ThoughtCoin

[MrJoshua]

Let’s say a person is in danger of being kidnaped, or put in jail. Before going in he memorizes a number of pass phrases such as:

“here is an account with 100 btc”
“here is a different account, with 1000 btc”
“this is my ransom account with 5000 btc in it”
“this is my nest egg account with all my money”
“I’ll pay you this passphrase in advance”
“and I’ll pay you this passphrase once I’m out”

(these are bad passphrases, just examples)

He computes the public addresses of these phrases using the process discussed here:
https://forum.bitcoin.org/index.php?topic=28877.0

He then memorizes the firstbits for each public address, and transfers bitcoins into them.

Once captured or imprisoned he can still receive money, show the balance of each account (but not prove he controls them), and pay the entire balance of any account to someone without any access to a computer.

He can even confirm he has been paid into an account if he is allowed to call random phone numbers until he reaches someone who will go to http://blockexplorer.com/ and read off the balance of one of the firstbits accounts (anyone known to him or the captor is unreliable).

If he has enough accounts memorized he can even conduct some amount of business, paying and being paid, receiving ‘change’ etc.

And, of course, any accounts that he does not give away still have the money when he gets out.

Granted if people knew you had a ThoughtCoin account then you’d be incentivizing kidnapping weirdly becoming the hostage and the payment, and helping people in jail bribe their way out is probably not a good thing.  But it makes me wonder what else could you do with ThoughtCoins.  For example, what would be the minimum set of crypto primitives you’d have to memorize to be able to generate your own public keys or transactions with only say pin and paper or a calculator.  Would sha256 be enough?

j

[1714890066]

1714890066

[1714890066]

1714890066

[1714890066]

1714890066

[1714890066]

1714890066

[fabianhjr]

Quite easy to bruteforce, and you don't need to query any site. Just patch your client and get every address in existence. Then just generate random phrases/dictionary attack. You could end with a fortune quite quickly.

[MrJoshua]

Quite easy to bruteforce, and you don't need to query any site. Just patch your client and get every address in existence. Then just generate random phrases/dictionary attack. You could end with a fortune quite quickly.

Not really.  You would have to pick good passphrases, as I said mine where just examples, you could include symbols and numbers, whatever you like it's your passphrase.

Also if you are in prison you have no client to 'patch'.  If you have access to a reliable client then ThoughtCoins are not required.

[fabianhjr]

No that  is for an attacker attempting to attack you.

Though now that I reconsider it, you meant more like passwords? I have this bad feeling many will just use password or any other dumb shit and forget about it. :/

[Leon]

Let’s say a person is in danger of being kidnaped, or put in jail. Before going in he memorizes a number of pass phrases such as:

“here is an account with 100 btc”
“here is a different account, with 1000 btc”
“this is my ransom account with 5000 btc in it”
“this is my nest egg account with all my money”
“I’ll pay you this passphrase in advance”
“and I’ll pay you this passphrase once I’m out”

(these are bad passphrases, just examples)

He computes the public addresses of these phrases using the process discussed here:
https://forum.bitcoin.org/index.php?topic=28877.0

He then memorizes the firstbits for each public address, and transfers bitcoins into them.

Once captured or imprisoned he can still receive money, show the balance of each account (but not prove he controls them), and pay the entire balance of any account to someone without any access to a computer.

He can even confirm he has been paid into an account if he is allowed to call random phone numbers until he reaches someone who will go to http://blockexplorer.com/ and read off the balance of one of the firstbits accounts (anyone known to him or the captor is unreliable).

If he has enough accounts memorized he can even conduct some amount of business, paying and being paid, receiving ‘change’ etc.

And, of course, any accounts that he does not give away still have the money when he gets out.

Granted if people knew you had a ThoughtCoin account then you’d be incentivizing kidnapping weirdly becoming the hostage and the payment, and helping people in jail bribe their way out is probably not a good thing.  But it makes me wonder what else could you do with ThoughtCoins.  For example, what would be the minimum set of crypto primitives you’d have to memorize to be able to generate your own public keys or transactions with only say pin and paper or a calculator.  Would sha256 be enough?

j

lol what the..

[MrJoshua]

you meant more like passwords?

Yes basically.

http://en.wikipedia.org/wiki/Passphrase

j

[MrJoshua]

I thought of another thing.

