A thought experiment: PROVE you own a bitcoin

[Spendulus]

How would you prove it?

The bitcoin might be in an online wallet, a hardware wallet, a software wallet, or a paper wallet. You pick.

Here are some ideas to start.

A. Show a public key that has the bitcoin.
B. Show a public key that has the bitcoin, and show that you can move a token amount to and from this address.
C. Show a public key that has the bitcoin, and you  move 1 bitcoin to a new address.
D. Transfer the bitcoin to a wallet that is multi-key, the person that wants to know has part of the key.
E. Show the requestor your private key and it's value therein.
F. Transfer to bitcoin to a Reputable and Esteemed Holder of Assets, such as a Swiss Bank, who would then Vouch for Your Bitcoin.
G. The person asking for proof is required to have Faith that you have correctly stated you have a bitcoin.

LOL - on the last two....

Now if you have difficulty, don't despair. You are certain to have LESS DIFFICULTY than a nation has proving they have value in their paper money.

Hint: The correct answer is not listed above.

[ranochigo]

Its inherently difficult to prove the sole ownership of your Bitcoins. A,B,C,E,F,G requires trust on either or both of the party and D just won't be sufficient.

The most accurate way is to sign a message with the address and the message must contain relevant information. However, this would just prove that you could have control of the address and the BTC associated with it. It is of course, possible for them to get someone else to sign a message using their address.

[achow101]

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

[Spendulus]

Its inherently difficult to prove the sole ownership of your Bitcoins. A,B,C,E,F,G requires trust on either or both of the party and D just won't be sufficient.

The most accurate way is to sign a message with the address and the message must contain relevant information. However, this would just prove that you could have control of the address and the BTC associated with it. It is of course, possible for them to get someone else to sign a message using their address.

C does not require trust, does it?

A person verifies a public address, then he sees that one bitcoin has moved to a new address, that was previously specified by you.

There is no way he could know whether you were the sole owner of the old address.

Now, how could a proof be devised that you owned the new address?

[achow101]

C does not require trust, does it?

A person verifies a public address, then he sees that one bitcoin has moved to a new address, that was previously specified by you.

There is no way he could know whether you were the sole owner of the old address.

Now, how could a proof be devised that you owned the new address?

Just send back to the same address. No need for a new address and it proves that you have the private key for that address and can move coins associated with it.

[nc50lc]

Paper Wallet? Show an edited picture of the printed paper wallet with covered private key and prvkey's QR code.
There are too many workaround to fake this like printing a bitcoin-loaded address paired with a random prv key but,
Paper Wallets' private keys are meant to be hidden and offline, the user didn't want to tell others that he own a bitcoin in the first place.

With this, leave Paper Wallets out of the available options.

LOL - on the last two....

No, LOL to this:

E. Show the requestor your private key and it's value therein.

Other wallets? achow101 already replied with the best answer.

[Karartma1]

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys

[nc50lc]

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys

"my UTXOs"; UTXOs contains Bitcoins, "my" means yours: You have Bitcoins, In other words.

Alright, you're trying to say that there are no bitcoin addresses in the network which most of us are claiming as "in their possession" and the private keys are the only "controller" of the funds.  

[Spendulus]

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

Yes, that's the correct answer.

Paper Wallet? Show an edited picture of the printed paper wallet with covered private key and prvkey's QR code.
There are too many workaround to fake this like printing a bitcoin-loaded address paired with a random prv key but,
Paper Wallets' private keys are meant to be hidden and offline, the user didn't want to tell others that he own a bitcoin in the first place.

With this, leave Paper Wallets out of the available options.

LOL - on the last two....

No, LOL to this:

E. Show the requestor your private key and it's value therein.

Other wallets? achow101 already replied with the best answer.

Yes, (E) is pretty funny.

Note that I pose both an interesting and practical question. You might want to meet up with someone from Localbitcoins to make a purchase, or want to sell something with bitcoin. Is the other party capable of making the transaction?

It's not uncommon in many transactions to require "show proof of funds."

[Spendulus]

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys

This is an important distinction, but in the context of the question, the problem simply shifts to "Prove you hold keys."

Like, "Dude. If you think I'll drive 50 miles to trade my riding lawnmower for your bitcoins, you gonna have to show me you have them first."

[DannyHamilton]

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

This is insufficient.

It requires more than simply "any signed message".  The mesage MUST be phrased in such a way that it is extremely unlikely that someone else could be tricked or convinced into signing the message for the person claiming to hold the bitcoins"

If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:

Code:

As of 2018-05-16 this address contains at least 1 BTC

Then Achow101 could forward to me the message that Spendulus has signed.


Furthermore, a signed message only demonstrates that you are ONE of the people that have access to the bitcoins.  It does not prove that you have SOLE access.

I don't think there is ANY way to prove that nobody else has access to the coins.

C does not require trust, does it?

It does.

I must trust that you aren't asking someone else to move that bitcoin on your behalf.

[Karartma1]

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys

This is an important distinction, but in the context of the question, the problem simply shifts to "Prove you hold keys."

