Bitcoin bearer instruments

[illyiller]

With regards to scaling, people are always putting all the emphasis on Lightning.

I've been wondering whether usage of bearer instruments (like OPENDIME) could help scale the network. Once loaded, they can be handed around like cash so transacting doesn't require making on-chain transactions.

This probably isn't that attractive while fees are still low. But maybe this could become common as on-chain fees rise and production costs for these type of devices fall?

[franky1]

paper wallets (bearer bonds) and physical coins(casascius coins) have been looked at in the past.

the way it works is by creating a keypair and having both part of the paper/physical coin. but where the private key is secured under some seal/method to not be viewable unless the seal/mechanism is broken.
whereby only the public address is shown for people to 'balance check'


the main issues is:
the person(s) that first issue them create the keypair and load the funds. trusting they didnt keep a copy of the private key
the person(s) that get handed the paper/physical coins. could simply reprint a paper wallet with same public key and counterfeit

if you are envisioning 'devices' well there are already hardware wallets in existance but again if handing over the hardware wallet face to face. the privkey/seed needs to be passed over securely too

[squatter]

if you are envisioning 'devices' well there are already hardware wallets in existance but again if handing over the hardware wallet face to face. the privkey/seed needs to be passed over securely too

Isn't that what Opendimes do? They are hardware wallets, essentially. You generate keypairs on the device, load it with coins, and can use it like cash until the seal is broken.

the main issues is:
the person(s) that first issue them create the keypair and load the funds. trusting they didnt keep a copy of the private key
the person(s) that get handed the paper/physical coins. could simply reprint a paper wallet with same public key and counterfeit

I think Opendime has addressed these issues, although the RNG bit is over my head:

How do I know I'm seeing a real Opendime

There are a number of ways to verify the device; first, you can click on a link shown in the index.htm file present on the device. That link includes a signed message, that only an Opendime with access to the private key can generate. With version 2 products (rounded type) there is a factory key which can be verified with using the factory public key. This proves the hardware was produced by us.

With our newest hardware (V2), there is a dedicated anti-counterfeiting chip which holds a secret key assigned by the Opendime factory. We publish the matching public key, and so it's easy to verify that you have a genuine Opendime in your hands. Learn more by reading our technical white paper (link coming soon) which details the cryptography involved.

But Opendime could be generating private keys that look random, but are all from the same HD (BIP 32) tree which they control?

You can actually prove to yourself that we cannot know the private key. The process for this verification can only be done after the unit is unsealed, and requires a verbatim copy of the original data written. Plus, you'll need to precisely control what is written to the drive, which cannot be done with higher-level commands to load entropy (so drag-n-drop will not work).

In summary, the process is as follows: take a new Opendime, power it up and precisely write 256k of known bytes to it (ie. use dd to write it starting at block zero). The unit will pick a private key as normal. Unseal the Opendime (poke the hole), and run the file advanced/rngverify.py with Python. That file is a simple program that contains the (previously) unknown entropy value from the Opendime, and it checks that your entropy is hashed into the secret key. Effectively, it re-creates the entire key-picking process and to demonstrate we used exactly that process. Because it's just 75 lines of python, it's very easy to audit.

As you will see, the secret exponent of the private key is the double-SHA256 of these values concatenated: (the 256k bytes from you) + (128-bit serial number of the Opendime in base32) + (32-byte nonce picked by Opendime's RNG).

See our source code on github for a complete and executable example.

The biggest problem I see with Opendimes is hardware reliability. You can't back up your wallet seed or private keys. If you have a hardware failure, you lose everything. The only way to prevent that is to break the seal and sweep the coins, rendering the device useless.

[franky1]

The biggest problem I see with Opendimes is hardware reliability. You can't back up your wallet seed or private keys. If you have a hardware failure, you lose everything. The only way to prevent that is to break the seal and sweep the coins, rendering the device useless.

other issue is there are ways to bypass the resistor thus spend without having to 'pop out' the resistor

[squatter]

The biggest problem I see with Opendimes is hardware reliability. You can't back up your wallet seed or private keys. If you have a hardware failure, you lose everything. The only way to prevent that is to break the seal and sweep the coins, rendering the device useless.

other issue is there are ways to bypass the resistor thus spend without having to 'pop out' the resistor

Is that true? Is this demonstrated anywhere, like a Youtube video? Or are we just talking about a theoretical attack? They say when the seal is broken, a permanent change is made inside the flash memory so it can't be re-sealed and used normally again, but I hadn't considered this potential attack vector.

