theft protection by introducing "safe" accounts

[cunicula]

The "reverting address" issue mentioned by Meni has been brought up a number of times. I think these types of addresses would be a terrific improvement.

As long as ex-post reversibilty is an optional user-defined feature, reversible and nonreversible payments would co-exist in the bitcoin ecosystem.
Decisions regarding where to use reversible and irreversible payments would be determined by the market. This is greatly preferable to enforcing irreversible payments in the protocol.

[1715316840]

1715316840

[1715316840]

1715316840

[1715316840]

1715316840

[tytus]

After some reading it looks like a simple way to add some distributed security is by sending funds to contentiously created temporary <2 out of 3> multi-sig account. 2 separate auditors would have one key each and the service would have one key. To reclaim the funds from the temporary cold storage account at least one auditor must send the private key to the service.

But of course a system-wide introduction of reversible transactions from 'special accounts' is probably simpler and has the advantage of intrusion detection.

[grazcoin]

There is a new solution https://bitcointalk.org/index.php?topic=107074.0 for "safe" accounts which is based on multisig.
It is still in alpha stage. It is totally open source. No trust in the service is needed. Disclosure: I wrote it ;-)
For a payment, a secondary key (remote or cold) signature is required. This signature can be done using a patternlock online.
Only then the "normal" primary key signature can complete the transaction.

Grazcoin

[flower1024]

would it be possible to say: from this address ONLY transfers to another address are allowed?

the "other address" could be on a different server which rechecks if its a valid withdraw request.

that way the thief has to hack the database too and cannot compromise the the "other addresses"-privkey.

[phelix]

time locked and multi factor authorized transactions...  we really need multisig 

[Meni Rosenfeld]

would it be possible to say: from this address ONLY transfers to another address are allowed?

the "other address" could be on a different server which rechecks if its a valid withdraw request.

that way the thief has to hack the database too and cannot compromise the the "other addresses"-privkey.

This doesn't do much. If address A can only be spent to address B then coins sent to address A are like coins sent to address B. The only difference is that if B is compromised and A is intact, the original owner can hold the coins ransom when negotiating with the thief.

[tytus]

The bitcoin contract example 4: Using external state [https://en.bitcoin.it/wiki/Contracts] is similar to a cold account with an option to withdraw funds before a deadline under a certain condition ("an old man who wishes to give an inheritance to his grandson, either on the grandson's 18th birthday or when the man dies, whichever comes first" ... the dead condition is build in using external services). but these are custom transactions and I understand they are even more complicated than the completion of the multi signature implementation.

Without the multi-signature accounts I can increase the security of a service that keeps a lot of bitcoins by having many cold storage accounts each managed by an agent that runs continuously and keeps it's pass phrase in memory. If these agents are on different hosts and the locations of these hosts are not known to the primary service it is difficult to crack all of them and the thief will most likely start with a single cold storage account thah he/she finds. If one account is compromised other agents could be killed to remove the passphrase from their memory. I hope it is not easy to find a passphrase in the memroy of an executed program. I hope it is also difficult to intercept the communication between the agent and the bictoin client to obtain the pass phrases.

[tytus]

the inheritance example fits actually quite well. I am the only person that knows the passphrase to my account but I would like my kids or my wife to inherit the stored bitcoins in case I die. If I can define a transaction that will be executed automatically that goes to a fallback account [kids or wife] in case I don't stop it I reduce the risk of eliminating the bitcoins from the network after dying or going mad.

Something like this could be build in as a saving account in the bitcoin client. You would need a different passphrase for the saving account to retrieve funds from it [empty passphrase is not allowed]. In case the saving account is silent for a year the funds would be automatically transferred to any of a selected list of accounts [1 of many multi-sig]. Default would be to send the funds to the primary account.

This way you could operate the bitcoin client without any passphrase. Some people may have big problems to remember pass phrases :-) If we want to make bitcoins popular, we need to think about them too :-) bitcoins could be good basis for a retirement plan but if you forget the pass phrase after 20 years of saving You are kind of screwed :-)

The second passphrase implements basically an internal cold storage account. This would help naive service developer implement higher security.