Bitcoin Forum

How would you prove it?

The bitcoin might be in an online wallet, a hardware wallet, a software wallet, or a paper wallet. You pick.

Here are some ideas to start.

A. Show a public key that has the bitcoin.
B. Show a public key that has the bitcoin, and show that you can move a token amount to and from this address.
C. Show a public key that has the bitcoin, and you  move 1 bitcoin to a new address.
D. Transfer the bitcoin to a wallet that is multi-key, the person that wants to know has part of the key.
E. Show the requestor your private key and it's value therein.
F. Transfer to bitcoin to a Reputable and Esteemed Holder of Assets, such as a Swiss Bank, who would then Vouch for Your Bitcoin.
G. The person asking for proof is required to have Faith that you have correctly stated you have a bitcoin.

LOL - on the last two....

Now if you have difficulty, don't despair. You are certain to have LESS DIFFICULTY than a nation has proving they have value in their paper money.

Hint: The correct answer is not listed above.

Its inherently difficult to prove the sole ownership of your Bitcoins. A,B,C,E,F,G requires trust on either or both of the party and D just won't be sufficient.

The most accurate way is to sign a message with the address and the message must contain relevant information. However, this would just prove that you could have control of the address and the BTC associated with it. It is of course, possible for them to get someone else to sign a message using their address.

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

C does not require trust, does it?

A person verifies a public address, then he sees that one bitcoin has moved to a new address, that was previously specified by you.

There is no way he could know whether you were the sole owner of the old address.

Now, how could a proof be devised that you owned the new address?

Just send back to the same address. No need for a new address and it proves that you have the private key for that address and can move coins associated with it.

Paper Wallet? Show an edited picture of the printed paper wallet with covered private key and prvkey's QR code.
There are too many workaround to fake this like printing a bitcoin-loaded address paired with a random prv key but,
Paper Wallets' private keys are meant to be hidden and offline, the user didn't want to tell others that he own a bitcoin in the first place.

With this, leave Paper Wallets out of the available options.

---

No, LOL to this:
::)

---

Other wallets? achow101 already replied with the best answer. (https://bitcointalk.org/index.php?topic=3846544.msg37404255#msg37404255)

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys ;)

"my UTXOs"; UTXOs contains Bitcoins, "my" means yours: You have Bitcoins, In other words. :P

Alright, you're trying to say that there are no bitcoin addresses in the network which most of us are claiming as "in their possession" and the private keys are the only "controller" of the funds.  :)

Yes, that's the correct answer.


Yes, (E) is pretty funny.

Note that I pose both an interesting and practical question. You might want to meet up with someone from Localbitcoins to make a purchase, or want to sell something with bitcoin. Is the other party capable of making the transaction?

It's not uncommon in many transactions to require "show proof of funds."

This is an important distinction, but in the context of the question, the problem simply shifts to "Prove you hold keys."

Like, "Dude. If you think I'll drive 50 miles to trade my riding lawnmower for your bitcoins, you gonna have to show me you have them first."

This is insufficient.

It requires more than simply "any signed message".  The mesage MUST be phrased in such a way that it is extremely unlikely that someone else could be tricked or convinced into signing the message for the person claiming to hold the bitcoins"

If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:

Then Achow101 could forward to me the message that Spendulus has signed.


Furthermore, a signed message only demonstrates that you are ONE of the people that have access to the bitcoins.  It does not prove that you have SOLE access.

I don't think there is ANY way to prove that nobody else has access to the coins.

---

It does.

I must trust that you aren't asking someone else to move that bitcoin on your behalf.

Kudos  ;)
I tried mine, I'll turn my head around this some more but I don't think I'll come up with your answer. Therefore, I'm waiting for others to crack the code you have here.

I had noticed that when a pre existing private key was in use, there is no recorded history of it's having single or multiple users or "owners." The phrase "no recorded history" is meaningful, because now we must rely on trust.

Hence it appears that any means of proving ownership of a bitcoin must involve  the creation of a new private key.

A wishes to buy something from B with 1 bitcoin, and B asks for proof.

A sits down with B and tries various ways to prove he has coins.

Maybe he logs into Coinbase and shows B the screen.
B raises the objections listed above....

Maybe the answer is something like this.

"Yeah my wife also has access to the account but she also has access to our credit cards and bank accounts. So what? If you had verified those you verified the presence of funds at that instant and you didn't care about multiple people having access to them. Why are you demanding a higher standard here?"

That is true but most experienced BTC users wanting proof would require text that is specific to a transaction they are going to make.  e.g. "Coin-Keeper is able to send 1 BTC to DannyHamilton on May 16 from X address".  At least that is what I would require on a sig scenario where my being convinced is involved.

Yeah, most people won't sign vague statements, and most people won't accept vague signed statements. They're usually very specific.

OP, post your seeds on the internet and hope that no one will steal your coins. Hahaha.

But what is the point of this exercise? I believe we should be disproving that we have Bitcoins than prove that we do. :-X

If you do not trust the second party, then just make use of a trusted Escrow. Why would you go through all the trouble to sign a message and not knowing if the owner has sole access to those coins. If the coins were send to a third party, you would be certain that the owner has sole access to those coins.  ::)

The whole point of proof is to make sure that the recipient receive their promised coins, right? This is where the trusted Escrow comes into play.  ;)

 

I think you're missing the entire point of a "trustless" system...


