Idea for brick-and-mortar Bitcoin use

[GreenerK]

This came to mind after seeing Max Keiser mentioning that Scotland, if it did become independent, should embrace Bitcoin as its currency;

This obviously is tongue-in-cheek, but it got me thinking: For Bitcoin to become adopted by the masses, it would need to be easy to use in brick-and-mortar shops and act like current credit/debit cards.

Having your private key printed as a QR Code on a credit card-like piece of plastic is obviously very risky – as soon as someone steals this, kiss goodbye to your finances – but an incomplete private key, paired with a manual PIN code-like process could work.

What do you think of the following process when buying something at the supermarket?
1)   The cashier completes the scanning of the goods as normal, marking the purchase as a Bitcoin purchase (working much like current Point Of Sales (POS) systems, with the amount and recipient entered in).
2)   The card reader asks to see your QR code (which is your Private Key minus the last 6 characters).
3)   The card reader then asks you to punch in these last 6 characters to complete the key.
4)   The POS checks available funds in the associated Public Address and initiates the transfer.
5)   Nothing about the Private key is recorded.
6)   You get a receipt with the transaction address/code.

Software at home, or local services, could manage addresses and printing of these key cards. If a card is lost or stolen, the user could transfer the BTC to a new address using said software (which keeps track of the Private Key, much like a wallet) or via a backup card kept safe.

- Does this sound like a viable solution for “the masses” to adopt Bitcoin for day-to-day use?
- Would holding back the last 6 or so characters be enough to secure the Private Key?
- Could replacing some of the numeric characters with underscores be a better way of using a “PIN” as security? i.e. the code 5KQo_nY_PtyHG_K_BosGHkw_pdkRoaBHFCa_cGmyWWjJLq32sPg would have the PIN 382329
- The POS would need to be set up to return the "change" of the transaction to the same spending address associated with the card.

Thoughts?

[Come-from-Beyond]

Why does someone need to reveal their private key?

[GreenerK]

Why does someone need to reveal their private key?

Because you can't spend any BTC without the Private Key for the Public Address they're held in.

[Skrapps]

5)   Nothing about the Private key is recorded

Isn't the card reader still getting the whole private key, and you are entering it into two forms?

This just seems to solve security regarding the checkout clerk, and asking for more faith placed onto a machine, and the private (closed source) security of the business.

Why not just pay ahead of time, a money-down-payment-to-line-of-credit? Maybe the business could match you 1:1, 2:1 or what have you; for actual money paid into the store, and credit they could extend?

Everyone is on a club savings card of some sort (in the US anyways). Hard to be pseudoanonymous at your neighborly, once-a-week-visting grocery store.

[nocube]

- Would holding back the last 6 or so characters be enough to secure the Private Key?

58^6 = 38,068,692,544

I'd say no.

[ffcitatos]

I don't see which problem this solves.

Why is it better than the standard way that is being used now? I mean, the shop generates a new BTC address and displays its QR code after your step 1, the customer scans it, its mobile phone makes a transaction. All right, internet connection in the phone is required, but that is almost a given nowadays.

[kjj]

- Would holding back the last 6 or so characters be enough to secure the Private Key?

58^6 = 38,068,692,544

I'd say no.

It is even worse than that.  If the private key is in WIF form, the last 32 bits are a check code.  So, divide your answer by 2^32 and you get about 10 possible keys that need to be checked

The quirks of the encoding make key recovery a bit harder than that, but it is still WAY less than the 38 billion quoted.

[Remember remember the 5th of November]

For sure we need more of these for Bitcoins

[GreenerK]

Thanks for the feedback - some great thoughts here.

I don't see which problem this solves.

Why is it better than the standard way that is being used now? I mean, the shop generates a new BTC address and displays its QR code after your step 1, the customer scans it, its mobile phone makes a transaction. All right, internet connection in the phone is required, but that is almost a given nowadays.

When I was thinking about this, I was thinking along the lines of those not wanting to delve into smartphones, computers too much and learn about Bitcoin wallets. i.e some of the older generation that may want to just pop down the shops with there BTC card to get some milk.

The "rest of us" are happy to use Bitcoin as-is. There's no problem there.

Interesting points about the security too - clearly the "PIN" option may not be viable.

Why not just pay ahead of time, a money-down-payment-to-line-of-credit? Maybe the business could match you 1:1, 2:1 or what have you; for actual money paid into the store, and credit they could extend?

Everyone is on a club savings card of some sort (in the US anyways). Hard to be pseudoanonymous at your neighborly, once-a-week-visting grocery store.

A loyalty card of sorts would just add an extra step in the middle. I was hoping to figure out a way of keeping this "purely Bitcoin", keeping the transaction between you and the shop.

Maybe something linked to an online wallet like Blockchain.info, that you can access at the shop via QR code (for username) and PIN (for the password). But even then you're relying on leaving private keys with a 3rd party.


Hmmm. Back to the drawing board I think.....