"Watching-only" wallets/accounts. Using a deterministic wallet on an offline computer, only pass the public key of the first address and the "chaincode" to your primary (online) computer. Using some crypto-magic, this allows the online computer to generate a new address for the offline computer without actually needing any of the private keys. The private keys never touch the internet, yet you can create addresses and confirm payments from your primary computer! (The chaincode is sensitive for privacy purposes, but not security purposes--if this chaincode is compromised, someone could figure out that all the addresses are related, but can't get access to the money).
This is more or less what the BCCAPI allows you to do. The main differences are:
- clients built on top of the BCCAPI upload each public key they want the server to monitor, rather than letting the server determine the public keys using a "chaincode".
- the server is not one that you run yourself.
The obvious drawback is that the server will know the relation between the public keys you upload. The big benefit is that you do not need to run and maintain a server, and the client app gets to have minimal memory/communication footprint. IMO this makes the client perfect for the mobile consumer market.
Easy transfer of blockchain data to offline computer, and completed/signed transactions back to online computer. If your private key never touches the network, but it's not too cumbersome to send money from that account, BTC security gets a major upgrade.
This is what the BCCAPI does. The client can create a request (binary blob of data) for the server to return a SendCoinForm (binary blob of data) for some amount of coins. The SendCoinForm is basically an unsigned transaction. The client can then sign the form and send it to the server, which in turn validates and broadcasts it. Even though the BCCAPI was meant for Android phones you could write a simple client on top of it and use USB sticks to send the blobs back and forth.
Extreme keystretching for encrypted online wallets. Your private keys are protected by encryption based on a passphrase. But in order to get from the passphrase to the encryption key, it must be hashed/mangled 10 million times. This means it will take on the order of 1-2s just unlock your wallet, which is acceptable for the user who enters the correct passphrase every time. But for an attacker, he's gotta do 10 million hashes/operations just to brute-force-check 1 key. This makes even simple passphrases much difficult to brute force, as it could take the attacker hours to test a million passphrases instead of seconds.[/li][/list]
The BCCAPI uses scrypt (http://www.tarsnap.com/scrypt/scrypt.pdf
) to achieve this, which puts constraints on both CPU and memory bandwidth, making a hardware based attack extremely expensive.
Linking of phone accounts to computer accounts. Computer has smartphone private keys but won't use them unless the user hits the "HELP!" button. The wallet can then monitor/refill the phone account, and if the device is lost, the program can empty the money that was on the phone into non-phone addresses. With key-stretching above, you only need to hit the HELP! button within a 1-10 days of losing your phone to re-secure your funds.
Since the wallet is deterministic you can recreate the private keys from your passphrase on any device (phone/computer) and move the funds elsewhere.