Just thinking aloud

[davidgdg]

Would it be technically possible to produce a digital equivalent of Casascius-style physical bitcoins?

If yes, this would allow the use of BTC without the need to propagate a transaction through the network. In effect it would be the true equivalent of cash. The balance would be recorded on the blockchain for the public address, but transfers of the private key would remain private.

Such a system would need a transferrable digital wallet/wrapper  with the following characteristics:

1. An encrypted private key with a passcode.

2. An indication of whether the private key has ever been decrypted (the equivalent of the seal on a physical bitcoin)

3. A way of generating a new passcode when the wallet/wrapper is transferred so that the new owner can be sure that the old owners cannot decrypt the wallet once possession has changed.

Could it be done?

[Carlton Banks]

Don't see why not. When signing transaction or messages to prove you own/have access to a given public key, you are inherently proving that you have access to the private key it is paired with. I'm not sure it would be such a great idea though: how could you be sure you would have the correct "denominations" of off-chain coins to pay a specific BTC price? You cannot predict what the price of whatever you're buying is too far in advance, or at least not all the time. Then you have to use the blockchain anyway to get change from the merchant, or hope they have off-chain coins that represent the amount of change you need. Not sure what problem this solves in reality.

Edit: I'm also not sure how you get around the original owner retaining the private key, they must be able to access the unencrypted key, or else it would have to be designated as an off-chain only wallet before they themselves received it. I think it could be done with such a specific wallet design.

[DannyHamilton]

- snip -
2. An indication of whether the private key has ever been decrypted (the equivalent of the seal on a physical bitcoin)
- snip -

I think you're going to find that this is the part that is difficult (impossible?) to accomplish.

[MerchantMiner]

Would it be technically possible to produce a digital equivalent of Casascius-style physical bitcoins?

If yes, this would allow the use of BTC without the need to propagate a transaction through the network. In effect it would be the true equivalent of cash. The balance would be recorded on the blockchain for the public address, but transfers of the private key would remain private.

Such a system would need a transferrable digital wallet/wrapper  with the following characteristics:

1. An encrypted private key with a passcode.

2. An indication of whether the private key has ever been decrypted (the equivalent of the seal on a physical bitcoin)

3. A way of generating a new passcode when the wallet/wrapper is transferred so that the new owner can be sure that the old owners cannot decrypt the wallet once possession has changed.

Could it be done?

use a mobile phone to send bitcoins back and forth, let the phone deal with everything

[jl2012]

Would it be technically possible to produce a digital equivalent of Casascius-style physical bitcoins?

If yes, this would allow the use of BTC without the need to propagate a transaction through the network. In effect it would be the true equivalent of cash. The balance would be recorded on the blockchain for the public address, but transfers of the private key would remain private.

Such a system would need a transferrable digital wallet/wrapper  with the following characteristics:

1. An encrypted private key with a passcode.

2. An indication of whether the private key has ever been decrypted (the equivalent of the seal on a physical bitcoin)

3. A way of generating a new passcode when the wallet/wrapper is transferred so that the new owner can be sure that the old owners cannot decrypt the wallet once possession has changed.

Could it be done?

If you find a way to do this without trusting third party, you are greater than Satoshi. So the answer is simply no.

If you trust a third party, you can certainly do this. See https://bitcointalk.org/index.php?topic=277389.0

[bitcoinBull]

- snip -
2. An indication of whether the private key has ever been decrypted (the equivalent of the seal on a physical bitcoin)
- snip -

I think you're going to find that this is the part that is difficult (impossible?) to accomplish.

It is easy to distinguish virgin/unspent bitcoins from spent bitcoins. But you still don't know if or how many people actually have the private key for those unspent coins. Just like you don't really know if Casascius kept the private keys he printed on the holographic seals (you just have to trust that he didn't).

[Carlton Banks]

Could this not be done using the (forthcoming) Intel SGX instructions? As I understand the concept, code and/or data are encrypted prior to use, and can only be unencrypted and run/accessed once it has been both transmitted to an "enclaved" part of memory and then signed by an external server. The articles (well, blog) I read on it are http://theinvisiblethings.blogspot.de/2013/08/thoughts-on-intels-upcoming-software.html and http://theinvisiblethings.blogspot.de/2013/09/thoughts-on-intels-upcoming-software.html

Sounds like it could have wider implications if it's all it's cracked up to be.

[msc]

The problem is that an old copy of the wallet can always exist, from before it was transferred.  Without a ledger, both copies would look legitimate.

[TheButterZone]

There may be some way to "seal" encrypted files, but I seem to recall something non-computer science related about making an object at the atomic level that cannot be counterfeited because the mere act of observing it changes its physical structure. Quantum... IDK.

[davidgdg]

Would it be technically possible to produce a digital equivalent of Casascius-style physical bitcoins?

If yes, this would allow the use of BTC without the need to propagate a transaction through the network. In effect it would be the true equivalent of cash. The balance would be recorded on the blockchain for the public address, but transfers of the private key would remain private.

Such a system would need a transferrable digital wallet/wrapper  with the following characteristics:

1. An encrypted private key with a passcode.

2. An indication of whether the private key has ever been decrypted (the equivalent of the seal on a physical bitcoin)

3. A way of generating a new passcode when the wallet/wrapper is transferred so that the new owner can be sure that the old owners cannot decrypt the wallet once possession has changed.

Could it be done?

If you find a way to do this without trusting third party, you are greater than Satoshi. So the answer is simply no.

