How Fedimint Scales Bitcoin Custody – Bitcoin Magazine
Fedi Inc. on Tuesday announced that it had raised $4.2 million in a seed round as the company seeks to onboard more users onto Bitcoin with the Fedi app, per a statement sent to Bitcoin Magazine.
The application, which the company expects to begin rolling out in Q1 2023, will provide a user interface for Fedimint, an open-source protocol that leverages federated Chaumian Ecash mints to decentralize bitcoin custody and enhance the scaling capabilities of the currency.
“Fedi and Fedimint will help put monetary power back into the hands of everyone, everywhere,” said Fedi Inc. co-founder and CEO, Obi Nwosu, in a statement. “This creates brighter futures for billions and especially for those struggling under oppressive regimes, which ultimately makes the world a better place.”
How Fedimint Works
Fedimint is based on the concept of second-party custody, which improves upon third-party custody solutions and even some self-custody (first-party custody) setups.
Second-party custody involves trusting family members or friends with the custody of one’s bitcoin in a way that improves the trust and security models inherent in the classic centralized third-party custody solutions — which are often composed of strangers whose incentives don’t necessarily align with those of the user.
It isn’t uncommon for third-party custodians to fall short in properly securing the bitcoin of a given set of users. Not only is this a risk because that third party represents a single point of failure but the success of this setup is greatly dependent on the incentives that the custodian has in securing the users’ funds. For a stranger, the incentives more closely align with the necessity to either make profits from the custody service, blatantly steal, or rehypothecate the funds than to methodically ensure best practices for the safety of those bitcoin.
Second-party custody seeks to improve upon this model by having users rely on parties they already trust in real life — for example, close friends or family members — to secure their funds instead of completely outsourcing this task to an institutional stranger.
With Fedimint, users can create a community whose technical leaders will be those tech-savvy and trusted enough to ensure a proper functioning of the system. Though the concept of trust is alien to most Bitcoin proponents, the reality is some might incorporate an aspect of trust in their self-custody setup today without realizing it.
When users self-custody bitcoin, they have to make decisions relating to the backup of those funds. Whereas they can remain in possession of their hardware wallets or signing devices at all times, the 12 or 24 words arguably need to be stored away so as to mitigate the risk of loss or theft. In doing so, users need to opt between storing them in a safe at home, in a friend’s safe, or in a bank. The latter is susceptible to seizure by the government as banks need to abide by eventual subpoenas, whereas the former is susceptible to $5 wrench attacks. Leaving the backup words with a friend can be smart if the friend is highly trustworthy — mitigates against seizure — and not as publicly known — to mitigate against indirect $5 wrench attacks. However, it is still a single point of failure.
Ideally, therefore, the backup codes for a self-custody setup would be split using a cryptographically secure model such as Shamir’s Secret Sharing and each part given to a trusted second party. The issue with this, besides the technical complexity of devising such a scheme, is again trust; the user needs to trust not only each second party but collectively that they don’t collude against the user and steal their bitcoin. Therefore, even the most sophisticated of the self-custody setups might include some level of trust.
Fedimint brings that trust assumption — second-party trust — into a model that is less technically complex than self-custody and more scalable and private. Here’s how it works.
Chaumian Ecash
As mentioned above, Fedimint is based on Federated Chaumian Ecash.
Chaumian Ecash is the digital cash invented by Dr. David Chaum, an early cryptographer who in the 1980s sought to mitigate against the privacy issues inherent in the digitization of money — a trend the researcher foresaw as digital means of communication began to emerge in his time. Chaum was concerned with the impending privacy risks of a digitized money, where banks would be able to trace people’s spending, and physical cash’s peer-to-peer nature would be lost.
The issuance and redemption of Chaum’s digital cash was still centralized, though its transacting was P2P. The researcher didn’t attempt to break free from government money per se; rather, he sought a means to conduct in-person cash trades online.
