Paralysis Proofs: Secure Dynamic Access Structures for Cryptocurrency Custody and More

Abstract

The growing adoption of digital assets---including but not limited to cryptocurrencies, tokens, and even identities---calls for secure and robust digital assets custody. A common way to distribute the ownership of a digital asset is (M, N)-threshold access structures. However, traditional access structures leave users with a painful choice. Setting M = N seems attractive as it offers maximum resistance to share compromise, but it also causes maximum brittleness: A single lost share renders the asset permanently frozen, inducing paralysis. Lowering M improves availability, but degrades security. In this paper, we introduce techniques that address this impasse by making general cryptographic access structures dynamic. The core idea is what we call Paralysis Proofs, evidence that players or shares are provably unavailable. Using Paralysis Proofs, we show how to construct a Dynamic Access Structure System (DASS), which can securely and flexibly update target access structures without a trusted third party. We present DASS constructions that combine a trust anchor (a trusted execution environment or smart contract) with a censorship-resistant channel in the form of a blockchain. We offer a formal framework for specifying DASS policies, and show how to achieve critical security and usability properties (safety, liveness, and paralysis-freeness) in a DASS. To illustrate the wide range of applications, we present three use cases of DASSes for improving digital asset custody: a multi-signature scheme that can "downgrade" the threshold should players become unavailable; a hybrid scheme where the centralized custodian can't refuse service; and a smart-contract-based scheme that supports recovery from unexpected bugs.