|
Title: How to audit the mtgox and mybitoin? Post by: qikaifu on June 26, 2011, 04:29:54 AM This is not really a post concerning about mybitcoin, but about the future of the bitcoin economy.
The service like mybitcoin is no doubt to play a very import role in the future. I guess we need audit firm such as KPMG, PWC to audit the asset which these service provider should have. So is it possible for an audit firm to check whether mybitcoin has those numbers of bitcoin, but at the same time, preventing the auditor from copy the private key that mybitcoin have? Title: Re: How to audit the mtgox and mybitoin? Post by: FuzzyCoins on June 26, 2011, 04:35:27 AM They would have to publish their wallet addresses (and then anyone can see how much is in the wallets), and then they could send small transaction amounts to a trusted party from each wallet to prove they had control of the wallets.
Title: Re: How to audit the mtgox and mybitoin? Post by: JoelKatz on June 26, 2011, 04:40:58 AM This is not really a post concerning about mybitcoin, but about the future of the bitcoin economy. It's not only possible, it's trivial. Proving you have a particular private key is one of the simplest things to do.The service like mybitcoin is no doubt to play a very import role in the future. I guess we need audit firm such as KPMG, PWC to audit the asset which these service provider should have. So is it possible for an audit firm to check whether mybitcoin has those numbers of bitcoin, but at the same time, preventing the auditor from copy the private key that mybitcoin have? Title: Re: How to audit the mtgox and mybitoin? Post by: qikaifu on June 26, 2011, 04:46:34 AM They would have to publish their wallet addresses (and then anyone can see how much is in the wallets), and then they could send small transaction amounts to a trusted party from each wallet to prove they had control of the wallets. So let's call this method AT("Appointed Transaction").So what if I have a lot of bitcoin, and I provide some service which are virtually illegal and immoral like this: "I have 100000 bitcoins. If you wants to prove to other people you have such amout of coins, I will help you with AT auditing process. The price is 2% of the amout you want to be apparently under your control. My contact information is LiarHeaven@XXXX.XXX. Title: Re: How to audit the mtgox and mybitoin? Post by: qikaifu on June 26, 2011, 04:47:41 AM This is not really a post concerning about mybitcoin, but about the future of the bitcoin economy. It's not only possible, it's trivial. Proving you have a particular private key is one of the simplest things to do.The service like mybitcoin is no doubt to play a very import role in the future. I guess we need audit firm such as KPMG, PWC to audit the asset which these service provider should have. So is it possible for an audit firm to check whether mybitcoin has those numbers of bitcoin, but at the same time, preventing the auditor from copy the private key that mybitcoin have? But at the same time, you have to prevent STEALING in the process of the AUDITING. The database of the mtgox was lost in the auditing process. It's not like the auditing of gold storage. An auditor are not that easy to take away a piece of gold without being caught. But a private key is only a piece of information, the auditor got the information and got the money! Title: Re: How to audit the mtgox and mybitoin? Post by: JoelKatz on June 26, 2011, 08:59:13 AM This is not really a post concerning about mybitcoin, but about the future of the bitcoin economy. It's not only possible, it's trivial. Proving you have a particular private key is one of the simplest things to do.The service like mybitcoin is no doubt to play a very import role in the future. I guess we need audit firm such as KPMG, PWC to audit the asset which these service provider should have. So is it possible for an audit firm to check whether mybitcoin has those numbers of bitcoin, but at the same time, preventing the auditor from copy the private key that mybitcoin have? But at the same time, you have to prevent STEALING in the process of the AUDITING. Quote The database of the mtgox was lost in the auditing process. The auditor presents you a bitcoin address. You then compose a list of public keys and for each one, you sign an intentionally defective transaction transferring 0 BTC to the auditor's bitcoin address. You give the transactions to the auditor. The auditor confirms the signature on each transaction and sums the amount of BTC that can be claimed by each key. He then knows for sure how much you could transfer without ever compromising anything.It's not like the auditing of gold storage. An auditor are not that easy to take away a piece of gold without being caught. But a private key is only a piece of information, the auditor got the information and got the money! Title: Re: How to audit the mtgox and mybitoin? Post by: qikaifu on June 26, 2011, 10:57:58 AM JoelKatz, thanks.
Title: Re: How to audit the mtgox and mybitoin? Post by: theymos on June 26, 2011, 11:09:36 AM If the services kept each person's BTC separate, they could give people withdrawal transactions in advance. The users could then withdraw at any time without contacting the service by broadcasting the transaction. The users would also know immediately if any of these funds were spent.
|