Bitcoin Forum
November 19, 2017, 07:29:30 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: There needs to be a new bitcoin address format...  (Read 3051 times)
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
February 01, 2013, 01:01:14 PM
 #21

Allowing Trezor to print a verified human readable (domain) name is the purpose of the payment protocol work.
1511076570
Hero Member
*
Offline Offline

Posts: 1511076570

View Profile Personal Message (Offline)

Ignore
1511076570
Reply with quote  #2

1511076570
Report to moderator
1511076570
Hero Member
*
Offline Offline

Posts: 1511076570

View Profile Personal Message (Offline)

Ignore
1511076570
Reply with quote  #2

1511076570
Report to moderator
1511076570
Hero Member
*
Offline Offline

Posts: 1511076570

View Profile Personal Message (Offline)

Ignore
1511076570
Reply with quote  #2

1511076570
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
tpantlik
Full Member
***
Offline Offline

Activity: 136


View Profile
February 01, 2013, 01:41:22 PM
 #22

Oh please, do not fall for PKI monstrosity - this system is seriously flawed! (I have my own bitter experience with end-users of which ~100 have absolutely no idea how is SSL/PKI works and even how to use it securely!)

21mil BTC for the creator of trustless PKI replacement!

Gods sent us a powerful tool - cryptography - to fight with those who are trying to exploit us. USE IT!!
Atruk
Hero Member
*****
Offline Offline

Activity: 700



View Profile
February 01, 2013, 02:01:51 PM
 #23

Oh please, do not fall for PKI monstrosity - this system is seriously flawed! (I have my own bitter experience with end-users of which ~100 have absolutely no idea how is SSL/PKI works and even how to use it securely!)

21mil BTC for the creator of trustless PKI replacement!

PGP + Due Dilligence

I'll cut you a discount. Just send 5.5 BTC to the address in my signature.

tpantlik
Full Member
***
Offline Offline

Activity: 136


View Profile
February 01, 2013, 02:27:23 PM
 #24

Oh please, do not fall for PKI monstrosity - this system is seriously flawed! (I have my own bitter experience with end-users of which ~100 have absolutely no idea how is SSL/PKI works and even how to use it securely!)

21mil BTC for the creator of trustless PKI replacement!

PGP + Due Dilligence

I'll cut you a discount. Just send 5.5 BTC to the address in my signature.

Heh  Cheesy  I should have require a foolproof system  Cheesy

Gods sent us a powerful tool - cryptography - to fight with those who are trying to exploit us. USE IT!!
MatthewLM
Legendary
*
Offline Offline

Activity: 1092



View Profile WWW
February 01, 2013, 02:39:14 PM
 #25

For all those that hate PKI, explain a better solution.

Bitcoin Extra Wallet | Peercoin Android Wallet
BTC: 1D5A1q5d192j5gYuWiP3CSE5fcaaZxe6E9  PPC: PH7fVn1Xs7nkUFmdwCX2ZRYfLPCSwGxAq9
Atruk
Hero Member
*****
Offline Offline

Activity: 700



View Profile
February 01, 2013, 03:27:44 PM
 #26

Oh please, do not fall for PKI monstrosity - this system is seriously flawed! (I have my own bitter experience with end-users of which ~100 have absolutely no idea how is SSL/PKI works and even how to use it securely!)

21mil BTC for the creator of trustless PKI replacement!

PGP + Due Dilligence

I'll cut you a discount. Just send 5.5 BTC to the address in my signature.

Heh  Cheesy  I should have require a foolproof system  Cheesy

Isn't it amazing how trustproof and fool proof are nearly opposite ends of the spectrum.


phelix
Legendary
*
Offline Offline

Activity: 1708


nmc:id/phelix


View Profile
February 01, 2013, 03:34:54 PM
 #27

Wasn't Namecoin supposed to provide a part of the solution?

Within namecoin you could tie a name to a bitcoin address.
(sendtoname, namecoin/bitcoin keysharing and even throw away addresses: https://en.bitcoin.it/wiki/BIP_0015#Namecoin_ID )

As long as you don't know if the name is legit you have not really added security, though.

