diff --git a/ceremony-overview.md b/ceremony-overview.md new file mode 100644 index 0000000..8867bc1 --- /dev/null +++ b/ceremony-overview.md @@ -0,0 +1,81 @@ +# Deployment Ceremony + +## Motivation + +Key management is fundamental to bitcoin custody. As an open-source, multi-party custody protocol, Revault builds on the strong foundation of a rigorous key-generation and key-agreement ceremony (referred to as the "ceremony") as the root of trust for the entire security infrastructure. + +The accompanying documents discuss the list of devices and their state at each step for the stakeholders, managers, and a coordinator admin: + +- [stakeholder deployment](stakeholder-deployment.md) +- [manager deployment](manager-deployment.md) +- [coordinator admin deployment](coordinator-admin-deployment.md) + +The documents are concerned with how keys are generated and transported to the devices on which they will be stored. They ensure that each device is set-up with the correct software and configuration file, and that this is verifiable by the operating participant. The entire process is subject to strict controls to mitigate leakage of sensitive information and to avoid single points of failure. + +It is critical that _confidentiality_ of secrets is maintained by secret-holders, and that secret-holders use backups to ensure _availability_ in case of losses and failures, and that the _integrity_ of secrets is verified during the ceremony (and from time to time afterwards). A forensic trail must be laid in case a critical failure occurs to help understand what went wrong and where legal liability falls. + +By adhering to these deployment specifications, teams deploying Revault creates confidence in their ongoing custodial operations. Individuals can be confident that others in their team aren't naively cutting corners that could cause catastrohpic failures. With the inclusion of notaries or lawyers in the process, teams and their constituent individuals may aquire legal protection when failures occur. + +## Vocabulary + +- Participant: all participants in a Revault deployment will have one or two roles as a _stakeholder_ and/ or _manager_. +- Stakeholder: Controls a secret for the high-threshold multi-signature which is the primary protection for funds in custody. +- Manager: Controls a secret for funds which are delegated to them through unvault options +- Emergency Address (EA): An address independent from Revault wallet which is used in Revault's emergency deterrent feature to mitigate physical threats. +- Watchtower: Automated server to enforce unvault policies set by it's operator +- Coordinator Admin: _NOT A PARTICIPANT_, administrates the coordinator +- Coordinator: Automated server to reduce coordination complexity for communication +- Signing device: Offline signing device, with a firmware that supports Revault transactions + + +## Distributed Ceremony + +To avoid a single point of failure, participants enact a _distributed_ ceremony. Each participant's wallet seed is created in isolation. The machines used in this process are destroyed before the (extended) public-key information is shared to other participants. Once each participant's personal root of trust (their signing device and their back-ups) are initialised with their wallet seed and physically secured, they can then meet the other participants to share their public-key data and verify that they generate the same set of policy descriptors. + +Given the sensitivity of secrecy of the emergency policy, when sharing and verifying emergency public-key data stakeholders should meet each other without the presence of any other participant or entity. + +## Key-Trees + +Each participant generates a random seed in isolation, and from this constructs a hierarchical deterministic wallet as per [BIP-32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki). We rely on a combination of hardened derivation and non-hardened derivation where appropriate, to ensure that a compromise within a sub-tree is not catastrophic. We also opportunistically have branches in the tree where communication keys are derived. While these will be "hot" keys, stored on networked devices, this