offline address - or a way to explicitly freeze an address

[btcusr]

tl;dr: No.

Simply,

 - an address can be frozen for spending
 - can keep one address without worrying about loss of its primary key
 - first primary key is protected by second primary which can be changed as and when required
 - second primary key is only used for lock / unlock (freeze / unfreeze) first address

It is not the same as m*n key because,

  - with m*n, address keep changing, so cannot use one address for all transactions

[DannyHamilton]

The stuff you're saying doesn't make sense.  I simply can't take anything you say seriously if you can't explain it in a way that makes sense.  Either you don't understand how bitcoin works, or I don't understand what you are suggesting. (Maybe both?)

[btcusr]

The stuff you're saying doesn't make sense.  I simply can't take anything you say seriously if you can't explain it in a way that makes sense.  Either you don't understand how bitcoin works, or I don't understand what you are suggesting. (Maybe both?)

Ok, here's an example,

Let's say you own firstbits address, '1Hamilton'. You spent lot of time, effort and money to generate it and you are happy to use this address for all your transactions.

At some point of time, you doubt your firstbits private key was stolen / compromised. Now only option for you is to stop using it. Would that be OK for you?

How about satoshi loosing his, firstbits '1'?

You got the problem now?

[DannyHamilton]

Ok, here's an example,
- snip -
You got the problem now?

Yes, I've understood that you have a sentimental attachment to a random string of letters and numbers that happens to match a particular pattern that you like.  I've also understood that you are concerned about the private key associated with that string of characters being compromised.  This isn't the part that I don't understand.

The part I don't understand is how you think you can "freeze" an address without "lots of code changes" and why you think "surely it wouldn't require a hard fork".  I also don't understand why you think that "address keep changing" with 2-of-2 multisig.

[Dabs]

No one else will do it. Not one of the main developers will also do it, when it's as easy as using a brand new or different address. Any address that can receive coins will be able to spend it if you have the private key.

[btcusr]

> The part I don't understand is how you think
 > you can "freeze" an address without "lots of
 > code changes"

Frozen or not is just 1 bit detail, I hope this is possible through 'script'ing, so requires zero or minimal change. Just we need to check whether address is frozen before proceeding with sign validation. Yet, I am not very sure.

> why you think "surely it wouldn't require a
> hard fork".

I am suggesting that this can be implemented as specialized freeze/unfreeze transaction, or through a new flag in usual transactions. Either ways, this is going to be a new transaction with a fee. We are not going to redo all the hashing from Genesis block.

> I also don't understand why you think that
> "address keep changing" with 2-of-2
> multisig.

This again for the emotional attachment with the random bits. I want to include compromised address as one of multisig address. Now, I have to let everyone know my new address. When this address gets compromised, or every time I want to use different key to sign, then I have to create another multisig address.

This way also, I cannot use one address forever.

[btcusr]

And, don't worry. I am not trying to give someone else the authority to freeze all your addresses. If they can freeze your address, then they also can also spend your money. Means, you need original private key to freeze an address.

[DannyHamilton]

Yet, I am not very sure.

This much is now very clear to me.

Frozen or not is just 1 bit detail, I hope this is possible through 'script'ing, so requires zero or minimal change.

The "script" that is used in a bitcoin transaction describes what is required to spend the transaction. How can this be used to lock and unlock an address?

Just we need to check whether address is frozen before proceeding with sign validation.

Easy to say. As far as I know, impossible to do without a "hard fork". Do you know of a method that would avoid a "hard fork" that you haven't described yet?

I am suggesting that this can be implemented as specialized freeze/unfreeze transaction, or through a new flag in usual transactions.

Which would require a "hard fork" as far as I know. Do you know of a method that would avoid a "hard fork" that you haven't described yet?

We are not going to redo all the hashing from Genesis block.

Nobody said anything about hashing from the Genisis block.  Perhaps you don't understand what a "hard fork" is?

This again for the emotional attachment with the random bits. I want to include compromised address as one of multisig address. Now, I have to let everyone know my new address. When this address gets compromised, or every time I want to use different key to sign, then I have to create another multisig address.

Ok, I think I see your concern with multisig, but I still don't see how you are going to fix that problem with you "address freezing" process.

