Bitcoin Forum

I have done a lot of thinking about the ‘bitcoin cash’ problem, I have finally concluded that there is no natural way of having ‘bitcoin cash’ using bitcoins themselves.   For a cash like equiv. see: http://bitcointalk.org/index.php?topic=847.0 (http://bitcointalk.org/index.php?topic=847.0)


I was wondering, in the future the bitcoin client is going to (hopefully) become more flexible in handling multiple wallets.  This trend will lead to the stage where all the block chain is ‘loaded’ and stored,  and the client ‘opens’ a wallet, dose business, and closes it.  Enabling many people to uses the same software independently.

With this concept in mind, I supposed that the only unique and important thing is indeed one’s bitcoin wallet, (and address book).

Suppose there is a store, the equipment to conduct the transaction is fixed at the store, say cash register for issuing change, or an EFTPOS, whatever it may be the store manages the transaction for you.  I see no reason that this cannot happen with bitcoin also.

What would happen is that a smart card with a TPM or similar that holds all the private keys to the bitcoins, when a customer wants to conduct a transaction they place the card into the EFTPOS machine, enter the pin code (that is sent to the TPM), the chip signs the correct amount of coins over, then sends the result back to the EFTPOS machine.

This means that there is no possibility of your coins (private keys) being stolen without the TPM taking a log of the transaction (a malicious machine could always sign all the coins to the hacker, but then there would be a log of the transaction, and the card owner would be able to tell when they use their card in a good machine).

The private keys are never made public, only made invalid after they sign over the coins.  The owner of the coins requires no expensive hardware, and the card is useless if stolen (while the owner of the coins can still use a backup).

Smartphones are more futureproof than bitcoin smart card?

Yes and no.  A bitcoin smart card could be (almost) as reliable as cash.  As the TPM could be signed by a 3rd party verifying its integrity, and the “EFTPOS” machine could be directly connected to a core processing network so the transaction is propagated very quickly throughout the generation system.  This would allow businesses to do transactions without waiting for the transactions to be verified.

On the other hand, mobile phones, must wait for at least the transaction to be propagated to the receivers mobile phone/device, an in general case, it would require one block to be generated before accepting (tentatively) accepting the transaction.

Secondly a phone is more cumbersome than: insert, check amount, pin.

Oh yeah, smart cards are much cheaper to produce than a phone, don't need to keep current with the block chain (the “EFTPOS” machine dose that), and can be stored easily without worrying about theft (pin code).

But a smartphone is a gaming device, camera, phone, and a computer at the same time.

Yes, and I think that a Java (aka, android) client for bitcoin will be immensely useful and important to the success of bitcoin.  That doesn’t change the fact, IMHO, that a smartcard solution is superior when you are shopping for your groceries with bitcoin.

A smartcard is more secure, agreed.

On the other hand, I think a phone based solution is more realistic for now, as everyone already has a phone and can easily install a bitcoin app. You'd transfer some bitcoins from your bitcoin safe (for example, on your PC) to the phone and could pay groceries etc with them.

To do the actual payment you don't need to insert or connect the phone into anything. You could use  Bluetooth, Near Field Communication (meant for these kind of things) etc...

Seems that paying with your phone is on the way, also in the mainstream: google recently announced they wanted to have the phone as a credit card alternative (see for example http://technolog.msnbc.msn.com/_news/2010/11/16/5476328-google-android-phones-could-replace-credit-cards )

  http://www.boingboing.net/2010/12/25/cambridge-university-1.html
  http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf
  http://www.youtube.com/watch?v=JPAX32lgkrw

 Certainly the internet itself is one of the weak points of the bitcoin system. It would be extremely handy to have an alternative carrier channel.

Could just about be possible with Bluetooth. But it would be better to start again if doing that, and it would take critical mass before it could start working. You'd have to target a single community that spends physical time together first, a university for example.

The other one I thought about was using HAM radio but that's going offtopic...

The phone makes a lot of sense for money because the location of them can be triangulated, thus in order to spend you have to give away your location. But if you're able to use it over bluetooth then you can use it in offline mode.
Many terrorists are identified by seeing what phones associate with what phones, to identify links.


 A caching bluetooth network for phones would be absolutely fantastic and another excellent way to be ahead of the curve. What would be great is having the the basics of a mesh network, more appropriate than tcp/ip for phones, that exchanges intelligently, already in place so that things like this can be built on top of all that.
 Do you know of any such project?

googling now...

Having developed applications for VeriFone portable payment machines myself...  I see the most viable application (in other words, the one most likely to have practical success in the real world) being as follows:

1. a third party service (e.g. MyBitcoin.com) be trusted as a transaction processor, where TPM-supporting bankcard machines contact them just like they contact processors for Visa/Mastercard

2. any sort of user-carried TPM would not necessarily hold the private keys to the actual Bitcoins, but rather, would (at the user's choice, which in my opinion would be more often than not) just authenticate the transaction to the satisfaction of the trusted transaction processor.

3. a transaction made via smart card or magstripe card would simply request authorization from the trusted processor.

