Question for the Physical Crypto Community

[Omikifuse]

Use multisign address?

The buyer signs the address then the company returns his signature?

Biggest problem is the coins would have to be pre-ordered

[AT101ET]

I personally prefer assembled coins. It saves on a lot of hassle, however, there's an element of trust involved that some people may not feel comfortable with.
You could always offer a pre-assembled coin or a BIP38 encrypted wallet so that the buyer can be sure that there's no way the seller would have access to the full private key.

[jdebunt]

I personally prefer assembled coins. It saves on a lot of hassle, however, there's an element of trust involved that some people may not feel comfortable with.
You could always offer a pre-assembled coin or a BIP38 encrypted wallet so that the buyer can be sure that there's no way the seller would have access to the full private key.

Big fan of pre-assembled coins myself, although I wouldn't mind getting my hands "dirty" by putting one together myself

[SaltySpitoon]

Yeah, as expected, things came up. I needed to order additional machinery, so things are delayed a bit, but still moving forward. This is the reason you never take preorders.

While I realize a lot of other sellers do holograms, and they aren't tamper-proof, I personally like the look of them.  Without them, they feel more like mass-produced tokens.

Personally, I've always found the holograms sort of tacky. Anyway, I can guarantee this won't feel like mass produced tokens. What I'm making are hand made, one at a time, and not tokens.

The most secure trusted way to create keys for physical coins is to get Satoshi to do it.....End User produced keyed coins have no resell value as a collectable. If your looking to get into producing collectable coins.....even untrusted producers can create keyed coins unfunded and leave it up to end users trust level of the producer if they want to fund them or not.... are you looking to produce a secure place for people to park their bitcoins or are you trying to produce a novelty collectable....IMO it's either one or the other...

Correct, this is why I'm trying to figure out what to do here. The most secure way to do it would be to do multisig so I never have access to the private keys. But, there is no resale value of a piece if you are relying on a stranger that knows the private keys not to steal the coins. With Casascius coins, you are relying on Casascius not to steal the Bitcoins, but that is better than trusting whoever it is who purchased the coins first.

will there be a DIY version of this physical bitcoin?
perhaps construction like https://github.com/platecoin/platecoin?

the maker's private key sticker can be sticked on side A, while the clerk generates key B in shop and puts
it to the rectangular window near buyer, charge it and show him the transaction in blockchain.

buyer only need to trust maker sticker.

opinios?

With what I'm planning, buyer funded isn't possible. Each buyer would have to have expensive machinery, and be willing to sign a liability waiver to not hold me responsible for burns from molten 2000ish degree metal.

I personally prefer assembled coins. It saves on a lot of hassle, however, there's an element of trust involved that some people may not feel comfortable with.
You could always offer a pre-assembled coin or a BIP38 encrypted wallet so that the buyer can be sure that there's no way the seller would have access to the full private key.

BIP38 encrypted would work for buyer funded models, where the original buyer gives me the private key encrypted so that I don't know what it is, but then they would have access to the private key, again making resale impossible. If I end up making buyer funded pieces, this would most likely be the route that I'd take.

Big fan of pre-assembled coins myself, although I wouldn't mind getting my hands "dirty" by putting one together myself

Buyer assembled models are very unlikely at this point. That is unless I ship every unit sold with metalworking tools and safety equipment, a CNC Mill/Router, Metal furnace.

[TookDk]

I have been thinking a lot about this question as well.

The best solution we have right now, is the "Casascius model", where a trusted person insert the private key into the coin.
As you all know the weakness with this model is that the private key is exposed to the person assembling the coin.

I have though about a model that would eliminate this problem.
Before people gets there expectations up, I must warn you, this idea is not easy to implement and it will be expensive to develop, produce and verify (compared to printing a private key on a piece of paper).
But there is no limitation in the current technology for implementing this idea.

The whole idea is to place a micro computer inside the coin instead of a piece of paper.
The circuit will not require more real estate than the indent in a Casascius coin, perhaps slightly deeper, but definitely possible in a 1 Oz coin.

The core of the idea is that the micro computer generates the private key after initial power up.
When the micro computer powers up for the first time, then will it burn the key into an array of electrical fuses (alternative could internal NAND flash be used).

The micro computer will have an RFID transponder (many smart phones today have a RFID transponder build in as well), the micro computer will then be able to transmit the public key via RFID when anybody request it. Obviously the private key is never transmitted.

In order to redeem the private key, then must the coin be dissembled and two electrical points must be shorted, this will cause the micro computer to change state and start transmitting the private key instead, this state is irreversible, even if the two points are disconnected again.

In this way, is it not possible for the creator (or anybody else) to access the private key without changing the state of the microcomputer.
The user can verify that the private key is intact by checking that the RFID is transmitting a public key.
If the user read a private key with the RFID, then is the private key exposed.

The issue about battery could be addressed in many different ways: e.g. by using magnetic field charging, which many newer smarts phones also support (chargers are off the shelf). The given circuit could properly last about 10-20 years on a small lithium battery, if the public key is not read every day via RFID. The battery is not a real issue, since you would be able to power up the micro computer if disassembling the coin, but obviously for the second market value would it be necessary to be able to charge the battery, to check the public key. It might be possible to use Seiko Kinetic technology to charge the battery (if it could fit inside the coin, I doubt it though). The real limitation will be the program state and code, which need to be stored in NAND flash, with current NAND technology will this limit the life time of the coins to 100-200 hundred years, I think this is acceptable.

