Bitcoin Forum
December 06, 2016, 12:31:25 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Announcing BCCAPI  (Read 6824 times)
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 13, 2011, 05:08:14 PM
 #1

The BCCAPI (BitCoin Client API) is a java library designed for making secure light-weight bitcoin clients. The BCCAPI connects to a server that holds the block chain, and which tracks the client’s wallet balance. The server only has knowledge of the clients public keys, and is in no position to spend funds owned by the client’s wallet.

Features include:
  • Deterministic private keys
  • No backup needed. No wallet.dat file
  • Low bandwidth
  • Low CPU usage
  • Server cannot spend your coins
  • Open source
  • Free service, running on donations

Simply put the API is designed for making it easy to create light-weight secure Bitcoin wallets for handheld devices.

The sources include a very simple console based client, that shows how to use it. I am not an Android developer, and my hope is that the community will pick this up and make some great apps.

More information and the source: http://code.google.com/p/bccapi/wiki/WhatIsTheBCCAPI

Support the BCCAPI: 143SikKpjzwhBy5Z7Qg5knu5nKXWExSqQi

Mycelium let's you hold your private keys private.
1481027485
Hero Member
*
Offline Offline

Posts: 1481027485

View Profile Personal Message (Offline)

Ignore
1481027485
Reply with quote  #2

1481027485
Report to moderator
1481027485
Hero Member
*
Offline Offline

Posts: 1481027485

View Profile Personal Message (Offline)

Ignore
1481027485
Reply with quote  #2

1481027485
Report to moderator
1481027485
Hero Member
*
Offline Offline

Posts: 1481027485

View Profile Personal Message (Offline)

Ignore
1481027485
Reply with quote  #2

1481027485
Report to moderator
Each block is stacked on top of the previous one. Adding another block to the top makes all lower blocks more difficult to remove: there is more "weight" above each block. A transaction in a block 6 blocks deep (6 confirmations) will be very difficult to remove.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BitcoinBug
Full Member
***
Offline Offline

Activity: 196


View Profile
August 13, 2011, 09:22:20 PM
 #2

Great stuff, might be "the thing" to build smartphone apps on. Wallet on the phone with blockchain on server is the best combination IMO. In what stage is this project?
bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW
August 13, 2011, 09:49:50 PM
 #3

This looks pretty cool, nice work Smiley

I doubt I'll have time to make an Android client from this, but I'd be more than happy to test one!
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 14, 2011, 05:52:32 AM
 #4

In what stage is this project?

The project is in the beta testing stage. There is a text-based console client implemented on top of the API, which allows you to connect to the production net or test net, and send/receive coins. I know that text-based UI sucks, but UI is not what I am good at. I need an Android developer grab this and make a cool app.

More info: http://code.google.com/p/bccapi/

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 14, 2011, 06:30:48 AM
 #5

This looks pretty cool, nice work Smiley

I doubt I'll have time to make an Android client from this, but I'd be more than happy to test one!

Thanks.
There is a text-based client that You can test right away: http://code.google.com/p/bccapi/wiki/SimpleClient

Mycelium let's you hold your private keys private.
amincd
Hero Member
*****
Offline Offline

Activity: 772


View Profile
August 14, 2011, 07:27:44 AM
 #6

I've added this to the Bitcoin wiki's client page:

https://en.bitcoin.it/wiki/Software#Bitcoin_clients

I copied and pasted the description you provided here.
LightRider
Legendary
*
Offline Offline

Activity: 1488


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
August 14, 2011, 08:00:37 AM
 #7

Thanks, looking forward to some useful clients now.

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
jav
Sr. Member
****
Offline Offline

Activity: 249


View Profile
August 14, 2011, 08:14:46 AM
 #8

This looks very interesting! Thanks for releasing this.

Can you say a little bit more about the server side? Is that part open source as well? And is it based on the Satoshi client or have you reimplemented the Bitcoin protocol yourself for the server side?

Hive, a beautiful wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit. Tweets @hivewallet. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn.
DownloadCoin.com
Newbie
*
Offline Offline

Activity: 14


View Profile WWW
August 14, 2011, 11:25:36 AM
 #9

I've been waiting for somebody to create something like this for a while. I expect that eventually it will be commonplace for people to use clients that are retrieving the blockchain from elsewhere rather than downloading and storing it on their computer.

DownloadCoin.com (http://www.downloadcoin.com) - An easy way to sell digital content for Bitcoin.
Follow us on Facebook (http://www.facebook.com/pages/DownloadCoin/203738293016926) and Twitter (http://www.twitter.com/DownloadCoin).
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 14, 2011, 06:04:50 PM
 #10

This looks very interesting! Thanks for releasing this.

Can you say a little bit more about the server side? Is that part open source as well? And is it based on the Satoshi client or have you reimplemented the Bitcoin protocol yourself for the server side?

The server side uses BitcoinJ for keeping track of the block chain. While developing the server side I have found a few bugs in BitcoinJ, and have participated in fixing those for everybody's benefit. The server side is however not as clean and well documented as the client side, and I am not ready to make the server side open source. At least not yet.

Mycelium let's you hold your private keys private.
ffe
Sr. Member
****
Offline Offline

Activity: 297



View Profile
August 14, 2011, 08:01:00 PM
 #11

Beautiful. Thanks for doing this!
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
August 14, 2011, 08:05:31 PM
 #12

now this is exactly what i wanted to be made, and you done it. (although my idea was never original in any way)

TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
August 14, 2011, 10:09:52 PM
 #13

You should say "Zero backup needed", otherwise it sounds like a negative point.