[figmentofmyass]

at a glance, rising fees and declining production costs would make these seem more viable for widespread usage, but the fundamental problem is the first end user of each device needs to pay for the device and fund it with an on-chain transaction. is there really much incentive to do that, considering they are just going to give the device away to someone else? it's not like a hardware wallet where you can keep using it.

i really don't like the idea of validating via USB either. taking USB sticks from strangers and sticking them in my PC? sounds like a security disaster.

[franky1]

i really don't like the idea of validating via USB either. taking USB sticks from strangers and sticking them in my PC? sounds like a security disaster.

also
"is this USB authentic? or is it chinese replica which looks the same but is just a USB stick with a public key on it"

imagine it. though it retails for $15 for the device i bet china can replicate the usb board for $3 and just be a public key holder.

you just buy 5 devices (contains same public key)
you load on 1btc to public key

now you have 5 devices that look like they have ~$40k combined (5xbtc)

$15 +1x$8k(btc you still own) = $40k scam

by the time someone eventually wants to spend and snaps off the resistor or bypasses the resistor. realising its just a public key held..too late

[STT]

I like that it exists and it seems useful for someone on the move and wanting an established route to carry Bitcoin on their keyring even.   However it is just physical exchange and I think Bitcoin has most influence when its online and being exchanged, the monetary velocity of Bitcoin is especially high in comparison to any other type of currency and this is part of what adds into its overall value.

The fact that the device is physical means it wont likely be exchanged as often, if somehow it were being passed about in a market as often as pocket change instead of dollars or having to resort to plain barter then sure its a big deal.   It does avoid the transaction fees but I would only see that as relevant for immediate transactions which are also relatively low worth.      I can send BTC for 10 cents still and its been fairly elevated recently, it wont clear fast but within hours its good enough for me often. 
   I'm not really criticising it especially just trying to imagine its overall effect on the economy of Bitcoin and if it has a significant knock on effect, I hope they use such devices in places like Venezuela perhaps but it still needs the pc at least partly so its not yet separate from the process to become independent worth.

[illyiller]

The fact that the device is physical means it wont likely be exchanged as often, if somehow it were being passed about in a market as often as pocket change instead of dollars or having to resort to plain barter then sure its a big deal.   It does avoid the transaction fees but I would only see that as relevant for immediate transactions which are also relatively low worth. 

It's also good for privacy. It's a truly cash-like transaction since there's no paper trail on the blockchain. That creates some additional incentive beyond simply saving on fees.

It seemed like a pretty cool idea to me, but I guess there are some legit criticisms ITT.

I guess there's also the problem of needing to spend exactly what's loaded onto the device. There's no way to easily provide change back to the public key, although it could be done.

[pooya87]

one of the main points of bitcoin creation was to cut the middlemen and transfer all the power that the middleman had back to the user themselves. using things like OpenDime that you suggest is going to give  that power back to a middleman again which is not what we want even if it were 100% safe to use which it is not.

[avikz]

With regards to scaling, people are always putting all the emphasis on Lightning.

I've been wondering whether usage of bearer instruments (like OPENDIME) could help scale the network. Once loaded, they can be handed around like cash so transacting doesn't require making on-chain transactions.

This probably isn't that attractive while fees are still low. But maybe this could become common as on-chain fees rise and production costs for these type of devices fall?

This could be the future of transactions if the network fees rise. Otherwise, it doesn't make much sense really! Also the adoption rate has not increased to such a level where we would need to use this service!

Also, LN may come handy to scale up the network, not the adoption rate! This is a common misconception! Adoption will only incease by regulation, nothing else can help!

You may be a freedom lover but if you really want to see bitcoins and other cryptos are being accepted in your local store, regulation is the only way to achieve it!

