offline bitcoins + NFC = the end of era of current financial system (?)

[alex04210]

Continuing to think on this... I think I have the answer to preventing fraud at an "offline bazaar."  It doesn't help offline individuals privately transacting, but a shopping area with spotty Internet connectivity or an intentional lack thereof can work just fine using NFC tokens, or even plastic or wood tokens, etc...  The offline bazaar runs its own alt-coin.  The vendors hold the 51%, and the front desk runs an Internet connected exchange between Bitcoin and OfflineBazaarCoin.

This method is tried-and-true: arcades that offer their own tokens or mag-stripe cards, renaissance fairs issuing doubloons, "Disney Dollars."  It even provides another benefit to to those running the Bazaar: they usually have an agreement to take a cut of each vendor's proceeds, as part of that vendor's membership in the Bazaar... they can enforce this with a fee at the altcoin exchange itself.

"a shopping area with spotty Internet connectivity"  great!

But I am not sure it's a good idea to make own alt-coin. The more complicated system is the more people won't accept it. But nevertheless even this idea can find its  niche!

[odolvlobo]

I think you guys don't realise that ability to do off-chain transactions electronically already exists: https://bitcointalk.org/index.php?topic=321085.0
It is quite easy to extend this system to do off-line NFC transactions also (in fact the creator of the project intends to implement this I believe).
The way these off-chain transaction work is basically an electronic equivalent of a Casascius coin....

And like the Casascius coin, it is susceptible to hacking and counterfeiting. How does your system detect duplicate keys sent from a hacked or counterfeit device?

[beeblebrox]

.........
As I understood from the description user can't divide them (it is in the cloakroom!) . There is no small coin feature. Maybe only if you make many smartcards with different nominal value...
I'm not sure it's a good idea. It's better to have one card (NFC) with small coins inside

You have the one SD card with many keys inside (instead of many SD cards with just one key).  You can actually see this in the video produced by the creator of this system:  http://www.youtube.com/watch?v=ZR8gz0uVBHk&feature=youtu.be

People will naturally tend to add keys for addresses that have balances with sensible denominations such as  100uBTC, 200uBTC, 500uBTC, 1mBTC, 2mBTC, ...., etc,  just like regular fiat currency.  When you wish to pay someone say for a coffee say of 4700uBTC you give them four 1mBTC coins + one 500uBTC + one 200 uBTC coins  (of course eventually the software will automatically do this for you I'd imagine-- its just a knapsack problem algorithm).  Also, I imagine that community minded people would set up change vending internet sites or local physical machines where you can exchange your larger coins into smaller or smaller to larger as you require.

[madmadmax]

Using phones as wallets is plain stupid

[beeblebrox]

I think you guys don't realise that ability to do off-chain transactions electronically already exists: https://bitcointalk.org/index.php?topic=321085.0
It is quite easy to extend this system to do off-line NFC transactions also (in fact the creator of the project intends to implement this I believe).
The way these off-chain transaction work is basically an electronic equivalent of a Casascius coin....

And like the Casascius coin, it is susceptible to hacking and counterfeiting. How does your system detect duplicate keys sent from a hacked or counterfeit device?

It prevents counterfeiting with tamper resistent SD smart cards.  

If this is not satisfactory for you then don't use it-- it's a voluntary thing.  However, the vast majority are prepared to use similar technology *everyday* to do small quick transactions, eg. Billions of dollars worth of transactions are completed using smart cards daily (traditional smart card technology).  In my home town alone all the public transport systems use smart cards-- a few million dollars worth of train, bus and ferry trips everyday. Now, personally I wouldn't feel safe putting more a $1000 dollars on a smart card and most people only recharge them to $100 or less but this is enough for the majority of daily small transactions such as coffee's and take-away.  
Just to give an exteme example of how willing the general population uses them I know of a small art gallery that has $10,000,000+ dollars worth of artwork and it security system is based around smart cards.  
Again, in summary- if this isn't good enough for you then don't use it but it's good enough for the majority.

(By-the-way: it's not my system. I've not developed it, I'm just a supporter of it.)

[beeblebrox]

Using phones as wallets is plain stupid

The keys are not stored on the phone alone.  It stores the key on a microSD smart card.  (Actually, it uses a split key system, which requires both the phone and the SD card to recover the key-- which is even safer-- you can read about it here: http://www.othercoin.com/OtherCoin.pdf )

[madmadmax]

Using phones as wallets is plain stupid

The keys are not stored on the phone alone.  It stores the key on a microSD smart card.  (Actually, it uses a split key system, which requires both the phone and the SD card to recover the key-- which is even safer-- you can read about it here: http://www.othercoin.com/OtherCoin.pdf )

It's just retarded, there is no need to speculate or explain anything, the very concept is extremely stupid on a fundamental level. Should every person on earth who wants to use crypto in person also have a phone? Do you know how long the battery lasts for modern phones?

