piece of that journey, you have to create primitives and APIs and ways of communication between the insecure system on the computer and the secure system on the hardware wallet or the offline wallet that gives the user confidence that whatever they’re seeing on a computer is actually the truth and the hardware wallet and they haven’t actually been exploited on the computer or on the mobile phone.
Dhruv Bansal: Now, I will say Trezor really and Coldcards seem to be at the forefront of this. Trezor, for example, allows you some great features when you’re in a single signature world to verify addresses right on your device, to verify all this information in a way that you know it doesn’t really matter what the computer is showing you if you can trust your device’s screen. That’s a very powerful ability that hardware wallets give you. Trezor does a great job, I think, with single signature, it does a poor job with Multisignature. It’s frustratingly difficult to get the Trezor to recognize a Multisignature address and display that, it is possible. But it’s not possible from a browser for whatever reasons. Coldcard is another wallet that’s really making some strides in this space and really creating primitives that represent Multisignature addresses and not doing it in an ad hoc way that Trezor seems to do it.
Dhruv Bansal: But doing it in a more ground up way. Then you have, I think, hardware wallets like Ledger that’s a little bit further behind on this. They don’t understand multisig, they don’t understand the kind of… they don’t give you the same kind of protections in this world that they… or, frankly, I think even in the single signature world. I think the real solution here is that people who make keys hardware wallet providers need to, as Trezor and Coldcard have done, need to provide application authors like Unchained Capital and others, APIs that help assert confidently to the users of those key devices that everything is copasetic and working as intended. Again, they do do that, they just maybe don’t do it as quickly or as close to the cutting edge as we’d like for them to. That’s part of our hope, again, with Caravan and a lot of the open source stuff that we’re releasing is that the more people that are talking about this…
Dhruv Bansal: Michael Flaxman has been on your show, has been one, Justin Moon here in Austin is another one that talks about it. There’s a lot of folks in the Multisig space increasingly. If we’re all talking about these issues and pushing on Trezor and Coldcard and Ledger to do a better job giving us the tools we need so that we don’t have to have users trust browsers or operating systems or mobile phones. That’s a win for everybody. I think that’s where the conversation needs to head.
Stephan Livera: Fantastic, yeah, this really a lot of great insight there. I also wanted to ask around Seed backups. Let’s say I’m a customer and I’m using two of three setup with Unchained. For example, say Casa, they talk about this idea of going seedless, and the idea is that you’ve got enough redundancy across the devices. If somebody is using an Unchained set up using two of three, might they keep a Cryptosteel and/or some similar kind of product to backup the Seed words for that underlying device? Whether that’s Coldcard or a Trezor or a Ledger, and then separate from the hardware device for that key. Do you have any thoughts around that or any suggestions for the listeners?
Dhruv Bansal: Yeah, I certainly recommend that users take steps to think about how they secure their wallet words, their seed phrase. Things like Cryptosteel or non-paper based methods for storing it that will survive things like fires or other kinds of disasters, floods. That’s a really cool thing to think about, and if you are someone who’s storing your seed words in a home or in a non-professional business location where it’s your job to protect them in the case of if it’s not for somebody else’s. Maybe that’s a worthwhile thing to consider doing. I also think it’s worthwhile to split up your seed phrase. That’s a poor man’s form of Shamir Sharding, if you will. We call it scrapping at Unchained, so it’s not a Shamir Share, it’s a seed word scrap. That’s the phrase we utilize.
Dhruv Bansal: It’s a really simple idea, those of you who have Trezors might have noticed that the little booklet you get to store your seed words on is folded. It has two very equal halves. Why don’t you take a pair of scissors and cut it in half, and now just store it in two different locations. Is this a perfect solution? No. For a variety of reasons, this is imperfect. Each half doesn’t have the exact same amount of randomness as the other so there’s one greater and lesser scrap that’s annoying. If someone gets one of your scraps, they know 12 of your 24 wallet words. There are a lot of reasons to believe that that’s not sufficient security for you to feel comfortable. You should feel like they can break the other 12 fairly quickly. Maybe you split it up into groups of four, okay?
