What Is OP_VAULT and How Can it Benefit Bitcoin Users?

Have you ever worried about bitcoin self-custody? Many people trust a company like River to act as a custodian more than they trust themselves with the technology, despite knowing the importance of holding their keys.

If OP_VAULT is added to Bitcoin, holding your private keys in self-custody will become significantly safer. For the first time in Bitcoin’s history, users will be able to intervene in case of a security breach.

What Is OP_VAULT?

OP_VAULT is a proposed vault mechanism for Bitcoin that would allow users to create additional protection for their bitcoin, on the blockchain itself. This mechanism is also known as a covenant: a set of conditions attached to a Bitcoin transaction that allows a user to determine when and where the bitcoin can be moved, including (importantly) in subsequent transactions.

By using these conditions a user can create a digital vault that can restrict the bitcoin in it to only be spent to a certain address or to move only after a certain amount of time has passed. If a thief tries to steal the bitcoin by getting access to their private keys or wallet, the user would be able to move their funds to a predetermined recovery address before the bitcoin could be moved to an address owned by the thief.

The “OP” part of the name stands for the operation code (“opcode”) that is used for this specific mechanism. An operation code is a basic command in a computer language that does a specific, predetermined thing. Bitcoin Core has approximately 200 of these opcodes. In the case of OP_VAULT, when a user wants to store their bitcoin in a digital vault, their wallet initiates this specific command to create one. In addition, an OP_UNVAULT code is also introduced with this proposal, which allows the user to withdraw all funds from the vault and close it.

Since 2016, many proposals for vaults have been considered for Bitcoin, but there were always tradeoffs that made them unappealing. So far OP_VAULT has been very well received by the development community, with several suggestions to further improve upon it.

How Could Vaults Work in Bitcoin?

Below we will explain what using a vault may look like for a regular bitcoin user. For a more in-depth understanding of the technical workings of a vault, the OP_VAULT whitepaper has extensive documentation.

Bitcoin Vault Setup Experience

There will likely be many different ways to create vaults, depending on how developers implement them. Below we give an idea of what the setup experience of a vault may look like in practice (also called a vault opening):

1. The user can see a spending and a saving account in their Bitcoin wallet interface, like in any bank account.
2. When the user clicks on the savings account, the interface explains to them that money in this account can only be moved after a time period they set (to protect against theft) or it can be moved to a predetermined backup address at any time.
3. When creating a new vault, the user is asked to specify or generate a backup address.
4. The user is asked to determine the time delay and is likely offered a “safe” maximum time delay to de-risk locking their funds up for years or decades.
5. The user is given a recovery key that they need to store in a secure location, separate from their wallet’s recovery method so that in the event of a security breach, the attacker does not gain access to both the wallet and the backup option.
6. The user is asked how much bitcoin they want to send into the vault to start with.
7. After confirming the above, the transaction to create the vault is sent. Once it is included in the blockchain, it can be used in various ways.

Setting up a vault would take a few steps even in a simple interface. Fortunately in this proposal, it is not something a user would have to do frequently.

Using a Bitcoin Vault

There are several ways to use a Bitcoin vault.

Sending additional bitcoin to the vault will work just like any other bitcoin transaction

Withdrawing bitcoin from the vault can work in two ways:

1. The user will send a bitcoin transaction from the vault, and once the transaction receives one confirmation by being included in a block, the delay period for withdrawal begins. Once the delay period is completed, the bitcoin will be moved to the specified address. However, if the user instead intervenes and pulls their funds out of the vault to the predetermined recovery address, then the initial transaction is discarded.
2. The user needs immediate access to their funds and chooses to instantly withdraw their bitcoin to the predetermined recovery address. This always closes the vault for safety reasons.

Recovering Funds from a Bitcoin Vault

If for any reason funds are attempted to be withdrawn from a vault without the authorization of the owner, they will be able to use their recovery key to move all funds from the vault to the predetermined recovery address before the time delay is up. In practice, this will likely be done through the settings of the vault in a wallet, and require extra confirmation to ensure this is what the user wants to do.

In the event that the recovery key is lost, the user should immediately initiate the move to a new vault to get through the delay period sooner and minimize risk.

OP_VAULT Is Also Helpful for Businesses

Businesses who hold Bitcoin typically already work with multi-signature wallets to protect themselves and ensure that no individual stakeholders can steal funds. Still, the risk of collusion between these stakeholders remains, where several could agree and instantly leave with the money.

