Bitcoin Forum

Could a system arise where people trade private key containing bit coins, where you can prove that private key has never been seen but will work. Thus rather than having to transact through the blockchain with the time and cost that takes, once the address it loaded up with say 1 BTC you trade the private key in its virtual Chinese box, and continue trading that box until it is opened,

then no one would accept it anymore, and everyone could determine that it had been opened, and it reverts to normal trade as the person who opened it must now send through the normal transaction.

So sort of like a virtual Casascius

Edit

Actually this system could take over from bitcoin....or be an alternate CC system

Like this?

http://blog.cryptographyengineering.com/2013/04/zerocoin-making-bitcoin-anonymous.html

no, not like zero coin...

its more of a virtual Cassius that never has to interact with the blockchain, until opened.

so I send you a private key that I can prove I have never seen and you can verify this, and you can choose to send on or open, then use as normal

I am not sure how you can *prove* you have never seen the private key but if you assume some sort of tamper proof covering can be trusted then the other part (being sure it will work) could be handled as a signed message for the public key which can be made visible to all.

but if we could do this, it would take all the pressure of the blockchain, miners, I could just email you my SEC and you can confrim yourself everything is good!

infact....this may be a problem for BITCOIN as miners would not be needed....or very rarely needed....

Even if most "general" tx's were to be handled offline like this am sure SD and its like will be keeping the miners busy. :)

Holy grail if you could figure it out .... been grinding the old grey matter on this one for over 2 years now  :-\

... the "Virtual Casascius" concept angle is interesting.

No matter how much you try prove that you haven't seen the private key, people will always feel safer moving those funds to a key they generated effectively nullifying any benefit you got from skipping the transaction.

Yes. You could prove that it's never been spent, not that it's never been seen. The way to do this is by using a public ledger of digitally signed transactions.

Thinking forward, it may be possible to prove it's never been seen by using quantum cryptography.

No you could prove its never been seen by obtaining the address from a service that inserts the private key unseen by anyone into the Chinese code box, if the code box is ever read, then the Chinese code box verifier would be able to tell, thus you would not accept for goods or services or in trade.

so--->request to service to create virtual coin---->service sends you back the address, and the virtual chinese box which contains the private key---->if you ever opened any receiver can tell

But then after coin is traded varios users will have access to the sme 'unopened code'
Anyone along the way can spend it...

no, the whole thing is virtual, no physical coin

ok, so open, they need to interface with the client to get the opener code, once they have done this the client logs that coin and the opener code is not available to anyone else, but the code is only delivered once and destroyed and the SEC is opened at that time. Without the code no one esle can open their SEC, even though they have it

A rediculous idea, if it was created then someone or something saw it. There will never be trust for anything like a casacius physical coin. It is useful as novelty only.

The closest we could do for offline transactions is true cryptographic escrow, meaning you send coins to a company that controls some offline handshake and verify hardware, and needs to call home and verify all the days transactions.

brainstorm on this idea to give us our inert cash that we need so badly:
https://bitcointalk.org/index.php?topic=191175.0
You can skip over the first section which just says the maybe obvious reasons why

If you solve the problem of how to produce the secret key which is really secret without a third party knowing the secret then there might be the problem of whether anybody could sell the box (which the unknown secret key opens) more than once. Let's call this the double spend problem. I have an idea how we can solve this: every transaction of these boxes is recorded on a ledger which is verified by proof of work......

yes it does sort of end up where it started when you think it through....

 I do understand what you are trying to solve but I think it is a fundamental problem. Bitcoins are essentially internet cash and they can be traded as such. It is a non reversible transaction.
 The amazing thing they have solved is the double spend problem.
 However there is still the problem with escrow. If I want to complete a transaction with you then I have no guarantee that you will perform the reciprocal transaction. We can use a third party escrow but then we have to trust them and eventually they become the exchanges, banks, financial institutions that we were trying to avoid.
 I was thinking about splitting the transactions into smaller transactions so the trust issue was minimised. I still think this is the most practical solution at the moment.
 It's all to do with two parties agreeing to a deal and then both being trusted to execute the deal and your problem is just another version of this. How can we find a sort of automated escrow or cryptographic escrow that doesn't rely on a third party?
 You are trying to make this Chinese box your automated cryptographic escrow.
 Anyway, unfortunately, I don't know what the answer is. I hope this helps.
 

It's fun to see people batting these ideas around because a great way to learn about a topic is by picking a problem and turning it over and over in your head.   Once you dig into the math of this, here's what you'll find:  there are only 2 ways to simultaneously ensure someone controls a piece of information and yet hasn't exercised that control.

1.  A trusted party
In this case, whoever runs the Chinese Code box would be able to lie about whether or not the box had been opened.  So if you find an entity you are willing to trust not to lie, the system can work.

2.  Some sort of p2p consensus methodology
This is in fact the central problem that the blockchain itself solves.  Its assumption (that computing power costs something, and that people wanting the system to work can out-compute those who want to exploit or destroy it) is an extremely narrow one, and that makes it very reliable.  If you were willing to accept different assumptions, for example that multiple known parties can be trusted not to collude, you could build a different sort of p2p consensus mechanism (like Ripple).

In short, the entire point of Bitcoin is that it answers this one question, and it answers it with the blockchain.  So if you try to recreate something with the same characteristics outside of the blockchain, you either have to accept different assumptions, or reinvent the blockchain.  And it's difficult to imagine a solution with lower built-in trust than Bitcoin's.

But don't take my word for it!  Keep turning the problem over your head until you understand why this must be the case.  If you do, you'll end up with a deeper understanding of Bitcoin than the vast majority of its fans.

Your right as I mulled it over it became apparent that you arrive at the Block-chain solution again

I'm not sure what mathematics you used to prove that there are only two ways to ensure this. Perhaps the other ways just haven't been discovered yet. As somebody else mentioned previously quantum cryptography has incredible ways of dealing with this problem.

emansipater has never bothered with mathematical proofs too much when it is clear his intellect is proof enough ...

If you're interested in the proof it can be accomplished by using the notion of "state".  As always, assumptions and definitions are important so constrain the problem specifically to a discrete system and computable operations; and grant all participating entities access to private computation, private storage, and communication between arbitrary subsets of entities (if you're trying to duplicate mine).

Now at the point in the system where some entity A has acquired exclusive control over a piece of information i (that is, information in A's private storage can be used to compute i and no other entity or set of entities has access to information which can feasibly be used to compute i), the entire system is in some state.

There are precisely three possibilities for the operation used to compute i.  Either the operation can be accomplished by changing only A's state, it can be accomplished by changing only A's state and one other entity's state (call it "B"), or it requires a change in state for A and at least two other entities (A's state must change by the definition of "exclusive control").

In the first scenario, no other entities have observed the change in state, so the system fails (A has obtained i without being detected).

In the second scenario, entity B can refuse to change their state and thereby prevent A from obtaining i, making them a trusted party.

The third scenario is by definition a p2p consensus methodology.

But like I said--seriously--don't take my word for it.  Explore the issue and convince yourself by your own means.  It will be eminently more effective.

With quantum cryptography, either physics is the trusted entity B, or (more commonly) the consensus mechanism itself.  You can get around this, but not with discrete, computable systems (my assumption above which allows for precise notions of "state", "entity", and exactly 3 types of operation).  Similarly, any implementation on the basis of "trusted hardware" is simply using trusted hardware as B, which is why it is called "trusted" in the first place.

one theoretical question, does thermodynamics allow for their to be a unobservable system within your light cone?

Trivially, if I'm understanding you right.  But perhaps you could clarify what you mean?

no act is unobservable, yes I think you do understand me.

Ok