Dhruv Bansal: You can see how this is it’s the harder you do it, the more you do it, the probably better it is, but the more complex it becomes. Something we recommend is the simplest thing you can do that we think is a net win is just cut it in half and store it in two different locations and don’t duplicate it. That just makes it so that there’s no one location in the world where your wallet fray or your seed words are sitting there unencrypted in plain text for anybody that were to stumble across them or to exfiltrate them. Now with that said, there is a better approach, right, and that better approach is called Shamir Sharing. That I think not everybody may know this so it’s worth saying explicitly, if you took your wallet phrase and you split it into two, you would clearly need both of those scraps, so two of two, in order to recover the phrase.
Dhruv Bansal: But if you had one of them, as I mentioned earlier, you would still have partial information about the key and you might be able to recover the key without actually finding the second scrap. With Shamir Shares let’s say you did the same conceptual thing and you built two of two Shamir Shares, and you have to have both Shamir Shares in order to be able to access the seat. It is absolutely true that if you find one of the shares, you actually know nothing. You’ve learned no additional information about the key and you cannot suddenly just maybe brute force your way into it. That’s a very powerful difference that’s been traditionally challenging to achieve for non-techie folks, folks who aren’t programmers and comfortable running code. There are some things that are making it easier. Chief among them, I think, most recently is the push by Trezor and SatoshiLabs to put out a standard known as SLIP-39, which is called hierarchical… I think of it as Hierarchical Shamir Shares.
Dhruv Bansal: What’s cool about it is that it’s a standard, which means it’s something that we can build momentum around and hopefully get codified. There are already wallets that are supporting it, so Hermit and open source while that Unchained put out a little while ago, supports this. Hermit is very, I want to say, it’s a professionals tool, it’s not a consumer tool. But Trezor, which is very much designed for the normal people like myself and anybody listening to be able to use to feel better about their personal Bitcoin security, Trezors are going to be supporting SLIP-39 as well. I think that might be already happening, in fact, so you can actually create Shamir Shares directly out of a Trezor, you don’t necessarily need to use a wallet word phrase.
Dhruv Bansal: Just to make it really concrete for folks, Shamir Share can be defined in a lot of ways, but the way that SLIP-39 does it, it’s basically like a wallet word phrase. Instead of having one phrase of 24 words, and that’s your master secret, you wind up with if you choose one two of two, you wind up with 48 words. It’s actually a different number but you wind up with some larger number of words. Each of those is just like a wallet phrase, it’s just a list of words. They’re very easy and they’re very ergonomic for those people who already understand wallet phrases. It’s just an extension of that, that has better cryptographic security, which makes it better for backup. Now, that word backup is pretty important in this context. I personally think it is insane to run seedless. I personally have had Trezors fail on me during upgrade, and what is the solution? Reload them from their seeds with the new firmware. That works perfectly.
Dhruv Bansal: It’s frustrating to believe that you have a key in this Trezor, and actually have it not be a key but access to a key. I think running without a seed phrase or throwing out your seed phrase because you believe you have sufficient other devices, I wouldn’t feel comfortable doing that. The argument, I think, that is advanced sometimes by folks like Casa for doing that is seed phrases are complicated, I guess, and they can be lost. They’re unencrypted and maybe that’s a whole. I think those are fair statements. But I think-
Stephan Livera: Sorry, just to add, I think the other one that might be good to you to respond on that is also around having another thing to protect I think you should touch on that as well.
Dhruv Bansal: Yeah, having yet one more thing to protect, you’re right, you’re right. Yeah, so I’ll come back to that point but I’ll say having those seed phrases is really valuable. Things like SLIP-39 make it so that, first of all, they might not necessarily be in plain text. That’s actually one of the additions that Unchained is pushing into this conversation is to try to encrypt these shares. There’s not just one of them, so that makes it a lot easier to say that it’s safer. It does now create this problem of more things to manage. I totally agree with that. But a little bit by you’ve already admitted that you need more things to manage by jumping up to three or five. If, for example, you really wanted to count the numbers here, and at Unchained configuration, you have two out of three keys.
