Feature request : signing a text with a wallet key

[grondilu]

I've just realised that proving you own a particular address is actually not very difficult, even with the current bitcoin client.


Say Alice wants to prove Bob that she owns the bitcoin addres $addr

All she has to do is to send a certain amount of bitcoin to this address.  This amount has to be high enough to convince Bob that it wasn't lost, and it has to have some entropy (so that it can be used to prove that it comes from Alice).

So Alice tells Bob :

A: ok, give me a high enough amount, with a few decimal numbers.
B: hum, let's say pi :   3.14159264
A: wait a sec...
(Alice runs "bitcoind sendtoaddress $addr 3.14159264")
A: here you go, check out the following transaction :  http://bitcoinexplorer.com/q/transaction/...
B: fine, I guess you wouldn't accept to lose 3.14159264 bitcoins just to fool me.  So I beleive you own this address.

[1713969330]

1713969330

[1713969330]

1713969330

[jib]

B: fine, I guess you wouldn't accept to lose 3.14159264 bitcoins just to fool me.  So I beleive you own this address.

Or Alice could be donating the 3.14159264 bitcoins to a charity (which she would have donated to anyway and thus isn't really losing anything). Or she could organise with some third party to trade 3.14159264 bitcoins for something. Or maybe you're wrong and she's willing to lose the bitcoins to fool you. It definitely doesn't show she owns the address.

A simpler and better (but still not entirely secure) way to check ownership is to ask her to send 3.14159264 bitcoins *from* that address back to that address in a single transaction (That's possible, right?).

[grondilu]

A simpler and better (but still not entirely secure) way to check ownership is to ask her to send 3.14159264 bitcoins *from* that address back to that address in a single transaction (That's possible, right?).

True.  Sending *from* the address is good too.

Also, the method doesn't have to be secure, since anyway it is not really very usefull to prove to someone taht you own some money.

Alice could prove Bob she owns enough money, but at the end the moment of truth occurs during the real transaction from Alice to Bob.  It's easy to prove you own any amount of money.  Bacically you could even borrow it during a short period of time.  Big money owners could also sell this kind of proof to people (selling the "proof", not the money).

What I mean is that proving you own some money is actualy quite useless in commercial relations anyway.  But if people really want to do it, they can do so with a relative security within the current bitoin implemenation.

[jib]

the method doesn't have to be secure, since anyway it is not really very usefull to prove to someone taht you own some money.

If it's not useful, we don't need a method at all, and if it is useful, we need a secure method. Either way, we don't need a dangerously flawed and useless one like your suggestion.

[grondilu]

If it's not useful, we don't need a method at all, and if it is useful, we need a secure method. Either way, we don't need a dangerously flawed and useless one like your suggestion.

True.  We actualy don't need it.

My initial post was intended to allow people to prove they own a private key.  It was intended to claim ownership of future paiements into the bitcoin address.  The idea was to ease a process a asset transfer.  It's completely different than proving you own a certain amount of money, which is in my opinion quite impossible  (since money could have been borrowed).

Also, proving you own some money doesn't prevent you from lying about your intent to spend it.

[MoonShadow]

Also, proving you own some money doesn't prevent you from lying about your intent to spend it.

It's not important that you could be lying about your intent, nor is it important that it may be borrowed.  It's like a credit check without the bullsh*t.  "Wanna by my car with Bitcoin?  Sure buddy, but before I waste an hour of my life showing you my peach of a used car, prove that you can produce the coin."

[gene]

PGP is cool, but how about signing data with your bitcoin private keys ? Oops, you can't (well you technically can with gavins python tools).
One of the properties of cash is that I can show you the money before you go get the goods, I'd love to be able to do the same thing with bitcoin in a simple way.

Ok, you want to use your private key for bitcoin instead of a private key in PGP; see my first post in this thread. I think you'll face some resistance because this is redundant functionality. As for seeing the amount in a certain account, can't you already do this is blockexplorer (a distinct application)?

It is not redundant, balance is linked to a bitcoin private key, not to any PGP one.

This functionality is redundant with that offered by the (existing, well understood, established, portable, and widely implemented) OpenPGP standard, and others. Saying that it isn't redundant because bitcoin doesn't already offer it doesn't make much sense. This kind of thinking is how the world ended up with atrocities like MS Outlook. I've said before that I like the Unix Way (TM) of doing things, and this is because there is just less room for disaster.

Yeah, the ability to prove without a doubt to a seller that I have control over a given address, and therefore the funds that he can see in his blockchain, would be great.  Particularly without the need to prove that to the entire world.

But you need to have established trust through some other mechanism beforehand. Establishing trust is an inherently "out of band" process. See my points about PKI and Webs of Trust.

No you do not need any trust.

I bolded a section in your previous reply. My question stands. How can you ever establish an identity (such as when saying that you control a bitcoin account) without some external  bootstrapping mechanism? You can't ever "prove without a doubt" that you control a private key. The best you can do is convince someone to trust you to identify yourself correctly and not divulge your private key. I wonder if you understand the distinction that I am trying to draw.

And by bitcoin's nature, which you seem to think I never bothered to try to understand, you cannot keep secret the balance of an account after disclosing the ID. For an arbitrary account number (for which there is a record after a transaction), anyone can check its balance at any time, whether or not anyone knows who has ever controlled it.

