Physical Bitcoins

[enmaku]

Hi all,

One of the biggest concerns facing bitcoin right now is becoming user-friendly. While spending bitcoins from your smartphone certainly seems cool, they're still not so universal as to replace existing concepts or technologies like physical money or credit cards.

I know that there are "bitbills" floating around out there which use QR codes to hold the public/private keys but I was wondering if anyone had any input on a few of my more recent ideas.

Does anyone think there is a legitimate use for actual bit*coins*? It would be just as easy to print a QR code for the public key on one side of a coin-like object which is hollow and made of something just strong enough to hold up inside of a pocket. It could be snapped in half to retrieve the private key if one wanted to convert it to digital bitcoins. It would have an advantage of small size and portability over bitbills. We could also store the public key in an RFID module to allow confirmation of balance that doesn't degrade if something as fragile as a paper QR code becomes damaged.

Another, possibly much easier option would be to use small low-capacity flash drives to hold something like an individual wallet.dat file. With the right software it should be relatively easy to create a "plug and pay" system where you hand your memory stick to a cashier, he or she plugs it into the cash register and makes the transfer. For the truly untrusting there could be user-facing terminals where the customer could make the transfer and the cashier would simply confirm it. I can even see single-use hardware being made to handle person-to-person transactions; something with a 3G modem, small display and a couple of USB ports. Network providers could take a per-transaction fee automatically rather than charge a monthly access fee since the amount of traffic generated would be fairly small.

My last idea actually begins with a question. I'm a bit sketchy on the specifics, how many bits are there to both the public and private key for a bitcoin address? I ask because a normal credit card style magstripe holds about 210 bits per inch on tracks 1 and 3, 75 bits per inch on track 2 and is about 3 inches long, so with the right encoding you could fit 1,485 bits of data on a standard credit card. If that's enough to hold a key, then it may be viable to create a system that "feels" no different than standard credit card transactions to an end user.

Any input or other ideas?

[1714824959]

1714824959

[1714824959]

1714824959

[kjj]

Gold and silver coins are the perfect physical companion to bitcoins.  They have many desirable characteristics in common.

[CydeWeys]

One of the biggest concerns facing bitcoin right now is becoming user-friendly. While spending bitcoins from your smartphone certainly seems cool, they're still not so universal as to replace existing concepts or technologies like physical money or credit cards.

Actually, Bitcoins are every bit as universal as credit cards.  Both require network access.

My last idea actually begins with a question. I'm a bit sketchy on the specifics, how many bits are there to both the public and private key for a bitcoin address? I ask because a normal credit card style magstripe holds about 210 bits per inch on tracks 1 and 3, 75 bits per inch on track 2 and is about 3 inches long, so with the right encoding you could fit 1,485 bits of data on a standard credit card. If that's enough to hold a key, then it may be viable to create a system that "feels" no different than standard credit card transactions to an end user.

I wouldn't do it with a credit card, I'd do it with a smart card.  That way you could encrypt the data on the card and use a point-of-sale terminal to type in a password to unlock it.  That way, if the card is lost, you aren't automatically out all of your money.  And the way it would actually work is that your smart card would contain some of your private keys (with access to reasonable amounts of your balance; not all of it).  The card and/or terminal (I haven't worked out all the detailed technical aspects) would use the private key(s) on the card to sign a transaction, which the terminal would then send along to the Bitcoin network.  So the terminal needs to be "smart", i.e. it is a node on the Bitcoin network or is in communication with a trusted node on the Bitcoin network (i.e. you could have 20 terminals in a supermarket, all of which use a single Bitcoin node running in the manager's office).  But the card can be "dumb".

[enmaku]

While I agree that a smartcard would be better, it's not an issue of technological superiority, it's an issue of adoptability. Every merchant on the planet already has a card reader and most have some kind of customer-facing terminal that, with the right software, could simply be modified to process BTC without requiring expensive new hardware (and trust me it's expensive).

Edit: Also, I wasn't complaining about the network access, I was complaining about the currently available solutions for holding the keys necessary to actually spend/receive money. If only people with smartphones get to participate in BTC transactions out there in the real world, that's too small a percentage of the total populous.

