pull down to refresh

The BitVault B-SSL vault proposal doesn't make any sense
2958 sats \ 18 comments \ @Scoresby 19h bitcoin

BitVault: "Your fortress against physical attacks"

I've been hearing about this BitVault thing for a while, but it seems like they stepped up their advertising lately because all of a sudden bigger accounts on X (like Efrat Fenigson and Simply Bitcoin and PlanB Lugano) started posting about it.
I was always a little confused by the product, especially since they were touting it as a vault that didn't need any new op-codes. I don't know much, but I know that vaults in Bitcoin are really hard to make. BitVault says stuff on their website about a Convenience Service and 2hr - 15 day timelocks enforced by CSV -- which I found very confusing.
So then I see in the Bitcoin Optech Newsletter this write-up about a delving post that was talking about a "Secure Bitcoin Signing Layer" that uses a Convenience Service and 2hr - 15 day timelocks enforced by CSV...
Well, goody, goody: we finally get some real details. They have a github and a whitepaper and hooray.

Not hooray

The github is pretty much empty. It's just got a readme and this pdf that kinda looks like it was vibed. No code. Maybe it's all in the whitepaper...

The B-SSL whitepaper

I will freely admit that the timelock stuff in Bitcoin often makes my head spin. As soon as we start talking about relative timelocks, things get really wacky. Nonetheless, I gave it shot at figuring out what BitVault was proposing here.
As best I can tell, they propose that you lock your coins in a taproot output that has a number of possible spending paths -- the backup spending paths cannot be used for 1 - 3 years, while the primary spending path has a much shorter 2 hr - 15 day configurable timelock.
Here is how they describe the primary spending path ("used for ordinary operations"):
Path 1 -- Configurable User Path (2 h - 15 d CSV) Keys: (A or A1) + C Delay: Configurable 2 hours - 15 days (relative CSV) Gatekeeper: CS (optional)
Used for ordinary operations. When the user initiates a spend, CS can enforce the chosen delay and emit a secret notification to monitoring wallets or guardians. If the CS is unavailable, the user still retains full control through fallback paths.
Frankly, this doesn't make any sense. CSV timelocks begin their "countdown" the moment the coins are sent to the address with the timelock. So BitVault's construction starts the timelock as soon as you send your coins into a vault...but doesn't let you lock them longer than 15 days.

What's the point of a vault that only works for at most 15 days?

I was so confused by this, I reached out to a number of different Bitcoiners who are much more technical than me. The response I got from them leads me to believe I am not misunderstanding BitVault's proposal.
BitVault's proposed design really does have you lock your coins for between 2 hours and 15 days. So either you have to avoid sending your coins into the vault until you are ready to enact the delay (which, in my mind, negates the point of a vault) or you have to "cycle" your coins.
This concept of "cycling" is something that all of the major timelock wallets (Nunchuk, Keeper, Liana, Bitcoin Safe) have to deal with: because CSV has a consensus limit of 388 days, wallets that use CSV to create timelocks require users to send the coins in the wallet to a new address in the wallet to "reset" the timelock).
However, nothing in the BitVault proposal or on their website marketing copy says anything about cycling coins or the transactions needed to do this or the trade-offs (if fees are high when you need to reset your timelock, you may end up paying quite a lot and if you don't do it, the timelock will expire, exposing a the locked spending path).

What actually is a vault anyway?

Here's another point that I'm confused about: a vault is not simply a timelock:
  • A timelock is a restriction placed on coins or a transaction that prevents them from being sent for a certain length of time or number of blocks.
  • A vault is a wallet construction that requires two separate transactions to spend coins, giving the owner a time window to be alerted that coins are moving from the vault and a way to stop them from leaving.
What BitVault is proposing isn't a vault.

What BitVault has to say about their design

This was so confusing to me I even responded to their post on delving, which was written by someone named ilghan, who is the CEO of BitVault.
After a little back-and-forth where he did not answer my question, despite claiming to have posted the idea seeking review, he said:
I invite you to focus on the end goal which is how to avoid two custodians to collude and then to assess the system in its entirety, if you analyze it part by part by not looking at the bigger picture then it could be difficult to make sense of it. If you want to join the Bitcoin Optech audio recap discussion by next Tue, maybe it could help.