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
August 15, 2011, 02:00:54 AM
 #14

will any server software be released to the public, so we can run internal servers.

Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 15, 2011, 06:01:08 AM
 #15

You should say "Zero backup needed", otherwise it sounds like a negative point.
Good point. Fixed.

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 15, 2011, 06:11:50 AM
 #16

will any server software be released to the public, so we can run internal servers.

No. At least not yet.My top priority is to get an easy, stable and safe way of handling bitcoins. And who knows, maybe I can make a dime or two on providing this service going forward. As noted on the wiki, my goal is to provide this for free, and running it on donations. If this is not enough for paying the Rackspace bills I may add the option of paying a small fee for getting connected to a priority server, which provides faster/extended service.

Mycelium let's you hold your private keys private.
Dusty
Hero Member
*****
Offline Offline

Activity: 722


Libertas a calumnia


View Profile WWW
August 15, 2011, 06:38:19 AM
 #17

Hello Jan and congratulations for this project, I'll watch it very close Smiley

I would like to better understand this:
Deterministic private keys
While I find this a very intriguing concept, does this means that the password can't be changed?

I mean: if the password is leaked may I simply change the password or the needed procedure is to create another wallet and transfer the funds there?

Thanks

Articoli bitcoin: Il portico dipinto
Xephan
Jr. Member
*
Offline Offline

Activity: 42


View Profile
August 15, 2011, 07:35:30 AM
 #18

Hello Jan and congratulations for this project, I'll watch it very close Smiley

I would like to better understand this:
Deterministic private keys
While I find this a very intriguing concept, does this means that the password can't be changed?

I mean: if the password is leaked may I simply change the password or the needed procedure is to create another wallet and transfer the funds there?

Thanks

There's a thread on deterministic wallets. Basically this prevents the lost of wallets as long as you have the original private key, every subsequent key can be regenerated from it, unlike the current process.

The drawback here is the possibility of your transactions being monitored (and possibly abused) once somebody manages to figure out what is yours. As always it's a trade-off between security and convenience.

186q9YUW3x8TVHC5aYBEqgZZYMxft8Cw9f
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 15, 2011, 08:00:46 AM
 #19

Hello Jan and congratulations for this project, I'll watch it very close Smiley

I would like to better understand this:
Deterministic private keys
While I find this a very intriguing concept, does this means that the password can't be changed?

I mean: if the password is leaked may I simply change the password or the needed procedure is to create another wallet and transfer the funds there?

Thanks

Sorry, but the answer got quite long, please bear with me.

There is both a passphrase, salt, and a password (or PIN if you like) in play.

First time you start the client it asks for a passphrase and a salt. The passphrase should be long, secret and hard to guess. The salt should be a value that is easy to remember and preferably unique (I suggest you use your email address, which has these properties). The passphrase and salt are used for calculating the seed for a pseudo random number generator (PRNG). This calculation in complex and takes about 2 minutes on a decent Android device, and a few seconds on a standard desktop computer. It is based on Scrypt (http://www.tarsnap.com/scrypt/scrypt.pdf), which is designed for being hard to brute force using dedicated hardware.

Once the seed is calculated we can go ahead and generate private keys using the random generator. The nice thing about the PRNG is that if you use the same seed you generate the same series of keys. So the only thing we need to backup is the seed. Since the seed is generated deterministically from the passphrase and salt we do not need to back it up as long as we can remember those values.

Now, entering the passphrase and salt every time you launch the client is cumbersome, and on a slow device it will take rather long time to calculate the seed. Therefore the SimpleClient asks the user for a password (which could be shorter than the passphrase), which is hashed with the salt and used for encrypting the seed. The encrypted seed is stored on the device along with the salt. Next time the client is launched it simply asks for the password and decrypts the seed.

So how come the password can be shorter than the passphrase? The password can only be attempted brute forced if the seed file is leaked (stored on your device). The seed or passphrase+salt can be attempted brute forced once someone sees one of your transactions. However if the passphrase is long enough and your salt unique it will take until the end of the universe to do so.

Short answer:

  • If your passphrase + salt is leaked anyone can get to your bitcoins. (The passphrase is not stored anywhere in the SimpleClient)
  • If you password is leaked you are safe as long as your encrypted seed file is safe. Change your password and you are good. (The password is not stored anywhere in the SimpleClient)
  • If your encrypted seed file is leaked you have a window to move your coins to another wallet. It will take some time to brute force your password and reach the seed. You need to create a new wallet using a different passphrase.

Using the BCCAPI you can make a client that does not store the seed at all. This is uber secure as everything is handled in memory. However, the user will have to enter the passphrase and salt every time the client is launched, and spend the time it takes to calculate the seed. This could however be an option for a client with two accounts.
  • The one with small change, which uses a short password.
  • The one with large amounts, which uses a long passphrase + salt.



Mycelium let's you hold your private keys private.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2128



View Profile
August 15, 2011, 08:19:30 AM
 #20

Hmmm. Salted seeds, yummy!

Joke aside: this is awesome, Jan! Hadn't heard of the deterministic wallet idea up until now. It makes huge sense and seems secure to me.

It was clear something like this had to be done. Congrats and a donation for actually doing it!


PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!