A thought experiment: PROVE you own a bitcoin

[Spendulus]

It's impossible to prove ownership without some out of band mechanism because the only relationship maintained by bitcoin network is between bitcoin and (pub/pri) keys. There is no way to tie an id to a key. Even when someone can move bitcoin or sign a message with private key, it still doesn't prove ownership. He can simple ask the owner of the key to do these operations for him.

I believe that once could sit down with a computer and another person, and demonstrate to his satisfaction that I have a private key that holds one bitcoin, which nobody else has access to.

This would be by creating a new private key in his presence, in some way where he does not see it or all of it.

Then I would show that I was able to move one bitcoin to the public key of that  address.

Then sign a message from that private key and send it.

But if the other party was not in the same room, but was across the internet, then the proof seems far less certain.

[Spendulus]

....what is the point of this exercise? I believe we should be disproving that we have Bitcoins than prove that we do.

It's impossible to "disprove that you have Bitcoin."

That's an irrefutable hypothesis.

Like...."Disprove that guy walking down the street has a bar of gold."

Cannot be done.

Carrying this a step further, hypothetically, say in a divorce case where it was alleged by one party that the other had one bitcoin.

Wife: He's got two bitcoins! I should get one!

Husband: I have bitcoins? Can you prove that?

[vit05]

....what is the point of this exercise? I believe we should be disproving that we have Bitcoins than prove that we do.

It's impossible to "disprove that you have Bitcoin."

That's an irrefutable hypothesis.

Like...."Disprove that guy walking down the street has a bar of gold."

Cannot be done.

Carrying this a step further, hypothetically, say in a divorce case where it was alleged by one party that the other had one bitcoin.

Wife: He's got two bitcoins! I should get one!

Husband: I have bitcoins? Can you prove that?

The court should do the same procedure it does with the thousands of offshore firms that some people use to hide the money. Demonstrate the path they have taken. At some point, fiat was transferred to an account that in exchange received BTC. This negotiation would need to be demonstrated.

Unless he has memorized the seed entirely in his head, with a search warrant and seizure, after proving the path that the negotiation made, it is quite possible that justice would have access to this portfolio containing the Bitcoins.

Of course, there are still thousands of ways to hinder access to this seed. But a normal person would hardly take such precautions.

https://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers

The hidden owners
Where does the money flowing offshore come from? The information is hard to discover because real owners usually hide behind nominees, people with no real control and no assets in the company who simply lend their signature.

[RGBKey]

...Even when someone can move bitcoin or sign a message with private key, it still doesn't prove ownership. He can simple ask the owner of the key to do these operations for him.

But the thing is that's exactly how you "own" bitcoins, you posses the ability to sign a transaction. You can ask your friends to do a lot of things for you, but there's a line somewhere.

[HCP]

I believe that once could sit down with a computer and another person, and demonstrate to his satisfaction that I have a private key that holds one bitcoin, which nobody else has access to.

This would be by creating a new private key in his presence, in some way where he does not see it or all of it.
...

But how do you prove that the key "generated" is "unique" and that no-one else has access to it?

I know it's a bit of a stupid argument really, because proving the absence of something is always difficult... but just because they see you "generate" it... doesn't mean that someone else doesn't have access. Although given that this is a "thought experiment" and therefore we're free to dream up all sorts of theoretical scenarios... I suppose if you were both in a sealed room with dice and an offline device that could convert the dice rolls to private key/public key/address, you could be fairly certain the key you generated is "unique"... So as long as the other person had no access to a transmitting device, you could send 1 BTC to the address... show the confirmation and they could be fairly certain you had sole access to that 1 BTC at that point in time... and you wouldn't have to worry about them stealing it as they have no way of "using" the private key.

The problem then would be that to ensure they don't steal your 1 BTC, you either have to leave them in the sealed room forever, kill them... or move the 1 BTC to another address. At which point, they can no longer be certain you have sole access

[buwaytress]

Interesting that I never actually thought of how to prove sole ownership. Interesting also that even I couldn't prove to myself that no one has knowledge of my private keys and isn't just waiting one day to access it (is there?).

Signing specific messages for intended recipients has always been enough but I wonder if some of these impossible concepts such as sole access/ownership are being looked at.

[Spendulus]

I believe that once could sit down with a computer and another person, and demonstrate to his satisfaction that I have a private key that holds one bitcoin, which nobody else has access to.

This would be by creating a new private key in his presence, in some way where he does not see it or all of it.
...

But how do you prove that the key "generated" is "unique" and that no-one else has access to it?

I know it's a bit of a stupid argument really, because proving the absence of something is always difficult... but just because they see you "generate" it... doesn't mean that someone else doesn't have access. Although given that this is a "thought experiment" and therefore we're free to dream up all sorts of theoretical scenarios... I suppose if you were both in a sealed room with dice and an offline device that could convert the dice rolls to private key/public key/address, you could be fairly certain the key you generated is "unique"... So as long as the other person had no access to a transmitting device, you could send 1 BTC to the address... show the confirmation and they could be fairly certain you had sole access to that 1 BTC at that point in time... and you wouldn't have to worry about them stealing it as they have no way of "using" the private key.

The problem then would be that to ensure they don't steal your 1 BTC, you either have to leave them in the sealed room forever, kill them... or move the 1 BTC to another address. At which point, they can no longer be certain you have sole access

Yes this is all correct. RE the bolded above, an example would be if the key I presented was part of a heuristic chain, for which another party had knowledge of.

This reminds me of playing cards, where in normal conditions one assumes that a party other than the dealer cuts the deck, and randomness is established. That's knowing that cutting the deck is insufficient if a talented mechanic is the dealer.

Suppose that I generated a private key, and then allowed the other party to see and to change ten digits of it. He can be certain its then secure from 3rd parties at that moment. I then generate a public key, and show that it contains zero. Then I put this private key in my wallet, move a bitcoin to it.

You mentioned, "The problem then would be that to ensure they don't steal your 1 BTC, you either have to leave them in the sealed room forever, kill them... "

That's kind of funny. "Okay now I've proved I have one bitcoin, but you have to die..." It's like the joke about the spy who says "If you find the secret I'll have to kill you."

But the other party, in the above scenario, does not know the key, only ten digits of it. He cannot find it from just ten digits.

[Spendulus]

....what is the point of this exercise? I believe we should be disproving that we have Bitcoins than prove that we do.

It's impossible to "disprove that you have Bitcoin."

That's an irrefutable hypothesis.

Like...."Disprove that guy walking down the street has a bar of gold."

Cannot be done.

Carrying this a step further, hypothetically, say in a divorce case where it was alleged by one party that the other had one bitcoin.

Wife: He's got two bitcoins! I should get one!

Husband: I have bitcoins? Can you prove that?

The court should do the same procedure it does with the thousands of offshore firms that some people use to hide the money. Demonstrate the path they have taken. At some point, fiat was transferred to an account that in exchange received BTC. This negotiation would need to be demonstrated.

Unless he has memorized the seed entirely in his head, with a search warrant and seizure, after proving the path that the negotiation made, it is quite possible that justice would have access to this portfolio containing the Bitcoins......

The chain of custody.

You would have to track the transactions down to the current address that contained the bitcoin which had been bought in the past with a fiat transfer that I made. Then you would have to show that current address had other transactions that were linked to me. Preferably both plus and minus.

And today we are urged to not reuse receive addresses. Want to guess why?