SEEDCARD - new approach to physical bitcoin

[bosaland]

I would like to introduce SEEDCARD - a new approach to physical bitcoin based on split keys.

Background

After looking at previous projects that have been developed, it seems that all have a central point of security risk - they all use wallets that have been generated by a single issuer.

This may be obvious, but to create a P2PKH wallet requires that one person has all 11 or 23 seed words to be able to generate a checksum. I then discovered that an older type of wallet called P2PK does not use the checksum method and  took a deep dive to try and find out more about partial key generation and ellyptic curve cryptography.

Unfortunately, i was not able to find a great deal of information on the subject. I found a couple of posts on this forum that discussed the possibility of being able to generate a wallet on two computers in different locations:
https://bitcointalk.org/index.php?topic=5328959.0
https://bitcointalk.org/index.php?topic=114074.0

I have built a simple website with information on the SEEDCARD project and have been working on a Code Brief that explains the functionality that i hope is possible to use.

Here is a link: https://seedcard.github.io/website/index.html

Curious to hear from bitcoin developers to see if the idea can be realised.

[odolvlobo]

Requiring the cooperation of the issuer in order to redeem a physical bitcoin can become an issue. For example, https://bitcointalk.org/index.php?topic=5369583.0

[icalical]

There have been issues with physical Bitcoin in the past. Projects such as Casascius and Denarium had centralization issues and even risked key exposure, getting shut down due to regulatory concerns. One potential con here might be that, even while one is splitting the keys, part of the security still relies on trusting the issuer of the SEEDCARDs not retaining a copy of the partial keys-a risk which has been realized in physical Bitcoin implementations previously.

Have you considered at all how a user would actually know the issuer is unable to access the private keys after the fact of issuance? This might be somewhat alleviated by greater transparency in key generation or, better still, in an open-sourced framework, and it certainly appears that is a good start with your use of ECC software. It would also be useful to have some usability comparisons for SEEDCARD versus more established hardware wallets, which generally are considered the gold standard for security with Bitcoin because they are offline and have strong PIN protection. Though your offline generation process of a project is a big plus, delving a bit more into how it compares with pre-existing methods could help build a stronger pitch.

[pooya87]

This may be obvious, but to create a P2PKH wallet requires that one person has all 11 or 23 seed words to be able to generate a checksum. I then discovered that an older type of wallet called P2PK

First of all P2PKH and P2PK are not wallets or wallet types. They are output script types and both of them are equally old, its just that P2PK is not used anymore.

Secondly in order to generate such output script types you don't need to generate them from a seed in a deterministic way as part of a hierarchical wallet. They can be generated as a singular key from a random 256 bit entropy.

Finally when it comes to BIP39 mnemonics, the last word is not the checksum. The last word contains the checksum meaning in a 12-word mnemonic 4 bits out of the 11 bits of the last word are the checksum and the rest (7 bits) are part of the entropy. This means you can not generate the last word by just having 11 out of 12 words, you'll need to brute force it.

[bosaland]

...even while one is splitting the keys, part of the security still relies on trusting the issuer of the SEEDCARDs not retaining a copy of the partial keys...

Thank you for taking the time to reply to my post.

The process of creating SEEDCARDs actually NEEDS the Issuer to retain a copy of a partial key (not both keys). Each key is generated in a different location. The 'spendable' part of the SEEDCARD is created by the Card Agent and both keys are only required when the SEEDCARD funds are swept and the card is physically destroyed. Every SEEDCARD has a unique NFC chip embedded to ensure that the Card Agent does not make multiple copies.

Totally agree on your points about open source and transparency in generating the wallet keys. All code will be open sourced on our GitHub - https://github.com/seedcard

When we have a MVP i will submit it for review with https://walletscrutiny.com/ I have taken a good look at the Bearer wallets whilst researching for this project.

[bosaland]

@pooya87 thank you for your comments.

[/quote]
First of all P2PKH and P2PK are not wallets or wallet types. They are output script types and both of them are equally old, its just that P2PK is not used anymore.