Dhruv Bansal: You have three separate keys, you as the customer have to protect two of those keys, and for each of those keys, you have a set of wallet words. You’re protecting four things and we’re protecting one. That’s five total things. That’s not, coincidentally, the same number is three out of five with no seeds, except I think you have a lot of us… I personally believe that say a better route, and that’s why we picked that route. I don’t want to cast dispersions by any means on folks at Casa, they’ve done a lot of great thinking on this. This is what they believe is safer, I’m not going to push on it and we don’t really have enough data, I think, to decide long-term about this. But I really like having seed phrases. Paper is good, it doesn’t have bit rot, it’s easy to understand and describe, especially, to a non-technical person.
Dhruv Bansal: Keep this piece of paper safe, that’s something that you can communicate, and that they’re very concrete. For all those reasons, I really like having seed phrases, they do increase the number of things you have to protect. But that can give you some redundancy on its own.
Stephan Livera: Gotcha. Let’s put that in with Hermit now. Hermit is this open source software, and it’s more like a command line tool as I’ve seen from the YouTube demonstration videos, from the Unchained Capital YouTube. Did you want to just touch on some of the comparisons? I know, obviously, it’s not the same thing, Multisig versus Shamir’s Secret Sharing. But, also, as I understand with Multisignature, you are revealing certain things about the script type, the spending pathways. Did you want to just comment on some of those differences there?
Dhruv Bansal: Yeah, absolutely. Now, I think I’ll preface this section by saying I think Hermit was designed for Unchained Capital and small number of other companies who are like Unchained Capital. I don’t think Hermit is necessarily a great tool for individuals to use, I think native multisig through just Caravan or Unchained or other providers is a better choice for the average person. That’s because Hermit is really focused on what is the best way for a group of people to protect one key? That’s an interesting problem because it’s very different than an individual protecting one key. Groups of people protecting a key have unique challenges beyond those that an individual protecting a key have. An example would be communication, like everything, if you’re a HODLer, and you’re super secure and you’ve got your whole plan, it’s in your head and you’re cool with it, great. You didn’t have to talk to anybody.
Dhruv Bansal: A company that wants to execute your same super secure plan has to communicate about it and coordinate about it, and that requires transmitting information over email, through other networks, how do we do that securely? That’s challenge. Companies have turnover. You’re not going to fire yourself, presumably, as a HODLer and you’re not going to move away from yourself. But companies have turnover, so how do you deal with turnover of trusted individuals? That’s another issue. Companies also have a huge amount of transactions, typically, relative to an individual. They’re accessing their storage and their secure environment a lot more frequently, and there’s this need for a rotation. Like not the same individual can always be responsible for assigning transactions on behalf of the company, you need to be able to rotate to make sure you have enough capacity and that you’re signing staff isn’t stressed out and not doing things safely.
Dhruv Bansal: These are unique problems. As much as I love hardware wallets, they’re not great for companies because they’re not designed to be used by multiple people at once. They’re designed to be used by one person at once. Hermit is really a solution that says, “Look, I want to really secure wallet, I want it to be command line, air gapped, QR code based. There’s a lot of things we should do that, but Hermit does that too. Then where Hermit is a little bit unique is it says, “I want to be the kind of thing that multiple people at a company have to interact with at once.” That’s part of the reason Hermit is complex to use, and SLIP-39 is a complex standard. It’s part of the reason I don’t recommend it for the average user. But I think Hermit is really, really interesting for organizations like Unchained, which protect keys.
