企业级多签比特币托管服务与Kevin Loaec | SLP704

然后如果资金在特定时间内没有移动，恢复路径或恢复密钥就能够进行支出。

And then if the funds are not moving for a specific amount of time, the recovery path or the recovery keys are able to spend.

但这并不意味着资金会自动转移到不同的钱包或发生类似情况。

But it doesn't mean the funds are going to a different wallet automatically or things like that.

事实并非如此，对吧？

That's not the case, right?

因此，即使企业因某些原因（比如忘记或无法访问密钥）在特定时间内没有移动资金，恢复方法只是变为可用状态，并不意味着他们必须进行支出，对吧？

So even in the case where a business would not move their funds for a specific amount of time, for some reason they forgot or they didn't have access to the keys or something, The recovery method is just becoming active, but it doesn't mean they have to spend, right?

只要主要持有者能找回他们的密钥，他们仍然可以进行交易，一切都会按正常方式重置。

So as long as the primary one still recover their keys, they can still do a transaction and everything is just reset the normal way.

所以不存在——我不确定你说的'泄露'具体指什么，但至少资金不会以这种方式自行流失。

So there is no I mean, I'm not sure what you meant by leak, but at least there is no leak in this way where the funds could go away by themselves.

我想我指的是恢复路径不会被提前使用。

I guess what I was referring to is more just that the recovery pathways are not used early.

对吧？

Right?

而这再次由比特币协议在链上强制执行。

And that's, again, enforced on chain by Bitcoin's protocol.

是的。

Yes.

所以，我们确实使用了一种叫做相对时间锁的机制。

So, yeah, we do use something called relative time locks.

每次——好吧，我稍微简化一下——但每次你进行交易时，都会重新触发这个延迟。

So it's every time well, I'm simplifying a little bit, but it's every time you do a transaction that would push this delay again.

因此在典型的灾难恢复场景中，我们可能会设置一个长达一年左右的时间锁。

So in typical disaster recovery situation, we might have a long time lock of like a year or something.

所以我们预期企业进行的交易频率会高于每年一次。

And so we would expect the business to do more transactions than just once a year.

虽然有些简化，但原理就是这样的。

Simplifying a little bit, but this is how it works.

所以你不需要过多考虑具体的天数或日期。

So you don't have to think too much about specific days or specific dates.

这更像是常规使用意味着没有问题。

It's more like a regular use means that there is no problem.

所以恢复过程仍在向未来推进。

So the recovery is still moving forward to the future.

实际上这里还有一点很有趣，假设这是第三方密钥或安全性较低的密钥，而那个恢复密钥或多个密钥某种程度上被泄露了。

Another thing that's quite interesting here actually is that, let's say it's a third party key or it's a key that's less secure maybe, and that recovery key or keys are somewhat leaked.

这种情况是有可能发生的，对吧？

That could happen, right?

比如密钥被破解，或者员工没有妥善保管密钥，而那个恰好是恢复密钥。

Like a key is breached or an employee didn't secure their key properly, and that just happened to be the recovery key.

这其实挺好的，因为这意味着在正常情况下这些密钥是无效的。

That's pretty good because it means well, it's not bad because it means that in a normal case, these keys are not valid.

所以只要员工或公司注意到，我们仍然可以通过迁移将资金转移到另一个钱包

So as long as the employee or the company notice, we can still migrate the funds to a different wallet with the migrating

从那个设置转移到新设置，因为你知道如果保持当前设置，最终会面临那个密钥变得有效并能花费比特币的情况。

out of that setup into a new one because you know that if you stay on the current setup, you're eventually gonna be in a situation where that key is now valid and it could spend the coins, obviously.

是的。

Yes.

这对托管机构尤其有利，因为目前托管机构可以动用所有用户的资金。

And this is this is particularly good for custodians because currently custodians have access to the funds of all of their users.

所以一旦发生泄露，他们实际上可能会丢失所管理的全部资金。

So if something leaks, they might actually leak all of the funds they are managing.

对吧？

Right?

但你可以设想，现在这些托管机构只是作为用户设置中的一个恢复密钥存在。

But you could imagine that now these custodians just become a recovery key on their user setup.

因此即使托管机构遭到入侵，通常他们的用户也不会处于时间锁已过期的境地。

And so even in case of a breach of the custodian, typically their users shouldn't be in a situation where the time lock expired.

如果用户正常使用钱包，其恢复服务提供商的泄露对他们来说并不意味着太严重的后果。

So if the user is actually normally using their wallet, a breach of their recovery provider doesn't mean anything too catastrophic for them.

他们只会收到一条通知说：'嘿，出问题了。'

They would just receive a notification saying, hey, there was a problem.

你应该把资金转移到其他地方，比如另一个钱包。

You should rotate your funds elsewhere, you know, in a different wallet.

而且，是的，这样好多了。

And and, yeah, that's that's much better.

这又回到了你最初关于风险集中化的问题。

And that goes back to your first question about the centralization of risk.

这也会大大降低攻击这类服务提供商的动机，因为获取他们的密钥并不意味着你能获取任何资金。

It would also lower a lot the incentive to attack such providers because getting access to their keys doesn't mean you get access to any funds.

所以，你知道，这在很多时候都很有帮助。

So that's, you know, that's helping a lot of the time.

比如一年后或什么时候。

For, like, a year from now or whatever.

既然我们谈到整个恢复机制，我们刚才讨论了一些关于相对时间锁的内容，我记不清具体细节了，我想我们在之前的播客里提到过。

And while we're on the whole recovery thing, now we've been talking a little bit about relative time locks, and, I can't remember the exact I think you we did it on a prior podcast.

我记得你提到的限制是一年半或一年零三个月左右。

I think you mentioned the limit is, a year and a half or a year and three months, something like that.

那么现在有没有关于更长恢复路径的讨论？或许采用绝对时间编码，因为我们无法设置那么长的相对时间锁？

And now are there discussions about longer recovery paths that are maybe encoded in an absolute way because we can't do relative time locks for that long?

对此有什么看法？

What's the thinking on that?

是的。

Yeah.

对于商业版，我们能够实现这一点。

For Business, we are able to do this.

但我们仍然没有在Lena的普通免费开源版本中实施。

We're still not doing it on the normal free open source version of Lena.

原因是我们认为这会...好吧，如果允许用户这么做，他们可能会犯错

The reason for this is that we believe it will Well, users will make mistakes if we let them do this kind of

他们可能会自掘坟墓，把币锁定二十年或一百年之类的

They could like foot gun themselves and lock their coins for twenty years or something or one hundred

当然，或者有两个原因，没错。

years Of course, or there's two reasons, yes.

绝对时间锁的最大锁定时间是九千五百年。

So one of them is that the maximum time lock you can do in an absolute time lock is nine thousand five hundred years.

这确实相当漫长。

So that's quite a long time.

李·布兰·约翰逊可能还活到那时候呢。

And Lee Bran Johnson will be around for that.

也许吧。

Maybe.

另一个原因是它在脚本中也是绝对的，意味着你无法将其推迟到未来。

And and the other one is that it's also absolute in the script, which means that you cannot push it in the future.

从技术上讲，你必须创建一个新钱包。

You have to create a new wallet, technically.

这意味着需要重新备份描述符，重新注册描述符等等。

So that means new backups of your descriptor, new registration of your descriptor, all of that.

