How to Escrow BTC on the IC

Recently Dom, and the IC team announced that Bitcoin would be natively supported by the IC.

This is a question for those who have been working with this new feature, two questions:

  • Does it work now?
  • How can we hold Bitcoin natively in the IC chain, and use it as an Escrow?

A bonus question for the #cryptologists who may be in the forum, how secure is this Escrow, if we hold BTC inside the IC blockchain? Or is it still preferable to wrap it like the folks in Ethereum do… a very risky operation still in our view.

Shanah Tovah to our Jewish friends on the IC community too!


It works with a beta key that is not guaranteed to be around forever…so not a long term solution at this point. Hopefully, we’ll have a prod key before the end of the year.

  1. Ask the subnet for a key from a smart contract(canister) that knows how to produce a key that only one person can access(derivation).
  2. Send BTC to that address
  3. When you want to get it out, the smart contract has to produce and sign a valid BTC transaction that sends the BTC elsewhere.

DFINITY is working on a canister that does this but also has some balance features and follows the icrc-1 standard. It will look a lot like wrapped btc, but the underlying system will be non-custodial and have some convenient integrations.

1 Like

Sounds like a great product idea

Thanks for that quick answer Austin.

So it’s not ready for deployment, but it’s in beta stage for testing, meaning it works, but it can change any time. The temporary key is a big issue for sure.

I will try to summarize what I think you are telling me as well:

    • The IC has temporary support for BTC native manipulation
    • Temporary because the key to work with this feature will expire.
    • The solution to hold BTC on the IC relies on a 3 party smart contract, where the BTC pair is encrypted, and can only be released by a third key that is under the control of the owner of the asset.

My question is mainly about point 3 above, how secure is the encryption, and the algorithm for the smart contract manipulation? What algos are being used? Can we see that IC code somewhere?

It will still be custodial because the user doesn’t have the private key.

I’m pretty sure the code is in the replica already. See GitHub - dfinity/ic: Internet Computer blockchain source: the client/replica software run by nodes. As far as the algo, it is t-ecdsa where the t is threshold. The signature requires the cooperation of 1/3 of signing nodes. On a 13 node subnet, that means 5 nodes are needed to reconstitute. For 34 node subnets it’s would be 12 nodes. The t-ecdsa subnets will be “fiduciary” subnets with 34 nodes.

How secure it is depends on how easy you think it would be to get 12 of 34 independent node providers to collude.(more decentralization is necessary in reality for securing very large sums)

1 Like

Maybe we have different definitions. In the old world non-custodial meant that only you had the key. It was binary. Either they had it or you had it.

In this new world, no one has the key. It doesn’t exist. I’d consider that non custodial because there is no custodian holding your key. Perhaps you consider the network as a custodian, but it is fundamentally different than Coinbase having your keys.


Yea the network is the custodian because 12 of 34 nodes has the key and they can possibly collude to rug you and there isn’t anything you can do about it if that happens. It isn’t all that much different than a multi-sig, only difference is the sig is implemented at the protocol level instead of the app level (so it is somewhat more secure). It’s fundamentally different than Coinbase holding your key but it’s also fundamentally different than a regular wallet where you hold your key or a 2 of 2 multi-sig where you hold 1 key like a Lightning channel. In the latter 2 scenarios if you secure your key (and watch your channel) it’s impossible for anyone to rug you.

So what’s the genuine go-to for the release of btc integration if 12 nodes need to collude. How does a fiduciary subnet protect the IC for integrations…also are nodes going to be static or shuffled for release, how will this impact security?

Can we run these nodes via DAOs in different physical vaults/locations somewhere with access limited to voted dao member/s voted on by community ( there could be further measures taken to ensure no collusion ) such as no simultaneous access

Can you expand on this? It sounds like you’re saying that it is possible for someone to take your BTC on Lightning, but that you have an opportunity to prevent the theft if you watch your account diligently.

Yea because of they way LN works its possible for 1 owner of the multi-sig wallet channel to steal some money from the other owner if that other owner is offline for a certain period of time. So you have to have a LN watcher program frequently monitoring your channel either running on your own device or/and from a 3rd party “watchtower” service. What Are Watchtowers in Bitcoin's Lightning Network?