Dhruv Bansal: If you are doing cold storage… and by the way, Hermit, of course, Unchained does multisig so Hermit is definitely compatible with multisig, it is not itself a multisig tool. It just protects one out of the, however, many keys are involved in the multisig. But if you’re a company that’s doing cold storage and you’re protecting funds and you are a group of people having to protect one key or multiple keys, using SLIP-39 and getting an air gapped wallet that is designed for groups is potentially an interesting thing to do. I recommend anybody listening, you don’t have to be a huge company, by the way, maybe you’re just a small team or an investment group or family. And you’re, I guess, technical enough to use the command line and want an air gap wallet, you might be interested in Hermit.
Stephan Livera: Good, and let’s talk through some of the scenarios where it might make sense. Presumably, you would have to be careful because at the point that you reconstitute the seed, that’s where you’re vulnerable, so presumably, it might be something like you need to spend from this setup and you’re spending into a new setup that you’ve already created that is secure, let’s say. Can we just talk through some of the scenarios where how it might be used? For example, a quorum of senior executives in this company need to spend but you need to set up differing values to the seeds. From reading the post, one example in the blog post, and I’ll put a link in the show notes for the listeners. But the blog post is comparing this idea of, let’s say, you’ve got a CEO and a CFO and some other team members.
Stephan Livera: The idea is to represent that the CEO and the CFO are more senior, they might have been given two shares each out of the six or whatever. Then I think what you’re getting at in that blog post is that with Hermit, you can set up almost like levels. Maybe the CEO’s share is worth two, but they actually still only have one set of words to protect. Could you just elaborate a little bit on that setup?
Dhruv Bansal: Yeah, absolutely. I think you’re absolutely right when you say the moment of vulnerability for any group is when they’ve reconstituted their key and they’re about to use it. In general, that’s the moment of vulnerability for any key and it’s the reason multisig is so attractive is that never happens necessarily simultaneously at the same location for a set of keys. You can stage the usage of your keys across time and space. Of course, when you’re sharding, that’s not possible. When you shard, you’re breaking a key into pieces, and in order, to use it you have to bring at least some of those pieces back together in one location at one time. The big worry of a company is that at that location, at that one moment in time, someone exfiltrates data about the key.
Dhruv Bansal: Like with a hardware wallet or with other tools that are designed for one person to use, that’s pretty easy to achieve. How do you prevent that from occurring? Hermit has one technique built in which is sharding, as we’ve discussed, has been mostly a backup strategy. But can also be a strategy to create a little bit of adversarial signing ceremonies. What if you force it so that at any given moment, always three people minimally across the organization, or three representatives, or five people, or however many you need too, it doesn’t matter. Whatever is appropriate for your organization, you can set up Hermit and your shard configuration in such a way that that number is required in order to sign.
Dhruv Bansal: What that does is you can, or depending on how you’ve arranged these groups of individuals, you can ensure that the right people are in the group so that everyone’s watching each other. This becomes a very public ceremony, it becomes something that the team is taught how to do, and it becomes a ritual and a process that they can engage in. Crucially, it requires multiple people at the same time. If someone wants to collude, they at least have to convince a few other people in what is potentially a rotating schedule that they can’t even predict who will show up at a given moment to be their partner in unlocking this key. The company gets to think a little more adversarially about its own employees. Every company, hopefully, has trusted employees but, realistically, by removing the chances that an employee can act in a poor way or by forcing them to have to collude in an unpredictable way, you make it much less likely any kind of exploitation like that is going to occur.
Dhruv Bansal: That’s the first comment. The second comment is once you’ve decided that you want to have multiple employees be forced to be there at the same time in order to execute some kind of secure ritual, you now are confronted with, well, which employees? Where you inevitably will wind up is that some employees are more trusted than others, or some group members, if this is not a company, if this is a family or an investment grub or whatever it is. Some people are going to be more trusted than others. Traditional Shamir Sharing, one of them, two of five, whatever the MN are here is single level. That there is only one kind of shard and the difference is how many shards there are and how many are required to spend. In a model like that, it’s difficult to model the idea that different people, different shard owners are more or less trusted.