If you trust a third party, you can certainly do this. See https://bitcointalk.org/index.php?topic=277389.0

Thanks for the link. Fascinating stuff. I had no idea that so much work has already gone into off-chain transactions.

 It is both depressing and inspiring to know that the people working on bitcoin development are so many orders of magnitude cleverer than me ;-)

[davidgdg]

There may be some way to "seal" encrypted files, but I seem to recall something non-computer science related about making an object at the atomic level that cannot be counterfeited because the mere act of observing it changes its physical structure. Quantum... IDK.

It is impossible to make a tamper-evident encrypted file without everyone in the world using some form of trusted computing. The issue is this: even if you can make a file that was tamper-evident, I would just copy the file and then decrypt that. Then I could use the original file to "prove" I never decrypted it. We actually do this now: most data isn't decrypted directly, it's read into memory and then decrypted there.

Thanks. Yes I see the problem. It is inherent in the copyable nature of digital files.

[Sergio_Demian_Lerner]

Are you talking about something like Firmcoin.com ?

It´s the true digital equivalent to banknotes. Plus you can discharge/recharge them. Plus you can change the denomination.

[crescendo]

It is true notes equilantes to bank notes are to be digital formet. It is nice one.

[beeblebrox]

Would it be technically possible to produce a digital equivalent of Casascius-style physical bitcoins?

If yes, this would allow the use of BTC without the need to propagate a transaction through the network. In effect it would be the true equivalent of cash. The balance would be recorded on the blockchain for the public address, but transfers of the private key would remain private.

Such a system would need a transferrable digital wallet/wrapper  with the following characteristics:

1. An encrypted private key with a passcode.

2. An indication of whether the private key has ever been decrypted (the equivalent of the seal on a physical bitcoin)

3. A way of generating a new passcode when the wallet/wrapper is transferred so that the new owner can be sure that the old owners cannot decrypt the wallet once possession has changed.

Could it be done?

It is theoretically possible to do off-chain transactions totally electronically.   Here's one approach :   https://bitcointalk.org/index.php?topic=148232.msg1578079#msg1578079

The required technology for this particular scheme will be commonplace (ie: in the vast majority of phones and desktops) by the end of the decade.  However, it means that the special hardware required is trusted.  Some phones appear to already have the most of the basic hardware required such as the Samsung S4 with KNOX.

[beeblebrox]

......


It is theoretically possible to do off-chain transactions totally electronically.   Here's one approach :   https://bitcointalk.org/index.php?topic=148232.msg1578079#msg1578079

The required technology for this particular scheme will be commonplace (ie: in the vast majority of phones and desktops) by the end of the decade.  However, it means that the special hardware required is trusted.  Some phones appear to already have the most of the basic hardware required such as the Samsung S4 with KNOX.

This only works if everyone uses Trusted Computing, meaning no one has real control over their own systems.

Hate to break it to you, everyone will be using computers with TPM hardware installed soon (in fact if you own a new computer you most likely are).  

Just because you have trusted computing hardware installed and available software support doesn't necessarily mean that you lose control.  For example, Linux has had support since the 2.6.13 version, yet I'm still free to install anything I like on my machine that I'm typing this on (my computer runs Linux).

Trusted Computing is just a tool, it by itself is neither good or evil but can be used for either.  Same as a scalpel is just a tool:  a scalpel can be used to take a life by slicing the throat or to save a life in a surgical operation.  It's the way that we use trusted computing that matters.

All I ever seem to hear from people is how TC can only be used to weaken your rights and diminish your control.  You rarely here the other side of the argument how that it can also be used to give users power and control and strengthen their rights.  eg:  With TC you could create a social network site like Facebook except that the user has true control over who can view what and when also you would would have the ability to truly delete stuff from you record,  even the operators of the site wouldn't have the ability to keep/use your data in ways that you don't approve of (admittedly  ignoring out of band breaches such as people photographing the computer screen.)  This gives the user power-- not detracts from it!!!   Another example, is the bitcoin exchange scheme above-- this scheme gives you true anonymity and instant transfers.

(By-the-way:  how are you sure that you have exclusive control of your computer currently regardless of the trusted computing issue.  It is extremely easy for the manufactures to add backdoors into the hardware/software- the software situation is even worse because they can add them during upgrades).

[MerchantMiner]

There may be some way to "seal" encrypted files, but I seem to recall something non-computer science related about making an object at the atomic level that cannot be counterfeited because the mere act of observing it changes its physical structure. Quantum... IDK.

It is impossible to make a tamper-evident encrypted file without everyone in the world using some form of trusted computing. The issue is this: even if you can make a file that was tamper-evident, I would just copy the file and then decrypt that. Then I could use the original file to "prove" I never decrypted it. We actually do this now: most data isn't decrypted directly, it's read into memory and then decrypted there.

how about this < when you make a transaction you revive a text message to your phone with a 6 digit number you have to then enter into the wallet to release the transaction? i would use that wallet

[xray]

There may be some way to "seal" encrypted files, but I seem to recall something non-computer science related about making an object at the atomic level that cannot be counterfeited because the mere act of observing it changes its physical structure. Quantum... IDK.

It is impossible to make a tamper-evident encrypted file without everyone in the world using some form of trusted computing. The issue is this: even if you can make a file that was tamper-evident, I would just copy the file and then decrypt that. Then I could use the original file to "prove" I never decrypted it. We actually do this now: most data isn't decrypted directly, it's read into memory and then decrypted there.

how about this < when you make a transaction you revive a text message to your phone with a 6 digit number you have to then enter into the wallet to release the transaction? i would use that wallet

+1