|
jonanon (OP)
|
 |
January 07, 2014, 06:46:42 AM |
|
I have pondered on the idea of having some physical coins made - a short run initially to see if there is demand. I'm not US based so don't have to be concerned about the recent US issues. My main concern is private key security. Is there an easy way for me to produce the coins, load them and ship them WITHOUT me having any access or ability to redeem the coins and without the buyer knowing the private key without peeling off the hologram? I want people to be able to buy a coin knowing that they don't have to rely on trust alone. I also want people to be able to sell their coins and their buyers knowing that both the coin producer and the initial owner have no access to the actual BTC without tampering with the coin. Is this possible?  |
|
|
|
|
|
jonanon (OP)
|
|
January 07, 2014, 06:49:19 AM |
|
To add to this.
I know how to make sure the buyer doesn't know the private key - but I would so this is no good.
I have also thought how the buyer could know the private key and I wouldn't but this is also no good due to resale etc.
I just can't think of how to combine the two.
|
|
|
|
|
|
Jace
|
|
January 07, 2014, 07:27:11 AM |
|
BIP-38 would be a possibility, the buyer sends you an address + a password protected private key in advance. This way the private key doesn't even have to be protected by a hologram, it's already protected by the password (which only the buyer/owner knows). Although the hologram does offer an extra security, i.e. knowledge the address has never been accessed (except maybe by the owner himself because he must know the actual private key in advance).
Another possibility would be a 'split brainwallet'. Instead of a private key, you print a pseudorandom (partial) password on the coin, let's say 20 alphanumeric characters. The buyer/owner can add whatever additional password he wants, and obtain the private key (+address) as a brainwallet of the two passwords combined. This way the coin can even be safely sold and reused: he can mention the code on the coin to the next buyer. Next buyer adds a random password of his own, which results in a different brainwallet (new privkey+address). He tells you the new address where to send the coin's funds. The coin and its code is now only usable for the new owner.
|
Feel free to send your life savings to 1JhrfA12dBMUhcgh85wYan6HL2uLQdB6z9
|
|
|
|
jonanon (OP)
|
|
January 07, 2014, 07:35:45 AM |
|
BIP-38 would be a possibility, the buyer sends you an address + a password protected private key in advance. This way the private key doesn't even have to be protected by a hologram, it's already protected by the password (which only the buyer/owner knows). Although the hologram does offer an extra security, i.e. knowledge the address has never been accessed (except maybe by the owner himself because he must know the actual private key in advance).
Another possibility would be a 'split brainwallet'. Instead of a private key, you print a pseudorandom (partial) password on the coin, let's say 20 alphanumeric characters. The buyer/owner can add whatever additional password he wants, and obtain the private key (+address) as a brainwallet of the two passwords combined. This way the coin can even be safely sold and reused: he can mention the code on the coin to the next buyer. Next buyer adds a random password of his own, which results in a different brainwallet (new privkey+address). He tells you the new address where to send the coin's funds. The coin and its code is now only usable for the new owner.
Thanks for those 2 different options I'll look in to both of them. BIP-38 seems to be an option although the buyer would also have another copy of the private key and password aswell as the one on the coin - I think this would diminish the coin as a collectible. If there was a way of me knowing the private key and the buyer knowing the password but never both together this would be ideal. Will do some more research in to the brain wallet as not come across that before.  |
|
|
|
|
|
Jace
|
|
January 07, 2014, 07:43:02 AM |
|
Brain wallet: private key = SHA256(some random passphrase). Or any other procedure that deterministically turns a passphrase (or basically, any input) into 256 bits of pseudorandom data. Pseudorandom as in: the resulting 256 bits should reveal nothing about the input. It's an irreversible procedure, and a tiny difference in the input typically results in a totally different 256-bit output. Deterministic as in: not random/variable/dynamic, the exact same input must always result in the exact same 256-bit output. SHA256 hashing meets these properties and is somewhat related to Bitcoin anyway, so it's the most common method for brain wallets. See https://bitaddress.org/ ('Brain Wallet' tab) for example. |
Feel free to send your life savings to 1JhrfA12dBMUhcgh85wYan6HL2uLQdB6z9
|
|
|
|
jonanon (OP)
|
|
January 07, 2014, 07:55:56 AM |
|
Thanks for the clarification. Say I create a brain wallet - hide the private key behind a hologram on the coin and engrave the password on the side of the coin how would the buyer be able to add a second password to the wallet? And future buyers adding another password etc all without the buyer knowing the private key? Sorry I'm not an expert on things like this I may be missing something |