is helpful for evidence in the case of an incident (relying on back-ups), and it simplifies the set-up of infrastructure for and among participants. + +First, let's consider a stakeholder's key-tree. + +![Stakeholder Key-Tree](stakeholder-key-tree-labelled.png) + +Given that stakeholders should have two segregated seeds for their participation in revault and emergency wallets, we have conceived of a method to avoid duplicating the seed generation process for them in order to simplify the process and reduce the operational burden. They generate a single, ephemeral random master seed, _S_, and input this into the "ceremony tool" software GUI. The software then derives from _S_ an ephemeral master node, _m_. Then it uses hardened derivation with two different indexes to generate independent Revault and Emergency key-tree roots, and displays them as seed phrases for the stakeholder to transcribe to two separate back-up media. The ceremony tool then derives three sub-tree roots to be stored on the signing device: Vault, Noise Master, and WT Noise Master. + +The Vault represents the stakeholders' master bitcoin extended private-key. From this, the first Vault sub-tree is derived (Vault 0). This extended private-key is kept on the signing device, and the associated extended public-key is to be shared with other participants. In the event that the stakeholder needs to rotate to a new key-tree, the master Vault keys are used for hardened-derivation of the next sub-tree, Vault 1. + +The Noise Master key is used to derive the first Noise key-pair used for secure communication channels with the stakeholder's Watchtower, and the coordinator server. As part of the set-up this will be transferred to the stakeholder's active laptop. A new key-pair can be generated from the master if rotation is needed. + +The Watchtower Noise Master key is used to derive the first Watchtower Noise key-pair. As part of the set-up the derived key-pair will be transported to the Watchtower server. A new key-pair can be generated from the master if a new Watchtower instance should be deployed. + +The Emergency sub-tree has it's own requirements. The Emergency master bitcoin extended private-key _must not_ be imported to the signing device. However, the Emergency master bitcoin public-key should be imported to the signing device. This can be used for non-hardened derivation of the Emergency public-keys (Emer 0, Emer 1, ...) that will be used to construct Emergency addresses. The motivation for requiring additional Emergency public-keys, despite them ideally never being used, is that the stakeholder could rotate to a new Emergency public-key in the event that there is a change in the set of stakeholders. This allows a new Emergency address to be constructed without accessing the Emergency back-up. + + +Next, let's consider the manager's key-tree. + +![Manager Key-Tree](manager-key-tree-labelled.png) + +Here, the manager generates an ephemeral random Master Seed, _S_. This is input into the ceremony tool software GUI. The software derives the Master Node, _m_, which is transcribed to the back-up media to be physically secured. The software derives three sub-trees: Unvault, Noise, and Child-pays-for-parent (CPFP). + +Hardened-derivation is used for the Unvault sub-tree. The master bitcoin extended private-key is imported to the signing device. Hardened derivation is used to generate the first active instance of the Unvault branch used to construct the unvault descriptor. If there is a change in the participant set, this allows the manager to rotate to a new Unvault branch that is independent from the prior one such that no participant who has left will have access to the new unvault descriptor. + +Hardened-derivation is used for the CPFP sub-tree. This is independent from the Unvault sub-tree in that compromising the extended private-key in either sub-tree won't automatically compromise the other. This is important because the CPFP sub-tree is likely to be a single-key hot-wallet used by the manager to bump the fee on Unvault and Spend transactions if needed. CPFP 0 is the first active instance of the CPFP branch. When there is a change in the