"This work is shared for peer review and discussion before implementation"

Now, maybe this is just a harebrained scheme the folks at BitVault cooked up and we shouldn't knock 'em for putting themselves out there. Unfortunately, it looks to me like they are already accepting money for the product.
Unfortunately, BitVault's social media presence lately makes it seem like they are offering the product for sale.
source
source
This is a product that, as far as a can tell, uses CSV timelocks in a nonsensical way...almost like they don't understand how such timelocks work. Their product just has users give a key to a third-party signer who promises not to sign for a certain amount of time.
It's one thing to propose an idea, it's quite another to take customer's money for said product.
On their website, they offer that typical three-tier pricing scheme you see everywhere:
The middle tier sounds to me like this B-SSL scheme they've proposed. The fine print says
Your early access funds help us finalize security audits and open the beta to the public
So perhaps that's how they justify it.
write
preview
related posts
206 sats \ 1 reply \ @optimism 17h
CSV has a consensus limit of 388 days
minor note: or 65,535 blocks (which is targeted to be a bit more), see BIP-68
Bit (1 << 22) determines if the relative lock-time is time-based or block based: If the bit is set, the relative lock-time specifies a timespan in units of 512 seconds granularity. The timespan starts from the median-time-past of the output’s previous block, and ends at the MTP of the previous block. If the bit is not set, the relative lock-time specifies a number of blocks.
So you can relative-lock for 65535 / 6 (blocks per h) / 24 (h per day) = 455 "targeted days worth of blocks" (though that of course doesn't mean that it will actually take 455 days for that block height to be reached.)
reply
121 sats \ 0 replies \ @Scoresby OP 17h
Ah, yes! Thank you. I once found a really good explanation of the CSV 512 second granularity vs blocks but could not resurrect it while working on this post. (I seem to remember it from learnmeabitcoin, but couldn't find it there and had to settle for BitMex's explanation).
reply
102 sats \ 1 reply \ @anon 10h
Hey everyone — I really appreciate the feedback and the attention given to BitVault and the B-SSL paper. Let me clarify a few important distinctions that might help clear up the confusion 👇
1️⃣ BitVault ≠ B-SSL
  • BitVault is a user-facing wallet and security app — its mission is to protect people from physical attacks, hacks, and coercion through time-delayed co-signing, secret notifications, and multisig distribution.
Think of it as a defensive layer for humans.
  • B-SSL (Bitcoin Secure Signing Layer) is research, not a commercial feature yet.
It’s aimed at solving a different problem entirely — the loss of keys in self-custody — by introducing a covenant-free vault model that allows long-term recovery without custodial risk.
Think of it as a durability layer for keys. They are complementary but separate — B-SSL is open for review and refinement by the community before any code is released.
2️⃣ About the 2 h – 15 d timelock That range is not meant to “store” coins for years; it’s meant to create a delay window before a spend is finalized — the same principle behind existing vault prototypes.
The longer (1 – 3 y) delays apply to fallback and recovery paths, not normal transactions.
So there’s no need to “cycle” funds unless you want perpetual delay rotation — a choice that’s user-configurable, not mandatory.
3️⃣ Why the code isn’t public yet BitVault is currently conducting security audits and user-testing of the beta build before any production code is pushed.
B-SSL, as a research paper, is intentionally public before implementation to invite peer review — exactly how open research should work in Bitcoin.
4️⃣ What the Convenience Service actually does The CS is not a custodian.
It cannot spend coins, alter delays, or hold keys.
It simply co-signs after Bitcoin’s own consensus-enforced delay has expired — or not at all.
If it disappears, the user still has full fallback paths.
It’s optional convenience, not trust.
5️⃣ The big picture BitVault’s goal is to make Bitcoin self-custody safer for ordinary people.
B-SSL’s goal is to make it harder to lose Bitcoin forever. They solve different risks — one human, one structural — and both are being shared openly for discussion because that’s how Bitcoin evolves: through transparent debate, peer review, and collaboration.
In short:
BitVault protects users from attacks and coercion.
B-SSL protects users from key loss and permanent lock-out.
