Bitcoin Paper Notes idea

[doobadoo]

There are some services out there that attempt to create a physical medium for btc (bitbills, causasiaus coins, etc), but they all have certain flaws:

1)  No way to ensure that the issuer really did delete the private keys, and that when there are enough of the bills/coins floating around the issuer pulls a mybitcoin.com and away go all the btc

2)  There's still risk of counterfeit/tampering despite security features.

But i'd like to put together a more democratic idea, one that does in fact rely on trust/reputation.

One of the big principles of Bitcoin is this idea that its potentially anonymous, peer to peer, and no need for an intermediary and irreversible etc.  But while this is great for storing, and transacting large amounts of btc, and in situations where you can sit around a bit and wait for some confirmations, you can't buy gas like that.  You can't pick up a big bite and a big gulp at 7-11.  It won't work for the drive thru fast food joint.

So here is what I suggest:

A feature (possibly in the mainline client) that allows a user to print BitNotes.  I know there's already some good progs out there that enable a paper wallet.  I think we can build on this.

You see the problem with a paper wallet is that its just the physical version of digital bitcoin transacting.  Were you to hand it to some one, they still need to wait to ensure you aren't 2x spend attacking them. 

The solution is to have the client print out  QR code that has more than just the privkey needed to spend the note.  It needs to have some kind of digital signature that establishes some form of identity and credibility.  It should also have a receiving address for the "change." 

So here's how it would work: I can walk into the gas station, hand them a 20 btc note.  Walk out, pump my gas, and have the change sent back to embedded address.  But why would the clerk open the pump before getting confirms?

When the clerk scans my note, it automatically originates a transaction sending the btc to the gas station receiving address (eg the privkey is visible and scan able right on the note).  The note contains some kind of additional digital cert, which is either managed by a CA that tied me to a real life identity, or otherwise has escrow being held against me. 

If i pull a 2x spend attack on the gas station they lose out on 20 btc, but my digital certificate would be revoked, or tainted some how.  Or, my 100 btc in escrow would be drawn on.

Why it works:

No one really needs anonymity to spend smallish amounts of money.  Ironically when using small amounts of currency we do have anonymity.  But just try moving more than $10K USD into or out of a Bank.  We lose it when dealing in large amounts.  But again, the need for privacy is only for things such as my total balance, or for things I want to buy on the DL (porn, hookers, drugs, whatever). 

There's got to be a P2P way to do this such that any one can print a stack of qr codes of 1, 5, 10, 20 or so BTC notes.  Again, these would be "notes" as they would be passed on as promises of BTC for casual commerce.  The are intended to be scanned and tossed in the recycle bin.  Not used over and over, which is why the privkey is left in the clear. 

But inside the QR code along with this privkey, it could be PGP signed, so the gas station owner's terminal could query a 3rd party public keyserver and verify that the note was printed by me.  The keyserver could keep track of how many successful notes i passed vs any that got reversed cuz i 2x spent the coins just before walking into the store.

There would still be fraud potential, but it would be greatly minimized.  It would still beat the snot out of credit cards.  What we do it cost something to establish a personal cert.  Maybe it takes some cpu muscle to build this special public/private key reputation.  Maybe the 3rd party charges $100 per keypair.  It would be a one time investment to allow us to start passing these notes, and merchants would feel fine up to at least $100.

Thoughts?  Any ideas how likely this is to work in practice?

[Phinnaeus Gage]

Bump!

I'm looking forward to reading replies on this topic.

~Bruno~

[doobadoo]

I went back and read a lot of satoshi's old postings.  He seemed to think that just scanning for 2x spend tx notification for 10 or 20 secs could work with a high degree of confidence.  Although it seems his idea would mean that the vendor would need a pretty sweet set of hardware listening (or maybe a service provider).   And i'm not sure if some one could counter it in some way.  But what I do know is that PGP is a highly reliable way of verifying identity (or at least confirm the key pair is real, quickly).

But i think my idea is a little less complex than some service provider carefully watching for 2x spends and charging the merchant for the service.  And most of it seems already done.  Isn't the qr code stuff Open source?  Don't free public pgp key servers already exists?

If i had the technical chops i'd make a go of it, but i can't program, im a finance guy.

[gmaxwell]

I went back and read a lot of satoshi's old postings.  He seemed to think that just scanning for 2x spend tx notification for 10 or 20 secs could work with a high degree of confidence.

He was later shown to have underestimated the risk of this kind of activity. So a search for the finney attack.

[ArticMine]

This is actually a very interesting idea. What it entails in reality is very similar to combining a credit card authorization with a Bitcoin payment in such a way that in order to defraud a merchant both a fraudulent credit card has to be authorized and a Bitcoin double spend has to occur in the same transaction!

[giszmo]

For me green addresses are the easiest and most straight forward way to go. Also most brick and mortar situations would not be where scammers would risk to do a double spend as the time gap to get caught is too small.
What if I send your money somewhere else and claim I never got it because you did a double-spend?
What if somebody else gets a glimp on the QR before the clerk's scanner does?
I don't see why private keys should be printed other than for very cold storage.

[Seal]

The solution is to have the client print out  QR code that has more than just the privkey needed to spend the note.  It needs to have some kind of digital signature that establishes some form of identity and credibility.  It should also have a receiving address for the "change." 

So here's how it would work: I can walk into the gas station, hand them a 20 btc note.  Walk out, pump my gas, and have the change sent back to embedded address.  But why would the clerk open the pump before getting confirms?