Dhruv Bansal: What is unique about SLIP-39, and the reason we embedded it into Hermit and the reason I think it’s such a cool innovation that SatoshiLabs and a whole bunch of other folks have worked on to put out is that it is multi level. You can create, essentially, groups in which the shards are worth more. An example from the blog post is exactly what you described where you might have instead of having two of six or whatever and then having the CEO and the CFO have a shard and passing out other shards to second level employees, you might make it so that either one of the CEO or the CFO has to sign. And that this other larger group of employees, it can be any one of them. So you get to distinguish between levels of trust. Coming back to Multisig, this should start to sound maybe similar to folks who have heard about the virtues of multisig and why that’s important.
Dhruv Bansal: This starts to sound like a lot of the kinds of things you can do with multisig, and that’s absolutely true. On some level, you would prefer not to have to play this shell game of shards, you would prefer to just be able to use multisig directly. The problem with that is today, practically, it is challenging to do multisig directly the way that you might like. Let’s say you have 10 or 15 or 20 signers, are you really going to have addresses with an end of 20 multisig with some complex conditional logic in there? If so, your addresses are going to get very expensive to spend from, you’re not going to be able to spend from them with traditional software. You’re going to need some custom stuff to do it. It’s there’s some challenges there. Also, every time you spend, remember with Bitcoin today, you are revealing the redeem script behind the address and its entirety.
Dhruv Bansal: People will see that you have this structure and they’ll start to ask questions maybe about who are these individuals since clearly you’ve somehow created the situation where your exact signing team is mirrored in the public keys that you’re writing to the blockchain, so you’re not concealing a lot of information. There are some nice innovations coming in Bitcoin, like Schnorr signatures, Taproot, MAST, a whole bunch of awesome stuff is on the roadmap that will help address some of this. You’ll be able to, for example, build very complex Multisig scenarios with conditional logic and different groups that look exactly like this but it’s not obvious. No one else externally can see that, and only if these additional paths actually get utilized in the process of producing a signature would anybody come to know that even existed.
Dhruv Bansal: That’s really cool, and I think over time once that becomes possible, you might see Hermit switching over to using primitives like that to structure its access controls. But until that stuff arise, groups need some kind of ability to do stuff like this. We think that SLIP-39, in the context of a single key at a time, is the right way to achieve that.
Stephan Livera: Right, yeah, that’s really, yeah, I was actually about to ask that as well around. I guess just to summarize to the listeners, if you’re having trouble following along. Essentially, Dhruv what you’re explaining there is that there are different ways to set up a Shamir’s Secret Share such that you can have multi levels and-
Dhruv Bansal: In particular, that’s the innovation that SLIP-39 added to traditional Shamir Sharing.
Stephan Livera: Right, and I suppose people who would want to just use Multisignature, there are certain additional costs and privacy, I guess, negative trade-offs around that. Because currently you are revealing every possible spending pathway for that given UTXO, unspent transaction output. Theoretically, in the future, once we have Schnorr signatures, and we have Taproot, which as I understand Taproot allows you to spend from one of the given pathways or encumbrances placed on that UTXO and reveal only the one that you are spending from. The other cool component is with the aggregated signature approach, where rather than spending from one of these big multisignatures that would cost in terms of bytes on the blockchain space, that would be very big. But, hopefully, with Schnorr and aggregated signatures, then this would reduce the cost of blockchain space used to achieve such a thing, and therefore lower the fee for using this approach. Would you say that’s a fair summary?
Dhruv Bansal: Absolutely, so there’s technology coming that changes the calculus here, but for today, for right now, we think a really good rule of thumb is use multisig when you’re either one person trying to get redundancy or you’re group of people collaborating and assign different keys to different parties within an entity, within a commercial organization, within a group. Use shards currently to spread out access control within that group. Then that’s a pretty reasonable and efficient solution today, though, with the new technologies that you described, I can see that balance changing.