[davout]

This functionality is redundant with that offered by the (existing, well understood, established, portable, and widely implemented) OpenPGP standard, and others. Saying that it isn't redundant because bitcoin doesn't already offer it doesn't make much sense. This kind of thinking is how the world ended up with atrocities like MS Outlook. I've said before that I like the Unix Way (TM) of doing things, and this is because there is just less room for disaster.

You cannot prove you hold the funds associated to a given address with PGP, that's what I want as a feature.
Whether I only get to extract the key from the wallet to use it with another tool instead of directly from the bitcoin client is irrelevant.

My question stands. How can you ever establish an identity (such as when saying that you control a bitcoin account) without some a priori  mechanism of establishing trust? You can't ever "prove without a doubt" that you control a private key. The best you can do is convince someone to trust you to identify yourself correctly and not divulge your private key. I wonder if you understand the distinction that I am trying to draw.

Identification is irrelevant here...

And by bitcoin's nature, which you seem to think I never bothered to try to understand,

i don't doubt you tried

you cannot keep secret the balance of an account after disclosing the ID. For an arbitrary account number (for which there is a record after a transaction), anyone can check its balance at any time, whether or not anyone knows who has ever controlled it.

accounts are very different things than addresses, lurk a little more

[grondilu]

Give it up, davout.  Gene is right.   It's a feature that is not necessary to bitcoin, and that could be implemented with an external, optionnal, program.

Therefore, there is no reason to add it in the official client.  It would give unecessary additional work for programmers and would add potential points of failure.

But I wish someone will eventually implement it as an external tool.

[davout]

Give it up, davout.  Gene is right.   It's a feature that is not necessary to bitcoin, and that could be implemented with an external, optionnal, program.

As I said, there is at least the need to be able to export the keys, which isn't possible with the current client.
Other people have also expressed interest in this feature, so let's just see where it takes us

But I wish someone will eventually implement it as an external tool.

You can use gavin's python tools to export the keys and fiddle with them externally and that is good since you can achieve the desired functionality, but there's no guarantee he'll have time to maintain them and keep them compatible with future versions.

I think it's an important property of cash to be able to show without giving, don't you ?

[grondilu]

You can use gavin's python tools to export the keys and fiddle with them externally and that is good since you can achieve the desired functionality, but there's no guarantee he'll have time to maintain them and keep them compatible with future versions.

I think it's an important property of cash to be able to show without giving, don't you ?

I guess.  However I keep thinking it should not be integrated inside the client but as some kind of a bitcoin-tools package, amongst which we could also find the explorer functions of blockexplorer.com.

I didn't know about gavin's tools.  I'll give it a look.

[davout]

I didn't know about gavin's tools.  I'll give it a look.

Here they are :
https://github.com/gavinandresen/bitcointools

[gene]

I think it's an important property of cash to be able to show without giving, don't you ?

Why? I don't have to prove to a shopkeeper that I have enough money to just look around in his store. If I want to buy the item and I don't have enough money in my pockets, the transaction will fail at the point of sale. He loses nothing, and I lose nothing. This analogy generalizes, too. Again: credit vs. cash. Bitcoin is digital cash.

[caveden]

Give it up, davout.  Gene is right.   It's a feature that is not necessary to bitcoin, and that could be implemented with an external, optionnal, program.

The default implementation uses a specific (custom) type of keystore, as far as I know. So it would be better if it provides the means to manipulate the keys in it. In terms of maintenance, being an external tool or not it will remain a job for the same developer community since this tool would be completely linked to bitcoin's specific type of keystore.

What I mean is, your unix motto of "do just one thing, but do it well' doesn't apply while the bitcoin client remains coupled to a custom type of keystore. It is already doing more than one thing.

The ideal scenario would be a client not strongly coupled to any type of keystore. In this case, one could make a build/config of the client that uses a more standardized type of keystore which already has all the tools to manipulate the keys in it.

[bfever]

I think it's an important property of cash to be able to show without giving, don't you ?

Why? I don't have to prove to a shopkeeper that I have enough money to just look around in his store. If I want to buy the item and I don't have enough money in my pockets, the transaction will fail at the point of sale. He loses nothing, and I lose nothing. This analogy generalizes, too. Again: credit vs. cash. Bitcoin is digital cash.

I have to agree with davout that exporting the private key is something useful in a scenario where you want to pay in bitcoins without having a bitcoin client with you (on a smart phone or other device with Internet access), only something like a smart card which holds securely the private key of one of your bitcoin addresses: it can sign the payment transaction. See this topic I opened: http://bitcointalk.org/index.php?topic=2898.0

Gene: how are you able to pay some bitcoins with your PGP key at the store ? Without the private key of the bitcoin address, nobody can sign the transaction to validate it ! Or am I the one missing something here ?

But I can agree with grondilu that this can be part of external tools that manipulate your wallet.dat (on your PC) and make the transaction (at the merchant's store).

Going to take a look at gavin's tools if I have some spare time...

[Hal]

See also the program referenced in post 15 of this thread:

http://bitcointalk.org/index.php?topic=2507.0;all

I think grondilu has some code samples showing how to sign with these openssl keys.

[Hal]

Here's where grondilu describes his scripts to sign arbitrary data with wallet keys using openssl. Very impressive.

http://bitcointalk.org/index.php?topic=2694.msg39658#msg39658