participant set, the manager should rotate to using the next CPFP branch. + +The Noise key is used to derive the first Noise key-pair (Noise 0) used for secure communication with the coordinator server. As part of the set-up this will be transferred to the manager's active laptop. A new key-pair can be generated from the sub-tree root if rotation is needed. + +## Ceremony Controls + +Let N be the number of participants. Let N_s and N_m be the number of stakeholders and managers respectively. Note that since a participant can take the role of both stakeholder and manager, that `N_s <= N <= N_s + N_m`. + +- Seed generation in at least N distinct locations +- Seed generation by at least N distinct participants +- Log the procedure followed (every action) during the seed generation +- Use unique physical source of entropy for each master seed +- Destroy all devices that had direct access to any master seed +- Participants handle transport of any private material independently, and covertly +- Back-ups are physically secured, each in a unique location +- The entire life-cycle of each back-up (until a recovery scenario) is offline +- Back-ups are stored in tamper-evident packaging + diff --git a/coordinator-admin-deployment.md b/coordinator-admin-deployment.md new file mode 100644 index 0000000..5b17504 --- /dev/null +++ b/coordinator-admin-deployment.md @@ -0,0 +1,133 @@ +# Manager Deployment Process + +## Device list + +| Device Name | Device type | +| --- | --- | +| OS SD - coordinator | class U3 and or V30 or faster | +| Software SD - coordinator | SD card | +| "Used" Laptop | Any with SD I/O | +| Coordinator Server | Server | +| Noise Pubkey SD - coordinator 1 | SD card | +| ... +| Noise Pubkey SD - coordinator N_s + N_m | SD card | + + +## 1. Coordinator start state: + +- at secret date and time, go to secure location with these devices + +| Device Name | Contents | +| --- | --- | +| OS SD - coordinator | None | +| Software SD - coordinator | None | +| "Used" Laptop | Any | +| Coordinator Server | Server | +| Noise Pubkey SD - coordinator 1 | None | +| ... +| Noise Pubkey SD - coordinator N_s + N_m | None | + + +## 2. Preparation + +- set-up live linux environment on "Used" laptop +- download a Linux operating system +- verify the signatures/hashes of the downloaded ISO + +- unseal the faster SD card +- label it as "OS - coordinator" +- "burn" the ISO to SD card + +- unseal another SD card +- label it as "Software - coordinator" +- download the coordinator binary +- verify the signature/hash of the binary +- copy the binary to the SD card + +- Shutdown "Used" Laptop completely + +- Unseal remaining SDs and label as: "Noise Pubkey - Coordinator" + +| Device Name | Contents | +| --- | --- | +| OS SD- _my name_ | Verified OS | +| Software SD - _my name_ | Verified revault and ceremony tool binaries, EFF diceware list | +| "Used" Laptop | Any | +| Coordinator Server | OS, coordinator binary | +| Noise Pubkey SD - coordinator 1 | None | +| ... || +| Noise Pubkey SD - coordinator N_s + N_m | None | + + +## 3. Set-up coordinator server + +- Insert "OS - coordinator" and install OS from SD card +- Insert "Software - coordinator" SD card, copy coordinator binary + +| Device Name | Contents | +| --- | --- | +| OS SD - coordinator | NA | +| Software SD - coordinator | NA | +| "Used" Laptop | Any | +| Coordinator Server | OS, coordinator binary | +| Noise Pubkey SD - coordinator 1 | None | +| ... || +| Noise Pubkey SD - coordinator N_s + N_m | None | + +## 4. Follow set-up wizard + +- Generate noise keys + +| Device Name | Contents | +| --- | --- | +| OS SD - coordinator | NA | +| Software SD - coordinator | NA | +| "Used" Laptop | Any | +| Coordinator Server | OS, coordinator binary | +| Noise Pubkey SD - coordinator 1 | None | +| ... || +| Noise Pubkey SD - coordinator N_s + N_m | None | + + +## 5. Prepare for data-exchange + +- copy noise pubkey to SD cards + + +| Device Name | Contents | +| --- | --- | +| OS SD - coordinator | NA | +| Software SD - coordinator | NA | +| "Used" Laptop | Any | +| Coordinator Server | OS, coordinator binary | +| Noise Pubkey SD - coordinator 1 | Noise Pubkey | +| ... || +| Noise Pubkey SD - coordinator N_s + N_m | Noise Pubkey | + + +## 6. Data-exchange + +- Retrieve "noise pubkey SD" from each participant +- Give "Noise Pubkey SD - coordinator" to each participant + +| Device Name | Contents | +| --- | --- | +| OS SD - coordinator | NA | +| Software SD - coordinator | NA | +| "Used" Laptop | Any | +| Coordinator Server | OS, coordinator binary | +| Noise Pubkey SD - 1 | Noise Pubkey | +| ... || +| Noise Pubkey SD - N_s + N_m | Noise Pubkey | + +## 7. Test all spending paths + +- Use signet or testnet +- Ensure coordinator is running +- Test signing revocation transactions +- Test delegation process +- Test manual cancel +- Test manual emergency +- Test automatic cancel (breach revault policy) + + diff --git a/manager-deployment.md b/manager-deployment.md new file mode 100644 index 0000000..add731d --- /dev/null +++ b/manager-deployment.md @@ -0,0 +1,221 @@ +# Manager Deployment Process + +## Device list + +| Device Name | Device type | +| --- | --- | +| OS SD - _my name_ | class U3 and or V30 or faster | +| Software SD - _my name_ | SD card | +| "Used" Laptop | Any with SD I/O | +| New Laptop 1 | Any with SD I/O | +| New Laptop 2 | Any with SD I/O | +| Backup 1 | Metal | +| Backup 2 | Metal | +| Signing Device - _my name_ | Hardware wallet | +| Revault SD - _my name_ | Any size any speed | +| Noise Pubkey SD - _my name_ | SD card | + + +- "used" laptop could be the live deployment laptop + +## 1. Manager start state: + +- at secret date and time, go to secure location with these devices + +| Device Name | Contents | +| --- | --- | +| OS - _my name_ | None | +| Software - _my name_ | None | +| "Used" Laptop | Any | +| New Laptop 1 | None | +| New Laptop 2 | None | +| Backup 1 | None | +| Backup 2 | None | +| Signing Device - _my name_ | None | +| Revault SD - _my name_ | None | +| Noise Pubkey SD - _my name_ | None | + + +## 2. Preparation + +- set-up live linux environment on "Used" laptop +- download a Linux operating system +- verify the signatures/hashes of the downloaded ISO +- unseal the faster SD card +- label it as "OS - _my name_" +- "burn" the ISO to SD card + +- download the ceremony tool binary +- download the revault binary +- download bitcoin binary +- verify the signatures/hashes of each binary + +- unseal another SD card +- label it as "Software - _my name_" +- copy the binaries to the SD card +- Shutdown "Used" Laptop completely + +- Unseal remaining SD card and label as "Revault SD - _my name_" + +| Device Name | Contents | +| --- | --- | +| OS SD- _my name_ | Verified OS | +| Software SD - _my name_ | Verified revault and ceremony tool binaries | +| "Used" Laptop | Any | +| New Laptop 1 | None | +| New Laptop 2 | None | +| Backup 1 | None | +| Backup 2 | None | +| Signing Device - _my name_ | None | +| Revault SD - _my name_ | None | +| Noise Pubkey SD - _my name_ | None | + + +## 3. Set-up new laptops + +For both new laptops: + +- Unseal the new laptop box + - DO NOT BOOT. + - use the screwdriver to open the laptop + - remove the wifi card if possible, if not at least disconnect the antennas. +- Insert "OS - _my name_" and install (boot?) OS from SD card +- Insert "Software - _my name_" SD card, copy all files to laptop + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | NA | +| New Laptop 1 | OS, revault, ceremony tool | +| New Laptop 2 | OS, revault, ceremony tool | +| Backup 1 | None | +| Backup 2 | None | +| Signing Device - _my name_ | None | +| Revault SD - _my name_ | None | +| Noise Pubkey SD - _my name_ | None | + + +## 4. Generate Seed Mnemonic and derive keys + +Steps: + +- (if required) label the dice +- start the ceremony tool on both new laptops +- prepare the backups (to write/ stamp words) +- roll 100 dice (20 throws of 5 dice) and for each throw: + - type 5 numbers into both laptops as indicated by ceremony tool + + read dice left to right, exactly how they fall + + check the displayed word matches on both laptops with each set of 5 numbers (if not, restart ceremony tool and dice rolling) + - at the end entire mnemonic is displayed + - compare mnemonic on both laptops and ensure they match (if not, restart ceremony tool and dice rolling) + - write down/ stamp