从用户体验角度来看，这并不理想。

And from a UX perspective, it's not great.

我们也知道很多用户和企业都在重复使用地址。

We also know that a lot of users and businesses are reusing addresses.

他们本不该这样做，但事实如此。

They should not, but they do.

所以会发生什么呢，如果你误将资金发送到之前设置了绝对时间锁且已过期、并已轮换为新钱包的旧钱包，而你可能没有保留旧钱包的备份。

And so what happened, you know, if you mistakenly send funds to your previous wallet, which has the time lock, the absolute time lock expire, and you rotate it to a new one, and maybe you didn't keep a backup of the old one.

因此管理这类钱包就变得相当棘手。

And so this is where it's becoming tricky to manage such wallets.

并非完全不可能。

It's not impossible.

有些钱包处理得还算正确，比如Nunchuck或Keeper，但我仍然认为普通用户不应该接触这个功能。

Some wallets are doing it, you know, kind of correctly, like Nunchuck or Keeper, but it's still something that I don't feel a normal user should have access to.

这就是为什么我们暂时只对企业用户开放此功能。

So that's why we're going to limit it to business users for now.

我不希望没有我们技术支持的普通用户能够进行这类操作。

I don't want the the average user that doesn't have our support to be able to do these kind of things.

本期节目由Coincite赞助，他们生产我最喜欢的比特币硬件钱包Coldcard Q。

This episode is brought to you by Coincite, the makers of my favorite Bitcoin hardware wallet, the Coldcard Q.

有些人认为自我托管太难，但这实际上是关于为你的比特币财富负责，并理解自我托管能给你真正的自由感。

Now some people think self custody is too hard, but it's really about taking responsibility for your Bitcoin wealth and understanding that self custody gives you a true feeling of liberty.

Coldcard Q配备全键盘和大屏幕，拥有两个安全元件和真正的物理隔离，让你从种子生成到交易签名都能完全通过二维码实现物理隔离操作。

The Coldcard Q has a full keyboard and big screen, it's got two secure elements and a true air gap allowing you to go fully air gapped using QR codes from seed generation to transaction signing.

你可以用三节AAA电池为设备供电，甚至不需要插墙电。

You can power the device using three AAA batteries so you don't even have to plug it into the wall for power.

你可以轻松搭配PC端的Sparrow Wallet或移动端的Nunchuck使用，并根据自己选择的安全和复杂度需求进行调节。

You can easily use it with Sparrow Wallet for PC or Nunchuck on mobile and you can dial it into the right level of security and complexity that you choose.

如果想要简单设置，只需使用12个单词和单签名即可。

If you want a simple setup just use 12 words and single signature.

如果需要密码短语也很简单。

If you want passphrases easy.

如果你想添加多重签名或联合签名功能，Coldcard Q也都能满足。

You If want to add multisig or co signing features, you've got those too.

请访问coinkite.com，使用优惠码LAVERRA可享冷钱包或其他设备9折优惠，立即升级您的自主托管方案。

So go to coinkite.com, use code LAVERRA to get 10% off on your cold card or other devices and level up your self custody today.

没错，他们很容易犯错，确实如此。

Right and they could easily make a mistake or yeah.

那么实际操作中会是什么样子呢？

So what would that look like in practice?

比如说Liana，有家企业想和你签约。

So let's say, Liana, some business wants to sign up with you.

他们完成常规设置，就是我们之前讨论过的标准流程，但希望设置一个五年或十年后生效的深度恢复密钥。

They do their normal setup, you know, the normal stuff we've spoken about, but they wanna have some kind of deep recovery key for five years out or ten years out.

这种情况下实际由谁来担任密钥保管人？

Who would actually be the keyholder in that scenario?

他们会选择大型托管机构作为十年期的密钥保管人吗？具体如何运作？

Is are they going to, like, you know, a big custodian to be that keyholder for the ten years out case, or how does that work?

还是说将由你来担任这个密钥保管人？

Or are you gonna be the keyholder for that?

不会是我们，因为目前我们仍以欧洲为基地，无法进行任何与密钥相关的操作。

It's not going to be us because for now we're still based in Europe and we cannot do anything with keys.

未来我们可能在别处开设子公司，当有足够需求时，或许能提供这类服务。

We might at some point open a subsidiary somewhere else and be able to offer these kind of services that might make sense when we have enough demand.

不过目前来说，这部分工作会由第三方负责。

But yeah, for now it's going to be third parties.

但Liana商业版的操作流程略有不同。

The process though in Liana Business is a little bit different.

企业不会自行在本地完成设置。

The business is not going to do their setup themselves on their side.

我们会与他们进行商讨。

We will have a discussion with them.

我们会为其准备专属模板——虽然称之为模板，但其实是量身定制的，对吧？

We prepare their kind of call it a template, but it's just for them, right?

所以这是独一无二的专属模板。

So it's a unique template.

然后当他们使用Liana Business软件时，实际上会有一个不同的入职流程，仅要求他们提供特定的密钥。

And then when they use their Liana Business software, they will actually have a different onboarding flow that just asks them for their specific key.

因此，钱包中的每个参与者都将通过电子邮件、姓名等信息进行注册。

So each of the participants in the wallet is going to be registered with their email and name and things like that.

所以在他们的每台电脑上，系统只会要求输入他们特定的密钥。

So on each of their computers, it will only ask for their specific key.

系统会提示他们插入硬件钱包。

So it will ask them to plug in their hardware wallet.

我说的密钥并不是你的助记词。

When I say key, it's not your mnemonic.

永远不要在电脑上输入助记词。

Never enter that on the computer.

因此整个设置过程可以说是相当安全可靠的。

And so the setup is really kind of foolproof.

他们无需做任何更改。

They don't have to change anything.

他们不需要设置时间锁。

They don't have to set up time locks.

一切都会为他们准备好。

Everything is going to be prepared for them.

他们只需按要求将密钥放入正确位置，然后确认一切无误即可。

And they will just ask to put their keys in the right place and then to confirm everything is correct.

因此，我们这边在需要时甚至会设置绝对时间锁来完成这些操作。

And so we are going to do these things even with the absolute time lock when needed on our side.

所以在他们那边，软件端不会修改任何这些设置，他们知道这将是我们与他们商定的方案。

So on their side, on the software side, they are not going to be modifying any of these settings, so they know it's going to be what we discussed with them.

至于恢复密钥本身，可能还是由他们保管。

For the recovery keys itself, it could be them again.

他们可以选择使用自己持有的密钥——比如之前讨论过的由董事会保管的密钥，或者存放在银行的保险箱里，采用一种传统多重签名方式，需要两位创始人同时到场才能开启保险箱之类的安排。

So they can choose to have one of their own keys that they have maybe held with the board as we were discussing before, or held in, I don't know, like a safe deposit box in a bank where they actually have a kind of an old school multisig where two of the founders need to go to be accessing this safe, things like that.

所以确实要看具体情况而定。

So yeah, it really depends.

如果他们需要第三方，可以引入自己的第三方。

And if they need a third party, they can bring in their own third party.

可以是他们已有合作的托管机构。

So that could be a custodian they deal with already.

或者我们可以推荐一些我们知道的机构。

Or we could kind of recommend them some that we know of.

但现阶段我们无法亲自操作。

But, yeah, at at this stage, we can't do it ourselves.

必须通过第三方进行。

It has to be third parties.

明白了。

I see.

