The Bitcoin SSL paper is interesting. I will hopefully go on the Bitcoin Optech Podcast on Tuesday to discuss it with the author. He thinks he has a solution to the Vault problem that could give a lot of people peace of mind, and I think he is probably right. Here's why.
First, here's a link to the paper: https://github.com/ilghan/bssl-whitepaper/blob/main/B-SSL_WP_Oct_11_2025.pdf
Their model has users put funds into a vault with a timelock of max 15 days til they can spend it via the "cooperative" path, otherwise there is a "sad path" by which the user can unilaterally recover it after 1 year, or a "very sad" path by which a custodial service can sweep the funds for the user after 3 years.
The 15 day timelock on the "happy path" is meant to insure users against kidnappers, who are less likely to kidnap you for your bitcoins if they have to keep you captive for 15 days and convince a service provider to cosign your tx.
But this protection is undermined if you send your money into the vault around the time you sign up for the vault service and then let it sit there for 15+ days. If you did that, the timelock would expire, and kidnappers would not have to worry about keeping you captive for 15 days.
To fix this, you either have to stop your money from entering the vault until you are preparing to spend it, or you have to cycle it: every 15 days, you must send your money out of the vault and straight back into it again.
Thankfully, both options are doable with presigned transactions, which can be created and stored when you sign up for the service. So this problem is fixable without introducing extra liveness assumptions for the user.
Also, if cycling is used, there are regular mining fees to pay, but these can be rolled into the service fees charged by the vault service provider or VSP. The VSP can just charge their users a monthly or annual service fee and then use some of that money to broadcast/pay for their cycling transactions without further action needed by their customers.
Besides transaction cycling, I came up with another, cheaper solution and proposed it to the author, which is this: have the user's money start off in Key Q. Sign a transaction that moves the money into the vault, then delete Key Q, and store the signature with the service provider, as well as keeping a copy yourself.
As a result, if you get kidnapped, your money can *only* enter the vault, where it then has to wait 15 days. This method avoids the extra costs involved with transaction cycling, and is simpler. But it requires secure key deletion, which is difficult to do, though not impossible.
I think this vault proposal may give a lot of people peace of mind. I had a conversation with a nocoiner recently and his first question was, "what if someone kidnaps you and demands that you send them your bitcoins or they will kill you?"
I wish I had known about this idea so I could tell him how bitcoin fixes this.
Tune in to Optech Podcast on Tuesday for more!