the word onto the correct backups + + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | NA | +| New Laptop 1 | OS, revault, ceremony tool, mnemonic seed, manager (xpriv, xpub), cpfp (xpriv, xpub), noise (privkey, pubkey)| +| New Laptop 2 | OS, revault, ceremony tool, mnemonic seed, manager (xpriv, xpub), cpfp (xpriv, xpub), noise (privkey, pubkey)| +| Backup 1 | mnemonic seed | +| Backup 2 | mnemonic seed | +| Signing Device - _my name_ | None | +| Revault SD - _my name_ | None | +| Noise Pubkey SD - _my name_ | None | + + +## 5. Move sensitive data + +- import mnemonic seed to signing device +- Using ceremony tool, insert the designated SD card to copy data: + + copy revault binary, unvault xpub 0, cpfp xpub 0 and noise 0 (privkey, pubkey) to "Revault SD - _my name_" to prepare for set-up + + copy noise 0 pubkey to "Noise Pubkey SD - _my name_" for coordinator + + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | NA | +| New Laptop 1 | OS, revault, ceremony tool, mnemonic seed, manager (xpriv, xpub), cpfp (xpriv, xpub), noise (privkey, pubkey)| +| New Laptop 2 | OS, revault, ceremony tool, mnemonic seed, manager (xpriv, xpub), cpfp (xpriv, xpub), noise (privkey, pubkey)| +| Backup 1 | mnemonic seed | +| Backup 2 | mnemonic seed | +| Signing Device - _my name_ | unvault (xpriv, xpub)| +| Revault SD - _my name_ | revault, unvault xpub 0, cpfp 0 (xpriv, xpub), noise 0 (privkey, pubkey) | +| Noise Pubkey SD - _my name_ | noise 0 pubkey | + +## 6. Destroy new laptops + +- Totally destory the new laptops (recommendations?) +- Leave the secure location with all devices because next steps are interactive + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | NA | +| New Laptop 1 | Destroyed | +| New Laptop 2 | Destroyed | +| Backup 1 | mnemonic seed | +| Backup 2 | mnemonic seed | +| Signing Device - _my name_ | unvault (xpriv, xpub)| +| Revault SD - _my name_ | revault, unvault xpub 0, cpfp 0 (xpriv, xpub), noise 0 (privkey, pubkey) | +| Noise Pubkey SD - _my name_ | noise 0 pubkey | + +## 7. Coordinator communication data-exchange + +- retrieve "Noise Pubkey SD - coordinator" from coordinator admin +- give "Noise Pubkey SD - _my name_" to coordinator admin + +## 8. Xpub exchange + +- Turn on "Used" laptop +- insert Revault SD and open revault binary (or yet another revault set-up tool?) +- (automatically) communicate with each other participant + - send my unvault xpub 0 + - get all stakeholders' vault xpub 0 + - get all other managers' unvault xpub 0 + - Communication routed through coordinator (to avoid copy paste of everything) +- import vault xpubs to signing device + + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | Revault binary, all participants vault/unvault 0 xpubs | +| New Laptop 1 | Destroyed | +| New Laptop 2 | Destroyed | +| Backup 1 | mnemonic seed | +| Backup 2 | mnemonic seed | +| Signing Device - _my name_ | unvault (xpriv, xpub), all participants vault/unvault 0 xpubs| +| Revault SD - _my name_ | revault, unvault xpub 0, cpfp 0 (xpriv, xpub), noise 0 (privkey, pubkey) | +| Noise Pubkey SD - _my name_ | noise 0 pubkey | + +## 9. Descriptor and Address verification + +- Managers check with each other participant that the wallet descriptors match each others' + +## Safeguard back-ups + +- Move each unvault back-up to a separate secure environment + +## Set-up laptop + +- Insert "Revault SD _my name_" into deployment laptop +- Install revault binary and follow set-up wizard + +## Test all spending paths + +- Use signet or testnet +- Ensure coordinator is running +- Test signing revocation transactions +- Test delegation process +- Test manual cancel +- Test manual emergency +- Test automatic cancel (breach revault policy) + + diff --git a/manager-key-tree-labelled.png b/manager-key-tree-labelled.png new file mode 100644 index 0000000..027f5db Binary files /dev/null and b/manager-key-tree-labelled.png differ diff --git a/stakeholder-deployment.md b/stakeholder-deployment.md new file mode 100644 index 0000000..c379f77 --- /dev/null +++ b/stakeholder-deployment.md @@ -0,0 +1,323 @@ +# Stakeholder Deployment Process + +## Device list + +| Device Name | Device type | +| --- | --- | +| OS SD - _my name_ | class U3 and or V30 or faster | +| Software SD - _my name_ | SD card | +| "Used" Laptop | Any with SD I/O | +| New Laptop 1 | Any with SD I/O | +| New Laptop 2 | Any with SD I/O | +| Vault Backup 1 | Metal | +| Vault Backup 2 | Metal | +| Emergency Backup 1 | Archival Paper | +| Emergency Backup 2 | Archival Paper | +| Signing Device - _my name_ | Hardware wallet | +| Revault SD - _my name_ | Any size any speed | +| Watchtower SD - _my name_ | Any size any speed | +| Emergency Pubkey SD - _my name_ 1 | SD card | +| ... | | +| Emergency Pubkey SD - _my name_ N_s| SD card | +| Emergency Pubkey SD - external 1 | SD card | +| ... | | +| Emergency Pubkey SD - external X | SD card | +| Noise Pubkey SD - _my name_ |SD card | + + +- "Used" laptop could be the live deployment laptop +- Retrieve emergency pubkey SD card from each external party associated with _this stakeholder_ participating in the emergency policy. + +## 1. Stakeholder start state: + +- at secret date and time, go to secure location with these devices + +| Device Name | Contents | +| --- | --- | +| OS - _my name_ | None | +| Software - _my name_ | None | +| "Used" Laptop | Any | +| New Laptop 1 | None | +| New Laptop 2 | None | +| Vault Backup 1 | None | +| Vault Backup 2 | None | +| Emergency Backup 1 | None | +| Emergency Backup 2 | None | +| Signing Device - _my name_ | None | +| Revault SD - _my name_ | None | +| Watchtower SD - _my name_ | None | +| Emergency Pubkey SD - _my name_ 1 | None | +| ... | | +| Emergency Pubkey SD - _my name_ N_s| None | +| Emergency Pubkey SD - external 1 | extern pubkey 1 | +| ... | | +| Emergency Pubkey SD - external X | extern pubkey X | +| Noise Pubkey SD - _my name_ | None | + + +## 2. Preparation + +- set-up live linux environment on "Used" laptop +- download a Linux operating system +- verify the signatures/hashes of the downloaded ISO +- unseal the faster SD card +- label it as "OS - _my name_" +- "burn" the ISO to SD card + +- download the ceremony tool binary +- download the revault binary +- download bitcoin binary +- download the watchtower binary +- verify the signatures/hashes of each binary + +- unseal another SD card +- label it as "Software - _my name_" +- copy the binaries to the SD card + +- Shutdown "Used" Laptop completely + +- Unseal remaining SD cards and label: + - one of them "Revault SD - _my name_" + - one of them "Watchtower SD - _my name_" + + - one of them "Emergency Pubkey SD - _my name_" + +| Device Name | Contents | +| --- | --- | +| OS SD- _my name_ | Verified OS | +| Software SD - _my name_ | Verified revault, watchtower and ceremony tool binaries | +| "Used" Laptop | Any | +| New Laptop 1 | None | +| New Laptop 2 | None | +| Vault Backup 1 | None | +| Vault Backup 2 | None | +| Emergency Backup 1 | None | +| Emergency Backup 2 | None | +| Signing Device - _my name_ | None | +| Revault SD - _my name_ | None | +| Watchtower SD - _my name_ | None | +| Emergency Pubkey SD - _my name_ 1 | None | +| ... | | +| Emergency Pubkey SD - _my name_ N_s| None | +| Emergency Pubkey SD - external 1 | extern pubkey 1 | +| ... | | +| Emergency Pubkey SD - external X | extern pubkey X | +| Noise Pubkey SD - _my name_ | None | + +## 3. Set-up new laptops + +For both new laptops: + +- Unseal the new laptop box + - DO NOT BOOT. + - use the screwdriver to open the laptop + - remove the wifi card if possible, if not at least disconnect the antennas. +- Insert "OS - _my name_" and install (boot?) OS from SD card +- Insert "Software - _my name_" SD card, copy all files to laptop + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | NA | +| New Laptop 1 | OS, revault, watchtower, ceremony tool | +| New Laptop 2 | OS, revault, watchtower, ceremony tool | +| Vault Backup 1 | None | +| Vault Backup 2 | None | +| Emergency Backup 1 | None | +| Emergency Backup 2 | None | +| Signing Device - _my name_ | None | +| Revault SD - _my name_ | None | +| Watchtower SD - _my name_ | None | +| Emergency Pubkey SD - _my name_ 1 | None | +| ... | | +| Emergency Pubkey SD - _my name_ N_s| None | +| Emergency Pubkey SD - external 1 | extern pubkey 1 | +| ... | | +| Emergency Pubkey SD - external X | extern pubkey