When the clerk scans my note, it automatically originates a transaction sending the btc to the gas station receiving address (eg the privkey is visible and scan able right on the note).  The note contains some kind of additional digital cert, which is either managed by a CA that tied me to a real life identity, or otherwise has escrow being held against me. 

If i pull a 2x spend attack on the gas station they lose out on 20 btc, but my digital certificate would be revoked, or tainted some how.  Or, my 100 btc in escrow would be drawn on.

Isn't this essentially a rudimentary implementation of what a credit card already does?

Using your example, the bank that issues the CC is acting like a CA would - linking you to a real identity. The bank is acting as your escrow (ok... not in absolute terms, but kinda), ie you are spending the banks money first which will guarantee the transaction, however you ultimately pay the bank back.

Your theory is sound, however the problem that always stands, is the dependency on a third party - and trust. This is also where problems tend to occur as there is a conflict of interest between the security and storage of your personal information and anonymity.

I'm sure there are some posts in the Economics section about trust based banking which is essentially the foundation blocks of all currencys.

[doobadoo]

Isn't this essentially a rudimentary implementation of what a credit card already does?

Using your example, the bank that issues the CC is acting like a CA would - linking you to a real identity. The bank is acting as your escrow (ok... not in absolute terms, but kinda), ie you are spending the banks money first which will guarantee the transaction, however you ultimately pay the bank back.

Well the bank has to identify you every tx.  In reality they don't.   who asks for ID when you are buying $100 or less of goods?  In my use case there would be possibly 3 ways for a customer to establish credibility with the merchant:

1) Use an IRL ID (drivers license, ssn, whatever) submitted to a 3rd party who then establishes you as a trusted BitNote issuer.  You don't ever even have to send the private key to the 3rd party.  Just the public key.  Your Bitnote uses the Privkey to sign the Bitcoin privkey, which is a statement that you, a verified real person printed that bill.  In my use case the bill is scanned and discarded so that they btc is immediately transferred to the vendor.  But because you are a verified person with a public key on file with the 3rd party, which is checked instantly by a query, the vendor takes a now small risk that you are 2x spend attacking.  If your BitBills were go bad, the 3rd party would place a blemish on record.

2) Place an escrow amount anonymously with a 3rd party in exchange for listing your pubkey.  If the vendor gets screwed the 3rd party can keep the cash himself (soas there is no incentive for the merchant to cry wolf).  So long as the merchant doesn't doesn't trust you for much more than you have on file he should be fine.  the 3rd party can sign the escrow address proving instantly to the merchant they have bitcoin on hold associated with that public Bitnote signing key.  (i think the btc protocal even allows for 2x signing and all kinds of escrow stuff thats not in the white paper(

3)  Publish a public key on some free server and everytime a merchant accepts your notes and they are valid they sign it, building your rep.  So maybe merchants would keep you to small amounts till you build up the rep.  All possible anonymously as well.

Your theory is sound, however the problem that always stands, is the dependency on a third party - and trust. This is also where problems tend to occur as there is a conflict of interest between the security and storage of your personal information and anonymity.

Again, i laid out methods where you can use it with total anonymity, or just use your real name with a 3rd party.  but the merchant wont' know what personal info is on file with the 3rd party, only that your bitcoin privkey was signed by the person who established the account with the 3rd party, and some belief that the 3rd party does a basic level of policing to make sure you can't create multiple throw away accounts.

This method would seem to be better than the ease of identity theft today anyhow.  The 3rd party never sees the privkey.  In fact i dont' know why it is when we go to take out a car loan, mortgage or credit card we don't have to sign the application with a personal key.  Might stop a good chunk of identity theft.


Lastly, this would be for casual transactions.  No one will hand over the keys to their car in exchange for BitNotes without waiting for some confirms, and no one has to.  Large txs of all kinds using whatever currency need time and usually paperwork to go through.

[Tuxavant]

Why can't we rely on the reputation of individual green addresses? We can see the age of the key by the first time it was used. We can calculate some good faith on the frequency of use. We can see any prior double spends.

For quick, smallish transactions this seems plausible. You give up some anonymity with this, but there's nothing stopping you from keeping a daily payment address and weekly pot buying address.

[acoindr]

I don't see the blockchain being used for the majority of transactions as Bitcoin evolves. I'll re-post what I said in this thread where WalletBit was asking for advice:

Hi Kris,

I talked about the need for a PayPal version of Bitcoin in a post/eBook I did called How to Grow Bitcoin. I'll touch on the key points.

A simple person-to-person pay service I think will come about naturally, and is essential. The root network/blockchain is NOT how the majority of transactions should take place. It's too cumbersome, slow, and won't scale to handle the majority of transactions for the world anyway. Transactions should be done by updating the rows of a database somewhere. Simple.

Such a service should look and behave pretty much exactly like PayPal, except be for Bitcoin. Anyone with an email address can send payment to anyone else with an email address. They log in, enter the address to send to, and the transfer happens instantly. Simple.

Depositing money into a user's "BitPal" type account is done by the blockchain, as are withdrawals. Other deposit/withdrawal options such as integration with exchanges like Mt.Gox can exist for convenience too. But withdrawals and deposits won't happen often because the majority of the Bitcoin ecosystem uses "BitPal" for transactions.

Two more crucial points: all transfers are completely free. Profit can instead come from premium services such as merchant features, and or advertising. Also, such a service is NOT a bank, and might limit number of bitcoins stored to say 1,000, simply to keep things simple, secure, and focused on transactions.

I think WalleBit could become this type of service. I'm sure such a system will come about at some point either way. I had even considered the undertaking myself, to ensure it comes about.