Secondly in order to generate such output script types you don't need to generate them from a seed in a deterministic way as part of a hierarchical wallet. They can be generated as a singular key from a random 256 bit entropy.[/quote]

I understood that all script types are still able to be used when generating bitcoin wallets - including the P2PK script. This script type has been chosen as it can be 'split' generated in two different locations. The script will be generated as two partial keys from random 128 bit entropy.

Each partial private key will then generate a partial public key without either party needing to reveal their private keys.

The two partial public keys will then be combined using ECC to create a useable full public key to allow funds to be recieved.

[FortuneFollower]

I would like to introduce SEEDCARD - a new approach to physical bitcoin based on split keys.

Background

After looking at previous projects that have been developed, it seems that all have a central point of security risk - they all use wallets that have been generated by a single issuer.

This may be obvious, but to create a P2PKH wallet requires that one person has all 11 or 23 seed words to be able to generate a checksum. I then discovered that an older type of wallet called P2PK does not use the checksum method and  took a deep dive to try and find out more about partial key generation and ellyptic curve cryptography.

Unfortunately, i was not able to find a great deal of information on the subject. I found a couple of posts on this forum that discussed the possibility of being able to generate a wallet on two computers in different locations:
https://bitcointalk.org/index.php?topic=5328959.0
https://bitcointalk.org/index.php?topic=114074.0

I have built a simple website with information on the SEEDCARD project and have been working on a Code Brief that explains the functionality that i hope is possible to use.

Here is a link: https://seedcard.github.io/website/index.html

Curious to hear from bitcoin developers to see if the idea can be realised.

Can I ask just for a moment, because I never thought about physical BTC - why would a person do that, not a cold wallet or something?
Privacy, full control?

[bosaland]

@FortuneFollower good question.

The biggest difference between a cold wallet and physical bitoin is the usecase for each.

A cold wallet is designed to securely store the users private keys. It is used to STORE bitcoin.

Physical bitcoin is used to GIFT or TRANSACT with bitcoin and operates like cash - banknotes.

The biggest issue for users is to be sure that both the physical bitcoin issuer and any past holders do not have the means to reveal the private keys when using the physical token. SEEDCARD wallets are generated using full separation techniques - neither party can send the funds without both partial private keys.

Think of SEEDCARD like a banknote - many businesses now use a note verifier to ensure that they are not accepting counterfeit notes. The SEEDCARD uses a secure NTAG424 NFC chip to verify the physical object is genuine.

SEEDCARD can be used to store AND transact in BTC: off-chain transactions that are 100% anonymous, instant and zero tx fees.

[Mbitr]

 This is a good thread which may well help you

https://bitcointalk.org/index.php?topic=5416519.0

What about the engraving process - could this be a weak link? Will it be off line?

[bosaland]

@Mbitr thanks for the link.

SEEDCARD will use the Generator ECC software running on two Seedsigners. The engraving is done with a Seed Hammer engraving machine and controller.

Every step in the SEEDCARD production process is offline - the engraving machine has no stored memory, and the controller and SeedSigners are based on the Raspberry Pi Zero - which has no bluetooth or wifi connectivity.

Seed Hammer https://seedhammer.com/ is a well known device used to engrave steel plates for single and multi sig cold wallets. SEEDCARD uses a forked version of their software to engrave the two plates which can be engraved in different locations.

The SEEDCARD Generator ECC and Engraver software will be open source on our GitHub.

[bosaland]

https://i.ibb.co/Mgb0Fyn/SEEDCARD-key-generation.jpg

Diagram of Generator ECC wallet generation process.

Note that each coloured block is designed to generate an output separately - without requiring additional information (private keys).

[john_egbert]

@FortuneFollower good question.

The biggest difference between a cold wallet and physical bitoin is the usecase for each.

A cold wallet is designed to securely store the users private keys. It is used to STORE bitcoin.

Physical bitcoin is used to GIFT or TRANSACT with bitcoin and operates like cash - banknotes.

