Bitcoin Forum
July 22, 2018, 10:49:28 PM
 News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 Home Help Search Donate Login Register
 Pages: [1]
 Author Topic: Physical bitcoin counterfeiting problem  (Read 1118 times)
Donator
Sr. Member

Offline

Activity: 452
Merit: 250

 November 21, 2013, 04:24:12 PM

I'm interested in making physical bitcoins in my city, but to really allow people to trade them without risking counterfeit coins, I ran into a problem.

The public key can be viewable on the front of the coin, but how could I possibly prove that the private key, which is hidden on the back similar to Casacicuis' design, actually exists and is the correct private key for the public key displayed on the front? A possible counterfeit would produce multiple coins with the same public key, but either with no private key on the back, or with incorrect/invalid private keys.

Does anyone have an idea on how to solve this problem? Is it possible to display part of the private key to verify that it is in fact the correct key? I was thinking of displaying the first 5 digits of the private key and then using some comparison method, but I'm not sure on the exact capabilities of the algorithim.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1532299768
Hero Member

Offline

Posts: 1532299768

Ignore
 1532299768

1532299768
 Report to moderator
Qoheleth
Legendary

Offline

Activity: 940
Merit: 1005

Spurn wild goose chases. Seek that which endures.

 November 21, 2013, 05:56:57 PM

Does anyone have an idea on how to solve this problem? Is it possible to display part of the private key to verify that it is in fact the correct key? I was thinking of displaying the first 5 digits of the private key and then using some comparison method, but I'm not sure on the exact capabilities of the algorithim.
I don't think this approach is workable. Let's put aside the mathematical difficulties for the moment and say that a method like the one you propose exists. I print many bitcoin certificates, and employ that method. But sometimes, instead of printing the whole private key, I only print the first five digits - the visible portion; the hidden portion of the private key, I still can duplicate or replace with "you got punked" or whatever.

In the end, I think any instrument with hidden information requires trust in the issuer, that the hidden information actually encodes what it purports to encode. Even with zero-knowledge proofs and similar crypto magic, I can't see any way around it.

If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
Donator
Sr. Member

Offline

Activity: 452
Merit: 250

 November 21, 2013, 06:24:57 PM

Does anyone have an idea on how to solve this problem? Is it possible to display part of the private key to verify that it is in fact the correct key? I was thinking of displaying the first 5 digits of the private key and then using some comparison method, but I'm not sure on the exact capabilities of the algorithim.
I don't think this approach is workable. Let's put aside the mathematical difficulties for the moment and say that a method like the one you propose exists. I print many bitcoin certificates, and employ that method. But sometimes, instead of printing the whole private key, I only print the first five digits - the visible portion; the hidden portion of the private key, I still can duplicate or replace with "you got punked" or whatever.

In the end, I think any instrument with hidden information requires trust in the issuer, that the hidden information actually encodes what it purports to encode. Even with zero-knowledge proofs and similar crypto magic, I can't see any way around it.

I think I might have to agree with you, however there might be a "suffciently secure" anti-counterfeiting method that would be extremely challenging to break, something like a QR code that produces an obfusticated version of the private key that can be defusticated via a version of the bitcoin wallet client, however that's considerably more "centralized" than I think is reasonable, if anyone wants to bash brains on this I'll be on IRC tonight at some point.
Ecurb123
Full Member

Offline

Activity: 182
Merit: 100

 November 21, 2013, 07:50:54 PM

Does anyone have an idea on how to solve this problem? Is it possible to display part of the private key to verify that it is in fact the correct key? I was thinking of displaying the first 5 digits of the private key and then using some comparison method, but I'm not sure on the exact capabilities of the algorithim.
I don't think this approach is workable. Let's put aside the mathematical difficulties for the moment and say that a method like the one you propose exists. I print many bitcoin certificates, and employ that method. But sometimes, instead of printing the whole private key, I only print the first five digits - the visible portion; the hidden portion of the private key, I still can duplicate or replace with "you got punked" or whatever.

In the end, I think any instrument with hidden information requires trust in the issuer, that the hidden information actually encodes what it purports to encode. Even with zero-knowledge proofs and similar crypto magic, I can't see any way around it.

I think I might have to agree with you, however there might be a "suffciently secure" anti-counterfeiting method that would be extremely challenging to break, something like a QR code that produces an obfusticated version of the private key that can be defusticated via a version of the bitcoin wallet client, however that's considerably more "centralized" than I think is reasonable, if anyone wants to bash brains on this I'll be on IRC tonight at some point.