Stephan Livera: Excellent. One other point, I think, might be interesting to discuss is just around the decision that a user or a listener has to make when they’re deciding, “Okay, am I going to go with service provider to do multisignature? Now, I think one of the key ones, and I brought this up with Casa as well, is that, essentially, there is some component around having to KYC to Unchained Capital, and also, probably, a key component for most listeners that they have to think about is, “Am I comfortable doxing my claims to Unchained Capital. Now, in fairness to you, there are benefits and trade-offs here. With Unchained Capital, you’re getting access to financial services and you’re getting loans. For example, rather than selling your bitcoins and recognizing your capital gains tax purposes, you can get a loan, and therefore, not recognize that gain and maybe that can help the hodl.
Stephan Livera: There’s certain trade-offs there, and also multisignature is difficult right now. It’s being made easy by using Unchained Capital. What were your thoughts there and just wanted to give you an opportunity to comment on that?
Dhruv Bansal: Yeah, no, thank you for the opportunity, and I want to preface everything that I say with this statement that Unchained Capital is very much a financial services institution. We engage in that industry and we are regulated by that industry, and so there are certain things we have to do regardless of what we might wish or hope for. In the spirit of that, let’s get into what is this concept? KYC AML. I want to maybe dispel, first of all, some ideas around it, there is no requirement that Unchained or other financial institutions have at least doing what we are doing to report activity directly to the government when you sign up and use our products. That’s not the meaning or the spirit of those laws as much as they may be vilified that way in certain quarters.
Dhruv Bansal: We are required to collect data about our customers because we’re required to know who they are. We are required to, for example, check their information against the public OFAC database, that anybody literally on the internet can use to look up anybody else. Our customers, it’s fair, are not anonymous to us. We know who they are, but anonymity is not privacy. Our customers may lack anonymity because we know them but we preserve their privacy when they work with us. As I said, why do we do this? It’s because we have to, we’re a financial institution, this is a requirement for us. Now, I won’t go into my personal feelings on this but the listeners here are free to feel that KYC is wrong, that it’s inefficient, that it’s immoral, unnecessary, and that financial institutions shouldn’t be required to do it, and that they don’t want to do it, that’s fine.
Dhruv Bansal: Those are all fair feelings, you’re not wrong to feel that, you should advocate for those changes, hopefully, in our government. But you should also recognize that if you are a US based Vanessa institution, those are the rules that you have to play by. Not playing by those rules, deciding not to because you believe that somehow you are special is probably not going to work and it means that you’re taking undue risk, again, for all your customers. You might not have that land on you today, but in the future, it might happen. If you think you’re a financial institution, you should play by these rules. I think, rightly, you pointed this out, but KYC AML is not really actually about the government in any way, I don’t think. The bigger stress is about linking identity, your privacy, your anonymity information to your Bitcoin holdings and transactions, right?
Dhruv Bansal: It’s not necessarily that the government will know that that might be part of the worry that certain individuals have, it’s more than anyone would know who’s not you. Some people are rightly worried about that, and I understand why it makes complete sense to me. But I’d also then like to remind those people that what you’re really worried about is not KYC AML, what you are worried about is connecting your identity to your coins. Let’s just keep that idea in mind here because I think if the number one thing to you is anonymity, there are pathways like open source software, Electrum, hopefully Caravan, and other ways for you to never have to talk to a company. You can achieve that kind of security without working with anyone. I would not believe a company that claims to preserve your anonymity, but ask you for your name, your shipping address, your email, your phone number.
Dhruv Bansal: Even if they’re not doing KYC AML with that data, like they know who you are. Companies are always going to be incentivized to know who their customers are. Anybody who’s run a business knows that. Knowing about your customers helps you find them, sell to them, and serve them better, and help build better products for them. Not everybody wants to be known by a company, and you don’t have to do it that way in Bitcoin, there are other options. But as you say, if you are willing to make that trade-off, that you’re willing to say, “Look, the things that I get by working with this company, a professional member of my forum to help protect my coins, financial services to help me not incur capital gains tax on my Bitcoin. A source of advice and a trusted partner for things that I’m doing in the space. Those are all valuable things and sometimes exchanging some anonymity and having to rely on privacy is worth it.