Other than using a (central) authoritah only a web of trust comes to mind.


blockchained.com ■ bitcointalk top posts
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1358


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 01, 2013, 04:10:05 PM
 #28

Oh please, do not fall for PKI monstrosity - this system is seriously flawed! (I have my own bitter experience with end-users of which ~100 have absolutely no idea how is SSL/PKI works and even how to use it securely!)

21mil BTC for the creator of trustless PKI replacement!

Adobe's Acrobat/PDF document signing PKI is an example of one that appears to work and be well-managed.

The operative difference is that those who care about the quality of the signatures have a vested interest in a good PKI and would be the last to complain about a loosey goosey PKI that favors convenience over security.

On the other hand, browser makers are far less in control.  They can't just decide that they will throw out the flawed SSL'iverse in favor of their own PKI scheme, or they'd lose market share.

I don't think the idea of PKI is inherently flawed, it's just that the most prominent one is being mismanaged and suffers from poor design.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
February 01, 2013, 09:08:11 PM
 #29

Yeah, I have higher hopes for the DNSSEC PKI. It's how things should have worked from the start, but of course the cost of crypto and the US Govts attempts to stifle it made doing a PKI any earlier unworkable.

Unfortunately DNSSEC is still pretty new. It'd make sense to integrate it into the payment protocol after v1 is successfully deployed.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1358


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 01, 2013, 09:28:29 PM
 #30

How about the following things that would require no PKI:

1. Some way for a user to know if he's paying someone he has paid before, versus someone he is now paying for the first time.  (Example: imagine paying your power bill with bitcoins.  Pretend you like having a paper power bill.  Every month you get a power bill in the mail and you pay it by scanning a QR code bitcoin address unique to each month's bill.  One month, a scammer sends you a realistic looking power bill but has his bitcoin address on it.  Your bitcoin client ought to have a means to flag something's unusual... this WILL happen, it's just a matter of time!)

2. Some way for a user to get a public key and know that he is paying the owner of that public key.  (Yes, that's how Bitcoin works inherently, but I mean a secondary public key that allows a user to confirm that a certain person must own the address)

3. The "Bitcoin Messaging" system previously discussed in other threads.  This would provide very similar functionality to PGP, except that keys are Bitcoin addresses.  Importantly, functionality would include ensuring you're paying the same person you're talking to, and/or paying the same person whose public key you can verify somewhere else.  As a simple minded example, before paying someone, you could send a bitcoin message to their address and confirm their ability to confirm, verbally for example, that they received it.  If they can confirm they can decrypt the message, you can feel good paying them at the same address.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
February 02, 2013, 01:07:55 PM
 #31

... Ideally their client should be smart enough to either say "You're paying Casascius" or "I don't know who you're paying, so you better be sure about this!"
I'm not sure this is possible, the address derives from a key only you know, if it were to derive from your brand name everyone would know the private key.

Seems to me there's no way to get both.

I would suggest letting a beefed computer run a week or a month to create a vanity address for your company and then use that. 1 layer of extra security anyway.
The more serious the company the more money and CPU you could put into it.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
phelix
Legendary
*
Offline Offline

Activity: 1708


nmc:id/phelix


View Profile
February 02, 2013, 01:23:06 PM
 #32

What about using data from the blockchain to determine the trustworthiness of an address? If it is not a throw away address it would say a lot.

First seen
Number of tx
Coins received

A hacker would probably use a fresh address. At least for donation addresses this would work well.

You could even calculate a bitcoin inherent web of trust from the addresses you own to the address in question.

blockchained.com ■ bitcointalk top posts
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
February 02, 2013, 03:55:21 PM
 #33

1. Some way for a user to know if he's paying someone he has paid before, versus someone he is now paying for the first time.

It can be useful. You can do it with the existing payment protocol by including a signature with no PKI data. Use ECDSA key recovery on the signature and then record the derived pubkey.

Quote
2. Some way for a user to get a public key and know that he is paying the owner of that public key.

That's what the payment protocol does.

caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
February 02, 2013, 09:48:26 PM
 #34

Adobe's Acrobat/PDF document signing PKI is an example of one that appears to work and be well-managed.

