Title: How to prove that you own/control a private key after it has been stolen Post by: rjk on May 10, 2012, 11:04:32 PM So these days, it seems that bitcoin private keys are being stolen all the time. I'd like to know the best way for a victim to prove that they owned the keys FIRST, potentially enabling them to recover funds.
As we know, anyone with the private key can sign a message from it. I would like to know whether my idea would work - basically it is as follows: Before you are hacked, and when you have reasonably good proof that your keys are secure and un-hacked, perform the following steps:
Would this work? Does anyone have any reason why it might not work, or perhaps a better way to do it? Title: Re: How to prove that you own/control a private key after it has been stolen Post by: rjk on May 11, 2012, 12:48:32 AM The above post was made with a lot of haste, due time constraints. However, I had a little time to think about it, and have refined the procedure a little bit below, to hopefully be a bit more clear:
Key #1 is a standard message signing key, and it could be any valid format such as RSA, PGP, GPG, etc. Key #2 is the private key to the bitcoin address that you wish to prove that you own.
The timestamping part of the process is explained somewhat generally here: http://en.wikipedia.org/wiki/Trusted_timestamping My understanding is that the data is hashed with a one way hash (perhaps SHA256?) and then the hash is signed by the trusted time stamping authority. I will attempt to demonstrate using my signature donation address, my -otc GPG key, and a public timestamp server. I fear that the process may fall apart at the timestamp step, but hopefully we can figure this out for ease of use in the future. My donation address is: 1NgLdhjHfLbcVawMk4DNEv8yf9ZzzNJV6U My -otc data is here: http://bitcoin-otc.com/viewgpg.php?nick=rjk and the fingerprint is 585C086DAD92DCA4080BD9740B9FF092ACB50C08 My message is as follows: Code: I (rjk) control this bitcoin address: 1NgLdhjHfLbcVawMk4DNEv8yf9ZzzNJV6U My key fingerprint is: 585C086DAD92DCA4080BD9740B9FF092ACB50C08 This message was created 5/10/2012 8:40PM Eastern time Code: G9fe7xx/dCESzyxkpISxCzNXCXYRA7u1ALR8aG8LC4eRGXhApqA9/Q4OSzJiKgf0Pgi5ifnwkHcVSJH93/tadsI= Code: -----BEGIN PGP SIGNED MESSAGE----- Code: -----BEGIN PGP SIGNED MESSAGE----- So theoretically, that should be able to prove that I controlled 1NgLdhjHfLbcVawMk4DNEv8yf9ZzzNJV6U prior to 00:45:03 GMT 5/11/2012, as per the time stamping service. Title: Re: How to prove that you own/control a private key after it has been stolen Post by: Maged on May 11, 2012, 05:02:12 PM As a reminder, you don't have to use a "trusted" timestamp server. Instead, you could totally just use the single most powerful, decentralized, and provably unchangeable timestamp system on the planet. Given the name of this forum, I shouldn't have to tell you what that is... :P
Title: Re: How to prove that you own/control a private key after it has been stolen Post by: rjk on May 11, 2012, 05:03:56 PM As a reminder, you don't have to use a "trusted" timestamp server. Instead, you could totally just use the single most powerful, decentralized, and provably unchangeable timestamp system on the planet. Given the name of this forum, I shouldn't have to tell you what that is... :P Heh, I should have thought of that. I guess the final bit of the puzzle is how to make it very easy.Title: Re: How to prove that you own/control a private key after it has been stolen Post by: goblin on May 11, 2012, 05:12:18 PM For timestamping, check out chronobit: https://github.com/goblin/chronobit
It's still quite immature and probably needs an update after the recent change to p2pool, but it shows the point and implements it. Title: Re: How to prove that you own/control a private key after it has been stolen Post by: goblin on May 11, 2012, 05:13:04 PM However, what makes you assume that if someone loses a private key from a wallet, they won't also lose the private key used for signing the private keys from a wallet?
Title: Re: How to prove that you own/control a private key after it has been stolen Post by: rjk on May 11, 2012, 05:14:18 PM However, what makes you assume that if someone loses a private key from a wallet, they won't also lose the private key used for signing the private keys from a wallet? Those keys are the same thing. But what this does is make it so that you can prove that you had control of that key first, otherwise the hacker could claim that he did, and there would be no proof in either direction.Title: Re: How to prove that you own/control a private key after it has been stolen Post by: nybble41 on May 11, 2012, 05:16:12 PM How do you intend to prove that you didn't deliberately give someone the private key? Private keys have become a form of payment in their own right; for example, you can provide one to MtGox to fund your account. A key isn't necessarily "stolen" just because you had it first, and now someone else also has it.