[squatter]

one of the main points of bitcoin creation was to cut the middlemen and transfer all the power that the middleman had back to the user themselves. using things like OpenDime that you suggest is going to give  that power back to a middleman again which is not what we want even if it were 100% safe to use which it is not.

Wait, how is Opendime a middleman? Keys are generated client side and supposedly it's provable that they can't know your private keys. The potential attack vectors seem similar to that of hardware wallets.

[pooya87]

one of the main points of bitcoin creation was to cut the middlemen and transfer all the power that the middleman had back to the user themselves. using things like OpenDime that you suggest is going to give  that power back to a middleman again which is not what we want even if it were 100% safe to use which it is not.

Wait, how is Opendime a middleman? Keys are generated client side and supposedly it's provable that they can't know your private keys. The potential attack vectors seem similar to that of hardware wallets.

you can't build opendime yourself at home, you have to go to that middleman and pay them to buy one so you would be depending on a company to use bitcoin instead of not needing anything but a computer which you already have and an open source software (desktop wallets) which you can download for free.

[squatter]

Wait, how is Opendime a middleman? Keys are generated client side and supposedly it's provable that they can't know your private keys. The potential attack vectors seem similar to that of hardware wallets.

you can't build opendime yourself at home, you have to go to that middleman and pay them to buy one so you would be depending on a company to use bitcoin instead of not needing anything but a computer which you already have and an open source software (desktop wallets) which you can download for free.

True. I suppose the same applies to hardware wallets. When you get down to it, most people can't build their own node or read the source code either, so there is always some element of trust involved, right?

[franky1]

Also, LN may come handy to scale up the network, not the adoption rate! This is a common misconception! Adoption will only incease by regulation, nothing else can help!

LN is a separate network with a pegged token called Msats that are not recognised on the bitcoin network
'close sessions' are the converter onramp tx from LN back to bitcoin

LN is not about 'scaling bitcoin' but deburdening the bitcoin network by REDUCING/DE-SCALING the utility of the bitcoin network
LN is not about increasing transaction count of the bitcoin network for more users to make direct sender to recipint push transactions,
LN is about making people use another network of 'pay if agree'. where the dvs only nvision increasing bitcoins network purely to fit in more spcial transaction formats that are just onramps in and out of LN
it already begun. segwit txformats only advantage is to be the onramp/gateway to LN. segwits 'weight' expansion on the network does not help legacy transaction increases

....
other 'offline' / 'offchain' services are also about deburdening the bitcoin network of transaction count, not expand it

the point being
the less people actually making transactions on the bitcoin network daily = less people wanting to be full nodes because their activity is not daily to need to be fullnodes.
EG if everyone had a LN channel with a 6month lock. factories and services only need to check once every 6 months and then play around on the offchain networks

adoption wont occur due to regulation.
there are more weed smokers since regulation of drugs had been weakened
there are more alcoholics since regulation of alcohol(compared to prohibition era) had been weakened

even banking has increased in popularity when 'savings groups' / credit unions became more popular due to making regulations less restrictive.
years ago it was impossible for a country to invent/use a currency like Mpesa, but then reducing regulations actually allowed these things to flourish

regulations are not peoples friends. regulations are just a shiny certificate that makes a business/institution look like it has a seal of approval from a government to service and police its customers.
yes the shiny certificate brings attention. but attention can be attained by other ways too
regulations help businesses/institutions. not assets and not people

[CryptoBry]

With regards to scaling, people are always putting all the emphasis on Lightning. I've been wondering whether usage of bearer instruments (like OPENDIME) could help scale the network. Once loaded, they can be handed around like cash so transacting doesn't require making on-chain transactions. This probably isn't that attractive while fees are still low. But maybe this could become common as on-chain fees rise and production costs for these type of devices fall?

I think there can be situations where using something like the Bitcoin Stick can be helpful so there can be a ready market for this type of storing and transferring cryptocurrency. However, I am doubting if this can push for more scalability and more adoption as on-chain transfer remains the most attractive to deal with bitcoin. This can be a very good alternative too that should be available to anyone who desires it.