For the paranoid bitcoin user will it be a challenge for the micro computer to generate a private key with high enough entropy, this could be address by e.g. using the production variation in the silicon wafer (transmission line timing) to generate the seed. I read about this technique in a paper not too long ago, basically is it possible to make a unique fingerprint for every silicon based chip produced, which can be read (calculated) by the silicon circuit.

There is still an element of trust here, the buyer must trust that creators have not implemented a backdoor in the code, this can be address by using open source and have several people involved in the design and production of the micro chip. Remember, the private key is only generated after the micro computer powers up, "impossible" for anybody to read without change the state.

There are side doors attacks for NAND flash which should be considered and risk estimated in the design process.

That was my 2 satoshi, if anybody likes my idea and want to develop and refine it, I would be more than happy to participate.

[watashi-kokoto]

Physical bitcoin with chip inside can work as follows:

at home

1. Smart coin would be produced in perpetual RNG seeding state.
2. After that the user shall choose his vanity address prefix/postfix (to prevent producer hardcoding private key)
3. The coin receives vanity prefix and start bruteforcing address.
4. Coin now in propagating pubkey state while keeping the private key secret.
5. User check the pubkey has vanity prefix and top ups his coin.

secure payment

5. The POS terminal sends the transaction to physical bitcoin.
6. Physical bitcoin atomically signs the transaction and destroys the private key (can destroy the signing circuit & priv/pubkey memory ).
7. Coin now in perpetually propagating txsig state with all non needed circuits destroyed.
8. Tx sig is sent to POS. TX Sent to bitcoin network. The clerk gives the goods to customer.

Opinions?

[TookDk]

Physical bitcoin with chip inside can work as follows:

at home

1. Smart coin would be produced in perpetual RNG seeding state.
2. After that the user shall choose his vanity address prefix/postfix (to prevent producer hardcoding private key)
3. The coin receives vanity prefix and start bruteforcing address.
4. Coin now in propagating pubkey state while keeping the private key secret.
5. User check the pubkey has vanity prefix and top ups his coin.

secure payment

5. The POS terminal sends the transaction to physical bitcoin.
6. Physical bitcoin atomically signs the transaction and destroys the private key (can destroy the signing circuit & priv/pubkey memory ).
7. Coin now in perpetually propagating txsig state with all non needed circuits destroyed.
8. Tx sig is sent to POS. TX Sent to bitcoin network. The clerk gives the goods to customer.

Opinions?

This is indeed a good idea.
It take the idea a step further.
Basically it is a smart coin.

I like the idea about the vanity prefix, this could be a good idea for a bearer bar, you could even place a electrophoretic display on the bar to show the vanity key.
Electrophoretic displays is virtually not using power when static.

I don't know if there is an demand for such a smart coin... In any case it could be interesting to develop.

[watashi-kokoto]

I like the idea about the vanity prefix, this could be a good idea for a bearer bar, you could even place a electrophoretic display on the bar to show the vanity key.
Electrophoretic displays is virtually not used power when static.

I don't know if there is an demand for such a smart coin... In any case it could be interesting to develop.

I like the idea of electrophoretic display. I suggest such device be separate from the physical coin, because it's reusable.
Such display can be used for 1. display vanity address; 2. display the full transaction the coin will sign.

This picture is a diagram of the 4 states of a "smart physical bit coin" in order.

http://imgh.us/physical_bitcoin.svg

[monkeynuts]

Took, you have just blown my mind

Need to lie down

[watashi-kokoto]

http://imgh.us/system_1.svg

[segun102]

The most secure trusted way to create keys for physical coins is to get Satoshi to do it.....End User produced keyed coins have no resell value as a collectable. If your looking to get into producing collectable coins.....even untrusted producers can create keyed coins unfunded and leave it up to end users trust level of the producer if they want to fund them or not.... are you looking to produce a secure place for people to park their bitcoins or are you trying to produce a novelty collectable....IMO it's either one or the other...

[MascharonoM]

How to deal with a good crypto? I have been reading few good cryptos during these days. Here they are: BTC, PTC, SciDex, Ethereum, Altcoin. Who has the best chances for growing?

[filtyfrank251]

While I realize a lot of other sellers do holograms, and they aren't tamper-proof, I personally like the look of them.  Without them, they feel more like mass-produced tokens.

Have to agree with Bithalo here. Holograms give it a sense of "uniqueness", even though it is not the most secure solution. Then again, I personally buy coins from a collector's perspective, and they are never funded

I also only collect physical bitcoins, not fund them for cold storage.  If I were to do that, I would prefer a DIY, where I put my own keys behind a hologram.   But for certain trusted members on the forum like salty, I would have no worries with them setting the private key should I fund them.

If you are looking to get coin collecting income even unreliable producers can create coins and leave it up to the end user's level of trust if they want to finance them. or not?
Are you looking to create a safe place for people to park their bitcoin or are you trying to produce a new collection?
There may be more good ones.

[OVA|official|]

Cool idea, Sir!

[GangNamSK]

The most secure trusted way to create keys for physical coins is to get Satoshi to do it.....End User produced keyed coins have no resell value as a collectable. If your looking to get into producing collectable coins.....even untrusted producers can create keyed coins unfunded and leave it up to end users trust level of the producer if they want to fund them or not.... are you looking to produce a secure place for people to park their bitcoins or are you trying to produce a novelty collectable....IMO it's either one or the other...

This is also considered as the premise for the market. There are many items and many attractions for investors. Especially bring them new collections. It's just like you're example of them being awesome.