So far as the bitcoin system is concerned, possession of the private key is ownership. The damage is in the unauthorized access to your computer, and for that you need to show that the key was copied without your consent. Title: Re: How to prove that you own/control a private key after it has been stolen Post by: rjk on May 11, 2012, 05:18:12 PM How do you intend to prove that you didn't deliberately give someone the private key? Private keys have become a form of payment in their own right; for example, you can provide one to MtGox to fund your account. A key isn't necessarily "stolen" just because you had it first, and now someone else also has it. That is where the RSA/PGP/GPG/etc key comes in. If you for some reason wanted to give a private key to someone (why?) you could create a message with your signing key to say that it was authorized.So far as the bitcoin system is concerned, possession of the private key is ownership. The damage is in the unauthorized access to your computer, and for that you need to show that the key was copied without your consent. Title: Re: How to prove that you own/control a private key after it has been stolen Post by: etotheipi on May 11, 2012, 05:19:41 PM Why do you need to use the non-Bitcoin key for anything?
Why not just sign a message declaring your name, email, etc, using your Bitcoin private key, then hash160 that msg+signature, and send 0.0001 BTC to it using the blockchain as a timestamp server? The inclusion into a block is all that is needed for timestamping, and it still can't be produced by anyone except for the owner of the Bitcoin address. Title: Re: How to prove that you own/control a private key after it has been stolen Post by: rjk on May 11, 2012, 05:22:05 PM Why do you need to use the non-Bitcoin key for anything? It is a 2 part protection, because it allows you to be identified as the owner even after the key is compromised. Certainly, you can sign messages to that effect prior to a compromise, but after that no message can be trusted. That last part (running a hash160 on it and sending a satoshi to it) was the part that could replace the timestamp server given in the example.Why not just sign a message declaring your name, email, etc, using your Bitcoin private key, then hash160 that msg+signature, and send 0.0001 BTC to it using the blockchain as a timestamp server? The inclusion into a block is all that is needed for timestamping, and it still can't be produced by anyone except for the owner of the Bitcoin address. Title: Re: How to prove that you own/control a private key after it has been stolen Post by: nybble41 on May 11, 2012, 05:39:52 PM How do you intend to prove that you didn't deliberately give someone the private key? Private keys have become a form of payment in their own right; for example, you can provide one to MtGox to fund your account. A key isn't necessarily "stolen" just because you had it first, and now someone else also has it. That is where the RSA/PGP/GPG/etc key comes in. If you for some reason wanted to give a private key to someone (why?) you could create a message with your signing key to say that it was authorized.So far as the bitcoin system is concerned, possession of the private key is ownership. The damage is in the unauthorized access to your computer, and for that you need to show that the key was copied without your consent. You could mitigate this by only considering timestamps which have already been made public, but it seems easier to me to simply secure your private keys. Title: Re: How to prove that you own/control a private key after it has been stolen Post by: rjk on May 11, 2012, 05:45:07 PM How do you intend to prove that you didn't deliberately give someone the private key? Private keys have become a form of payment in their own right; for example, you can provide one to MtGox to fund your account. A key isn't necessarily "stolen" just because you had it first, and now someone else also has it. That is where the RSA/PGP/GPG/etc key comes in. If you for some reason wanted to give a private key to someone (why?) you could create a message with your signing key to say that it was authorized.So far as the bitcoin system is concerned, possession of the private key is ownership. The damage is in the unauthorized access to your computer, and for that you need to show that the key was copied without your consent. You could mitigate this by only considering timestamps which have already been made public, but it seems easier to me to simply secure your private keys. Title: Re: How to prove that you own/control a private key after it has been stolen Post by: etotheipi on May 11, 2012, 06:15:53 PM Fair enough. I was focusing on the case that you need to prove to a court that you are the original owner. It's just as easy to use one key as it is two keys for that initial blockchain injection which proves "Joe Schome <joe.shmoe@schmoeblog.com>" owned the key at least as early as <insert time here>. Regardless of a second key...
The real issue is that most users don't actually do this, leaving open the possibility that someone steals your keys, and then does it themselves, claiming that you stole their keys and furnishing their "proof" to claim legal ownership. It's difficult to distinguish that situation from the normal situation where this succeeds. Therefore, I don't how this would be too useful right now, until it becomes so widely used that users are expected to use it. Otherwise, I like the idea. It could be done once per deterministic wallet, which could then be used to prove that you own every key in the wallet. If blockchain bloat was a problem, there could be a free service that collects such signatures, jams them into a merkle tree, and posts the root into a single tx so that minimal coins and kB are wasted for the timestamping. The service wouldn't even really have to be trusted, you just need to get the merkle tree and save it with your data and you can verify it yourself. This would be preferable to doing it yourself, since you might have reasons to be doing high-frequency timestamping, which costs nothing computationally, but could add up in fees/burnt coins and blockchain bloat. |