你觉得这会成为常见做法吗？比如既有常规方案，又设置一个五年或十年后生效的深度恢复路径，交由大型托管机构或专门负责这类事务的专业人士保管？

Do you see that becoming a a common practice, though, like having, let's say, manuscript and, like, you know, your your normal stuff, but then also one deep recovery pathway for five years out or ten years out just in case, and that is held with maybe some big custodian or some, you know, professional who whose role is it is to do that?

嗯，有可能。

Yeah, possibly.

我个人还是更倾向于相对时间锁的方案。

I still personally prefer my relative time lock stuff.

所以我总是希望能延长锁定时间，但对于通过第三方设置非常长期或非常长的恢复路径，我也没有异议。

So I always prefer to be able to push it further, but I don't have a problem with very large or very long recovery path with a third party.

问题更多在于，如果你把密钥锁定十年，十年后你的托管方还会存在吗？

The problem is more like, if you lock your key for like ten years, is your custodian still going to be there in ten years?

这个时间跨度开始变得很长了，对吧？

It's starting to be a long time, right?

即使对可信方来说也是如此。

Even for a trusted party.

这类事情有点难以拿捏，你知道的，多久算太长，多久又算足够。

So these kinds of things are a bit difficult to gauche and to figure out, you know, how long is too long and how long is enough.

我确实认为完全自主托管会变得非常普遍，即只有你能随时动用资产。

I do think it's going to be very common to have proper self custody where only you can spend at any time.

没有联署人，没有其他条件，也不需要向任何人申请授权。

There is no cosigner, there's nothing else, there is no authorization to ask anyone else.

只有你和你的团队，对吧？

It's just you and maybe your team, right?

我说的'你'指的是整个组织。

When I say you, it's like the organization.

但你们应该设置一个恢复选项以防万一。

But you would have a recovery option in case something go wrong.

我真心认为这应该成为比特币普通用户的默认设置，因为我们知道资产丢失是真实存在的风险，而且发生时并不愉快。

And I really think that should be nearly the default for normal users of Bitcoin, because we know loss is a real risk and it's not fun when it happens.

所以，是的，这是个不错的处理方式。

So, yeah, that's a good way of doing it.

还有一点我们尚未讨论，不知道你是否想涉及，那就是保险。

And something we haven't covered yet, and I don't know if you wanted to cover it, but it's insurance.

当然，当我们谈到第三方时，之前描述的基本上是一种技术层面的保险。

Of course, when we start talking about third party, what we were describing until now were basically a technical insurance.

从监管角度看这不是保险，但你知道万一出事时有第三方能接触到你的币。

It's not an insurance from a regulatory perspective, but you kind of know a third party can access your coins if something happens.

但现在我们可以讨论实际的保险方案，在这种特定设置下，保险公司可以直接为恢复方提供保险。

But now we can talk about the actual insurance, where an insurance company in this specific setup can just insure the recovery party.

所以如果是一个仅作为恢复选项的可信托管方，如果他们投保的保险公司明确表示，如果他们的密钥丢失，我们将赔付用户的资金，这也开始变得有趣起来。

So if it's a trusted custodian that's here only as a recovery option, if they are covered with the insurance company actually saying, you know, if their key is lost, we will cover the user's funds, that's starting to be interesting as well.

因为对保险公司而言，风险确实很低。

Because for the insurance company, the risk is really low.

涉及的金额不像Coinbase全部资金那么庞大，对吧？

The amounts are not like crazy as if it was all of the funds of Coinbase, right?

只有当该密钥出问题时，才会影响到这一个用户。

It's only affecting this one user if something went wrong with that key.

对用户来说这很棒，因为他们知道无论发生什么，即使第三方消失或丢失密钥，当然都有防止损失的保险保障。

And for the user, it's like nice because they know that no matter what happens, even if their third party disappear or lose their keys, there is an insurance coverage against loss, of course.

对吧？

Right?

有意思。

Interesting.

好的。

Okay.

是的。

Yeah.

我们已经讨论了几点内容。

So we've covered a couple of things.

另一个方面，我想我们刚才略有提及，现在明确说明一下。

So one other area, I guess we were touching on this lightly, just to kind of spell it out.

假设在一个组织中，密钥丢失或被撤销，可能是由于员工流动，如何在不引入托管风险的情况下维持恢复途径？

So let's say in a scenario where there's an organization where keys are lost or revoked, maybe it's employee turnover, how do you maintain that recovery pathway without introducing a custodial risk?

是否只需要设置另一个支出途径来应对这种情况，比如发生人员流动时启用？

Is it just about having like another spending pathway that opens up to account for that fact that let's say there was some turnover?

对。

Yeah.

是的，我忘了提到这点，不过确实如此。

So, yeah, I forgot to mention that, but yeah, of course.

你并不需要只有一条恢复路径。

You don't have to have just one recovery path.

你并不需要只有一种恢复选项。

You don't have to have just one recovery option.

所以实际上你可以像使用普通的多重签名那样灵活运用它们。

So you can actually use them and abuse them as you would in a normal multisig.

就像我们之前讨论的，三选二方案意味着有三个不同的签名组，对吧？

So when we were talking about, you know, the two of three, a two of three is three different groups that can sign, right?

A或B、B或C、A或C，明白吗？

A or B or B or C or A or C, right?

根据预设的签名规则——谁是常规签署人、谁是备用签署人（因为三选二方案总会有一个密钥被视作备用方案）

And so depending on who is supposed to sign when, on who is the normal signer and who is there kind of as a backup, because it's always something like this when you have a two or three, it's always like one of the keys kind of thought of as a backup.

你完全可以在你的设置中实现这种机制。

You can actually do that in your setup.

比如将密钥A和B设为主要签名密钥。

So that could be key A and B as the primary.

然后你可以说，比如三周或一个月后，这个时间看起来合适，仍能让你足够快地恢复资金，特别是在商业环境中，可能会切换到A和C组合。

And then you could say, I don't know, after like three weeks or a month or something that seems okay and would still let you recover the funds fast enough, especially in a business environment, it would move to maybe A and C.

如果六个月后A出现问题，就转为B和C组合。

And in case there is a problem with A after six months, it goes to B and C.

所以你可以轻松实现这类操作。

So you can easily do this kind of stuff.

不必使用相同的T。

It doesn't have to be the same T.

你也可以这样说：我们现在有A和B这两个人可以签署。

You could also say something like, oh, we have these two people, A and B, that can sign now.

如果出现问题，我们有另一个小组或业务部门，比如C和D，可以代为签署。

And in case something go wrong, we have a different group or a different business unit that's like c and d that could sign for us.

那可以作为备用方案。

That can be the backup.

是的。

Yeah.

明白了。

Gotcha.

对。

Yeah.

好的。

Okay.

所以我们可以设置任意多层的保护机制。

So we can have as many layers as you want.

是的。

Yeah.

没错。

Yeah.

那么宏观来看，你认为比特币托管领域有哪些被生态系统当前严重低估的威胁载体？

So zooming out a little bit, what are there any threat vectors in Bitcoin custody that you think the ecosystem is undervaluing right undervaluing right now?

噢，当然有。

Oh, absolutely.

我确实认为这就是我们之前讨论的问题。

I I really think it's what we were talking about before.