In the future there will be small plastic computers the width of a paper bill that you would swipe against each other in order to pay, they will be so cheap to manufacture that you could simply swipe your reserves to a new bill instead of recharging, they would also be so efficient that you would be able to recharge them by manual means.

[odolvlobo]

I think you guys don't realise that ability to do off-chain transactions electronically already exists: https://bitcointalk.org/index.php?topic=321085.0
It is quite easy to extend this system to do off-line NFC transactions also (in fact the creator of the project intends to implement this I believe).
The way these off-chain transaction work is basically an electronic equivalent of a Casascius coin....

And like the Casascius coin, it is susceptible to hacking and counterfeiting. How does your system detect duplicate keys sent from a hacked or counterfeit device?

It prevents counterfeiting with tamper resistent SD smart cards.  

I'm not sure you answered my question. When you receive tokens from somebody, how can you be sure that they have not been duplicated. Also, how can you be sure that their bitcoins have not been spent at times when you don't have access to the block chain?

[madmadmax]

I'm not sure you answered my question. When you receive tokens from somebody, how can you be sure that they have not been duplicated. Also, how can you be sure that they have not been spent at times when you don't have access to the block chain?

It doesn't accomplish it by 21 century social means, instead if accomplishes it by 19 century dollar printing essentially. They make dollars and expect all forgeries to be slightly different.

[beeblebrox]

I think you guys don't realise that ability to do off-chain transactions electronically already exists: https://bitcointalk.org/index.php?topic=321085.0
It is quite easy to extend this system to do off-line NFC transactions also (in fact the creator of the project intends to implement this I believe).
The way these off-chain transaction work is basically an electronic equivalent of a Casascius coin....

And like the Casascius coin, it is susceptible to hacking and counterfeiting. How does your system detect duplicate keys sent from a hacked or counterfeit device?

It prevents counterfeiting with tamper resistent SD smart cards.  

I'm not sure you answered my question. When you receive tokens from somebody, how can you be sure that they have not been duplicated. Also, how can you be sure that their bitcoins have not been spent at times when you don't have access to the block chain?

When preforming a transfer operation the smart card only ever gives the private key to another smart card of the same type (they do a formal handshake involving secret keys to convince each other that they are genuine cards).  You are relying of the smart card hardware.  Now some people here claim that smart cards are be hacked-- this is true, however it is a very, very hard thing to do.  It is harder to crack a smart card then a desktop computer.  Also, the system uses a spilt key-- you need compromise both the smart card and the phone.  If you're paranoid and have access to the Internet you can check via the blockchain that the balance of public address hasn't already been spent before accepting. 

Personally, I'd feel comfortable having a thousand dollars worth of BTC on such a card-- however some people may not like to store such a large amount so they might limit themselves to only a couple of hundred or even just tens of dollars.   You don't have to put all your bitcoin on the card.  Even with just $40 dollars a day on a card most people could cover their daily small expenses, eg: coffees, smoko/lunch, parking, newspapers, lending a 10er to someone, small purchases on the Internet such as music, movies or reading material (yes this system can also be used over the internet as well as locally face to face), etc..

[beeblebrox]

It's just retarded, there is no need to speculate or explain anything, the very concept is extremely stupid on a fundamental level. Should every person on earth who wants to use crypto in person also have a phone?

More people have phones than have desktop/laptop computers.  It makes more sense to use phones than computers (by-the-way: you can easily adapt this system to use a desktop anyway).

Do you know how long the battery lasts for modern phones?

What  does the battery charge life have to do with it?  The coins don't disappear if the battery is completely  drained.  Neither do you have to continuously run the software. You only need run the software when doing an actual transfer and it uses a very small amount of energy.

In the future there will be small plastic computers the width of a paper bill that you would swipe against each other in order to pay, they will be so cheap to manufacture that you could simply swipe your reserves to a new bill instead of recharging, they would also be so efficient that you would be able to recharge them by manual means.

I don't even know how to reply to this?  What are you talking about?

[alex04210]

You have the one SD card with many keys inside (instead of many SD cards with just one key).  You can actually see this in the video produced by the creator of this system:  http://www.youtube.com/watch?v=ZR8gz0uVBHk&feature=youtu.be

This idea is very close to my proposed conception. Actually this idea can be completed with NFC technology cos the speed of pairing and connection of NFC is extremely high.
The main idea is to separate some amount of bitcoins, store and transfer keys.

I didn't understood a few things. How recipient can be sure that the payer didn't make (or someone else) the duplicate of the key?

