Thoughts on the compromise of Casascius coin holograms

[zipmaster]

Mike, I feel like the best thing to do would be to implement on your website a proof of ownership system of the coins.

All coins should also list a Mike Caldwell signed PGP key of their original buyer. When an original coin owner then sells his coins to someone else, they can sign the PGP key of the new buyer and have the site be updated with the new owner's PGP key.

This won't help against tampering of Casascius coins per se but would certainly render counterfeiting impossible since, for a given coin address, it is impossible to know what the private key of the real owner is. Ultimately, only Mike could counterfeit the coins.

This doesn't eliminate trust. What it does is keep trust over Casascius coins what it has always been: trust in Mike Caldwell.

It would certainly be a hassle to implement this mechanism for past coins since all original owners would have to be contacted and, furthermore, some coins have already traded hands so people would have to play catch-up on the PGP chain. However, the hassle would be very much worthwhile to many proud Casascius owners.

Furthermore, the whole mechanism could be automated on the website so that any coin sales can update the PGP chain. Within this framework, new buyers would conclude a sale by having their PGP key signed by the coin's previous owner and updated on the website.

This should seriously be taken under consideration for the benefit of both your business and the overall Casascius community. 

[1702307336]

1702307336

[1702307336]

1702307336

[1702307336]

1702307336

[casascius]

Mike, I feel like the best thing to do would be to implement on your website a proof of ownership system of the coins.

Keep in mind that the purpose of a Casascius Coin is an educational tool and functional proof of concept, aside from the collectible the market has decided it also is... and not intended to be money or a currency.  Although "trust in Mike Caldwell" is an important element of my product, the trust extends to my assertion that the coin contains the only copy of the correct private key as promised (and that I've taken adequate steps to ensure the keys are unreproducible, sufficiently random, and not duplicated).  I'm not a bank, and I feel implementing a system like that is far out of scope of my project.

[zipmaster]

Mike, I disagree. You wouldn't be performing the role of a bank. Guaranteeing the chain of ownership of the coins is a logical extension of your "trust in Mike Caldwell" product. Furthermore, following with the educational philosophy, you'd be incentivizing people to accept and understand the fundamental concept of a digital signature: a "technology" foundational to the premise of bitcoin itself.

[nubbins]

Mike, I disagree. You wouldn't be performing the role of a bank. Guaranteeing the chain of ownership of the coins is a logical extension of your "trust in Mike Caldwell" product. Furthermore, following with the educational philosophy, you'd be incentivizing people to accept and understand the fundamental concept of a digital signature: a "technology" foundational to the premise of bitcoin itself.

Of all the coins I've sold (and there have been many), only ONE buyer has taken me up on the offer to extend the chain of custody.

Bank or not, what you're asking him to do is pour tens of thousands of dollars and countless hours of effort into something that most people don't even want.

Buyers who want a chain of custody can find a seller that provides it -- I can think of several off the top of my head. Buyers who don't want a chain of custody can carry on as usual. It's not Mike's responsibility to track down every coin he's sold through a labyrinth of ownership in order to provide a service that most people don't care about.

[zipmaster]

Nubbins, how did you extend the chain of custody on your coin?

[nubbins]

Nubbins, how did you extend the chain of custody on your coin?

Easy peasy. I take Mike's signed document, append text after his signature that identifies the new buyer, and sign the whole thing with my key.

For sake of illustration, Mike's original document is in blue, and mine is in red.

---Begin PGP doc---
- ---Begin PGP doc---

I, Mike Caldwell, sent coins a,b,c to nubbins,
and his PGP fingerprint is ABCD EFGH.

See attached document scanned-coins.pdf
with MD5 checksum blahblah

- ---Begin PGP sig---
234C%#@4fv524 <---PGP signature for Mike's key
- ---End PGP sig---

I, nubbins, sent coin b to zipmaster,
and his PGP fingerprint is IJKL MNOP.

---Begin PGP sig---
@%$Y#H/Rgef4e <---PGP signature for my key (ABCD EFGH)
---End PGP sig---

Then I just take this block of text and scanned-coins.pdf and send them along to the new owner.

[Possum577]

This would work, it's just like signing over a check to a third party by endorsing it on the back and then handing it over to the third party.

Nubbins, how did you extend the chain of custody on your coin?

Easy peasy. I take Mike's signed document, append text after his signature that identifies the new buyer, and sign the whole thing with my key.

For sake of illustration, Mike's original document is in blue, and mine is in red.

---Begin PGP doc---
- ---Begin PGP doc---

I, Mike Caldwell, sent coins a,b,c to nubbins,
and his PGP fingerprint is ABCD EFGH.

See attached document scanned-coins.pdf
with MD5 checksum blahblah

- ---Begin PGP sig---
234C%#@4fv524 <---PGP signature for Mike's key
- ---End PGP sig---

I, nubbins, sent coin b to zipmaster,
and his PGP fingerprint is IJKL MNOP.

---Begin PGP sig---
@%$Y#H/Rgef4e <---PGP signature for my key (ABCD EFGH)
---End PGP sig---

Then I just take this block of text and scanned-coins.pdf and send them along to the new owner.