关键在于那些大型托管机构或大型交易所持有的巨额资金，比如现在的Coinbase，因为Coinbase还处理着大部分ETF业务。

It's the amount of money in very large custodials or large exchanges, you know, namely Coinbase right now, because Coinbase is also dealing with most of the ETFs.

那简直是天文数字般的金额。

And it's just an insane amount of money.

我不知道他们目前托管着多少百万枚比特币，但数量确实大得惊人。

I don't know how many millions of Bitcoin they are custodian right now, but it's an insane amount.

那么风险在哪里呢？

So what's the risk there?

我甚至都不清楚。

I don't even know.

如果那里发生安全漏洞会怎样？

What happens if something breached there?

比如，是整个金额都会受影响吗？

Like, is it the entire amount?

这些资金是否以某种方式按密钥的小组进行了隔离？

Is it segregated somehow in like smaller groups of keys?

我不知道。

I don't know.

你如何获取这些访问权限？

How do you get access to this?

你是通过威胁他人吗？

Do you threaten people?

你们内部是否有不良分子已经作为员工在试图获取访问权限？

Do you have, Do you have bad actors that are already working there and trying to get access as employees?

这非常困难。

It's very difficult.

那么会发生什么情况？

And so what would happen?

攻击者真的会抛售这些币吗？

Would the attacker actually dump the coins?

这似乎不太可能，但确实有可能发生。

That seems kind of unlikely, but it's possible.

会不会有某种政府干预？

Would there be some kind of government influence?

比如说，会发生什么情况？

Like, what would happen?

因为我们知道现阶段ETF主要是养老基金，所以如果这些钱全部消失或被锁定，或者发生其他情况，它们可能只是被锁定或销毁。

Because we know the ETFs are mainly pension funds at this stage, so it would make sense that if all of this money is gone or locked or whatever, it could just be locked or burnt.

这某种程度上说得通，假设美国政府真的开始施压以某种方式解锁这些资金，可能是对矿工施压，或者类似的手段。

It would kind of make sense that, let's say, the US government actually start putting pressure to unlock these funds somehow, maybe to the miners, maybe things like that.

由于涉及资金量巨大，我们完全无法预料事态会发展到多严重。

So we have no clue how deep this could go because of the amount of money.

Coinbase有点像是'大到不能倒'，但比特币的设计初衷并非如此。

It's just Coinbase is kind of like too big to fail, but Bitcoin is not designed for too big to fail.

所以，是的，我认为真正的风险在于完全无法预知如此大型的托管机构出问题时会发生什么。

And so, yeah, I think this is really the risk is the complete unknown of what would happen if such a large custodian would have issues.

是的，所以我真的认为这就是威胁所在。

Yeah, so I really think this is the threat.

我们需要想办法解决这个问题。

We need to fix it somehow.

可能通过美国正在推进的方案来解决，即采用多重托管机制。

That could be through something that actually is being worked on in The US, which is to have multiple custodians.

比如说由两三家不同的托管机构共同管理资金，而不是把所有资金都放在单一托管方。

So let's say two or three of different custodians instead of just all your money in one custodian.

这类措施或许能有所帮助，但对我来说这仍然是个非常可怕的风险。

So things like that might be helping, but it's still it's still a very scary risk to me.

我明白了。

I see.

关于硬件密钥复用的问题，这是你在日本比特币大会上演讲时提到的内容。

In terms of hardware key reuse, now this is something you were talking about I I saw your a bit of your talk in Bitcoin Japan.

在开发者日环节，你简要讨论过这个概念，就是相同的硬件密钥在不同配置中的使用。

The dev day, you were talking a little bit about, I guess, the there this concept of using, you know, the same hardware key but across different setups.

我想你当时说的是，实际上人们应该能够这样做，举个例子，我有一张冷卡既用于个人设置，也用于家庭设置，还用于某种商业设置。

And I guess you were saying, actually, people should be able to do that, that you could have as an example, let's say I have a cold card that's used in one of my personal setups, but it's also used in, a family setup, and it's also used in some kind of business setup.

但问题和挑战在于，在整个生态系统中，如何以安全、冗余、最好能隐私保护（但也许不必须）的方式协调这种使用。

But the question and the challenge is across the ecosystem, how is this coordinated in a way that is secure, redundant, ideally private, but maybe not.

我不知道。

I don't know.

比如说要兼容不同类型的设置。

And let's say compatible across different kinds of setups.

所以你想就这方面稍微讨论一下吗？

So do you wanna just discuss a little bit on that?

因为我觉得听众可能也会对这个话题感兴趣。

Because I think that's probably gonna be interesting for listeners too.

是的。

Yeah.

对。

Yeah.

我认为有一点我们很清楚，那就是大多数比特币用户在不同时期都拥有或曾拥有多个钱包。

I think so one thing we we know is that most users, most Bitcoiners have or had multiple wallets over time.

他们会更换软件。

They change software.

他们会从支付到脚本哈希（P2SH）转向支付到见证脚本哈希（P2WSH），比如采用隔离见证（SegWit），甚至可能转向Taproot。

They change they go from pay to script hash to pay to W script hash, like to witness script hash with SegWit, they might move to Taproot.

这涉及很多不同的方面，软件层面可能包括单签、多签等钱包类型。

It's a lot of different things, maybe wallets as well in terms of software, maybe single sig, multisig.

因此传统处理方式就是不断生成新密钥、新备份和新助记词。

And so the traditional way of dealing with that was to kind of just generate new keys and generate new backup, generate new mnemonics.

最终你会积累一长串助记词列表。

And you end up with like a list of mnemonics.

虽然具体数量不确定，但可能会积攒不少。

I don't know how many, but you might have a bunch.

这种方式显然不够实用。

And that was just not practical.

这在某种程度上也很糟糕，是的，你分不清哪个是哪个。

It's also bad in terms of, yeah, you don't know which is which.

你不想重新导入所有的钱包，诸如此类。

You don't want to re import all of them, etc, etc.

因此，在实现跨钱包重复使用同一密钥方面已经取得了很大进展。

So there have been a lot of progress to be able to reuse the same key across different wallets.

这可以通过我们所说的账户编号来实现。

That can be done with what we call the account number.

在你的派生路径中，你可以选择不同的账户编号。

So in your derivation path, you can choose a different account number.

虽然对用户不太友好，但总之它是可行的。

It's just not user friendly, but anyway, it works.

还有像BIP85这样的方案，你只需保留一个助记词，但可以从中生成不同的助记词。

You also have things like So BIP85 is that you keep one mnemonic, but from there you can generate different mnemonics.

所以你只需要保留一个主备份，就能从中创建你之前所有的其他助记词。

So all you need to keep is just one master backup, and from there you can create all of your other mnemonics that you had.

这类功能非常实用，但我在日本的讨论重点是如何设计才能让用户——尤其是非技术用户——无需思考且不会犯错。

So this kind of stuff is very useful, But my discussion in Japan was really about how do we make this in a way that the user, especially a non technical user, doesn't have to think about it and cannot make a mistake.

主要风险其实不在于安全性，在不同钱包间重复使用完全相同的XPUB在安全层面并非问题，但从隐私角度看非常糟糕，因为你还会重复使用所谓的公钥。

So the main risk is not really security on the It's not really a problem security wise to reuse the same exact XPUB across different wallets, but it's terrible from a privacy perspective because you are going to reuse also what we call public keys.

因此每次消费时，你都会暴露这两个钱包之间的关联。

And so every time you spend, you will reveal, oh, these two wallets were connected.