[K1773R]

just use Armory, can even be the same wallet (then u have to use Coin Control)

[btcusr]

> The "script" that is used in a bitcoin transaction describes
> what is required to spend the transaction. How can
> this be used to lock and unlock an address?

the same way how script spends coins.

verify unlock signature, unlock, verify spend signature, spend

or, something similar to that.

[btcusr]

Would like to end this thread, as I figure out implementation further.  
your suggestions always welcome.

[DannyHamilton]

Would like to end this thread, as I figure out implementation further.  
your suggestions always welcome.

Yes. Please end this thread.

Your suggestion of:

the same way how script spends coins.

verify unlock signature, unlock, verify spend signature, spend

or, something similar to that.

offers no improvements over multisig.  You would need to provide anyone who sends you bitcoin with the public key of your "unlock keypair" and they would have to create a transaction that includes that in the "script".  This would only lock that transaction, not the entire address, until the "unlock keypair" was compromised.  Then you would have to send out to everyone another unlock public key, and would have to move all your own old coins to a new transaction using the new unlock keypair.

This is essentially a multisig solution that requires giving out a public key instead of an address?

[btcusr]

something like this.. 

Code:

{
  "hash":"...",
  "ver":1,
  "vin_sz":1,
  "vout_sz":2,
  "lock_time":0,
  ...
  "frozen":1,
  ...
}

[DannyHamilton]

something like this.. 

Code:

{
  "hash":"...",
  "ver":1,
  "vin_sz":1,
  "vout_sz":2,
  "lock_time":0,
  ...
  "frozen":1,
  ...
}

I don't see where the "unfreeze key" is in that example?

[btcusr]

something like this.. 

Code:

{
  "hash":"...",
  "ver":1,
  "vin_sz":1,
  "vout_sz":2,
  "lock_time":0,
  ...
  "frozen":1,
  ...
}

I don't see where the "unfreeze key" is in that example?

thats ok, it is just an idea. an incomplete example.

[btcusr]

finally, I got 1 more want in the poll. I am happy as if it is implemented.
I will edit first post for clarity.

[casascius]

How to freeze your bitcoins:

1. Print a paper wallet at bitaddress.org
2. Send your bitcoins to the address printed on it
3. There is no step 3

Recover your bitcoins later by creating a throwaway Blockchain.info web wallet, importing the paper wallet, and sending the coins to an address of your choice.  You can avoid leaving any unused coins in the web wallet simply by printing a new paper wallet and sending the balance there.

[DannyHamilton]

thats ok, it is just an example. an incomplete idea.

FTFY 

[btcusr]

How to freeze your bitcoins:

1. Print a paper wallet at bitaddress.org
2. Send your bitcoins to the address printed on it
3. There is no step 3

Recover your bitcoins later by creating a throwaway Blockchain.info web wallet, importing the paper wallet, and sending the coins to an address of your choice.  You can avoid leaving any unused coins in the web wallet simply by printing a new paper wallet and sending the balance there.

@casascius, thanks for your post. finally, I think my post got some attention.
you are one of very few members, I can recognize by profile name.

now, how would you solve my main problem,

I want to keep my firstbits address 1vijay, 1visu forever, to receive and spend.

[Timo Y]

You can generate an address offline.

As long as you keep the private key secret, nobody can steal the bitcoin.

A frozen address with time-activated release would be far more secure than an offline address.

The requirement to 'keep a private key secret' makes security depend on humans, and humans are fallible.  Best to outsource security to the protocol as much as possible.

I can see lots of real world scenarios where a time-locked address would be useful and an offline address isn't good enough:

(1) A large 'bank' or exchange that has billions of dollars worth of bitcoin in cold storage. Even if the bank assigns multiple signatories to spend those bitcoins, they could be kidnapped and forced to disclose the private key.
(2) A famous rich person who is publicly known to own a lot of bitcoins.  Again, the frozen wallet would discourage kidnappers.
(3) A problem gambler who wants to keep his retirement fund safe from himself.
(4) A single parent who has terminal cancer and greedy relatives, and who wants to leave his bitcoins to his 13-year old child.
(5) A bitcoin enthusiast who lives under a tyrannical regime and fears that the authorities might imprison and torture him in order to obtain his bitcoins.

As bitcoin gains in value and maturity, these kinds of examples are going to gain relevance.