The addition of OP_VAULT would introduce an additional layer of protection. It would prevent any situations where several stakeholders collude and then immediately disappear with the money, as the other honest stakeholder(s) would be notified in time and would be able to contact law enforcement.

There are also business opportunities, such as providing a service to automatically withdraw Bitcoin to the predetermined recovery address unless the user contacts the company. This relieves the burden from family or friends and provides additional options to people who may not deem them fit to carry this responsibility.

Another opportunity is for businesses to provide a service to watch over their clients’ vaults to alert them of potential security breaches.

How Users Are Alerted if Their Bitcoin Vault Is Breached

An important caveat of using a bitcoin vault is that the vault itself will not warn a user by default. A service called a watchtower needs to watch the blockchain and notify the user if a transaction is initiated from the vault.

There could be a range of different watchtower models on a spectrum of trust and involvement:

• Most involved: The businesses we mentioned above that could initiate the recovery process on top of just monitoring for users.
• Least involved: A service that receives a range of addresses to watch, without knowing which exact one belongs to the user. The user is responsible for ignoring false positive warnings.

To be extra safe, a user would want to be connected to multiple watchtowers to protect against any single watchtower malfunctioning or going offline.

Risks of OP_VAULT

Censorship and Fungibility

A technical risk of the proposal is that like with any technology or upgrade to Bitcoin, users could find ways to use it for “bad” purposes.

In the case of vaults, some concerns have been shared around these previously mentioned covenants. The ability to restrict how certain bitcoin can be spent could reduce bitcoins fungibility (how interchangeable each bitcoin is), if people started adding other restrictions at large scale. Concerns have also been shared about censorship and government influence in general on who is allowed to own and transact in Bitcoin.

An important note here is that these risks are also present with already existing technology in Bitcoin, such as multisig, so it is unclear whether vaults would negatively impact the network in a significant way.

We expect a lively ongoing discussion around the risks and tradeoffs that covenants may introduce. The value of a non-custodial way to recover your funds in case of a security breach can not be overstated, but at the same time all potential drawbacks will be carefully considered.

Physical Risks for Vault Users

Beyond technical risks, a criticism of vault constructions is that they create an incentive for a physical attacker to harm the owner of the bitcoin so that they are unable to move the bitcoin to the recovery address in time.

If you are relatively new to Bitcoin, this may seem an extreme and shocking thing to think about. It is important to consider the implications of a system in which you are the true owner of your money, and what that means for your safety and those close to you. Freedom has tradeoffs.

The above risk is not something we expect any technical implementation of a vault to solve, as vaults are primarily intended to protect against digital attacks. While at first glance it sounds like a major risk, in reality, best practices for vault use would likely emerge that should deter attackers.

Protection Against Physical Attacks on Vault Users

1. Rather than making the recovery process dependent on the original owner, it is likely that owners of large amounts of bitcoin will set up multi-signature constructions that would also allow other trusted parties to initiate a recovery transaction from their vault.
2. Another frequently discussed option is that of a “dead man’s switch,” where the owner needs to authorize withdrawal from the vault. If they don’t do this before the delay period is up, the funds will be automatically moved to the recovery address.

These practices disincentivize attackers from even attempting to steal from vault users. Attackers would need to take the risks associated with gaining access to all of the keys needed to steal the bitcoin, and then they would also need to commit a crime that could put them in jail for life, all while risking that the bitcoin would still end up being recovered by a third party anyway.

To read more about these discussions, see the comment section of the improvement proposal where developers go over various scenarios.

When Will OP_VAULT Be Live?

Before users can start securing their bitcoin in vaults, a few technical milestones still need to happen.

First, the technical tool that enables vaults to exist, OP_VAULT, needs to be implemented into Bitcoin’s software through a soft fork. OP_VAULT received its Bitcoin Improvement Proposal number (345) in March 2023. It will undergo rigorous testing and feedback from the wider Bitcoin development community.

Next, this software change needs to be widely adopted by nodes in the network, so that the code goes live and its functionality is acknowledged by the vast majority of the network.

Once that is done, the vault solutions that wallet developers have created for their respective wallets will be usable. We expect many wallet developers to start as early as possible, to attract users who want access to this feature as soon as possible. Waiting months or years could cause a loss of users.

It is worth mentioning that different terminology will likely be used in wallets to not confuse users about the feature. We will continue to update this article when new major developments happen.

A special thank you to James O’Beirne, the author of the proposal, for reviewing the article. If you’re interested in transacting on Lightning through River, you can sign up for a River account. To stay up-to-date on our latest research, subscribe to our newsletter.