这显然不理想。

And that's just not great.

所以我们需要确保用户使用不同的账户编号，但又不希望每次创建钱包时都询问'您想用哪个账户编号？'

So yeah, we need to make sure users use different account numbers, but we don't want to ask them every time they create a wallet, oh, which account number do you want to use?

因为他们根本不明白这是什么。

Because they don't know what it is.

他们也不知道过去使用过多少个账户编号等等。

They don't know how many they used in the past, etcetera.

因此整个讨论的核心就是：我们正试图找到一种对用户透明的方式，既能防止他们重复使用XPUB，又能在他们需要时继续使用相同的助记词。

And so, yeah, the whole discussion is that we're trying to find a way to make it transparent for the user in a way that they just can't reuse an XPUB, but they would still use the same mnemonic if they want to.

我要澄清一点，这也是很重要的一点，我并不是说用户应该只用一个助记词来处理所有事情。

I'm not saying, and I think it's an important point as well, I'm not saying users should just have one mnemonic and use it for everything.

我认为他们应该有这样的选择权。

I think they should be able to.

当然，我个人仍然区分私人密钥和商业密钥，但我希望能根据需要将同一个密钥用于多个钱包。

But of course, I do still segregate my personal keys and my business keys, but I want to be able to use the same one in multiple wallets if I need to.

以商业用途为例，我们有不同的钱包，而我为这些不同的钱包使用相同的密钥。

So for the business, for example, we have different wallets and I'm using the same key for the different ones.

如果你查看区块链，你永远无法知道这是同一家企业或同一个密钥。

And if you look at the the blockchain, you will never know it's the same business or it's the same key.

是的。

Yeah.

实际上你提出了一个有趣的观点，可能现在很多人还不熟悉，特别是在早些年甚至现在，存在这种情况：人们可能在垃圾币上重复使用密钥，如果代码编写不当，这个密钥可能会在比特币链上暴露你的身份。

And actually, there was an interesting point you made, which people might not be familiar with it nowadays, which is that especially in earlier years, or maybe even now, there there's this element of people could be reusing a key on a shitcoin, and then that key could then come back and dox you on the Bitcoin chain if things hadn't been coded correctly.

你能为听众简单解释一下这个机制吗？

So can you just explain a bit of that dynamic for people?

因为这可能有点出人意料，或者说对人们来说有点反直觉。

Because that could be a bit surprising or not counter it's kind of counterintuitive for people.

是的。

Yeah.

是的。

Yeah.

是的。

Yeah.

所以现在我们有了这个叫做派生路径的东西。

So now we have this thing called, you know, derivation path.

也就是HD钱包之类的。

So it's HD wallets, etcetera.

不过这些都是技术术语，本质上你是在使用一个相当于助记词的主私钥。

But anyways, technical terms, but you're using one secret, which is like a master private key equivalent to your mnemonic.

你把它输入到硬件钱包或签名设备中。

You enter it in your hardware wallet, in your signing device.

这把密钥实际上已经是派生出来的。

This key is actually going to already be derived.

你并没有使用主密钥。

You're not using the master one.

你需要通过一定深度的派生操作来生成钱包将使用的密钥。

You are going to derive it to do some derivation, so some depth, to generate what is going to be used by your wallet.

在比特币中，我们使用特定的派生路径。

So in Bitcoin, we use a specific derivation path.

还有个币种类型字段，根据你使用的山寨币不同会有不同的编号。

There is also coin type field, which is like a different number depending on which shitcoin you're using.

不过这只是硬件钱包或软件在实现层面的设计。

But again, that is just something implemented on the software perspective by the hardware wallet or by the software.

但如果你不这么做，它也能正常工作。

But if you don't do it, it will work.

你可以用比特币密钥创建任意类型的钱包。

You can use your Bitcoin key to create a whatever wallet.

当然，如果你这样做，当你签署交易时，它也可能在比特币网络上被重复使用。

And of course, if you do that, when you sign a transaction, it could be also reused on the Bitcoin network.

关键在于它需要具有相同的格式、相同的未花费交易输出（UTXO）等条件。

The thing is that it would need to have the same kind of format, the same UTXOs, etcetera.

因此，风险主要存在于比特币分叉时，而非完全不同的山寨币场景。

So the risk is only really there when it's about a fork of Bitcoin, much more than a completely different shitcoin.

没错，比如比特币现金（Bitcoin Cash）就是存在这类风险的典型案例。

And so, yeah, the risks are there when we're talking about, you know, like Bitcoin Cash, for example.

最初讨论分叉时确实令人担忧，我们必须确保用户不会在Vcash上转移资金后，有人能直接广播相同的交易。

It was kind of scary at the beginning when the discussions were there about like, oh, it's going to be a fork, but we really need to make sure users are not going to move some funds on Vcash and then someone there could just broadcast the same transaction.

这正是我说的重放保护问题。

And that's what I'm talking about, replay protection.

完全正确。

Absolutely.

通常这类攻击手段很诡异，比如攻击者可能伪装成商家或P2P交易所，诱骗他人低价出售毫无价值的Bcash。

And so typically, yeah, the attacks were kind of weird, but you could be an attacker like a merchant or a peer to peer exchange where you would get someone to sell you their Bcash because it was worthless.

于是他们把Bcash或另一条链上的比特币发给你，但你重放了这笔交易，结果还得到了他们真正的比特币。

So they send their Bcash or their Bitcoin from the other chain to you, but then you replay this transaction and you also get their actual Bitcoin.

这就是风险真正所在之处。

And so this is where the risk really was.

所以在出现分叉或任何形式的链分裂时，这是我们必须要做的重要事项。

So it's something important we need to do when there is a fork or any kind of split.

我们必须确保用户不会这样丢失他们的代币。

We need to make sure users can't lose their coins like this.

有时候这不是用户能控制的事情。

So sometimes it's it's not something the user can do anything about.

这确实需要开发人员方面考虑这种分叉风险。

It's really on the developer side of things to think about this fork risk.

不过确实如此。

But yeah.

没错。

Right.

是的。

Yeah.

所以我想，特别是在这个人们用AI和感觉编程的时代，可能有人并不真正了解这些细节，他们只是试图一次性感觉编程一个应用，而没有真正注意到这些细微差别，尤其是如果，你知道，如果只是一个小额消费钱包之类的还好，但当涉及到硬件钱包、严肃的安全性和大额资金时，情况就完全不同了。

And so I guess maybe that could be especially in the age where now people are doing AI and vibe coding, maybe someone doesn't really know some of these nuances, and they just try to one shot, you know, vibe code an app, and it doesn't really pay attention to some of these nuances, especially if if you know, it would be one thing if it's, just kind of spending wallet, whatever, smaller amounts, but it's, like, another thing altogether when it's, like, no.

这是针对像你的硬件钱包这样的东西，涉及严肃的安全性和大额资金。

This is for, like, your hardware wallet, like, serious security, serious money, kind of stuff.

所以我想这些都是人们需要理解的事情，这就是为什么安全重点、审查和技术能力在这些讨论和产品中特别重要。

So I guess just things that people have to sort of understand, and that's why the security focus and the review and the, you know, technical competence is important, especially for these kinds of discussions and products.

是的。

Yeah.

关于这一点，我还想补充一件事。

And another thing I would like to add on this.