The biggest issue for users is to be sure that both the physical bitcoin issuer and any past holders do not have the means to reveal the private keys when using the physical token. SEEDCARD wallets are generated using full separation techniques - neither party can send the funds without both partial private keys.

Think of SEEDCARD like a banknote - many businesses now use a note verifier to ensure that they are not accepting counterfeit notes. The SEEDCARD uses a secure NTAG424 NFC chip to verify the physical object is genuine.

SEEDCARD can be used to store AND transact in BTC: off-chain transactions that are 100% anonymous, instant and zero tx fees.

So it's basically like a credit card for your BTC but off-chain, meaning nobody would be able to work around it?

[bosaland]

@john_egbert SEEDCARD looks and feels like a metal credit card but the primary usecase is to spend like cash.

It is indeed for offchain transactions, and there is no useable private key so risks of third party theft are low.

SEEDCARD aims to be the 'cash' that Satoshi mentioned in his whitepaper.

SEEDCARD is physical BTC money that has the same characteristics as government issued banknotes... but without the centralization or unlimited supply.

[FortuneFollower]

@john_egbert SEEDCARD is looks and feels like a metal credit card but the primary usecase is to spend like cash.

It is indeed for offchain transactions, and there is no useable private key so risks of third party theft are low.

SEEDCARD aims to be the 'cash' that Satoshi mentioned in his whitepaper.

Just to help you up a bit on the forum - you can use a quote button which is on each message in the right upper corner, to navigate and answer a bit more conveniently. Inside, there would be "quote author=...] [/quote]" brackets to see which message you reply to and how it would look after you post it (the Preview button).
It's no biggie and understandable to who you reply, however, that's how it's done and it would be great if you tried it out Especially if there would be more replies in the future.  
P.s., upd. I did see you use the quotes at the start of the thread, sorry for being a bit teach-y this time around  

[dkbit98]

SEEDCARD looks and feels like a metal credit card but the primary usecase is to spend like cash.

It's a good idea, but I think it would be better to have two options with both plastic and metal cards.
Plastic card would be cheaper and it won't be detected on airports for people who are traveling and crossing border.
Can one Seedcard be used multiple times with different amount of coins?

[tbct_mt2]

It's a good idea, but I think it would be better to have two options with both plastic and metal cards.
Plastic card would be cheaper and it won't be detected on airports for people who are traveling and crossing border.

I agree that plastic card are safer in traveling than metal card because it has no or less risk of detection on airports and can save users a lot of time and minimize troubles with airport customs.

Can one Seedcard be used multiple times with different amount of coins?

I don't know that using any card is safe, because producers of these cards can be good or bad people. Bad people can wipe out all the private keys, seeds and steal money from users like Coldkey and Yoke.

Trust no one in Bitcoin (Coldkey story). Plastic or metal is not matter if producers plan to steal your bitcoin. Sorry if I missed technicality in Seedcard.

[JiiBs]

This would have been a nice approach towards the Bitcoin initiatives it would have let everyone on Bitcoin since transactions could be done in this way as proposed in the article in an off-chain matter but somehow, I feel we should just let Bitcoin be what it was meant to be, an online transaction. A physical equivalent doesn’t really translate to value. In fact, I see certain challenges in this.

1. Now, the idea is off chain and needing less knowledge of its technicalities but still, you need technology for verification and authenticity. That’s technology right there.

2. Steel plates would be used and though, they might not be as much heavy, they still would come with some weight.

3. The use of NFC simply means, if I’ve got any of these steel plates on me, I would find just any device that supports NFC making the connections when close by or activated out of suspicion, which might range from criminal propaganda to what have you.

4. A question of denomination and balancing. Just how much worth of it would I be carrying about, how do I get the balance after a purchase.

These and possibly more are the challenges this system can face. How do we go around these, it’s hardly a system I would prefer to what we have now. I still prefer Bitcoin sticking to its digital, on chain and technical means to transacting. If anyone haven’t got much on its technicalities, what’s there to do is learn.