Bitcoin Forum
March 28, 2024, 06:43:44 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Bitcoin and Smart Cards  (Read 5081 times)
smartcardguy (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0



View Profile
June 22, 2011, 06:23:34 AM
 #21

The exchanges should offer smart cards to secure account. If it is applied to a wallet that might be interesting.
I agree, with the crypto card approach additional cost for this for almost nothing.
"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711651424
Hero Member
*
Offline Offline

Posts: 1711651424

View Profile Personal Message (Offline)

Ignore
1711651424
Reply with quote  #2

1711651424
Report to moderator
ThomasV
Legendary
*
Offline Offline

Activity: 1896
Merit: 1343



View Profile WWW
October 03, 2011, 11:45:38 AM
 #22

I setup this wiki page, in order to gather information:
https://en.bitcoin.it/wiki/Smart_card_wallet

please let me know if you are interested

Electrum: the convenience of a web wallet, without the risks
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1016



View Profile
October 04, 2011, 12:31:12 PM
 #23

I am by no means an expert in smart cards at all, but I think the chief problem with this approach is that you still have to trust the device reading it. Correct me if I'm mistaken:

Say we're in the future where we can carry our Bitcoin wallet around on a smartcard. I go to Meze Grill, order something delicious and stick my card in the card reader. It asks me to agree to the 0.5BTC or whatever the future price of something tasty is, I tap "yes", it passes the transaction to my smart card and asks it to sign the transaction, before pushing it to the network.

Assuming I'm not misunderstanding something, so far so good.

Now what if the reader is compromised some way? With a smart card approach, there's absolutely no readout or anything of that nature that I can trust. The reader might ask me to agree to 0.5BTC and then ask my smart card to sign a transaction for 50BTC. The risk is reduced at brick and mortar businesses, but it's still there.

The risk is also there for credit cards of course, but drastically reduced because you can charge back credit card transactions that are fraudulent - you can't charge back Bitcoin (that's one of it's charms).

I definitely think pocket-wallet devices are a possible future for Bitcoin, but without them having a readout of the amount I don't think it'll work... and unless I'm mistaken they don't make smartcards with neat little screens on them. Sad

The same way bitcoin handles it now.  You empty the entire contents of the private key, and give the remainder to a different PUBLIC address in the same wallet.  Then even if they get the private key, who cares, there's nothing left in that address.

elggawf
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
October 04, 2011, 01:29:32 PM
 #24

The same way bitcoin handles it now.  You empty the entire contents of the private key, and give the remainder to a different PUBLIC address in the same wallet.  Then even if they get the private key, who cares, there's nothing left in that address.

Swing and a miss. Smartcards don't generally divulge keys (that's pretty much the whole point of them), and I said nothing about divulging keys being the issue.

^_^
mimarob
Full Member
***
Offline Offline

Activity: 354
Merit: 103



View Profile
November 09, 2011, 08:54:24 AM
 #25

watching this thread..

I thought maybe a usb computer stick would make a nice prototype such as a teensy, these do probably not lock the key that well in case of theft, but I'd be okay with that. Just want a small thing I could charge with a few btc's and carry around to different computers.

ThomasV
Legendary
*
Offline Offline

Activity: 1896
Merit: 1343



View Profile WWW
November 09, 2011, 09:03:46 AM
 #26

watching this thread..

I thought maybe a usb computer stick would make a nice prototype such as a teensy, these do probably not lock the key that well in case of theft, but I'd be okay with that. Just want a small thing I could charge with a few btc's and carry around to different computers.



FYI, I setup this page to gather resources on how to achieve this goal:
https://en.bitcoin.it/wiki/Smart_card_wallet


Electrum: the convenience of a web wallet, without the risks
finway
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
November 09, 2011, 09:19:17 AM
 #27

How does this go?

runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
February 08, 2012, 04:24:09 PM
 #28

Any progress on this? This seems to me to offer the highest practically attainable security. If someone has to steal the card in order for me to lose the coins, it's good enough for me.
ThomasV
Legendary
*
Offline Offline

Activity: 1896
Merit: 1343



View Profile WWW
February 08, 2012, 04:37:47 PM
 #29

Any progress on this? This seems to me to offer the highest practically attainable security. If someone has to steal the card in order for me to lose the coins, it's good enough for me.

in December, slush talked about implementing an Electrum client in a USB stick with a small screen

Electrum: the convenience of a web wallet, without the risks
rdymac
Newbie
*
Offline Offline

Activity: 31
Merit: 0



View Profile WWW
May 23, 2013, 12:07:44 AM
 #30

watching this thread..

I thought maybe a usb computer stick would make a nice prototype such as a teensy, these do probably not lock the key that well in case of theft, but I'd be okay with that. Just want a small thing I could charge with a few btc's and carry around to different computers.



FYI, I setup this page to gather resources on how to achieve this goal:
https://en.bitcoin.it/wiki/Smart_card_wallet



Am I late to the party? Smiley

I though O was thinking on something new! But clearly I wasn't. Almost everything I thought is already on that wiki page (with not only words as I did) except for one thing.

I have something to add: If the merchanr have to wait for 6 confirmations then this card is practically useless, also if the wallet is deterministic for it to be recoverable; again it merchants would need to wait for 6 confirmations to avoid double-spend attempts.