所有这些关于钱包的讨论不仅仅针对个人，对吧？

So all of these discussions about wallets is not just for individuals, right?

也是因为我们在讨论企业。

It's also because we're talking about businesses.

所以我不希望每次有参与多重签名设置的员工离职、丢失密钥或类似情况时，都必须更换我的密钥或助记词。

And so I don't want to have to change my key, my mnemonic, every time I have one of the employees that's part of my multisig setup that move out of the business or that lost their key or things like that.

我希望能够保留我的备份，那个安全的备份存放在我目前不想去访问的地方。

I want to be able to keep my backup, my secure backup that's somewhere in a place that I don't want to access right now.

就是这类情况，对吧？

Things like this, right?

我们确实希望让钱包中的密钥轮换尽可能无缝进行，尤其是当某个密钥（可能甚至不是我的）被替换需要新密钥时。

We really want to make it as seamless as possible to rotate keys in a wallet when one of the key, maybe not even mine, is swapped out and we need a new one.

重要的是我的XPUB也要变更，但我不一定想为此创建新的助记词。

It's important that my XPUB also change, but I don't necessarily want to have to create a new mnemonic for that.

这才是讨论的核心所在。

This is really where the discussion is.

其实我们已经提到过两个钱包——Nunchuck和Keeper，它们就面临这个问题（虽然还没有具体提案），因为它们使用了绝对时间锁。

And there are actually two wallets we mentioned already in this call that actually use this Well, we don't have a proposal yet, but already have this issue, and that's Nunchuck and Keeper because they do use the absolute time locks.

所以当用户达到时间锁限制时，它们已经在后台为用户自动轮换钱包了。

So they already rotate wallets in the background for users when they reach the time lock limit.

因此通过这种轮换，他们需要更换XPUB。

And so by rotating this, they need to change the XPUB.

当然，他们不会告诉用户去生成新的助记词等等。

And of course, they are not going to tell their users to generate a new mnemonic, etcetera.

所以他们必须在后台完成这个操作。

So they have to do it in the background.

是的，这确实是个实际问题。

And, yeah, that's a real question.

比如，我能把我的Keeper钱包导入到Nunchuck吗？

Like, could I import my keeper wallet to Nunchuck?

目前，答案还不太明确，因为你实际上没有相同的协调机制或相同的Xpub生成方式。

And currently, the the the answer is not very clear because you don't really have the same coordination or the the same generation of Xperber Yeah.

因为我们还没有一个明确的标准来处理这种轮换。

Rotation because we don't have a stand out for it.

没错。

Right.

我想是的，仅仅说'哦，但你有输出描述符'是不够的，因为我们讨论的是输出描述符中的XPUB。

And I guess, yeah, it's not this it's not enough to just say, oh, but you have your output descriptor because what we're talking about is the XPUB that goes in that output descriptor.

这才是发生变化的部分。

That's the thing that's changed.

正如你所说，让我总结一下我的理解。

And as you said so let me summarize as I've understood it.

确保我理解正确，或许也是为了听众们。

Just make sure I've got it right and then maybe also for listeners.

所以在比特币中，我们真正保护的是这个极其庞大的数字。

So just in Bitcoin in general, what we're protecting really is like this massive, massive, massive number.

那就是你的主私钥，可以用12或24个单词表示，就是典型的BIP 39。

That's your master private key that can be represented with 12 or 24 words, right, the typical BIP 39.

但我们讨论的是从主私钥到主公钥的过程，这可能基于账户编号和我们所说的派生路径而变化。

But then what we're talking about is that going from master private key to master public key, that can shift be based on account numbers and this derivation path that we're talking about.

我们这里讨论的是，如果软件以不同方式编码，可能在派生路径中递增账户编号，就会导致不同的XPUB。而这个XPUB，因为我们的想法是希望保持相同的硬件钱包和相同的12个单词（相同的主私钥），但XPUB可能已经永久改变，而且可能是出于正当理由。

And so what we're talking about here is if the software has been coded in a different way where they're maybe they're incrementing the account number in that derivation path, it's gonna result in a different XPUB and then that XPUB, you know, because the idea is we would like to keep the same, let's say hardware wallet with the same 12 words, with the same master private key, but the XPUB might have shifted for good and it could be for good reasons.

所以这就像需要在那里进行技术和可能的社会经济协调。

So it's just like there's this technical and maybe social and economic coordination that has to happen there.

而且，是的，也许我的意思是，我不知道。

And, yeah, maybe I mean, I don't know.

我不... 我想我从你那里了解到的是，目前这里并没有真正的解决方案。

I don't I like, I think what I got from you is that there's not really a solution here, at least yet.

也许未来会有某种BIP来帮助协调这个问题，但即便如此，这也是一个跨领域的挑战。

Maybe in the future, maybe there'll be some kind of BIP to help coordinate this, but even that is a challenge across, like, okay.

那么人们是不是就只能选择像Google云和苹果iCloud备份这样会失去隐私，但至少从冗余角度确保没有出错的方案？

So are are people just gonna do, like, Google Cloud and Apple iCloud backup, but then lose the privacy, but at least make sure they haven't screwed up from a redundancy point of view?

还是说更像是，不。

Or is it more like, no.

它需要比那更好。

It needs to be even better than that.

那样还不够好，因为那样会损害隐私。

That's not good enough because that's gonna docks privacy.

开放性问题。

Open question.

而且，

And,

是的，代币丢失始终是，你知道的，更大的问题。

yeah, loss of coins is always the, you know, the the bigger problem.

但隐私性也相当重要。

But privacy is also pretty high.

所以保持现状对隐私保护来说远远不够。

And so keeping it like it is today is just not good enough for privacy.

我们需要在不增加丢失风险的前提下做得更好。

So we need to do better without increasing the risk of loss.

这才是真正棘手的地方。

And this is really the tricky thing.

我们知道目前隐私方面存在问题，因为所有BIP方案，比如多重签名，都存在缺陷。

We know there is a problem privacy wise today because all of the BIPS fall, let's say, multisig.

如果我已经在多重签名中使用过我的密钥，又在另一个完全不同的多重签名中使用它，默认情况下会使用完全相同的XPUB。

If I already use my key in a multisig and I use it in a completely different multisig, it will by default use the exact same XPUB.

这是个问题。

And this is a problem.

我们不希望这样。

We don't want that.

而且没错，这种情况现在正在发生。

And yeah, it's happening today.

那么我们如何确保这种情况不会发生，同时用户也不会因为'我不记得用了哪个软件'之类的原因而陷入困境？

So how do we make sure this does not happen in a way that the user is not going to be stuck because, oh, I don't remember which software I used or things like that.

我们真的不

We we really don't

知道。

know that.

所以在实际操作中，即使你是高级用户也很麻烦，因为你得记住'哦，是哪个账户编号来着？'

And so then in practice, like, even if you're an advanced user, it's a pain because you're having to keep track of, oh, which account number?

比如，我拥有相同的主私钥和相同的12个助记词，但实际上需要记住哪些账户编号和派生路径已被用于其他设置，以避免与同一硬件钱包上可能进行的其他新设置（无论是12词还是24词种子）产生交叉污染。

Like, I've got the same master private key in the same 12 words, but actually which account number and which derivation paths have already been used for other setups so that they don't cross contaminate with other new setups that you might do on that same hardware wallet and same 12 word seed or 24 word seed, whatever.

没错。

Exactly.

是的。

Yeah.