[enmaku]

I might have just answered my own question. The QR code on a bitbill appears to be a v4 code, which holds alphanumeric data, 67-144 characters worth. The private key QR code looks to be even smaller, but even assuming they're both full-size v4 QR codes that accounts for 134-228 characters maximum. A standard magstripe card can hold 79 characters on track 1, 40 on track 2 and 107 on track 3 for a total of 226 characters. Unless bitbills are using every last byte of that 228 possible characters we should be able to fit the same data on a standard credit card.

Of course I'd still like an official answer if one is available

Edit: We could also encrypt the private key with a pin. It would look and feel like a standard debit card.

[Steve]

I think physical bitcoins is a silly idea ...but it keeps coming up over and over.  There are already plenty of options for physical money...fiat notes, fiat currencies as well as gold and silver coins.  Smartphones with net access are rapidly becoming ubiquitous, so the need for a physical manifestation of a currency in order to exchange is rapidly diminishing.  And for bitcoins, it's even worse than fiat bills...the opportunity for counterfeiting physical manifestations of bitcoins where network access is unavailable is quite large...and if you have network access, then you really don't have a need for a physical manifestation of bitcoins.  On the contrary, it's far more difficult to counterfeit national currencies or gold or silver.  I would never trust a card with an amount of bitcoins printed on its face without being able to connect to the network and complete the transfer into my wallet.  I would far prefer cash or precious metals in that circumstance.

Now, a problem that might be useful to solve is the scenario where one person involved in a transaction does not carry a connected device.  A smart USB key or a smart card that could be used for decrypting private keys and signing transactions would be useful (taking great care that the unencrypted private keys never leave the card).  A pin code would be required to activate the software on the card.  And, using asymmetric crypto you could probably even do this in such a way that if you ever lost physical possession of the card, you could easily revoke the ability for that card to access your private bitcoin keys (even if someone key-logged your pin code on a terminal of some sort).  One open question would be how to prevent malicious software running on a terminal from surreptitiously telling the card to create other transactions than the one you intend to create.  The only way I can imagine doing that is by creating some kind of well known and highly tamper resistance device designed to do nothing more than let you enter your pin code and confirm spend transactions (I imagine something like a smartphone with a touch screen, but branded and well known to be tamper resistant)..this device could then connect to a variety of other devices (either wired or wirelessly) that do the more complex job of connecting to the bitcoin network, etc.

Of course, the more likely scenario is that we continue to use cards very similar to what is used today, the only difference being that they are connected to accounts backed with bitcoins instead of fiat currency.  It would be up to the issuer to design a scheme that keeps access to your account secure (something like what I describe above could just as well be used for accessing an account).  Imagine mtgox offering a debit card that, when used, would draw on your balance of national currency and once exhausted, would then automatically initiate market sell orders to raise the needed national currency for a transaction.  If you do not have enough bitcoins or there are not enough open bids to generate the needed currency, the transaction would be denied.

[CydeWeys]

And, using asymmetric crypto you could probably even do this in such a way that if you ever lost physical possession of the card, you could easily revoke the ability for that card to access your private bitcoin keys (even if someone key-logged your pin code on a terminal of some sort).

It's simpler than that.  The data on the card consists of the private key(s) that have the ability to sign transactions spending certain bitcoins.  So, assuming you realize the card has been stolen before all of those bitcoins are transferred elsewhere by the thief, you simply use your home copy of your wallet.dat to transfer those coins to brand new addresses whose associated private keys are not on the lost card.  You'd never have your only copy of private keys for addresses of bitcoins under your control be on the card; you'd always have that info at home too.

[kjj]

And, using asymmetric crypto you could probably even do this in such a way that if you ever lost physical possession of the card, you could easily revoke the ability for that card to access your private bitcoin keys (even if someone key-logged your pin code on a terminal of some sort).

It's simpler than that.  The data on the card consists of the private key(s) that have the ability to sign transactions spending certain bitcoins.  So, assuming you realize the card has been stolen before all of those bitcoins are transferred elsewhere by the thief, you simply use your home copy of your wallet.dat to transfer those coins to brand new addresses whose associated private keys are not on the lost card.  You'd never have your only copy of private keys for addresses of bitcoins under your control be on the card; you'd always have that info at home too.