Like, "Dude. If you think I'll drive 50 miles to trade my riding lawnmower for your bitcoins, you gonna have to show me you have them first."

Kudos  
I tried mine, I'll turn my head around this some more but I don't think I'll come up with your answer. Therefore, I'm waiting for others to crack the code you have here.

[Spendulus]

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

This is insufficient.

It requires more than simply "any signed message".  The mesage MUST be phrased in such a way that it is extremely unlikely that someone else could be tricked or convinced into signing the message for the person claiming to hold the bitcoins"

If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:

Code:

As of 2018-05-16 this address contains at least 1 BTC

Then Achow101 could forward to me the message that Spendulus has signed.


Furthermore, a signed message only demonstrates that you are ONE of the people that have access to the bitcoins.  It does not prove that you have SOLE access.

I don't think there is ANY way to prove that nobody else has access to the coins.

C does not require trust, does it?

It does.

I must trust that you aren't asking someone else to move that bitcoin on your behalf.

I had noticed that when a pre existing private key was in use, there is no recorded history of it's having single or multiple users or "owners." The phrase "no recorded history" is meaningful, because now we must rely on trust.

Hence it appears that any means of proving ownership of a bitcoin must involve  the creation of a new private key.

A wishes to buy something from B with 1 bitcoin, and B asks for proof.

A sits down with B and tries various ways to prove he has coins.

Maybe he logs into Coinbase and shows B the screen.
B raises the objections listed above....

Maybe the answer is something like this.

"Yeah my wife also has access to the account but she also has access to our credit cards and bank accounts. So what? If you had verified those you verified the presence of funds at that instant and you didn't care about multiple people having access to them. Why are you demanding a higher standard here?"

[Coin-Keeper]

If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:

That is true but most experienced BTC users wanting proof would require text that is specific to a transaction they are going to make.  e.g. "Coin-Keeper is able to send 1 BTC to DannyHamilton on May 16 from X address".  At least that is what I would require on a sig scenario where my being convinced is involved.

[RGBKey]

If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:

That is true but most experienced BTC users wanting proof would require text that is specific to a transaction they are going to make.  e.g. "Coin-Keeper is able to send 1 BTC to DannyHamilton on May 16 from X address".  At least that is what I would require on a sig scenario where my being convinced is involved.

Yeah, most people won't sign vague statements, and most people won't accept vague signed statements. They're usually very specific.

[Wind_FURY]

OP, post your seeds on the internet and hope that no one will steal your coins. Hahaha.

But what is the point of this exercise? I believe we should be disproving that we have Bitcoins than prove that we do.

[Kakmakr]

If you do not trust the second party, then just make use of a trusted Escrow. Why would you go through all the trouble to sign a message and not knowing if the owner has sole access to those coins. If the coins were send to a third party, you would be certain that the owner has sole access to those coins. 

The whole point of proof is to make sure that the recipient receive their promised coins, right? This is where the trusted Escrow comes into play. 

 

[HCP]

If you do not trust the second party, then just make use of a trusted Escrow.

I think you're missing the entire point of a "trustless" system...

Why would you go through all the trouble to sign a message and not knowing if the owner has sole access to those coins. If the coins were send to a third party, you would be certain that the owner has sole access to those coins. 

But how do you know that the Escrow (who is now technically the "owner") has sole access to the coins?

The whole point of proof is to make sure that the recipient receive their promised coins, right? This is where the trusted Escrow comes into play. 

But as mentioned, that breaks the entire "trustless" system... you're still having to trust *someone* with something.


You can never really prove "sole" ownership or access to coins... at best you can prove you have the ability to spend coins. Whether or not you have exclusive access is not really the point in the "Ride on Mower" scenario. You just want to be able to provide evidence that you have access to the funds... a (specific) signed message should be adequate in this scenario.

[xIIImaL]

Its inherently difficult to prove the sole ownership of your Bitcoins. A,B,C,E,F,G requires trust on either or both of the party and D just won't be sufficient.

The most accurate way is to sign a message with the address and the message must contain relevant information. However, this would just prove that you could have control of the address and the BTC associated with it. It is of course, possible for them to get someone else to sign a message using their address.

C does not require trust, does it?

A person verifies a public address, then he sees that one bitcoin has moved to a new address, that was previously specified by you.

There is no way he could know whether you were the sole owner of the old address.

Now, how could a proof be devised that you owned the new address?

Some years before we see most of the wallet providers giving the static address to receive the bitcoin from one person to your wallet. Nowadays due to security concern and want to more anonymous most of the wallet providers giving the dynamic wallet address whenever you go to see your bitcoin public address.
However as the above person said, you can use the same address to receive the bitcoin and you can use it to track the complete transaction with the block explorers.

[lianghwajou]

It's impossible to prove ownership without some out of band mechanism because the only relationship maintained by bitcoin network is between bitcoin and (pub/pri) keys. There is no way to tie an id to a key. Even when someone can move bitcoin or sign a message with private key, it still doesn't prove ownership. He can simple ask the owner of the key to do these operations for him.