The only thing I can think of is to have trust in the brand. If the price over the standard btc price is low enough people will spend them on the network and if the wrong private key is in there or if there are duplicates I think people will let everyone know about that. I guess that can be more of a problem for the really expensive silver coins out there that people rarely spend.
Donator
Sr. Member

Offline

Activity: 452
Merit: 250

 November 21, 2013, 07:57:08 PM

Does anyone have an idea on how to solve this problem? Is it possible to display part of the private key to verify that it is in fact the correct key? I was thinking of displaying the first 5 digits of the private key and then using some comparison method, but I'm not sure on the exact capabilities of the algorithim.
I don't think this approach is workable. Let's put aside the mathematical difficulties for the moment and say that a method like the one you propose exists. I print many bitcoin certificates, and employ that method. But sometimes, instead of printing the whole private key, I only print the first five digits - the visible portion; the hidden portion of the private key, I still can duplicate or replace with "you got punked" or whatever.

In the end, I think any instrument with hidden information requires trust in the issuer, that the hidden information actually encodes what it purports to encode. Even with zero-knowledge proofs and similar crypto magic, I can't see any way around it.

I think I might have to agree with you, however there might be a "suffciently secure" anti-counterfeiting method that would be extremely challenging to break, something like a QR code that produces an obfusticated version of the private key that can be defusticated via a version of the bitcoin wallet client, however that's considerably more "centralized" than I think is reasonable, if anyone wants to bash brains on this I'll be on IRC tonight at some point.

The only thing I can think of is to have trust in the brand. If the price over the standard btc price is low enough people will spend them on the network and if the wrong private key is in there or if there are duplicates I think people will let everyone know about that. I guess that can be more of a problem for the really expensive silver coins out there that people rarely spend.

Yeah, I was trying to think of a clever, futureproof method of distributing physical bitcoins that couldn't easily be spoiled by others counterfeiting, I don't think theres an easy, non-super technical way to do this. I wonder if theres a demand to start producing near cost, plastic bitcoin "tokens" in the 10,100, 1000mbit range in my local, I think it actually works as a loophole to avoid finCEN, but I could be wrong.
Remember remember the 5th of November
Legendary

Offline

Activity: 1722
Merit: 1001

Reverse engineer from time to time

 November 21, 2013, 08:04:18 PM

Does anyone have an idea on how to solve this problem? Is it possible to display part of the private key to verify that it is in fact the correct key? I was thinking of displaying the first 5 digits of the private key and then using some comparison method, but I'm not sure on the exact capabilities of the algorithim.
I don't think this approach is workable. Let's put aside the mathematical difficulties for the moment and say that a method like the one you propose exists. I print many bitcoin certificates, and employ that method. But sometimes, instead of printing the whole private key, I only print the first five digits - the visible portion; the hidden portion of the private key, I still can duplicate or replace with "you got punked" or whatever.

In the end, I think any instrument with hidden information requires trust in the issuer, that the hidden information actually encodes what it purports to encode. Even with zero-knowledge proofs and similar crypto magic, I can't see any way around it.

I think I might have to agree with you, however there might be a "suffciently secure" anti-counterfeiting method that would be extremely challenging to break, something like a QR code that produces an obfusticated version of the private key that can be defusticated via a version of the bitcoin wallet client, however that's considerably more "centralized" than I think is reasonable, if anyone wants to bash brains on this I'll be on IRC tonight at some point.

The only thing I can think of is to have trust in the brand. If the price over the standard btc price is low enough people will spend them on the network and if the wrong private key is in there or if there are duplicates I think people will let everyone know about that. I guess that can be more of a problem for the really expensive silver coins out there that people rarely spend.

Yeah, I was trying to think of a clever, futureproof method of distributing physical bitcoins that couldn't easily be spoiled by others counterfeiting, I don't think theres an easy, non-super technical way to do this. I wonder if theres a demand to start producing near cost, plastic bitcoin "tokens" in the 10,100, 1000mbit range in my local, I think it actually works as a loophole to avoid finCEN, but I could be wrong.
Why not just abandoned the idea of physical Bitcoins altogether?

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Qoheleth
Legendary

Offline

Activity: 940
Merit: 1005

Spurn wild goose chases. Seek that which endures.

 November 21, 2013, 08:12:13 PM

The other approach is to distribute the trust. For example, there's a method which uses 2-of-3 escrow addresses. Each of three parties puts their own private keys under their own security hologram on the back of the bill, and they all share the corresponding public keys, and you generate the public key on the front of the bill from that; for such a bill to be stolen from or bogus, two of the three parties would have to be in collusion. That helps a little, although it's a far cry from total trustlessness.

If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
Ecurb123
Full Member

Offline

Activity: 182
Merit: 100

 November 21, 2013, 08:13:35 PM

Does anyone have an idea on how to solve this problem? Is it possible to display part of the private key to verify that it is in fact the correct key? I was thinking of displaying the first 5 digits of the private key and then using some comparison method, but I'm not sure on the exact capabilities of the algorithim.
I don't think this approach is workable. Let's put aside the mathematical difficulties for the moment and say that a method like the one you propose exists. I print many bitcoin certificates, and employ that method. But sometimes, instead of printing the whole private key, I only print the first five digits - the visible portion; the hidden portion of the private key, I still can duplicate or replace with "you got punked" or whatever.