Both remain 100 % non-custodial and enforce all conditions on-chain.
While the code is not public you can subscribe to be a beta tester on our website: https://www.bitvault.sv/
The BitVault Team
reply
100 sats \ 0 replies \ @Scoresby OP 10h
B-SSL protects users from key loss and permanent lock-out.
How does the use of a 2hr - 15 day timelock on key C (from your whitepaper) help protect the user from loss of keys?
Here's how I understand the B-SSL system as laid out in your whitepaper:
  • user sets up a wallet with 3 keys (A, B, C)
  • at least 2 keys are required to sign to move coins from this wallet
  • Keys A and C can generate a sign transactions spending coins out of the vault 2 hrs - 15 days after coins enter the vault (depending on how the user configures it)
  • Keys A and B can sign transactions spending coins out of the vault 1 year after coins enter the vault
  • Keys B and C can sign transactions spending coins out of the vault 3 years after coins enter the vault
I believe I understand the spending paths used by A+B and B+C, but I'm very confused about the purpose of the A+C spending path.
If the timelock on the A+C spending path begins counting as soon as coins are moved into the vault, what purpose does it serve? Do you plan on having users self-send their coins to refresh this timelock before it expires? If not, users will only benefit from the timelock for (at most) the first 15 days of using the vault. This is what confuses me. Can you help me understand this part of it?
reply
123 sats \ 6 replies \ @deSign_r 19h
It's a hook for their subscription service. There's no way it will make sense for bitcoiners ... maybe to institutions LOL!
reply
154 sats \ 5 replies \ @Scoresby OP 19h
But why post to delving then? You'd think they'd be worried about looking stupid...
They are trying to sell a service to protect people's money...it kinda needs to be correct.
Also, I'm very confused why Optech is highlighting something that is so half baked.
reply
223 sats \ 2 replies \ @deSign_r 19h
Just looking for attention. They just gugled bitcoin forum and Delving came up. I bet they don't even know what's the audience there. Why you'd post it in Delving and not fill the repo with some code? Feel like a waste of time even just talking writing about it
Also, I'm very confused why Optech is highlighting something that is so half baked.
El Salvador magic...
The design and UX look's great thought!
reply
21 sats \ 1 reply \ @Scoresby OP 19h
Yeah, this does seem likely. Still surprised it didn't get pushback.
reply
123 sats \ 0 replies \ @deSign_r 19h
People is too polite sometime... what would be the reason for pushing it back? Let it do and see til where it goes.
Have no tech know-how to say anything about the technicalities. But the business model tells enough to me.
reply
123 sats \ 0 replies \ @optimism 17h
reply
21 sats \ 0 replies \ @DarthCoin 19h
good questions
reply
112 sats \ 1 reply \ @standard_sats 11h
It makes sense to me. But then at the VC scale, it does not. Nonetheless they've raised money.
reply
10 sats \ 0 replies \ @Scoresby OP 10h
Can you explain why you would use CSV time locks in this way? Like walk me through the flow of sending coins into the vault and then pulling them out.
reply
123 sats \ 3 replies \ @DarthCoin 19h
How to make a business scam:
  • come up with an idea to catch attention and use buzzwords
  • make a weak prototype, something to be able to click some buttons
  • bring some influencers willing to take your money to promote that crap
  • gullible users will buy it because was presented by influencers
  • add some more features just to make users happy and push it into even more influencers
ah and also add some fear porn with "you will lose your keys... blablabla" to scare even more the gullible possible buyers.
People nowadays are such sheeps.
nice review anyways. Thanks for heads up
reply
0 sats \ 2 replies \ @broexplorer 1h
Fair points but bear in mind that "People nowadays are such sheeps." so they NEED solutions that are easy and safe, right??
reply
0 sats \ 0 replies \ @DarthCoin 53m
#1260936
reply
0 sats \ 0 replies \ @DarthCoin 1h
I always wonder: are people so retarded that can't remember 12 fucking words used every day ? Are people forgetting to speak?
Saying that you can"t remember 12 words is such idiotic.
FFS if you have so fes neurons, create in your mind a simple story using those 12 words. It's easier to remember stories. You can even write a postcard with that story and send it to your mother. Nobody will know that in fact is a wallet seed. Damn it, use your brain don't use shitGPT
reply
31 sats \ 0 replies \ @0xbitcoiner 19h
Solid research, thanks!
reply