|
|
|
|
|
Jace
|
|
January 07, 2014, 08:30:41 AM |
|
You print on the coin: "abc". You tell the buyer: the coin code is "abc", to what address should I send the funds? (or you can even deliver the coin as-is without loaded funds, as the buyer could do that himself as well) Buyer 1 makes up a secret password for himself "xyz". Combining these two, he gets "abcxyz" which (interpreted as a brain wallet) results in private key 5KfLXufK7YsQ52Nyp5KFmsBmF2m6khGMBY5wX892pJPhocojCRc and address 1BCuqJmin1G7AJfu2iv66ZyYLe2eNU29b9. He tells you the address, you load the funds and deliver the coin. Now buyer 1 sells the coin to buyer 2. He tells buyer 2: the coin code is "abc", to what address should I send the funds? Buyer 2 makes up a secret password for himself "pqr". Combining these two, he gets "abcpqr which (interpreted as a brain wallet) results in private key 5K5LkDxWXfMKGz5trtx1YP4Xv7CBDqow8vgcSeLBQbA6Bi8cGQH and address 19ZhmygXPaLuEHBTyD4yNPsYdUWc8WYjRE. Buyer 2 tells buyer 1 the address, buyer 1 transfers the funds and delivers the coin. Obviously, in real practice you'd use longer passwords than "abc" and "xyz" |
Feel free to send your life savings to 1JhrfA12dBMUhcgh85wYan6HL2uLQdB6z9
|
|
|
|
jonanon (OP)
|
|
January 07, 2014, 09:02:08 AM |
|
You print on the coin: "abc". You tell the buyer: the coin code is "abc", to what address should I send the funds? (or you can even deliver the coin as-is without loaded funds, as the buyer could do that himself as well) Buyer 1 makes up a secret password for himself "xyz". Combining these two, he gets "abcxyz" which (interpreted as a brain wallet) results in private key 5KfLXufK7YsQ52Nyp5KFmsBmF2m6khGMBY5wX892pJPhocojCRc and address 1BCuqJmin1G7AJfu2iv66ZyYLe2eNU29b9. He tells you the address, you load the funds and deliver the coin. Now buyer 1 sells the coin to buyer 2. He tells buyer 2: the coin code is "abc", to what address should I send the funds? Buyer 2 makes up a secret password for himself "pqr". Combining these two, he gets "abcpqr which (interpreted as a brain wallet) results in private key 5K5LkDxWXfMKGz5trtx1YP4Xv7CBDqow8vgcSeLBQbA6Bi8cGQH and address 19ZhmygXPaLuEHBTyD4yNPsYdUWc8WYjRE. Buyer 2 tells buyer 1 the address, buyer 1 transfers the funds and delivers the coin. Obviously, in real practice you'd use longer passwords than "abc" and "xyz" OK got it, thanks for clearing it up However I want to avoid the need to transfer funds between addresses and I want to avoid the coin owner having another copy of the private key apart from the one in the coin. I am looking for a way to basically do as Casascius/Titan/Lealana do - the only way to redeem the coin is to 'destroy' it. The only difference being that I, not that I would, would not be able to redeem the coin by saving a copy of the private key, (I may have the key but not a password to redeem). The coin buyer knowing a password would be fine - as long as they didn't know the private key as well (without redeeming). If they sold the coin they would simply tell the buyer the password. Hope this makes sense  |
|
|
|
|
crazy_rabbit
Legendary
 Offline
Activity: 1204
Merit: 1001
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
January 07, 2014, 09:09:29 AM |
|
You print on the coin: "abc". You tell the buyer: the coin code is "abc", to what address should I send the funds? (or you can even deliver the coin as-is without loaded funds, as the buyer could do that himself as well) Buyer 1 makes up a secret password for himself "xyz". Combining these two, he gets "abcxyz" which (interpreted as a brain wallet) results in private key 5KfLXufK7YsQ52Nyp5KFmsBmF2m6khGMBY5wX892pJPhocojCRc and address 1BCuqJmin1G7AJfu2iv66ZyYLe2eNU29b9. He tells you the address, you load the funds and deliver the coin. Now buyer 1 sells the coin to buyer 2. He tells buyer 2: the coin code is "abc", to what address should I send the funds? Buyer 2 makes up a secret password for himself "pqr". Combining these two, he gets "abcpqr which (interpreted as a brain wallet) results in private key 5K5LkDxWXfMKGz5trtx1YP4Xv7CBDqow8vgcSeLBQbA6Bi8cGQH and address 19ZhmygXPaLuEHBTyD4yNPsYdUWc8WYjRE. Buyer 2 tells buyer 1 the address, buyer 1 transfers the funds and delivers the coin. Obviously, in real practice you'd use longer passwords than "abc" and "xyz" OK got it, thanks for clearing it up However I want to avoid the need to transfer funds between addresses and I want to avoid the coin owner having another copy of the private key apart from the one in the coin. I am looking for a way to basically do as Casascius/Titan/Lealana do - the only way to redeem the coin is to 'destroy' it. The only difference being that I, not that I would, would not be able to redeem the coin by saving a copy of the private key, (I may have the key but not a password to redeem). The coin buyer knowing a password would be fine - as long as they didn't know the private key as well (without redeeming). If they sold the coin they would simply tell the buyer the password. Hope this makes sense 3d Printers man! Print your coin at home. :-) |
more or less retired.
|
|
|
Qim
Newbie
Offline
Activity: 22
Merit: 0
|
|
January 07, 2014, 09:29:25 AM |
|
Bitcoin is NOT born for Physical Coin Creation.
