Support for custom set of fund managers

[darosior]

We don't currently support having eg an optional fund manager. We should, however we shall not reuse keys across the policy.

We currently have

and(
  thresh(len(managers), managers),
  or(
    1@thresh(len(non_managers), non_managers),
    10@and(thresh(len(cosigners), cosigners), older(X))
  )
)

@JSwambo proposes that we use different keys for the timelocked path so that we can support that without reusing keys. Something like:

or(
  1@and(thresh(len(managers), managers),  thresh(len(non_managers), non_managers)),
  10@and(thresh(len(managers_second_keys), managers_second_keys), thresh(len(cosigners), cosigners), older(X)))
)

What would be the implications of supporting that ?

[JSwambo]

Can you point me to discussion or give me rationale for why re-using keys in the script isn’t secure?

The vague consequence is ‘complexity’, but it does open up the available use-cases and so could be worth it. The only way to tell I think is to implement it and see how widely this affects the code-base. Let’s start a branch and see where it goes?

[darosior]

Can you point me to discussion or give me rationale for why re-using keys in the script isn’t secure?

http://bitcoin.sipa.be/miniscript/ the malleability paragraph. Unfortunately the #miniscript channel on freenode does not seem to be logged so i can't provide you with the discussion with sipa and andytoshi. This is also mentioned in https://github.com/rust-bitcoin/rust-miniscript/issues/115 .

The vague consequence is ‘complexity’

This is not vague as it's something that we'll need to feature and maintain. There is a large field of possibilities with Bitcoin Script and our software/protocol in general, however we need to deliver and cannot be able to support all of them.

The only way to tell I think is to implement it and see how widely this affects the code-base. Let’s start a branch and see where it goes?

I've been thinking that we could not have to change practical revault as all the interactivity between fund managers is out of band. I need to implement this in revault-tx test suite to have a better overview.

[darosior]

So this is possible and has been proposed for integration into revault_tx: https://github.com/re-vault/revault/pull/17.

Note that this implies an UX cost: to backup and use a different output descriptor.

Shall we now:

• Keep it as a special case, design the configuration and the daemons as such ?
• Make the current descriptor (which is actually an optimisation over the new one) the special case ?
• Get rid completely of the current one, in order to always have both descriptors for the managers. Which would ease not only the implementation but also the actual usage of Revault (think about eg the ceremony).