And can the recipient get that key without been proceed this transaction online?
And can the recipient transfer key which he got from the payer to another recipient ? without been proceed and verified this keys online first

can it be multiply offline transactions?

like it's shown in 4b situation


 

[alex04210]

It's just retarded, there is no need to speculate or explain anything, the very concept is extremely stupid on a fundamental level. Should every person on earth who wants to use crypto in person also have a phone? Do you know how long the battery lasts for modern phones?

we are talking not about "fundamental" future. but about tomorrow things. The main idea is to make some simply and available technology tomorrow.  That is why everybody is looking around himself in order to pick up something which already exists and there is no need to spend a lot of resources in order to implement the conception

look:
smartphones
smartcards
NFC tags
SD cards

are already exist!

It's only the question of software and in the nearest future (maybe months) we will have offline transaction technology.
Of course in some distance future we will have more advanced technologies. I think we will fly instead of driving cars in the future! )) and so what....? we shouldn't think how to develop cars?

[alex04210]

Should every person on earth who wants to use crypto in person also have a phone? Do you know how long the battery lasts for modern phones?

actually I agree with this thesis.

That is why  I propose to use NFC tags.
They don't need batteries. they are passive devices. It's assumed that the recipient is merchant so he should have some active device (NFC terminal).

But using NFC active Smartphone will be good alternative for those individuals who want to transfer their bitcoins independently.

For those who doesn't have their own active NFC device there is still no need to have it, because they can use merchant's or anyone's else or even public NFC devices (bitcoins ATMs) to manage their own NFC tags.




I thing this is the future...

[El Emperador]

It could be possible to print our own banknotes?

[drazvan]

Hi guys, author of OtherCoin here (thanks Beeblebrox for the support, I've just noticed this thread),

Just to summarize and answer your concerns:

1. The OtherCoin smartcard does not hold your private key. It generates a private key internally and gives you the corresponding public key. Your wallet (under your complete control, even our sample is open source, see https://github.com/razvandragomirescu/OtherCoin ) generates a similar keypair (public + private key). The two public keys are added to become your Bitcoin public key (and address). The card never knows what you'll generate as your half (that's exactly how Bitcoin vanity address generators work, I have not invented this), so we cannot touch your funds

2. The security of the system comes from the tamper-resistant nature of the smartcards we use. If you have a GSM phone, you're already using one (your SIM card). If you have a chip and pin card (in Europe for instance), you're also using one. These are chips/devices designed to be secure against all sort of attacks, including physical ones (since they operate in a hostile environment, their users are the most likely attackers).

3. Whenever two OtherCoin cards talk to each other (using your smartphones as proxies - they have no radio capabilities or any other way of reaching another card), they establish a secure encrypted channel and then pass the Bitcoin "half a private key" that they've generated to the other end and at the same time destroy it from local storage so that the current user cannot reuse it.

So take a look at the Android app we wrote as a sample: https://github.com/razvandragomirescu/OtherCoin/blob/master/src/com/cayennegraphics/othercoin/OtherCoinActivity.java (look at line 661 to see how the two key halves are combined into one) and the demo movie at the system in action at www.youtube.com/watch?v=ZR8gz0uVBHk&feature=youtu.be . Feel free to provide feedback, cards will be available for purchase in the next couple of weeks.

[drazvan]

Oh and BTW, we support 3 form factors for the OtherCoin cards: microSD, Bluetooth smartcard reader and NFC (Yubikey Neo for instance). The microSD card can either be plugged directly into your smartphone or connected to the microUSB port if your phone supports USB storage (we'll bundle one of these: http://www.meenova.com/st/p/m3r.html with every card we sell, it's small, fits on a keychain and works great with the newer Android smartphones that have no microSD slot).

[drazvan]

This idea is very close to my proposed conception. Actually this idea can be completed with NFC technology cos the speed of pairing and connection of NFC is extremely high.
The main idea is to separate some amount of bitcoins, store and transfer keys.

I didn't understood a few things. How recipient can be sure that the payer didn't make (or someone else) the duplicate of the key?

The recipient of the funds receives two keypairs: the one that the payer's smartphone has generated and the one the payer's smartcard has generated. The one from the smartphone is in the clear, he can take a look at it. The one from the smartcard is encrypted and can only be decrypted by the recipient's OtherCoin card. The payee imports the secure (encrypted) half into his OtherCoin (the OtherCoin verifies that the encrypted key came from a similar OtherCoin card). If the OtherCoin card has accepted the encrypted half, the user can be sure that the sum between the key that he holds and the key that the card holds is a private key for the funds and that it hasn't been used before.

And can the recipient get that key without been proceed this transaction online?