Dhruv Bansal: We’re working on Unchained on some new ways to continue to allow our customers to get some of the benefits of working with us, so all the things I mentioned before the financial services, the trusted partner without necessarily revealing their addresses or balances. Again, the trade-off there is usability. That a big reason that companies like Unchained and Casa construct addresses and run all that stuff on behalf of their customers is because it’s confusing. Their state management and other kinds of issues that aren’t impossible, but are challenging for customers to do on their own. As the software gets better, as there are better standards, that will become easier and easier and the trade-off will be less and less. But today that’s one of the things, that’s one of the benefits. Doing this 100% on your own using a tool like Caravan, the very first thing you will run into is, or Electrum for that matter, is where do I store this information? How do I keep track of all this stuff?
Dhruv Bansal: There are some benefits to work with companies. If we could manage it in a way that we didn’t know anything about your balances and transactions, that’s a direction we’d like to head in. We are working on some stuff in that area, I’m not available, I’m not able to talk about it right here today. But I’m excited for what we’re coming out with in the future around this stuff.
Stephan Livera: Fantastic, and let’s talk a bit about if you’ve got any thoughts around inheritance planning and those concepts, what should listeners be thinking about when they’re doing say, multisignature, but also inheritance planning?
Dhruv Bansal: Yeah, inheritance planning is a great, great example of where identity really does matter. It’s another, I think, great example of where we realize that people’s identities are not controlled by them, they’re controlled by the society that they’re part of. When you die, you have not lost your identity, you’re just dead and your body can’t access it anymore and you can’t cause anything to happen with it. You still exist as a legal entity in some way, you still have an estate, you have all these obligations, and there are all these mechanisms that are part of the real world that we all live in that existing laws that show up and start operating. If you don’t understand what those are, you’re not really doing inheritance right. You can think about your keys all day long and pretend that protecting a treasure is the be all and end all of inheritance, but that’s just not true.
Dhruv Bansal: You need to start at what the legal concept looks like of estate planning and inheritance. Something that Unchained has been really excited about is making some strides in that area, partnering with some folks in the inheritance space to be able to provide our customers with some nice fast pathways to do the legal work required to do things like establish estates and the necessary documents to understand what happens to their Bitcoin in the event of their death or their inability to access it anymore. What’s remarkable is that, again, it boils down to identity. Because we do KYC AML, we know our customers, that’s the KYC, we know who they are. We’re able to, therefore, work with estate management, we’re able to work with attorneys and understand what their desires would have been given what they communicated to us prior to their death.
Dhruv Bansal: A little bit, this is another example of why estate inheritance is not just Multisig and it’s not even just collaborative custody, it’s a special product on top of all that. You need the multiple keys, you need a collaboration to understand who those keys belong to, and how to communicate and verify identity intent around them, and you need an actual real inheritance plan that describes what should be happening in all these places. That’s something that the reason this product has been challenging for us is that it has almost nothing to do with cryptocurrency. That part is really solved by some of the core primitives around multisig or some of the existing stuff we’ve done with collaborative custody. This has been a hard product to get out because a lot of Bitcoiners don’t understand inheritance.
Dhruv Bansal: We didn’t really understand it as individuals when we were first approaching this, so getting that to the point where we can recommend plans and partners that can help you execute on that part of the story, and then afterwards, set up the necessary keys and the necessary structures you need on our side with the beneficiaries, with clear delineations of can they sign for you? Can they not sign for you? Are they holding a key? Are they holding a Shamir Share of the key? That’s the kind of stuff that you can configure and tell us about so that when it comes time to it, your estate can work with us collaboratively if we are also a key holder to get those funds moved to the beneficiaries.
Stephan Livera: One more thing I was keen to ask about, I’ve got approximately 45 or 50% of my listeners are in the US. But for those listeners who are overseas, obviously, Unchained Capital is a US financial institution.
Dhruv Bansal: We are.
