The broad topic of this thesis is the design and analysis of Bitcoin custody systems. Both the technology and threat landscape are evolving constantly. Therefore, custody systems, defence strategies, and risk models should be adaptive too. We introduce Bitcoin custody by describing the different types, design principles, phases and functions of custody systems. We review the technology stack of these systems and focus on the fundamentals; key-management and privacy. We present a perspective we call the systems view. It is an attempt to capture the full complexity of a custody system, including technology, people, and processes. We review existing custody systems and standards. We explore Bitcoin covenants. This is a mechanism to enforce constraints on transaction sequences. Although previous work has proposed how to construct and apply Bitcoin covenants, these require modifying the consensus rules of Bitcoin, a notoriously difficult task. We introduce the first detailed exposition and security analysis of a deleted-key covenant protocol, which is compatible with current consensus rules. We demonstrate a range of security models for deleted-key covenants which seem practical, in particular, when applied in autonomous (user-controlled) custody systems. We conclude with a comparative analysis with previous proposals. Covenants are often proclaimed to be an important primitive for custody systems, but no complete design has been proposed to validate that claim. To address this, we propose an autonomous custody system called Ajolote which uses deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a model of its state dynamics, a privacy analysis, and a risk model. We propose a threat model for custody systems which captures a realistic attacker for a system with offline devices and user-verification. We perform ceremony analysis to construct the risk model.

翻译：本论文的广泛主题是比特币托管系统的设计与分析。技术与威胁环境均在不断演变，因此托管系统、防御策略及风险模型也应具备适应性。我们通过描述托管系统的不同类型、设计原则、阶段和功能来介绍比特币托管。我们回顾了这些系统的技术栈，并聚焦于基础领域：密钥管理与隐私。我们提出了一种称为“系统观”的视角，旨在全面捕捉托管系统的复杂性，涵盖技术、人员与流程。我们审视了现有的托管系统与标准，并探讨了比特币契约（covenants）——一种对交易序列施加约束的机制。尽管先前的工作已提出如何构建与应用比特币契约，但这些方法需修改比特币的共识规则，而这是一项众所周知的艰巨任务。我们首次详细阐述了与当前共识规则兼容的删除密钥契约协议及其安全分析。我们展示了删除密钥契约的一系列看似实用的安全模型，尤其是在自治（用户控制）托管系统中的应用。最后，我们通过与先前提案的比较分析得出结论。契约常被宣称为托管系统的重要原语，但尚未有完整设计验证此论断。为解决这一问题，我们提出了一种名为Ajolote的自治托管系统，利用删除密钥契约强制执行保管库序列。我们通过状态动力学模型、隐私分析及风险模型对Ajolote进行评估。我们提出了一种针对托管系统的威胁模型，该模型捕捉了针对离线设备与用户验证系统的现实攻击者。我们通过仪式分析（ceremony analysis）构建风险模型。