Why would anyone accept a physical coin from you that you can revoke?

[Steve]

And, using asymmetric crypto you could probably even do this in such a way that if you ever lost physical possession of the card, you could easily revoke the ability for that card to access your private bitcoin keys (even if someone key-logged your pin code on a terminal of some sort).

It's simpler than that.  The data on the card consists of the private key(s) that have the ability to sign transactions spending certain bitcoins.  So, assuming you realize the card has been stolen before all of those bitcoins are transferred elsewhere by the thief, you simply use your home copy of your wallet.dat to transfer those coins to brand new addresses whose associated private keys are not on the lost card.  You'd never have your only copy of private keys for addresses of bitcoins under your control be on the card; you'd always have that info at home too.

The solution I have in mind avoids putting the bitcoin keys on the card directly.  The only thing on the card is a private key unique to the card that is used to decrypt bitcoin keys.  If the card was stolen, a person would need to have the encrypted bitcoin private keys delivered to the smartcard (ie. from some online service).  The bitcoin private keys would be encrypted with the public key matching a private key stored on the card.  The encrypted keys would not be permanently stored on the card itself...they would only be temporarily transferred to the card for the purpose of generating and signing a transaction and be discarded once that was completed.  The service would maintain a list of cards that could be used to sign bitcoin transactions and it would keep a copy of your private keys encrypted for each of those cards.  If you lost possession of the card, you could momentarily block the transmission of those encrypted keys.  If you did not recover the card, you could destroy the encrypted keys for that card permanently.  It also has the added convenience that one card could be used for signing transactions for multiple wallets with each wallet being able to independently revoke access as needed (without requiring the physical removal of any stored data on the card).

[sayrith]

A Bitcoin debit system like this (http://www.reddit.com/r/Bitcoin/comments/him0f/bitcoin_debit_co/) is a lot better than BitBills.

(http://forum.bitcoin.org/index.php?topic=10716.msg153663#msg153663) related post about this from this forum

[technowizard12]

I'm thinking we could so something like https://squareup.com/ does. Mag-stripe readers that plug into phones. The client could decode the public and private key encoded in a magstripe, then connect to the bitcoin network to transfer funds.

[enmaku]

Honestly from a security standpoint this wouldn't be as difficult as most people seem to imagine. Those terminals you swipe your credit card on at the grocery store do 99% of the processing themselves. There is a server in a back room that handles a little formatting and communication, but if you enter a PIN number for example, the PIN is 3DES encrypted before it ever leaves the device. These devices have layer upon layer of security and it's quite hard to get anything like a keylogger into one of them. In some cases the devices are designed to physically destroy vital components if you so much as open the case. Side note: the little glass capsules full of nasty chemicals are pretty easy to break so sometimes picking up a pinpad and slamming it on the counter is enough to pop them and destroy it.

Long story short I'm not talking about a software-on-pc solution where the merchant actually handles your keys, I'm talking about an embedded device solution where your keys are placed in a temporary wallet (held in RAM never stored) and used to send a payment once only. Even if we were talking software-on-PC or software-on-smartphone as long as the IDs were never stored on disk the threat is still negligible. The biggest threat to a system like this would be keylogging and I've got a suggestion for that too.

When you use a debit card and enter a PIN, the PIN is 3DES encrypted before ever leaving the pinpad. This encrypted PIN block is sent to your bank along with the rest of the transaction information where it is decrypted and compared. The key used for the encryption is specific to each pinpad and changes with each use. We could create a solution where the private key is never stored on the card at all but is instead held by some intermediate institution, similar to a bank. In this case the public key combined with the encrypted PIN serve to identify your "account" and they send the BTC on your behalf when they receive an authenticated request.

Of course to maintain the distributed nature of bitcoin there would need to be a large number of these "banks" which, given the release of the banking software into public domain, would be devastatingly simple to achieve. In theory you could even install the banking software on your home PC and be your own bank if so inclined. Think of it like MyBitcoin or MtGox except that they're connected to the major payment processors.