X | +| Noise Pubkey SD - _my name_ | None | + +## 4. Generate Seed Mnemonic and derive keys + +Steps: + +- (if required) label the dice +- start the ceremony tool on both new laptops +- prepare the vault and emergency backups (to write/ stamp words) +- roll 100 dice (20 throws of 5 dice) and for each throw: + - type 5 numbers into both laptops as indicated by ceremony tool + + read dice left to right, exactly how they fall + + check the displayed word matches on both laptops with each set of 5 numbers (if not, restart ceremony tool and dice rolling) + - at the end, two mnemonics displayed; one for vault and one for emergency + - compare on both laptops and ensure they match (if not, restart ceremony tool and dice rolling) + - write down/ stamp the word onto the correct backups + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | NA | +| New Laptop 1 | OS, revault, watchtower, ceremony tool, mnemonic seed, vault (xpriv, xpub), emergency (xpriv, xpub), noise (privkey, pubkey), WT noise (privkey, pubkey) | +| New Laptop 2 | OS, revault, watchtower, ceremony tool, mnemonic seed, vault (xpriv, xpub), emergency (xpriv, xpub), noise (privkey, pubkey), WT noise (privkey, pubkey) | +| Vault Backup 1 | vault mnemonic seed | +| Vault Backup 2 | vault mnemonic seed | +| Emergency Backup 1 | emergency mnemonic seed | +| Emergency Backup 2 | emergency mnemonic seed | +| Signing Device - _my name_ | None | +| Revault SD - _my name_ | None | +| Watchtower SD - _my name_ | None | +| Emergency Pubkey SD - _my name_ 1 | None | +| ... | | +| Emergency Pubkey SD - _my name_ N_s| None | +| Emergency Pubkey SD - external 1 | extern pubkey 1 | +| ... | | +| Emergency Pubkey SD - external X | extern pubkey X | +| Noise Pubkey SD - _my name_ | None | + + +## 5. Move sensitive data + +- import vault seed into signing device +- Using ceremony tool, insert the designated SD card to copy data: + + copy all external emergency pubkeys from SD cards onto new laptops + + import emergency pubkeys to signing device + + copy my emergency 0 pubkey to N_s SD cards named "Emergency pubkey - _my name_" + + copy revault binary, Vault 0 xpub, emergency 0 pubkey, noise 0 (privkey,pubkey) and WT 0 noise pubkey to "Revault SD - _my name_" to prepare for set-up + + copy watchtower binary, vault 0 xpub, noise 0 pubkey, WT 0 (xpriv, xpub), WT 0 noise (privkey, pubkey) to "watchtower SD - _my name_" to prepare for set-up + + copy my noise pubkey 0 to "Noise Pubkey SD - _my name_" + + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | NA | +| New Laptop 1 | OS, revault, watchtower, ceremony tool, mnemonic seed, vault (xpriv, xpub), emergency(xpriv, xpub), noise (privkey, pubkey), WT (xpriv, xpub), WT noise (privkey, pubkey) | +| New Laptop 2 | OS, revault, watchtower, ceremony tool, mnemonic seed, vault (xpriv, xpub), emergency(xpriv, xpub), noise (privkey, pubkey), WT (xpriv, xpub), WT noise (privkey, pubkey) | +| Vault Backup 1 | vault mnemonic seed | +| Vault Backup 2 | vault mnemonic seed | +| Emergency Backup 1 | emergency mnemonic seed | +| Emergency Backup 2 | emergency mnemonic seed | +| Signing Device - _my name_ | vault (xpriv, xpub), emergency 0-100 pubkeys | +| Revault SD - _my name_ | revault, vault 0 xpub, emergency 0 pubkey, noise 0 (privkey, pubkey), WT 0 noise pubkey | +| Watchtower SD - _my name_ | watchtower, vault 0 xpub, noise 0 pubkey, WT 0 noise (privkey, pubkey) | +| Emergency Pubkey SD - _my name_ 1 | emergency 0 pubkey, extern pubkey 1, ..., extern pubkey X | +| ... | | +| Emergency Pubkey SD - _my name_ N_s| emergency 0 pubkey, extern pubkey 1, ..., extern pubkey X | +| Emergency Pubkey SD - external 1 | extern pubkey 1 | +| ... | | +| Emergency Pubkey SD - external X | extern pubkey X | +| Noise Pubkey SD - _my name_ | noise pubkey | + +## 6. Destroy new laptops & external emergency SD cards + +- Totally destory the new laptops (recommendations?) +- Totally destroy all emergency pubkey SD cards from external parties +- Leave the secure location with all devices because next steps are interactive + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | NA | +| New Laptop 1 | Destroyed | +| New Laptop 2 | Destroyed | +| Vault