Idea for backup mechinism (anonymous-p2p)+repository of(unwanted)bitcoin wallets

[we6jbo]

I was reading the wiki on Bitcoin and how it's important to backup the wallet. I also read that there may be a future mechinism for backing up the wallet. I was thinking if for some reason your computer was ceased or there was an unfortunent end to all of your wallets including any backups then as a last resort what if your wallet could be restored as long as you had your private key. One way of doing this would be to implement something like anonymous-p2p(http://anonymous-p2p.org/). In the anonymous-p2p network participating computers act to store parts of your data on their computer system. Even if your own computer were to go down I believe someone visiting your page would still be able to get the content by fetching it off of other computer systems. What if bitcoin could do this by taking your wallet, encrypting it and then sending pieces of the encrypted content to other bitcoin nodes. Something like this [Yourwallet -> (You encrypt your wallet) -> Yourencryptedwallet -> (You send part of your encrypted wallet to a Bitcoin node) -> BitcoinA Node(has part of the encrypted wallet file) ->  (You send part of your encrypted wallet to another Bitcoin node) -> BitcoinB Node (has part of the encrypted wallet file)]. This way of you lost your wallet, as a last resort you would still be able to ask the bitcoin network if anyone has parts of your encrypted bitcoin wallet and then you'd be able to get that, put it together, decrypt it and have your bitcoins. One last thing, there would need to be a way to tell each bitcoin node if the person no longer wants their wallet or if the wallet has expired. One way of doing this would be to include an expiration date but you could also have an on expiration send encrypted bitcoin wallets to this central bitcoin node for semi permanent storage. In addition, owners of the bitcoin wallet could send a status message telling the nodes that it no longer wants the encrypted bitcoin wallet stored in which case the wallet would be permanently deleted. Something like this [Yourwallet -> (You encrypt your wallet) -> Yourencryptedwallet -> (You send part of your encrypted wallet to a Bitcoin node) -> BitcoinA Node(has part of the encrypted wallet file and will send the contents to BitcoinC node(a community agreed upon central storage of encrypted bitcoin wallets) if the date[Jan 1 2012 passes] ) ->  (You send part of your encrypted wallet to another Bitcoin node) -> BitcoinB Node (has part of the encrypted wallet file and will send the contents to BitcoinC node(a community agreed upon central storage of encrypted bitcoin wallets) if the date[Jan 1 2012 passes])]. Before Jan 1 passes you sends a status message to everyone stating that you no longer want your encrypted bitcoin wallet stored and therefore BitcoinA and B deletes the encrypted contents or jan 1 passes and BitcoinA and B sends the encrypted bitcoin wallet to BitcoinC.

[1715342702]

1715342702

[1715342702]

1715342702

[genjix]

sudo aptitude install python-m2crypto git
  git clone git://github.com/genjix/sekureco.git
  cd sekureco
  ./sekureco help


Enjoy.
https://github.com/genjix/sekureco

[we6jbo]

The code looks good. I'd still like to see the encrypted files stored remotly because one of the problems that I see is that running bitcoin is like holding money in your house. If your house burns down or your computer crashes all that cash goes with it. In my own setup I have setup multiple ways of backing up my wallet however I think that if bitcoin nodes are willing to store transactions of the bitcoins then I'd think that they could in additionally store partial encrypted wallets too.

[Natanael]

Here's my take on the idea:

1: Your wallet is encrypted. There are multiple options. The primary options are two, asymmetric or symmetric. More on this later.

2: Your ecrypted wallet is split into numbered pieces. Probably 64k per piece. A wallet of, let's say, 512 kb would be 8 pieces. Each piece are given a label consisting of one random string + piece number, the random number would preferably the public key of the wallet owner.
Example label: 1GJKkkdc6cnriW6CFsi2gxrTME1CJzcfpo-01
To prevent spammers from uploading a billion intentially wrong pieces with the same label as yours you would sign each piece cryptographically so that you can verify that they are yours at download. You would also include a date stamp.

3: The pieces are uploaded. Everybody would store such pieces. Since the labels include the public keys from the keypair that was used to generate the signatures, each node could discard pieces with labels that do not match the signature of the piece. This prevents spammers from flooding the network with bad pieces and thus makes it easier to get the right ones at download.

4: When you download your pieces you make a request for pieces labels with your public key. You check the date stamp and verify the signature. Then you decrypt it.

Regarding encryption:

Option 1 - asymmetric encryptions like RSA (PGP and GPG):
Advantages: You don't have to enter the password every time or store it in plaintext on the machine that encrypts the wallet and uploads them. All you need on the computer is the public key of the key pair to encrypt. You only need the private key and password when decrypting after fetching your pieces. The private key can be a 4096 bit RSA key that is stored in a safe box in a bank once while the wallet still is just as usable as before and you can make backups continously.
Disadvantages: You must back up your private key seperately. There is no point in doing this in the network too, then you'd lose most of the advantages compared it has over symmetric encryption. You could just as well use symmectric encryption if you have no good way to back up the private key.

Option 2 - symmetric encryption like AES:
Advantages: You don't need to keep track of any key files. All you need is the password that you remember in your head. The password would be used as a key by hashing it with SHA256 (which is considered very strong).
Disadvantages: You need to enter your pass every time you start your miner or it has to be stored in plaintext. If your password sucks then it WILL be broken quickly since all an attacker need is your public key (and since you put this as a label on your pieces it's easy to get) and then start to bruteforce the pass. If you use the same password for it as for your email/facebook/whatever and *ever* have mentioned your public key in email/facebook/whatever, then *THAT IS ALL* an attacker need to "e-swipe" your wallet! If any of those sites are hacked and your pass is leaked, YOU HAVE LOST YOUR BITCOINS IN SECONDS! Do NOT use the same password for this as for anything else!

Note that for symmetric encryption you should still have an asymmetric keypair to sign the pieces before uploading, but at the recovery stage only the public key is needed and only needed to identify and authenticate your own pieces.

Summary: Wallets are split in pieces, are encrypted, signed and uploaded. Nodes that store them check the signature aginst the uploaded encrypted piece so that bad (spammer) pieces can be discarded (this don't have to be done every time, maybe for every 3rd piece to save CPU?). To get them for recovery you send a request for pieces with your public key. You verify them, assemble them, and then decrypt them to get your wallet file. With RSA you need the private key and the pass, with AES you only need a pass (different advantages and disadvantages).

[deadlizard]

what if your wallet could be restored as long as you had your private key

correct me if I'm wrong but isn't the wallet.dat your private key

[Natanael]

It contains a bunch of bitcoin related keypairs, yes. But my suggestion involves a backup related keypair that is dedicated to backup, not part of the bitcoin protocol.