Well, it works, yes... but it is expensive! I work for a company that among other things has a system that does digital signatures for official documents. They are required to pay 0€15 for each signature they issue, not to mention the enormous costs for being able to issue these signatures in the first place. And that's paying exclusively for Adobe's "recognition". Adobe does't actually do anything, they have absolutely no extra cost when these signatures are issued. But if you want their recognition, open your pockets!

I hope that this implementation for bitcoin is done in such a way that more competition in the "authority market" is available, so that prices are not so high.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
February 03, 2013, 12:37:02 AM
 #35

Interesting ideas. At this moment I wouldn't dare sending someone 1000 coins without at least confirming the last few letters of the address over the phone or through another independant channel.

Be careful - it's pretty easy for someone to generate an address that has the last few characters they want (and first few, for that matter).  People do it all the time with vanity addresses, but it could just as easily be done to try and defeat a simple 'over the phone' check of a few characters of the address.

roy

I thought last few bytes are the checksum. How easy is it to generate a key pair with the public address ending in 4BpiZ?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
becoin
Legendary
*
Offline Offline

Activity: 1778



View Profile
February 03, 2013, 12:46:46 AM
 #36

where someone can paste an address into their Bitcoin client and see a confirmation: "Confirmed, you are paying Rocky Mountain Power Company"
How will you force this user to distinguish between "Confirmed, you are paying Rocky Mountain Power Company" and "Confirmed, you are paying Pocky Mountain Power Company", or "Confirmed, you are paying Rocky Mountin Power Company"?

the whole point of this is so that the signing keys are not on the same system that is distributing the addresses.
Absolutely. Many people just don't understand that there is a difference between the monetary system that is supporting the very existence of a currency and the payment system that is using this currency. There is a reason why these two systems must be kept separate. What casascius is pointing out as an issue has to be solved by improvements in different competing payment systems using bitcoin as a currency. Don't mess with the blockchain, mining or transaction relaying!
deepceleron
Legendary
*
Offline Offline

Activity: 1512



View Profile WWW
February 03, 2013, 03:55:16 AM
 #37

I thought last few bytes are the checksum. How easy is it to generate a key pair with the public address ending in 4BpiZ?

Unlike the first characters of a Bitcoin address, the possible last characters (including the checksum) are evenly distributed among the Base58 characters, i.e. the chance of the last character of any address you generate being "Z" is 1 in 58. On average, for every 58 addresses you generate, one will end with "Z", and the average time to find a "Z" will be 58 key generations (a 50% chance).

We only need to scale the probability up; for five characters, the chance is 1 in (58^5) - that's 1 in 656356768. Running my vanitygen at 180Kkey/s, I would have a 50% chance of finding one in 3646 seconds (about an hour). In fact, it took me less time:

vanitygen -r -k BpiZ$

(at result 35, of 58 expected on average):

Address: 17piCjuatkXRi8tPJf43fN2bSNeJi4BpiZ
Privkey: 5KJshpZnAygza2goQNB7gsmyvwEwg8CquLZBPgpHCDU8Dg5xCvP

casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1358


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 03, 2013, 06:46:51 AM
 #38

where someone can paste an address into their Bitcoin client and see a confirmation: "Confirmed, you are paying Rocky Mountain Power Company"
How will you force this user to distinguish between "Confirmed, you are paying Rocky Mountain Power Company" and "Confirmed, you are paying Pocky Mountain Power Company", or "Confirmed, you are paying Rocky Mountin Power Company"?

Hypothetically speaking, a properly run PKI prevents people from obtaining certificates to impersonate others, and maintains a trail of recourse.  Example, something like EV SSL, or Adobe's PDF PKI.  The fact that extended validation is even possible attests to a likelihood that you're at least paying somebody who can be identified.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1358


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 03, 2013, 06:56:51 AM
 #39

Adobe's Acrobat/PDF document signing PKI is an example of one that appears to work and be well-managed.

