I am currently programming a bitcoin asset exchange plateform, and during this process I came up with an idea which is, in my opnion, pretty good.
I needed some way to identify the owner. He should be able to prove he is the owner of the asset, and he should be able to transfer his ownership to someone else.
Using passwords is the quick-and-dirty way to do so. But there are many drawbacks to this method. I won't discuss them here.
At some point I wanted to use ECDSA signing capabilities of bitcoin address. But it's not easy, and the bitcoin client doesn't provide any tool for that. And I was convinced that it should not.
Using GnuPG would be nice, but I realised that it's a pain in the ass to program with. It realy doesn't seem to me that it is suitable for scripting.
So I decided to use RSA keys, using the openssl command. It was much easier than I thought, and particularly easier than GnuPG.
Anyway, here is the idea I came up with.
At some point I have to associate a bitcoin address (where future dividends are to be paid) to a public RSA key. Keeping a database of these relations is necessary, but not sufficient. Basically it would give exactly the same problems as with passwords. Anybody who would access to the database could modify it and then claim ownership of the assets.
So the idea is to timestamp the relations into the bitcoin block chain.
Here is an exemple.
I want to associate this bitcoin address :
1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt
to this RSA public key :
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67nZtqz41rGFdUsVMC/E
HsvhfyG7dreTeIfOO+tA1fUuyooiodsYw73qM4qKZFJduBdtrMqAiQhGkfUjhqbf
aIlc/5yR+0ZUHI6eiCcPtDi95MdpmDtlXg/9YkQ36ACZX2ccCIiUIaHVK4lc2MzT
6Io9FaXCejkoZiEsAK+XqUxc3X5B0VFVxyq4i/S7qOQKABfEDaF56OhtW3URGX7V
LTOxMmSccL/tVeN3cwUfNOHsoVF7g1bqPGYvdEGOzEklzJ3i2IYMah7d4So3BlXr
OMI6HCZTfCd+J64c5h6dh2ciQr27XDUKBVQhm3s5gwQl0WRcQhQ4LRG3ur+Rud5q
2QIDAQAB
-----END PUBLIC KEY-----
All I have to do is to use a timestamping function like this one :
timestamp() {
wget -O - -q
http://blockexplorer.com/q/hashtoaddress/$(openssl dgst -rmd160)
}
this way :
{ echo 1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt ; echo "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67nZtqz41rGFdUsVMC/E
HsvhfyG7dreTeIfOO+tA1fUuyooiodsYw73qM4qKZFJduBdtrMqAiQhGkfUjhqbf
aIlc/5yR+0ZUHI6eiCcPtDi95MdpmDtlXg/9YkQ36ACZX2ccCIiUIaHVK4lc2MzT
6Io9FaXCejkoZiEsAK+XqUxc3X5B0VFVxyq4i/S7qOQKABfEDaF56OhtW3URGX7V
LTOxMmSccL/tVeN3cwUfNOHsoVF7g1bqPGYvdEGOzEklzJ3i2IYMah7d4So3BlXr
OMI6HCZTfCd+J64c5h6dh2ciQr27XDUKBVQhm3s5gwQl0WRcQhQ4LRG3ur+Rud5q
2QIDAQAB
-----END PUBLIC KEY-----"
} | timestamp
And I get a bitcoin address :
13CWM9MmeyP1MA6SgAiqAq7cGxXaLWhnTG
Now, the owner of the RSA just have to send a small amount to this address, so that no-one could claim ownership of this bitcoin address. Why would anyone claim ownership of someone else's bitcoin address ? Only because this could give him the right to transfer it to an other bitcoin address, one that he actually owns.
The whole point of all this is that with such a method ownership of assets can be identified by bitcoin addresses, providing that these addresses are timestamped with a RSA public key.
PS. Hum... as I write this, I realise that this method might make the use of GnuPG easier than I thought. Maybe finally easier than RSA.