Stephan Livera: Can you talk about anything that an overseas listener might need to think about in terms of if they want to use Unchained Capital and the Vaults and so on? Is there anything special that they need to think about or even for the funding of the loan if they get one, can you just touch on that for overseas listeners?
Dhruv Bansal: Yeah, absolutely. It’s very fair to say that we are primarily a US focused institution today. That’s where we are based and that’s where we understand the market the best. Absolutely, we are biased, unfortunately, I think sometimes towards our American customers. With that said, we do have a few borrowers on our loan product outside the United States. We tend to be very conservative with that because that’s the most regulated area that we operate in and the rules are different almost everywhere. We’re most likely if you are international, we’ll most likely work with you if you are a commercial entity. So not an individual, but maybe a business and our loan sizes tend to be a little bit larger, larger minimums, because it’s just a little bit more involved.
Dhruv Bansal: For the Vault product is actually very simple, we believe we can involve customers from almost any country as long as, again, they’re not on the OFAC sanctions list. That’s the only thing we’d really be checking that would be different for international Vault customers compared to a US based customer. I think international Vaults are really interesting. I know a few folks in different countries who have a less trustworthy political process and civil and justice process that we have here in America. I think sometimes it’s easy to poo on where we fall down, but we actually are an amazingly well regulated country as is Australia, as is much of Europe. But there are a lot of friends and family I have in places like India, China, the Middle East, where they’re much more concerned about their ability to physically and practically protect their coins.
Dhruv Bansal: Custodying with a US domiciled company and having that be a collaborative process. Sometimes even surrendering part of the control might be advantageous there, and we’re certainly able to work with customers on the Vaulting side. From an inheritance perspective, I’m actually unsure. That’s something that I think we will, once we understand the shape of the product and how indeed US centric it is versus rest of the world, that’s something I’ll be able to speak to a little bit more in detail.
Stephan Livera: Fantastic. Look, I think they’re all the key points I was going to ask you about, actually. Is there anything else you wanted to bring up with Unchained that listeners should keep an eye out for?
Dhruv Bansal: No, I think you should look to Unchained as continuing to push on the two areas that we really focus on. One is custody, collaborative custody, in particular, for Bitcoin around multisig and making that ever safer and more flexible and easier to use. More open source software, more libraries, more user interface, innovation, and also new products. I think you should look for new loan types from us. We’ve been discussing a few different interesting options that we’ve learned from customers over the last couple of years, different ways to do interest payments and balance those against principal repayment. We’re also really interested in new classes of fixed income products, ways to get customers a return from holding Bitcoin with us.
Dhruv Bansal: Unfortunately, the chief way to do that so far has been wanting rehypothecation all around the ecosystem. That’s great, if you want the risk, we’d like to have some vehicle by which we could offer customers a small, dependable return with that with a little bit less risk and more in the spirit of self custody and collaborative custody. We’re working on some projects like that, which are really exciting and I hope to announce next year. But on the whole, I think the biggest ask we would have of the listeners is, obviously, come check out the commercial product. But, again, if you’re one of these people that the anonymity really matters or we can’t work with you because you’re in a different jurisdiction, or you just want to try out some cool open source software, maybe you’re a developer, do check out some of the stuff we’re putting out on our GitHub.
Dhruv Bansal: There’ll be YouTube videos coming in the next few weeks as we release these projects, and we’re always looking for feedback and bug reports. Everybody start trying it out and let’s make Multisig and cold storage something that is so easy that anybody can do it for free easily online themselves. That’s really something we’re excited to support.
Stephan Livera: Fantastic. So thank you so much for that, and yeah, look, before we let you go, where can the listeners go if they want to find Unchained Capital or if they want to follow you online?
Dhruv Bansal: Yeah, come check out our website. We’re at http://www.unchained-capital.com. You can also follow us on Twitter, we’re unchainedcap and I am Dhruv Bansal on Twitter.
Stephan Livera: Fantastic. Thank you very much for joining us.
Dhruv Bansal: Thank you Stephan for having us, always a pleasure.