But if the merchant has for sure that the Smart Card user can't spend the coins twice, he can let the buyer go with even none confirmation.

For this to happen the user shouldn't know the private key that Smart Card is carrying (it can't be taken from the card on any way). To aproach this, without losing the chance to recover the funds in xase the Smart Card is stolen, the private key need to be created in a vanitygen way, where one carries part of the key and the other keeps the other part, but both are only combined securely inside the card.

For example:

The User purchase the Smart Card from a Issuer. Then in a registration procces the users gets a part of the key and the Issuer the other part, so the Issuer insert his part in the un-configured Smart Card. The Issuer sends the Smart Card to the User's house, he insert his part and the private key is generated securely inside the Smart Card.

The private key never see the light, it is stored securely inside the Smart Card. In case the Smart Card is stolen or destroyed, the User can enter his key part in the Issuer website (encripted/hashed I think), sending a request for the other part to the Issuer, and generate the private key to recover its funds. This process would take 24 hours, so any pending transaction gets confirmed. Any merchant can accept payments this way without havin to wait for any confirmation because he knows that it is not possible to double-spend with that SmartCard.
drazvan
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
May 25, 2013, 12:46:38 AM
 #31

You mean something like this: https://bitcointalk.org/index.php?topic=190046.0 ? I like the split-key generation idea, however that would require the issuer to remain in business for at least as long as the cards are used. If the keys are generated on the card, the user loses the ability to recover his funds if the card is lost / stolen / destroyed, but the issuer only needs to publish a list of "green addresses" - the ones belonging to the cards that have been issued. That list can be mirrored and re-published by anyone. If the issuer goes out of business, all previously "green" addresses remain "green" forever and cards can still be sold to users, they just won't be listed anywhere so they'll only work as regular Bitcoin addresses, not "green addresses".
btcven
Hero Member
*****
Offline Offline

Activity: 715
Merit: 500


Bitcoin Venezuela


View Profile WWW
May 25, 2013, 01:24:09 AM
 #32

You mean something like this: https://bitcointalk.org/index.php?topic=190046.0 ? I like the split-key generation idea, however that would require the issuer to remain in business for at least as long as the cards are used. If the keys are generated on the card, the user loses the ability to recover his funds if the card is lost / stolen / destroyed, but the issuer only needs to publish a list of "green addresses" - the ones belonging to the cards that have been issued. That list can be mirrored and re-published by anyone. If the issuer goes out of business, all previously "green" addresses remain "green" forever and cards can still be sold to users, they just won't be listed anywhere so they'll only work as regular Bitcoin addresses, not "green addresses".

The idea is to be sure the buyer will not double spend. If the Issuer dissappear (and is and honest company) they can publish all the key part they have with the addresses associated and then Users will be able to get their priv-key. But I think spending the funds to one address to left the SmartCard in a trash can because the Issuer doesn't existe anymore would be easier.

I don't think the User's addresses need to be listed as "green addresses" if an User pays with one of those SmartCards and the reader is from the comany too, the address can be verified trough an API, or there's no need even for that. That SmartCard will only work with official readers. So the User can pay and go!

--
rdymac

Admin: rdymac (PGP) | contacto@bitcoinvenezuela.com | @cafebitcoin | Electrum, lightweight bitcoin client
If I've been helpful tip me a coffee! Cheesy1rdymachKZpA9pTYHYHMYZjfjnoBW6B3k Bitrated user: rdymac.
drazvan
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
May 25, 2013, 10:38:11 AM
 #33

I'm not sure what you mean by "verified through an API"... at the time of the payment, the merchant must ensure that the payment comes from a smartcard that is running the correct software that doesn't leak the private keys or allow double spending. The merchant terminal also needs to be online in order to post the transaction to the Bitcoin network, so verifying the address is just an HTTP call to the "green address" list server (or servers).

Also, the split-key scenario must be very carefully designed to prevent the user from reassembling the private key outside the card. Otherwise the user could simply do the double spend from another device loaded with the reassembled private key.
btcven
Hero Member
*****
Offline Offline

Activity: 715
Merit: 500


Bitcoin Venezuela


View Profile WWW
May 25, 2013, 03:45:29 PM
 #34

I'm not sure what you mean by "verified through an API"... at the time of the payment, the merchant must ensure that the payment comes from a smartcard that is running the correct software that doesn't leak the private keys or allow double spending. The merchant terminal also needs to be online in order to post the transaction to the Bitcoin network, so verifying the address is just an HTTP call to the "green address" list server (or servers).

Also, the split-key scenario must be very carefully designed to prevent the user from reassembling the private key outside the card. Otherwise the user could simply do the double spend from another device loaded with the reassembled private key.

I think I've read that SmartCards do protect the content on them, I don't think you can take information from them if they are not programmed for that purpose. The Bitcoin Card (that vimeo video on the web) could be an example. I don't know much about those cards.

Admin: rdymac (PGP) | contacto@bitcoinvenezuela.com | @cafebitcoin | Electrum, lightweight bitcoin client
If I've been helpful tip me a coffee! Cheesy1rdymachKZpA9pTYHYHMYZjfjnoBW6B3k Bitrated user: rdymac.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!