I'd love to own a physical bitcoin in gold or any other metal, but it's just not real, because the real bitcoin only exist in computer memory.
|
|
|
|
|
Kazimir
Legendary
Offline
Activity: 1176
Merit: 1003
|
|
January 07, 2014, 11:53:50 AM |
|
Bitcoin is NOT born for Physical Coin Creation.
I'd love to own a physical bitcoin in gold or any other metal, but it's just not real, because the real bitcoin only exist in computer memory. The real bitcoin exists nowhere. There is no such thing as "bitcoins". There is only a big list of transactions, from which we can derive what number (i.e. amount, balance) is associated with a specific address. We interpret this as "the address has x bitcoins" but this is a purely abstract concept. Bitcoins exist neither physical nor digital. |
|
|
|
|
jonanon (OP)
|
|
January 07, 2014, 12:15:41 PM |
|
Bitcoin is NOT born for Physical Coin Creation.
I'd love to own a physical bitcoin in gold or any other metal, but it's just not real, because the real bitcoin only exist in computer memory. The real bitcoin exists nowhere. There is no such thing as "bitcoins". There is only a big list of transactions, from which we can derive what number (i.e. amount, balance) is associated with a specific address. We interpret this as "the address has x bitcoins" but this is a purely abstract concept. Bitcoins exist neither physical nor digital. All this being said is there a way for 2 people to create a wallet and private key - one person knows the private key - the other knows the password? The person with the private key can't import to wallet due to it being password protected - the person with password can't import the private key in to their wallet without spoiling the integrity of a coin. This way I can achieve what I am trying to do |
|
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1001
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
January 07, 2014, 12:45:38 PM |
|
Bitcoin is NOT born for Physical Coin Creation.
I'd love to own a physical bitcoin in gold or any other metal, but it's just not real, because the real bitcoin only exist in computer memory. The real bitcoin exists nowhere. There is no such thing as "bitcoins". There is only a big list of transactions, from which we can derive what number (i.e. amount, balance) is associated with a specific address. We interpret this as "the address has x bitcoins" but this is a purely abstract concept. Bitcoins exist neither physical nor digital. All this being said is there a way for 2 people to create a wallet and private key - one person knows the private key - the other knows the password? The person with the private key can't import to wallet due to it being password protected - the person with password can't import the private key in to their wallet without spoiling the integrity of a coin. This way I can achieve what I am trying to do Yeah, just get a laser engraver (or build one- not so hard) premake all your coins but wait to stick the hologram on, let people take orders and submit their own encrypted private key, and custom engrave every coin you make, stick on the hologram, and bingo it's done. |
more or less retired.
|
|
|
|
jonanon (OP)
|
|
January 07, 2014, 01:38:02 PM |
|
Bitcoin is NOT born for Physical Coin Creation.
I'd love to own a physical bitcoin in gold or any other metal, but it's just not real, because the real bitcoin only exist in computer memory. The real bitcoin exists nowhere. There is no such thing as "bitcoins". There is only a big list of transactions, from which we can derive what number (i.e. amount, balance) is associated with a specific address. We interpret this as "the address has x bitcoins" but this is a purely abstract concept. Bitcoins exist neither physical nor digital. All this being said is there a way for 2 people to create a wallet and private key - one person knows the private key - the other knows the password? The person with the private key can't import to wallet due to it being password protected - the person with password can't import the private key in to their wallet without spoiling the integrity of a coin. This way I can achieve what I am trying to do Yeah, just get a laser engraver (or build one- not so hard) premake all your coins but wait to stick the hologram on, let people take orders and submit their own encrypted private key, and custom engrave every coin you make, stick on the hologram, and bingo it's done. This still would not achieve the goal though. If people submit there own private key - encrypted or not - they would have access to this key and the coin would simply be redundant as they could redeem the BTC without removing the hologram. I want it so that the only way for anyone to redeem the funds would be by removing the hologram as there would be no other way. All I want is a way that it would not be possible for me to redeem the funds by having a copy of the private key ( not that i would ). Basically giving the buyer added peace of mind. |
|
|
|
|
kies1107
Member
Offline
Activity: 63
Merit: 10
|
|
February 24, 2014, 09:31:36 PM |
|
Bitcoin virtual currency only been positive because it fishes it so people of all ages especially if it becomes real money that the currency in circulation and what is the difference it  |
|
|
|
|