Backup 1 | vault mnemonic seed | +| Vault Backup 2 | vault mnemonic seed | +| Emergency Backup 1 | emergency mnemonic seed | +| Emergency Backup 2 | emergency mnemonic seed | +| Signing Device - _my name_ | vault (xpriv, xpub), emergency 0-100 pubkeys | +| Revault SD - _my name_ | revault, vault 0 xpub, emergency 0 pubkey, noise 0 (privkey, pubkey), WT 0 noise pubkey | +| Watchtower SD - _my name_ | watchtower, vault 0 xpub, noise 0 pubkey, WT 0 noise (privkey, pubkey) | +| Emergency Pubkey SD - _my name_ 1 | emergency 0 pubkey, extern pubkey 1, ..., extern pubkey X | +| ... | | +| Emergency Pubkey SD - _my name_ N_s| emergency 0 pubkey, extern pubkey 1, ..., extern pubkey X | +| Emergency Pubkey SD - external 1 | Destroyed | +| ... | | +| Emergency Pubkey SD - external X | Destroyed| +| Noise Pubkey SD - _my name_ | noise pubkey | + +## 7. Coordinator communication data-exchange + +- retrieve "Noise Pubkey SD - coordinator" from coordinator admin +- give "Noise Pubkey SD - _my name_" to coordinator admin + +## 8. Vault xpub exchange + +- Turn on "Used" laptop +- insert Revault SD and open revault binary (or yet another revault set-up tool?) +- (automatically) communicate with each other participant + - send my vault xpub 0 + - get all stakeholders' vault xpub 0 + - get all other managers' unvault xpub 0 + - Communication routed through coordinator (to avoid copy paste of everything) +- import vault xpubs to signing device + + +| Device Name | Contents | +| --- | --- | +| OS SD - _my name_ | NA | +| Software SD - _my name_ | NA | +| "Used" Laptop | revault binary, all participants vault/unvault 0 xpubs | +| New Laptop 1 | Destroyed | +| New Laptop 2 | Destroyed | +| Vault Backup 1 | vault mnemonic seed | +| Vault Backup 2 | vault mnemonic seed | +| Emergency Backup 1 | emergency mnemonic seed | +| Emergency Backup 2 | emergency mnemonic seed | +| Signing Device - _my name_ | my vault (xpriv, xpub), emergency 0-100 pubkeys, all participants' vault/ unvault 0 xpubs | +| Revault SD - _my name_ | revault, vault 0 xpub, emergency 0 pubkey, noise 0 (privkey, pubkey), WT 0 noise pubkey | +| Watchtower SD - _my name_ | watchtower, vault 0 xpub, noise 0 pubkey, WT 0 noise (privkey, pubkey) | +| Emergency Pubkey SD - _my name_ 1 | emergency 0 pubkey, extern pubkey 1, ..., extern pubkey X | +| ... | | +| Emergency Pubkey SD - _my name_ N_s| emergency 0 pubkey, extern pubkey 1, ..., extern pubkey X | +| Emergency Pubkey SD - external 1 | Destroyed | +| ... | | +| Emergency Pubkey SD - external X | Destroyed| +| Noise Pubkey SD - coordinator | noise pubkey | + + +## 9. Stakeholder emergency data-exchange + +- Stakeholders each give all other stakeholders a copy of their emergency miniscript +- Stakeholders import this data into their revault device and signing device +- emergency address is generated deterministally from all emergency miniscript fragments + + +## 10. Descriptor and Address verification + +- Stakeholders check with each other stakeholder that the emergency address matches each others' (confidentially) +- Participants check with each other participant that the wallet descriptors match each others' + + +## 11. Safeguard back-ups + +- Complete emergency back-ups with emergency miniscript info +- Move each emergency back-up to a separate secure environment +- Move each vault back-up to a separate secure environment + + +## 12. Set-up laptop + +- Insert "Revault SD _my name_" into deployment laptop +- Install revault binary and follow set-up wizard +- insert "Noise Pubkey SD - Coordinator" + +## 13. Set-up watchtower + +- Insert "Watchtower SD _my name_" into WT server +- Install watchtower binary and follow set-up wizard +- insert "Noise Pubkey SD - Coordinator" + + +## 14. Test all spending paths + +- Use signet or testnet +- Ensure coordinator is running +- Test signing revocation transactions +- Test delegation process +- Test manual cancel +- Test manual emergency +- Test automatic cancel (breach revault policy) + + diff --git a/stakeholder-key-tree-labelled.png b/stakeholder-key-tree-labelled.png new file mode 100644 index 0000000..f46e562 Binary files /dev/null and b/stakeholder-key-tree-labelled.png differ