But how do you know that the Escrow (who is now technically the "owner") has sole access to the coins? :P


But as mentioned, that breaks the entire "trustless" system... you're still having to trust *someone* with something.


You can never really prove "sole" ownership or access to coins... at best you can prove you have the ability to spend coins. Whether or not you have exclusive access is not really the point in the "Ride on Mower" scenario. You just want to be able to provide evidence that you have access to the funds... a (specific) signed message should be adequate in this scenario.

Some years before we see most of the wallet providers giving the static address to receive the bitcoin from one person to your wallet. Nowadays due to security concern and want to more anonymous most of the wallet providers giving the dynamic wallet address whenever you go to see your bitcoin public address.
However as the above person said, you can use the same address to receive the bitcoin and you can use it to track the complete transaction with the block explorers.

It's impossible to prove ownership without some out of band mechanism because the only relationship maintained by bitcoin network is between bitcoin and (pub/pri) keys. There is no way to tie an id to a key. Even when someone can move bitcoin or sign a message with private key, it still doesn't prove ownership. He can simple ask the owner of the key to do these operations for him.

I believe that once could sit down with a computer and another person, and demonstrate to his satisfaction that I have a private key that holds one bitcoin, which nobody else has access to.

This would be by creating a new private key in his presence, in some way where he does not see it or all of it.

Then I would show that I was able to move one bitcoin to the public key of that  address.

Then sign a message from that private key and send it.

But if the other party was not in the same room, but was across the internet, then the proof seems far less certain.

It's impossible to "disprove that you have Bitcoin."

That's an irrefutable hypothesis.

Like...."Disprove that guy walking down the street has a bar of gold."

Cannot be done.

Carrying this a step further, hypothetically, say in a divorce case where it was alleged by one party that the other had one bitcoin.

Wife: He's got two bitcoins! I should get one!

Husband: I have bitcoins? Can you prove that?

The court should do the same procedure it does with the thousands of offshore firms that some people use to hide the money. Demonstrate the path they have taken. At some point, fiat was transferred to an account that in exchange received BTC. This negotiation would need to be demonstrated.

Unless he has memorized the seed entirely in his head, with a search warrant and seizure, after proving the path that the negotiation made, it is quite possible that justice would have access to this portfolio containing the Bitcoins.

Of course, there are still thousands of ways to hinder access to this seed. But a normal person would hardly take such precautions.

https://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers

But the thing is that's exactly how you "own" bitcoins, you posses the ability to sign a transaction. You can ask your friends to do a lot of things for you, but there's a line somewhere.

But how do you prove that the key "generated" is "unique" and that no-one else has access to it? ???

I know it's a bit of a stupid argument really, because proving the absence of something is always difficult... but just because they see you "generate" it... doesn't mean that someone else doesn't have access. Although given that this is a "thought experiment" and therefore we're free to dream up all sorts of theoretical scenarios... I suppose if you were both in a sealed room with dice and an offline device that could convert the dice rolls to private key/public key/address, you could be fairly certain the key you generated is "unique"... So as long as the other person had no access to a transmitting device, you could send 1 BTC to the address... show the confirmation and they could be fairly certain you had sole access to that 1 BTC at that point in time... and you wouldn't have to worry about them stealing it as they have no way of "using" the private key.

The problem then would be that to ensure they don't steal your 1 BTC, you either have to leave them in the sealed room forever, kill them... or move the 1 BTC to another address. At which point, they can no longer be certain you have sole access :P

Interesting that I never actually thought of how to prove sole ownership. Interesting also that even I couldn't prove to myself that no one has knowledge of my private keys and isn't just waiting one day to access it (is there?).

Signing specific messages for intended recipients has always been enough but I wonder if some of these impossible concepts such as sole access/ownership are being looked at.

Yes this is all correct. RE the bolded above, an example would be if the key I presented was part of a heuristic chain, for which another party had knowledge of.

This reminds me of playing cards, where in normal conditions one assumes that a party other than the dealer cuts the deck, and randomness is established. That's knowing that cutting the deck is insufficient if a talented mechanic is the dealer.

Suppose that I generated a private key, and then allowed the other party to see and to change ten digits of it. He can be certain its then secure from 3rd parties at that moment. I then generate a public key, and show that it contains zero. Then I put this private key in my wallet, move a bitcoin to it.

You mentioned, "The problem then would be that to ensure they don't steal your 1 BTC, you either have to leave them in the sealed room forever, kill them... "

That's kind of funny. "Okay now I've proved I have one bitcoin, but you have to die..." It's like the joke about the spy who says "If you find the secret I'll have to kill you."

But the other party, in the above scenario, does not know the key, only ten digits of it. He cannot find it from just ten digits.

The chain of custody.

You would have to track the transactions down to the current address that contained the bitcoin which had been bought in the past with a fiat transfer that I made. Then you would have to show that current address had other transactions that were linked to me. Preferably both plus and minus.

And today we are urged to not reuse receive addresses. Want to guess why?