而且你可能还需要为其他参与者考虑这个问题。

And you might also have to think that for the other participants.

因此，一个参与者在某处泄露其XPUB，实际上可能会从隐私角度危及整个钱包。

So one participant leaking their XPUB on one side could actually kind of compromise the wallet from a privacy perspective.

所以，你确实需要确保每个用户都正确操作并选择了正确的账户编号等等。

And so, yeah, you really want to make sure every users did their thing right and chose the right account number, etcetera, etcetera.

而且你可能无法真正控制他们的密钥或设置。

And you might not really have control over their keys over their setup.

这就是为什么我们在日本讨论过，并且两周后也将在台北的BTC++会议上继续探讨这个议题：如何确保这一过程完全自动化、万无一失，让用户根本不可能搞砸？

So that's why the idea here of the whole discussion we had in Japan, and I'm going to have it at BTC plus plus in two weeks as well in Taipei, is like, how do we make sure this is kind of automatic, completely foolproof, and there is no way the user can fuck this up?

是的。

Yeah.

对。

Yeah.

我不确定是否有简单的方法，不过，好吧，我们看看再说。

I don't know if there's any easy way, but, well, yeah, let's see.

我想稍微退一步，回到自我托管这个更广泛的议题上。

So I guess zooming out a little bit back to just kind of self custody generally.

那就聊聊Liana Business吧。

Well, talk about Liana Business.

你认为Liana Business在推动企业自我托管方面，为何能成功而其他尝试却未能做到？

So why do you think Liana Business succeeds where other efforts have not at getting businesses to self custody?

比如，你认为Liana Business的独特卖点（USP）是什么？

Like, what is the USP, the unique selling point here with Liana Business that you see?

没错。

Yeah.

这整个恢复选项的设计才是关键。

It's the it's the entire recovery option thing.

对吧？

Right?

就是说，只要配置正确，无论发生什么，你的币都不会丢失。

Like, having knowing that no matter what happens, if you have a correct setup, you will not lose your coins.

这才是最核心的。

This is really the main thing.

如果你问人们为什么不用自托管，通常是因为害怕自己操作失误。

If you ask people about why they don't use self custody, it's usually because they are afraid they did something wrong.

其实和物理威胁之类的关系不大。

It's not really about the physical threat or things like that.

当然那些风险我们也需要防范。

Of course, we need to mitigate that as well.

但最主要的恐惧是：他们不想某天突然发现'糟了，我操作失误导致币取不出来了'。

But the main fear is that they don't want one day to just be like, oops, I did something wrong and I can't access my coins.

所以Liana基本上已经解决了这个问题。

So this is pretty much solved with Liana in general.

现在，Liana业务让你明白无需考虑如何正确操作。

Now, Liana business makes you know that you don't have to think about how to do this properly.

我们可以帮你思考。

We can help you think.

我们可以根据你的使用场景帮你设计最佳方案，确保万无一失。

We can help you design it the best for your use case and make sure there is really no mistake.

有时候只是需要这种便利——知道有任何技术问题或需要支持时，我们随时都在。

Sometimes it's just about also having the convenience of knowing, you know, if you have any technical question, if you need any support, we are here for that.

关键在于知道可以与我们共同保管加密备份的描述符。

It's about knowing that you can have an encrypted backup with us of your descriptor.

关键在于拥有极高的服务等级协议，确保你的钱包在任何情况下都能使用，比如就算Cloudflare宕机之类的情况。

It's about knowing that you have very high SLAs that, you know, your wallet will always be able to spend no matter what, no matter if, I don't know, Cloudflare goes offline or something like that.

我们能在很多方面提供帮助。

It's a lot of things that we can help with.

对我来说，USP（独特卖点）在于它是真正为企业量身打造的。

And so USP for me is that it's really built for businesses with businesses in mind.

但Liana整体的实际USP在于这种完整的恢复机制设计。

But the actual USP of Liana in general is like this entire thinking of recovery.

因此无论发生什么，你都不会丢失你的币。

So no matter what happens, you will not lose your coins.

嗯。

Yeah.

好的。

Okay.

明白了。

Gotcha.

你刚才已经部分回答了下一个问题，关于企业级比特币托管的未来。

And so you kind of answered a little bit there to this next question, but around the future of corporate Bitcoin custody.

那会是什么样子？

What does that look like?

你认为Liana Business在其中会扮演什么角色？

And where do you see Liana Business fitting into that?

监管将对这一切产生影响。

Regulation will have an impact on all of this.

我真心希望监管机构不要再认为所有东西都应该银行化，因为在比特币领域，情况并非如此。

I really hope the regulators stop thinking like everything should be a bank because I think in Bitcoin, that's not the case.

应该是相反的。

It should be the opposite.

应该是什么都不该存在银行里。

It should be like nothing should be in a bank.

在比特币中，控制权绝不应完全由单一第三方掌握。

In Bitcoin, the control should never be completely held by one third party.

绝无可能。

There is no way.

因此我相信这会改变，至少我们会强制要求托管方案采用多方实体多重签名机制。

So I believe this will change and we will at least force the custodial deployments to be multisig of different entities.

我们必须确保这些实体不是由同一批人控制的。

And we need to make sure they're not the same people controlling these entities.

自我托管很棒，同时通过托管方进行恢复也是个非常好的主意。

Self custody is great and having recovery with custodians is also a very good idea.

所以我不认为这是在破坏可信第三方价值主张的问题。

So I don't think it's about destroying the value proposition of a trusted third party.

这只是要确保在一切正常运作时他们无法盗取这些币。

It's just about making sure they can't steal the coins if things are going right.

还有一点可能较少被讨论的是银行在这方面的角色。

And also something that is maybe less discussed is the role of banks for this.

我之前谈到银行时是基于这样的原则：不应该有人能控制你所有的币并为你保管。

So I was talking about banks in the principle of like, nobody should be controlling all your coins and keeping them just for you.

但传统银行也存在，而且他们现在也想涉足比特币。

But traditional banks are also a thing and they want to have exposure to Bitcoin now.

比特币确实正在成为热门话题，尤其是随着特朗普和ETF等相关事件。

Bitcoin is becoming really a topic with Trump and ETFs and all of that.

所以他们的客户找上门来，要求提供比特币相关产品。

So their clients are coming to them and they are asking for Bitcoin products.

那么银行提供的比特币产品应该是什么样子的？

So what does a Bitcoin product looks like for a bank?

目前比较简单的做法是让人们交易某种比特币敞口。

Right now, kind of the easy way is just letting people trade some kind of exposure on Bitcoin.

ETF就是实现这一目标的绝佳方式。

So ETFs is a great way to do that.

这样银行就不需要托管任何资产。

So the bank doesn't have to custody anything.

它只是个交易代码。

It's just a ticker.

客户可以买卖它，这就获得了比特币的敞口。

You can buy and sell it and that's some exposure to Bitcoin for their clients.

但再想想我们该如何为Liana（钱包）定位？

But what about imagining again how we could position Liana for this?

如果银行允许你在他们的应用内拥有自己的自托管钱包呢？

What about the bank letting you have your own self custody wallet, maybe within their app?

这样你就能掌控一切，拥有所有密钥，但如果你丢失了密钥或发生意外，银行会在时间锁后拥有恢复密钥。

So you are in control, you have all of the keys, but if you lose your keys or if anything happens to you, the bank has a recovery key after a time lock.