In the end, I think any instrument with hidden information requires trust in the issuer, that the hidden information actually encodes what it purports to encode. Even with zero-knowledge proofs and similar crypto magic, I can't see any way around it.

I think I might have to agree with you, however there might be a "suffciently secure" anti-counterfeiting method that would be extremely challenging to break, something like a QR code that produces an obfusticated version of the private key that can be defusticated via a version of the bitcoin wallet client, however that's considerably more "centralized" than I think is reasonable, if anyone wants to bash brains on this I'll be on IRC tonight at some point.

The only thing I can think of is to have trust in the brand. If the price over the standard btc price is low enough people will spend them on the network and if the wrong private key is in there or if there are duplicates I think people will let everyone know about that. I guess that can be more of a problem for the really expensive silver coins out there that people rarely spend.

Yeah, I was trying to think of a clever, futureproof method of distributing physical bitcoins that couldn't easily be spoiled by others counterfeiting, I don't think theres an easy, non-super technical way to do this. I wonder if theres a demand to start producing near cost, plastic bitcoin "tokens" in the 10,100, 1000mbit range in my local, I think it actually works as a loophole to avoid finCEN, but I could be wrong.

I think it's a cool idea which I've never thought of before.
Qoheleth
Legendary

Offline

Activity: 940
Merit: 1005

Spurn wild goose chases. Seek that which endures.

 November 21, 2013, 08:16:13 PM

Why not just abandoned the idea of physical Bitcoins altogether?
That depends on how interested you are in widespread adoption. If a physical location is taking bitcoins as payment, it'd be nice for that to keep working in the rare-but-real circumstance of an internet outage. Or to be accessible to consumers whose internet access is not exactly rock-solid.

Of course, there are other endgames for Bitcoin which don't require this sort of thing.

If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
Donator
Sr. Member

Offline

Activity: 452
Merit: 250

 November 21, 2013, 08:32:54 PM

Why not just abandoned the idea of physical Bitcoins altogether?
That depends on how interested you are in widespread adoption. If a physical location is taking bitcoins as payment, it'd be nice for that to keep working in the rare-but-real circumstance of an internet outage. Or to be accessible to consumers whose internet access is not exactly rock-solid.

Of course, there are other endgames for Bitcoin which don't require this sort of thing.

agreed, counterfeit proof physical bitcoins could be easily spread to places where internet access is at a premium, but would like to use a currency that isn't federally controlled. Personally everyone I've talked to have brought up the "I can't hold it in my hand so it isn't real" point, at which point I introduce them to my single 1 BTC casascius coin. However a cascascius coin shouldn't be traded unless you 100% trust your trading partner, as it can easily (and has been) counterfeited.

I'm thinking potentially of an RFID chip that can change ownership from a "handheld" controller, smart property style, however I'm not sure if I'm reaching scope creep here.
casascius
Mike Caldwell
VIP
Legendary

Offline

Activity: 1386
Merit: 1039

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

 November 21, 2013, 09:09:07 PM

It's difficult, period.

<heresy>
Given that the powers that be are starting to give a nod to bitcoin, it may actually be sensible for some organization to issue notes or coins the old fashioned way, which are nothing but promises to redeem for bitcoin, the same way a dollar was once a promise redeemable in gold.  Especially if that org were willing to provide auditable (preferably crypto-based) controls against fractional reserve and they had other assets and an existing reputation at stake (e.g. Google).  The benefit to them would be advertising.
</heresy>

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Donator
Sr. Member

Offline

Activity: 452
Merit: 250

 November 21, 2013, 09:13:34 PM

It's difficult, period.

<heresy>
Given that the powers that be are starting to give a nod to bitcoin, it may actually be sensible for some organization to issue notes or coins the old fashioned way, which are nothing but promises to redeem for bitcoin, the same way a dollar was once a promise redeemable in gold.  Especially if that org were willing to provide auditable (preferably crypto-based) controls against fractional reserve and they had other assets and an existing reputation at stake (e.g. Google).  The benefit to them would be advertising.
</heresy>

I was actually considered this, forming a "bitcoin decentralized bank" that would issue bitcoin "notes" just like how the US used to issue gold notes, I'd be completely ready to work with a group of people internationally on creating a "standard" bitcoin note if there was demand, I have access to a injection mould and could potentially get access to a coin/paper press.

Have you put any research into this casascius? (PS: I actually lost one of your "misprint" coins in the mail I was shipping to a buddy in the UK, oops! there goes ~\$5k)
 Pages: [1]