Bitcoin Forum

Hello,

I am curious about the technology behind physical coins.

1/ How can I encrypt/seal a private key ? Meaning that the buyer of the physical coin can be 100% sure that I do not know his future private key.

2/ Is there any difference between manufacturing a loaded physical coin versus unloaded physical coin ?

The most straightforward method is by using BIP38 (https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki). The buyer will generate their own private key and encrypt with a password they choose using the BIP38 standard, and then provide you with the encrypted private key. You engrave that encrypted private key on to the physical coin. Only the buyer will be able to decrypt the BIP38 encrypted key to the real private key by using the password that they know.

This only works once, however. The buyer will be unable to sell the coin on as it is obvious that they know the private key.

In terms of the private keys, no. It doesn't matter whether you load the address or not - either way you will still be engraving the private key in some format on the coin.

I want to encourage you to check out the collectible section of the forum if you haven't already. https://bitcointalk.org/index.php?board=217.0

Physical Bitcoin have been around for around 12 years now.
Most of them are based on a simple trust system: You trust that the maker would destroy their private keys after assembling the collectible (coin) - usually the priv key is simply printed on a piece of (ideally durable) paper and hidden under a "tamper-proof" hologram.
Often these coins are sold "loaded", meaning a certain amount of Bitcoin is indeed stored at the address behind the private key.

However this approach is ofc in a way the opposite of what Bitcoin stands for - suddenly the trustless system relies on trusting a 3rd party again.
There haven been many debates about this type of physical crypto coins, but they still have their (niche) place in the world of Bitcoin.

The way  o_e_l_e_o described is probably one of the safer routes - however not very feasible for larger scale projects - it also reduces simplicity and resellability of such items, so there are some clear drawbacks despite the improved security.

You can use a technique called "asymmetric encryption," which involves using a public key to encrypt the private key, and a separate private key to decrypt it. You need to generate two keys, one public and one private. Keep your private key secure and dont share it with anyone. you can use your buyer's public key to encrypt the private key. This means that only the buyer's private key can decrypt it. Keep the encrypted private key in a safe place, like an offline computer or hardware wallet. DONT share it with anyone else. Give the buyer the encrypted private key. They can use their private key to decrypt it and access the funds.

A loaded physical coin is a coin that has a private key embedded in it and holds a certain amount of cryptocurrency. The private key can be used to access the funds associated with the coin. In contrast, an unloaded physical coin is acoin that does not have any private key embedded in it.

It is not possible to actually 'seal a private key'. First of all, it is basically impossible to safely create pre-funded collectibles (safe as in: the creator has no access to the private key).
The method Leo mentioned, allows you to make user-funded collectibles safely, but that kills the coin's collectible value, as now the user who funded it, can scam a future owner of the physical coin.

In my opinion, for substantial amounts and as technology advances / gets cheaper, hardware-wallet-inspired collectibles should be considered.
For instance, it is today possible to build a device which uses an open-source 'avalanche' circuit to generate entropy and private keys and store them in a secure chip, which even the creator cannot extract, although he has hardware access to the device. The device would be able to display a Bitcoin address, though, and destruction would be necessary to spend the funds.

This is all possible and mostly how a hardware wallet works (only really changing the way the secure element grants you signing access), but those aren't exactly cheap, so this is the one drawback.

What can also be done is to encrypt a private key and then send this private key to the manufacturer. He can now print this private key onto the collectible and will not have access to the funds even if he has bad intentions and records the private key (has happened a lot lately). This will however require a long password, since bruteforcing the password is still possible by the manufacturer.

Generally this is not a way to store your bitcoin for long term.

1. If you can create a way to store a private key without knowing it, such that it can be retrieved once by anyone who holds it, you have invented something very valuable.

2. The only difference is who loads the coin, assuming that it can be loaded.

What if there is tool which can add up the password to both public key and private key information. For example, whenever BIP38 gives 58-character Base58Check-encoded printable string it should also scramble it with 2nd layer of characters which could serve as username or characters associated with some password.

So that will be printed on the physical note or coins, the first owner will have the password and X-character layer which are neither public keys nor private keys thus, no auctioneer or collector will ever know what's inside unless and until they access the info inside.

I dont know, this could be very simple addition for such big problem since many years when it comes to passing down the physical coins/notes.

Yes, and that's one of the very few methods that are kind of secure regarding direct 3rd party risk. However it subtracts so much of the "value" of a collectible crypto coin because:
- you now have two "items" you need to take care of: The physical coin itself PLUS the password.
- a reselling of such an item is now even more complicated. A prominent example of a similar approach are the Titan Mint 2FA coins - it required the use of a second key submitted via a website-form to access the private key. Now that the website is down, any 2FA items cannot be redeemed anymore.
Read more in the collectibles section on the topic: https://bitcointalk.org/index.php?topic=5369583.0