Insider Takes: Wallet of Satoshi's Spark announcement
Wallet of Satoshi isn't fully self-custodial, but it isn't custodial... It's a beautiful third thing we don't know what to call yet
Fellow Americans, Happy 4th of July. To those who weren’t born into citizenship-based taxation, congrats. And for those of us who at least get the day off of work, I hope you spend it offline, with family and/or friends, enjoying a hot dog and a beer.
This post isn’t an attempt to align America’s founding values with bitcoin. It’s a few-days overdue take on a subject I’ve been fascinated by – statechains. Spark claimed that the incoming Wallet of Satoshi application is “fully self-custodial”. Most rejected this claim. As a casual observer, I couldn’t help but think some nuance is missing. My take:
Custody is binary. You either have it or you don’t. Spark wallets can’t be not self-custodial and custodial at the same time. So what gives?
Spark, and its corresponding wallets, provide users with custody over their funds. Users hold a key in a 2-2 statechain multisig. They have a pre-signed unilateral exit path to claim their funds onchain if the operator goes offline. This is custody. When you deposit funds into a statechain, no one can steal your coins.
What Spark is missing is provable finality guarantees. As ArkadeOS correctly stated, Spark transactions never really finalize from the view of users (by finalize, we mean that a user never has provable assurances that they are the only one that can spend the coins outright).
Statechains essentially see users transfer around their private keys to 2-2 multisigs, holding L1 coins, offchain. The operator, who is the holder of the other key in the multisig, is responsible for deleting its key shares held with previous owners during transfers. If the operator does this, the operator and the previous owner cannot collectively double-spend the current user’s coins. But users can never be sure that the operator honestly deleted said key shares. Simply put, proof of deletion isn’t mathematically possible.
So, as Matt Corallo rightly pointed out, malicious statechain operators can pose as honest actors and trick users into thinking they have the unique ability to spend the funds collaboratively with the operator. But even if a user didn’t have this ability, it doesn’t mean they don’t have custody. It means that a dishonest operator didn’t responsibly delete the previous key shares, seeing multiple users have the same level of custody for the coins.
You might receive a private key for the 2-2 multisig, but if the operator never deletes its previously held keyshare(s), then the transaction shouldn’t be considered final. Remember, every previous owner still has their private key. You just want to be the only person who can immediately spend funds with the statechain operator. It’s the operator's job to ensure that you can do this. And as a user, you trust their reputation to be confident they’re acting honestly.
In my opinion, rugging, in statechains, is effectively undoing a statechain transfer. It is reverting finality. You would never consider a statechain transfer final if the operator didn’t delete their previously held keyshare. But you can never prove that they did. You trust them to do this.
When people talk about “L2 self-custody,” they are referring to users retaining a unilateral exit path and having a provable assurance that they are the only ones who can spend the coins that they custody. Spark can only provide the former.
I have an essay coming out arguing this next week.
You’ll get it directly to your inbox. Happy 4th 🇺🇸
This piece is an opinionated take. It is not an official stance of The Insider Edition or Bitcoin++.