REASONING BEHIND #1

- Only a trusted third party can provide reasonably instantaneous confirmation that a transaction took place.  Bitcoin alone can't provide that.  No reasonable consumer is going to accept being obligated to sit around and wait for half a dozen "blocks" for their funds to clear.
- The resources needed to act as a complete Bitcoin node can reasonably be expected to scale faster than the CPU/memory/storage resources available in a typical credit card machine, as well as internet connection available to many retail locations (some of which are lucky to have dialup or 256k DSL)
- From the perspective of a retail business owner, even one who believes in the benefits of decentralization, they're still likely to be willing to contractually trust a private third party to make sure transactions go smoothly in exchange for the limited risk that they could be compromised through that third party (knowing that the third party's continued existence depends on them being good stewards of that trust).

REASONING BEHIND #2

- users lose cards and they know it
- despite Bitcoin being meant as "cash-like", I expect users are more likely to accept the risk that Mybitcoin.com could rip them off, versus they could lose their card and their money be gone forever, as the latter is more likely to happen
- in any case, user who really wants private keys on TPM could probably insist upon it... (e.g. if they were willing to buy their own smart card reader and load their own private keys at home... in the real world, most people can't be bothered to do this)
- keeping Bitcoin private keys on the smart card presents new challenges anyway... users must still trust a stranger, just a different one... functions such as making change, and trusting the reader to only debit the right amount of coins, or (even more practically) not to fry the entire wallet with too much voltage, also requires trust

REASONING BEHIND #3

- for same reason as mentioned in #1, instantaneous confirmation is vital to retail adoption
- TPM is preferable and much more secure, but magstripe readers are widely prevalent, and permit the possibility of adoption by retail merchants without an investment in new hardware (not to mention another payment machine cluttering the register counter - something they take pretty seriously)
- Most newer credit card machines (e.g. VeriFone Vx series) are designed from the ground up to support isolated "apps"... although smart card readers are available as an option, they are not standard, only the magstripe reader is universally present in all these devices.

I have brought this up before, Dash7 is far and away the most ideal wireless protocal for widespread Bitcoin use beyond the Internet, for a number of notable reasons.  Bluetooth and low-power Wifi are much faster, but are seriously range limited due to their Gigahertz band choice.  Bitcoin isn't likely to be exclusively limited to any network, but 'smart' personal devices (such as smartphones) that have various radios could use Dash7 as an always on service looking for other nearby Bitcoin clients due to Dash7's much better power/signal ratio, and then negotiate with other clients to turn on those other radios if the conditions are right for a large transfer.

Also, mesh networking is cludgy in Bluetooth.  Dash7 can do mesh, but it shouldn't really have to resort to multi-hop connections to get to other Bitcoin clients, with a line-of-sight range of 2 Km.

Smartcards are probably heading the way of the dodo in the long term. New mobile phones (see Nexus S) are coming with banking grade smartcard chips embedded inside them.

The major operators in the USA are pushing use of phones as replacements for credit cards, by using near field communications .... the idea is you would just tap your phone to the POS terminal and then enter your PIN into the phone (or not at all for small transactions).

http://gigaom.com/2010/11/16/can-isis-bring-nfc-payments-to-life/

http://www.tipb.com/2010/12/27/softbank-brings-nfc-payment-technology-iphone-4/
Whaaa?
Also noted by Engadget is that the sticker doesn’t actually communicate with the iPhone 4 itself, but acts as a separate system that simply attaches itself to the device.

iPhone is behind the times. Maybe iPhone 5 will have the necessary electronics.

I made some drawings that look like a Bitcoin Smart Card:


http://i1378.photobucket.com/albums/ah87/thatadam/smartcoin_avatar_campaign/SMARTY_INTRODUCING_SMARTCOIN_SMARTCARDS_zpsardexztk.png


With the right technology the card could be loaded with bitcoins and/or smartcoins :)

Rise of the dead.... posts....

You do realize that this post is from 2010 right?
It's not that old it's only 4.5 years old  ::) ::)

This would be great specially in underdeveloped countries, there is a guy making a card that works with SMS and doesnt need a smartphone, so you can do blockchain operations on old ass phones.
I would take extra measures if I had anything bigger than a couple mBTCs tho, right now thats I use in smartphone. I treat my phone like a wallet and my computer (an offline one) as the bank.

What is dead can never die.

SMARTY_INTRODUCING_SMARTCOIN_SMARTCARDS
http://i1378.photobucket.com/albums/ah87/thatadam/smartcoin_avatar_campaign/SMARTY_INTRODUCING_SMARTCOIN_SMARTCARDS_zpsardexztk.png


attack vector is only a mal EFTPOS terminal and issues would be caught by checking the chain

This is the problem right here.  The "correct" amount.  Without an interface, you can't tell how much is being deducted from your card.  With no middle man, and no bank statement to show where the transaction occurred, how are you going to dispute should a malicious or technical issue occur?

"securing" via a PIN does nothing.  10,000 combinations could be brute forced in under a second.  With traditional PIN, the merchant gateway will record the number of attempts, and take action if required.