So, there's been some discussion of the idea that a watching-only wallet might be compromised in such a way that it gives out receiving addresses that are actually controlled by an attacker.  If the compromised wallet actually correctly faked the balance your off-line wallet should have, it might be possible for such an attack to go unnoticed for a considerable time.

One obvious countermeasure would be to periodically audit the balnce of the offline wallet by setting up a new watching-only wallet on a clean machine, and verifying the balance that way.  However, since this involves getting the blockchain onto the new system, such an audit is never going to be a quick and easy process.

I'm wondering whether the following process for a wallet-supported audit would be viable.

[NM, this doesn't work.  DeathAndTaxes points out to me that it's impossible to determine whether those coins have already been spent without access to the full blockchain.  I guess the only way to audit a cold wallet really is to set up a new watching-only wallet on a known-good machine.  Or at least, to maintain sufficient watching-only wallets that compromise of all of them is unlikely]

In order to conduct an audit, the watching-only wallet would write a flie to a flash drive, containing the following:

• Block headers of the entire block chain
• The complete transaction history of all UTXOs in the wallet, stretching back to the coinbase transactions that mined those coins
• The merkle branches that prove these transactions are in the relevant blocks

This file could then be loaded into the offline wallet, which could then verify the header chain, and compute the balances of all the UTXOs.  The above information is enough to prove that some chain exists that contains the purported transactions.  It's not, in theory, quite enough to prove that that chain is the real blockchain, but that could be assured by a system of signed checkpoints.

It would also be possible to get a reasonable degree of assurance in a trust-free manner, simply by having the offline system display the difficulty after the last block, which the user can verify is roughly correct.  This is enough to prove that whoever constructed this chain expended work at least equivalent to the entire bitcoin network hashing at current speeds for several weeks over four days, which is still a pretty high bar to faking an audit.

It's not conclusive, though, if the attacker has had months or even years to prepare the fake chain, but for the truly paranoid you could display a more detailed difficulty history, which would defeat an attacker who used lots of 4x difficulty increases to minimise the amount of work they needed to do.

Is this idea viable, or is there some reason I'm missing why this wouldn't work?

roy

EDIT: Rather than displaying the difficulty after the last block, display the difficulty value that was current immediately before the last difficulty change.  An attacker would have to have mined a full 2016 blocks at this difficulty, so it raises the bar significantly.  Signed checkpoints aren't as useful as I first thought, but I think there are still relatively simle checkpoint schemes that help here

EDIT: Better: pick the block midway between the last two difficulty changes, and display the date and time, balance, and difficulty as of that block.

According to Coindesk a new Robocoin machine went on-line in London today (London's second Bitcoin ATM and first two-way machine), and there were crowds there for the launch.

http://www.coindesk.com/robocoin-machine-heats-competition-londons-bitcoin-atms/

Anyone know exactly where this new machine is located?  And also where it was announced - presumably it must have been announced somewhere if there were crowds, but my Google-fu is failing me...

It's run by Global Bitcoin ATM but they don't seem to have any information on their website yet

http://globalbitcoinatm.com/

roy

Has Mt Gox always offered merchant payment processing services a la Bitpay, or is this a new departure for them?

https://www.mtgox.com/merchant

Never noticed it before, but maybe I just wasn't paying attention...

roy

The usability warning on https://bitcoinarmory.com/download/updates-latest-commits/ probably needs removing/updating now that 0.90 is the default download.

roy

I notice that bitcoinarmory.com is using Cloudflare.  Since an unauthorized change of DNS to point to Cloudflare was implicated in the recent attack on bitcointalk, it would be nice to have confirmation from etotheipi that bitcoinarmory.com is supposed to be using Cloudflare.

roy

When broadcasting a transaction that I've signed on my offline box, I normally select the option to delete the transaction when done.

So I was rather alarmed when after Armory told me that it had failed to broadcast the transaction to the network (first time this has ever happened to me) I discovered that Armory had gone ahead and deleted the transaction anyway!

Fortunately for me:

• The transaction did in fact make it to the blockchain; and
• The raw transaction was dumped to stdout/stderr anyway

I guess you can't actually lose money this way, but still, it is a somewhat nasty (if minor) bug that certainly gave me a bit of a fright - having things go wrong on any transaction more than a few bitcents always creates a bit of a sense of panic and dread :-/

Sorry, I thought I'd kept a copy of what it wrote to stdout/stderr, but I can't locate it now.  But hopefully the deletion issue should be easy enough to fix without more info, even if the underlying error is less so.

This was in 0.87

roy

What exchange rates does the client use to compute the fiat value of the wallet balance?  It seems to overvalue Bitcoins quite a bit.... not quite as much as if you were using the Mt. Gox price, but close...

Perhaps it could use the new Bitcoin Price Index (at least as an option)?

roy

A couple of issues with the transaction details display:

The recipient address shown in the transaction details screen is always the first output of the transacrtion (rather than the actual output of the transaction that is to my wallet).  This just caused me a *lot* of confusion :-)

Also there are issues with truncation/linewrapping which make the transaction ID useless (on my phone at least) and the addresses useless in portrait mode, but obviously that's just a UI issue and I imagine known about already.

Both issues seen in 3.13

roy

A few days ago I received 0.001 BTC to the wallet on my Android phone.  The odd thing is, that wallet has not been used, since being set up, apart from a single 1 BTC transaction from one of my other wallets.  No addresses from the Android wallet have ever been advertised.

Why would someone do this?  Is this common?  To my knowledge it's never happened to me on my main wallets...

roy

The Bitcoin price seems to have stabilized around $115-120.  Assuming this price holds, then this 4-day correction has only given back the previous 7 days' gains. Think about this - Bitcoin is currently still up on the month of April.

If you consider the 7 day mini-bubble that lasted from 3rd-9th April to be an aberration, then we are pretty much where we should be if you just extend the late-March trendline.  Sure, people who managed to call the top will be sitting on a nice profit (and people who bought into the mini-bubble will be nursing heavy losses) but otherwise I suggest you just erase the last 11 days from your mind.

Imagine we're back at 2nd April, and Bitcoin has just notched up another new high just shy of $120.  What's changed since then?  Nothing much, as far as I can see...  I imagine we'll get back to $260 one day.  But this time we'll have to go the long way round.

I think this is really a very positive sign, that even after this manic price action we are still just back on the trendline.  This was a correction, not a crash; people still have faith in Bitcoin's long term value, it would appear...

[Edited slightly]

roy

With mainstream media coverage of Bitcoin pretty universally crediting the rise in value of Bitcoin to the crisis in Cyprus, I'm interested to know what Bitcoiners think?   Is it a primary factor in the recent appreciation of the value of BTC, or just a random coincidence that has been picked up by the media and assumed the status of fact?

roy

I'm curious what thought has been given to how trade-in will work for non-US customers.

When I, as a non-US customer, return my Single to trade-in for an Single 'SC', what happens when it gets to US customs?  Will there be money to pay, and if so who pays it.

roy