Because of thoughtcoins the bitcoin client doesn't need to encrypt or even store your private key.  It could just dynamically build it from your passphrase for every 'spend' transaction, only into memory and only for as long as is needed to build the transaction. There's no key to steal.

It's a bit like "Deterministic wallets"

http://forum.bitcoin.org/index.php?topic=19137.0

j

[jago25_98]

To be honest I think I need a proof of concept or a diagram to understand this. I can't see how the private key isn't needed, or is generated...

Even so, I guess if people can memorise phone books perhaps they could memorise wallet.dat!

[MrJoshua]

Even so, I guess if people can memorise phone books perhaps they could memorise wallet.dat!

That's exactly what's amazing to me about this.  You don't need to memorize a wallet.dat.  It's just a passphrase and five or six characters of the public key, the firstbits. That's all you have to remember.

This isn't theoretical it works right now.  It isn't integrated with the client yet, but it easily could be.

Over on this thread https://forum.bitcoin.org/index.php?topic=28877.0

casascius used this phrase to generate a private key:

"This string contains 0.25 BTC hiding in plain sight."

And stored 0.25 BTC in that address.  

EricJ2190 enumerated the steps later in the thread:

Step-by-step guide to claiming coins, easy mode:

Step 1: Create a new bitcoin wallet.
Start bitcoin with a fresh wallet to keep from polluting your current wallet with these addresses. You can do this by temporarily moving your wallet.dat out of your bitcoin data directory, or by making bitcoin use a new data directory. The step is optional but highly recommended.

Step 2: Hash the string using SHA-256 to get the hex private key.
Go to http://www.xorbin.com/tools/sha256-hash-calculator and enter the string. For example, "Damnesia" gives "58c00ef49f161ac94e40cde5106227e09a6dc1840cf601c877b48d9ccc7ebdbe". This is your private key in hexadecimal form.

Step 3: Convert the hex to base58 bitcoin private key format.
Go to http://blockexplorer.com/q/hashtoaddress/x/80 replacing "x" with the hex private key. This tells BBE to encode a bitcoin address of version 80, which is used for private keys. For our example above, we'd go to http://blockexplorer.com/q/hashtoaddress/58c00ef49f161ac94e40cde5106227e09a6dc1840cf601c877b48d9ccc7ebdbe/80 . This gives us the encoded private key of "5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs".

Step 4: Import the private key into your bitcoin wallet.
If you can build or obtain a copy of bitcoin with sipa's importwallet, start bitcoind (or bitcoin -server) and run "bitcoin importkey y" where y is the base58-encoded private we just created. Now just wait for it to finish scanning the block chain for transactions. If you can't get a patched client, get Python and pywallet. Stop bitcoin altogether and run "python pywallet.py --importprivkey=y" where y is the base58-encoded private key. Run bitcoin -rescan.

Step 5: Send the coins to your main wallet.
Send yourself the coins so nobody else can claim them. Once you get a confirmation or two, the coins are yours and you can close bitcoin and switch back to your primary wallet. Have fun!

He uses some web sites, but actually you can do this entirely on a computer that is not connected to the internet.

This means that private keys can be easily memorized as passphrases, and as I pointed out above these passphrases have very interesting properties, and maybe even more then I've figured out so far, but even so just the ability to NEVER have a copy of a savings account key on any computer anywhere is a pretty big deal.  YOU NEVER NEED TO HAVE YOUR SAVINGS ACCOUT WALLET FILE ENCRYPTED AND BACKEDUP ANYWHERE.  You could of course have a number of accounts stored in your wallet file that you don't have to remember, but the savings account could just be your passphrase.  You could get access to it at any computer with bitcoin installed and it can't be brute forced because it's IN YOUR HEAD!

(An attacker could start trying to brut force the entire passphrase keyspace, so you should use a reasonably strong passphrase).

j

[MrJoshua]

You could even have a little portable "change" wallet that you could use at restaurants and shops.  Meaning you could quickly pay for things with just your passphrase.

You'd be revealing your private key to a device you don't control, so you'd want it to be a small change wallet not your savings account and the shop owner would have to use some type of commercial terminal with security certifications that costumers trust.  Still it can be done.  You can carry your wallet with you with no electronic devices whatsoever.  No real wallet in your back pocket for that matter.

j