Chaum’s money leveraged cryptography to allow a user to deposit money into a bank and receive an “I owe you” (IOU) bank note that could be traded further among other people. That banknote promised its holder X amount of money to be redeemed by the bank at any given time — a concept popularized by the banknotes of the time of the gold standard. Given the not-so-great divisibility and transportability of gold, gold IOU banknotes allowed for an easier transfer and carrying of “gold.” Likewise, a holder of Chaumian Ecash would be able to redeem it for real money at the bank that issued it.
Chaum’s model, of course, relied on the reputation of the bank. Customers transacting with that bank’s IOU note would need to trust the bank’s ability to honor the contract stipulated by that note. Otherwise, customers would see no value in them and hence would forgo transacting in those notes completely.
On the privacy side of things, Chaum’s Ecash leveraged blind signatures, a cryptographic trick that prevents the bank from knowing who owned the banknote. Without it, it would be trivial to link a user’s identity with a given note.
The example given by Chaum himself to illustrate this concept relied on carbon copy paper envelopes. The user can obtain a blind signature — a signature on something which the signer doesn’t know the content of — by putting the data they want signed inside the envelope made of carbon copy paper and sealing it. The signer could sign the envelope itself, and due to the carbon copy paper the signature would “leak” to the data and sign it as well.
With Chaum’s blind signature protocol, the depositor would send a blinded piece of data to the bank. After receiving the data blindly signed, the depositor would be able to unblind it — which would allow them to transfer it by giving it to another person. After a given amount of trades, that note could at any time be redeemed back at the bank for its corresponding amount of money. At the time of redemption, the bank would be able to check whether it had previously signed that piece of data and whether it had been already redeemed or not — checking for validity and shielding against a double spend.
Federated
A federation improves upon the centralization of Chaumian Ecash. It is what allows the decentralization of custody and hence also improves upon the more popular third-party custody solutions in the Bitcoin ecosystem.
A federation is a technical setup formed among multiple parties with a multisignature Bitcoin address. A multisignature, multisig for short, enables funds to be locked up in a Bitcoin address that requires a minimum amount of those parties to agree before moving any funds. In practice, this works by requiring multiple signatures — hence the name — so the funds can be unlocked and moved. Common multisig setups include 2-of-3 and 3-of-5; in the former, three signatures comprise the setup in total and two are needed to move the bitcoin, whereas in the latter three signatures out of a total of five are needed before the BTC can be spent.
The multisignature ensures that one custodian doesn’t go rogue and spends the bitcoin it is custodying on behalf of the user. The user still needs to trust the custodians collectively, but the resilience of the system is increased as multiple people the user supposedly trusts in real life would need to collude against the user to steal their funds. This is why the usage of known and trusted parties to make up the federation is a must.
Moreover, the multisig also ensures that the IOUs issued by the federation are also a multisig, requiring the same quorum for the movement of funds and meaning that one guardian can’t create IOUs by themself.
The Answer To Scaling Private Bitcoin Custody?
Putting it all together, Fedimint leverages a decentralized trust system to enable Bitcoin users to form communities with friends and family, within which money transactions are cheap, quick and anonymous, and custody is simplified and strengthened.
Users can join a Fedimint community by depositing bitcoin to the federation and receiving the corresponding amount of IOU tokens, which can be transferred anonymously to members of that community. The receiving party then exchanges the received tokens for new ones: a process that is similar to Chaum’s blind signature scheme enables the federation to check that the sender did not double-spend those tokens. After a successful exchange for new tokens, the receiver marks the transaction as complete.
The Lightning Network, Bitcoin’s second-layer protocol for fast and cheap payments, can enter the Fedimint mix to further strengthen the setup. More specifically, Lightning allows users in a federation to be interoperable with the entire Bitcoin ecosystem.
In a nutshell, Fedimint wallets have the potential to bring strong privacy to Bitcoin users with better security than third-party custody setups and more ease of use than fully-fledged self-custody solutions. It might be the tool that answers the challenge of scaling self-custody while encouraging more people to forgo outsourcing the custody of their bitcoin to a centralized custodian who is effectively a single point of failure — one of the many possible solutions for a feasible hyperbitcoinized world.