The recipient gets the key in an offline transaction. The only thing he can't verify offline is the balance (how much that key is worth). He knows for sure that he holds the key to a particular Bitcoin address (he just doesn't know what that key is, half of it is stored in the OtherCoin card). Part of the OtherCoin service will be "certifying" balances for people that want to transact completely offline. Most users however will just look at the blockchain to see how much a Bitcoin address is worth.

And can the recipient transfer key which he got from the payer to another recipient ? without been proceed and verified this keys online first

Yes, they obviously can transfer it away, to a similar OtherCoin card. The guarantee comes from the fact that each and every OtherCoin card in the chain verifies that the sender is also an OtherCoin card, meaning that it has followed all the rules of the system (has not made copies of the key, etc). Think of it as a tamperproof computer sitting inside your smartphone - it guarantees that all participants in the protocol follow certain rules and even though it runs inside your smartphone you can't control what it does.

can it be multiply offline transactions?

No, a key is either transferred via OtherCoin to a similar card or revealed to the user to be used in a Bitcoin transaction. It's either one or the other, as soon as the card gives you the secure part of the private key, it destroys it from its storage, so it can no longer be transferred via OtherCoin. It also destroys it as soon as it's transferred to someone else via OtherCoin.

So, to summarize, the security comes from the fact that all participants use the same hardware and software and that they cannot change the way the software works. They can't change the software to tell it to _not_ delete a private key after sending it or tell it to reveal its keys. It's a black box as far as the smartphone is concerned, you send some input to it and gives you some output, you don't control how it processes your input. What it does though is fairly public, it's described in the whitepaper and I can describe it further if needed.

[odolvlobo]

Assuming that the devices are very difficult to crack, but not actually tamperproof:

1. Can the receiver verify that the sender is really an Othercoin card?
2. Does the device contain information that could compromise the entire system? For example, a private key used by every device?
3. Is there a way to blacklist a compromised device or to revoke compromised keys?

[drazvan]

Assuming that the devices are very difficult to crack, but not actually tamperproof:

1. Can the receiver verify that the sender is really an Othercoin card?

Yes, it does so now. The encrypted Bitcoin key it receives is also signed by the sender card (see below for details). Of course, if you compromise the card and extract its private key, you could sign Bitcoin keys that you've created outside the card (that you can later attempt to double spend).

However, this offers little reward for considerable effort. There's nothing stopping a recipient of funds from immediately running them on the Bitcoin network (and I actually expect people to do just that for higher amounts). So if you spend tens (if not hundreds) of thousands of dollars compromising a card to do a double spend and then the first person you try this on sends your transaction to the blockchain, you've accomplished nothing and lost a lot of money! Also, the wallet apps will monitor the blockchain for any transactions involving addresses they hold the keys to. If at any point they see money going out of an address they own, they should raise an alarm and report this to us, so it's not something that can be done "silently".

2. Does the device contain information that could compromise the entire system? For example, a private key used by every device?

Each OtherCoin card has two keys used for encryption - one is a symmetric key (that all cards share) that is used for privacy (each outgoing message is encrypted with that shared key with a random seed (initialization vector) ). This hides the identity of the person sending the funds (so you could transact with the same person twice and not know that). It also makes things a bit harder for people that try to attack the card (since it's harder to craft meaningful messages to the card - you have to properly encrypt them, otherwise the card will drop them immediately since they decrypt to a bunch of nonsensical data).

However, the security of the system is given by the second key - it's a public/private keypair, generated by the card itself. It used to be RSA but now it is an Elliptic Curve key. Each card has a different one and it is used in an ECDH key exchange (see http://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman). Card public keys are signed by our master private key (that is obviously NOT present on any card, it's actually on a smartcard connected to an offline computer, each OtherCoin gets provisioned/signed there).

3. Is there a way to blacklist a compromised device or to revoke compromised keys?

Not at this point, but that's planned. With a bit of luck, this will actually be ready when we start selling the cards (in a couple of weeks). We will provide a signed blacklist of compromised public keys that each wallet can optionally download and send to the card (since the wallet receives only encrypted messages, it can't tell what public key the other OtherCoin card has).

To summarize, there is very little reward in compromising a single OtherCoin card. You would have to crack the shared key, then crack the private EC key and all that would give you would be the possibility to spend funds you already have twice (not create money out of thin air), while hoping and praying that the recipient doesn't post them to the blockchain or does not raise the alarm when you double spend them (and they see a transaction involving the keys they currently hold).

Keep in mind that these are EAL 5+ level cards that are certified for use by Visa, Mastercard and a bunch of governments. I'm not saying a well funded attacker cannot break one, but all they would get would be the private key for their card, allowing them to double spend funds they already own, in a very public way. I'm sure there are better ways for someone that has the technical ability to do this to make money .