Well, it works, yes... but it is expensive! I work for a company that among other things has a system that does digital signatures for official documents. They are required to pay 0€15 for each signature they issue, not to mention the enormous costs for being able to issue these signatures in the first place. And that's paying exclusively for Adobe's "recognition". Adobe does't actually do anything, they have absolutely no extra cost when these signatures are issued. But if you want their recognition, open your pockets!

I hope that this implementation for bitcoin is done in such a way that more competition in the "authority market" is available, so that prices are not so high.

Adobe folks have got to eat too!

I have an Adobe signing key and I paid for the key, there is no per-document charge for my key.  But even if there was one, there is nothing inherently wrong with that, no law of nature says that everything that does not involve an increment in manual labor per transaction must be free, and there are more variables that define value than just the price.

Ironically, the high price serves as a barrier to entry, which itself adds value.  If you represent institution A and want to authenticate a document from institution B, the fact that Joe Blow can't get a similar looking certificate at a negligible cost adds value.  I wish more people understood why "overpriced" stuff derives the price/value it does, there's always more to it than somebody just wanting to overpay for something just because they're gullible or want the satisfaction of having paid too much for something.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
deepceleron
Legendary
*
Offline Offline

Activity: 1512



View Profile WWW
February 03, 2013, 12:57:33 PM
 #40

Ironically, the high price serves as a barrier to entry, which itself adds value.  If you represent institution A and want to authenticate a document from institution B, the fact that Joe Blow can't get a similar looking certificate at a negligible cost adds value.  I wish more people understood why "overpriced" stuff derives the price/value it does, there's always more to it than somebody just wanting to overpay for something just because they're gullible or want the satisfaction of having paid too much for something.

Here's your certificate from my root authority, since you've already done the work of verifying your identity to me (you'll have to find that paper wallet though).  People can be sure that's your address (or trust any other addresses you sign, since you are now a second-level certificate authority.

That'll be 50BTC. First one's free if you can write the software to make it work, you'll "just" need Bitcoin to lookup and verify a signed message and the chain of trust from the Namecoin blockchain when someone uses your address. Let it know that I am the root CA, BTW.

Linux:
Code:
./namecoind name_update id/casascius '{"cert": {"address": "16EJyLJevdfUxF8MXDSctMfWaNxk14MXoE", "id": "casascius", "info": "Mike Caldwell", "authority": "deepceleron", "authbtc": "1DCeLERonUTsTERdpUNqxKTVMmnwU6reu5", "authnmc": "N76D6hEHB55cGPk8QiG6ysgMbXb11b3nAH"}, "sig": "HAGiR4/oetIedslegs2G5br+w6UpbeIVxZK8+WcASArSroAIuWDAV9B+5Hgck/Bge+0LYQwYTq1dTgTvBMyXdeQ="}'
Windows:
Code:
namecoind.exe name_update id/casascius "{\"cert\": {\"address\": \"16EJyLJevdfUxF8MXDSctMfWaNxk14MXoE\", \"id\": \"casascius\", \"info\": \"Mike Caldwell\", \"authority\": \"deepceleron\", \"authbtc\": \"1DCeLERonUTsTERdpUNqxKTVMmnwU6reu5\", \"authnmc\": \"N76D6hEHB55cGPk8QiG6ysgMbXb11b3nAH\"}, \"sig\": \"HAGiR4/oetIedslegs2G5br+w6UpbeIVxZK8+WcASArSroAIuWDAV9B+5Hgck/Bge+0LYQwYTq1dTgTvBMyXdeQ=\"}"

This is the data signed with Bitcoin:

{"address": "16EJyLJevdfUxF8MXDSctMfWaNxk14MXoE", "id": "casascius", "info": "Mike Caldwell", "authority": "deepceleron", "authbtc": "1DCeLERonUTsTERdpUNqxKTVMmnwU6reu5", "authnmc": "N76D6hEHB55cGPk8QiG6ysgMbXb11b3nAH"}

My self-signed CA: http://explorer.dot-bit.org/n/74491

edit: looks like I "extended" the proposed spec a bit:
http://dot-bit.org/Namespace:Identity
https://en.bitcoin.it/wiki/BIP_0015#Namecoin_ID

Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!