这也解决了传统意义上的继承问题——如果你失踪了，你的家人可以通过银行在时间锁到期后获得你的比特币。

So that also fixed kind of the inheritance problem from the traditional side of things, where if you disappear, your family would get access to your Bitcoin through the bank, but after this time lock expires.

我真心认为这是银行正确开展比特币业务的绝佳方式。

And I really believe that's a very good way for a bank to do Bitcoin the right way.

因此银行并非托管方，但当用户丢失密钥时，他们仍能提供协助。

So the bank would not be a custodian, but they would still be there to assist their users if the user lost their keys, basically.

有意思。

Interesting.

是啊。

Yeah.

所以未来应用可以实现自托管，但用户甚至不需要了解太多相关细节。

So it could be sort of like maybe in the future, apps can actually be self custody, but the user doesn't necessarily have to even know as much about that.

但实际上密钥确实存在。

But it actually the keys are there.

但我猜围绕这一点仍会存在担忧。

But I guess there will there will still be concerns around that.

举个例子，假设我们面对的是高净值客户，他会放心将价值数百万美元的比特币密钥——按当前价格可能是10个或更多BTC——存放在手机上吗？

Like, as an example, let's say we're dealing with like, if it's a high net worth customer, is he gonna be comfortable having the keys to, let's say, millions of dollars worth of Bitcoin, right, at today's prices, let's say, 10 or more BTC on a phone?

他可能不会。

He might not be.

对吧？

Right?

没错。

Correct.

我们仍在讨论如何应对物理威胁的问题。

We still have this discussion around, you know, how do we deal also with physical threat.

我们需要确保用户不会觉得自己可能犯下严重错误。

We need to make sure the user isn't going to feel like they can fuck up really hard.

是的。

Yeah.

所以，也许多重签名是解决方案的一部分。

And so, yeah, maybe multisig is part of that.

也许联署签名也是其中一部分。

Maybe cosigning is part of that.

对。

Yeah.

或者可能是一种阈值机制。

And or maybe it's like a threshold thing.

比如用户自行保管，但当超过某个阈值时，应用会提醒你说：嘿。

Like, the user is self custodying, but actually above a certain threshold that the apps, like, pings you and says, hey.

买个硬件钱包来存放这些资产吧。

Get a hardware wallet to put this into that.

明白吗？

You know?

但我想归根结底，这将是便利性之间的一场较量。

But, I guess, bottom line, though, it is gonna be a kind of a battle there between convenience.

对吧？

Right?

因为便利性和安全性几乎总是相互对立的。

Because convenience and security are almost there ends with each other.

所以会有用户希望轻松交易比特币、用比特币借贷，甚至进行法币兑换操作。

And so people there'll be users who want easy ability to trade Bitcoin or borrow against Bitcoin or maybe even the fiat interaction side of it.

当然，我们都是比特币极端主义者。

Now, of course, we're all Maxis.

我们向往比特币化的未来，但至少目前还生活在法币世界，实现目标尚需时日。

We want Bitcoin to be you know, we want the hyper Bitcoinized future, but, you know, we live in the fiat world today at least, and it's gonna be a while to get there.

因此会有大量用户需要这种兑换功能。

So there'll be a lot of users who who want this, you know, swapping functionality.

或许可以内置解决方案，比如Liquid或Arc之类的协议，通过编程方式实现——虽然不够完美，但更符合比特币精神和赛博朋克理念。

Now maybe that can be built in, like, it's liquid or arc or whatever, something that it can be sort of built in in a programmatic way that is a little more, you know, Bitcoin and cyberpunk ish, even if it's not perfect.

但我想这就是权衡取舍。

But I guess that's that's the trade off.

对吧？

Right?

这种便利性与安全性的平衡。

This convenience and security balance.

这极其困难。

It's extremely hard.

从技术角度来看也确实如此，因为我们不想让人们做出这种妥协。

It's really, really from the technical perspective as well, because we don't want to take this kind of compromise for people.

我们不想降低安全性。

We don't want to reduce security.

但与此同时，如果我们不这样做，或者至少不简化操作，我们知道他们就会放弃，转而使用托管应用或托管人，或者把手机留在——比如Revolut之类的应用上。

But at the same time, if we don't do it, or if at least we don't simplify things, we know they are just going to give up and go for a custodial app or a custodian or leave their phones on, I don't know, Revolut or whatever.

这就是我们正在打的这场仗，对吧？

And this is kind of the fight we're fighting, right?

这其实不是由我们来决定用户会使用什么。

It's not really for us to decide what the users will use.

我们只能构建工具，希望他们会选择正确的工具，那些能为他们做出正确决策的工具。

We can just build tools and hopefully they will pick the correct ones, the ones that kind of made the right decisions for them.

极其困难。

Extremely hard.

这在每个行业都一样，对吧？

And it's the same in every industry, right?

有时你不得不构建客户想要的东西，希望你所构建的仍然足够好。

Sometimes you just have to build what the customer wants and hopefully what you've built is still good enough.

我不想走捷径，至少现在不想走某些捷径。

I don't want to take shortcuts, some shortcuts for now.

例如，我不相信盲签名者。

For example, I don't believe in blind signers.

我真心希望用户能在带有屏幕和按钮的签名设备上验证他们的交易。

I really want the users to verify on a signing device that has a screen and buttons their transaction.

但当然用户更倾向于在手机上使用Hockey。

But of course the user prefer to just have a Hockey on their mobile phone.

这并不意味着手机不好。

And it doesn't mean a mobile phone is bad.

也许两部手机的多重签名比一台签名设备更好，如果他们不看屏幕内容只是不断点击'下一步'的话。

Maybe a multisig of two mobile phones is better than one signing device where they don't read what's on the screen and they just press next, next, next.

但这确实是个难以理清的难题。

But it's a really hard thread to go through.

就像，是的，这真的很难。

It's just like, yeah, it's really hard.

所以我们正在尝试寻找解决方案。

So we're trying to find the solutions.

总有一天我们会解决这个问题。

At some point we will crack it.

但我们需要确保他们不会都转向ETF这类产品，导致完全失去控制权。

But yeah, we need to make sure they are not all going to ETFs and things like this where it's just they don't have any control.

嗯。

Yeah.

是啊。

Yeah.

未来会如何发展会很有趣，确实很有意思。

It'll be interesting to see where things go, but, interesting.

你知道的，我真心祝愿你们正在构建的项目顺利，也希望更多用户能尝试使用自我托管方案——即使他们同时使用托管服务，至少将大部分资产放在自我托管端，只在托管平台存放少量资金，这样或许能形成更健康的平衡。

And, you know, I I wish you well with what you're building and hope more users, do try to use self custody for at least like, even if they do use custodial stuff, to at least have most of their stuff in, like, the self custodial side and only put, you know, a smaller amount into the custodial platforms, that's at least a healthier balance maybe.

对了，听众们可以去了解一下。

But, yeah, listeners, check it out.

网址是lianawallet.com。

It's lianawallet.com.

拼写是l-i-a-n-a，lianawallet.com，商业版则是lianawallet.com/business。

That's spelled liana, lianawallet.com, and then lianawallet.com/business for the business side.

凯文，感谢你的参与，祝你一切顺利。

Kevin, thanks for joining me, and, yeah, all the best.

谢谢邀请我。

Thanks for having me.

再见。

Bye.