provable address

[benjyz]

say an organization friendly wants to take a donation. what they can easily do of course is they post their btc address on their website friendly.org . however, the address can be changed, because the website can be changed. public orgs like greenpeace will probably not do that, but the imagined friendly org is a small org with little trust. the question is how to create a mechanism so that friendly can prove that the address has not changed.

such a mechanism is wanted, because then the address acts like a fund. that is all inputs and outputs can be tracked. funds can't be misappropriated as easily. with an unproven addresses one can claim that the balance is lower than it actually is. it doesn't have to be 100% secure at first, but reasonably secure.

here is a simple adhoc solution which can serve as a discussion. to my knowledge this has not been done yet.

friendly posts an address in a thread on this board with the title "address proof" with the message

Code:

PING addr #1234 tag friendly

1 or several people reply with

Code:

PONG addr #1234 tag friendly

This would work for small message loads. Anyone who wants proof can go through the thread and find the post. The PONG message can't be forged by PING unless PING corrupts PONG to change his post. if several people reply he would have to corrupt each of them.

A more involved protocol could be:

Code:

PING addr #1234 tag friendly

1 or several people reply with

Code:

REQ addr #1234 tag friendly reqaddr #5678 0.01 BTC

If PING sends 0.01 BTC to #5678 the requester will PONG

Code:

PONG addr #1234 tag friendly 

With this kind of protocol the message load would become to much. it can be done on a separate system for large loads.

Edit: an even simpler solution would be if the message board itself would have a mechanism for a 1:1 relationship between member and btc address, which acts as a central party. I'm not sure what the current protocol is with regards to bitcointalk and the address some members provide.
.
more generally before the blockchain there was no way to prove that things have existed on the internet. the blockchain is not meant to be a record store for arbitrary storage. namecoin comes closer to such a solution as it is build around lookups. the domain system of the internet is a specific lookup mechanism which is not concerned with historic records. there are possible solutions for this discussed mechanism which are not trivial to implement.

see:
http://wikileaks.org/Transcript-Meeting-Assange-Schmidt.html#731
https://bitcointalk.org/index.php?topic=53855.msg642768#msg642768

Edits:
simpler solution
clarify fund aspect
typo

[1715117969]

1715117969

[Abdussamad]

Multiple people could sign the address using their gpg keys. Those signatures could then be published on this forum, the org's site or even in a txt record in the organization's domain name zone.

A script could then be setup on another server that periodically verified all of the above. The purpose of this script would be to automatically warn people in the event the org's servers are compromised. The people at let's talk bitcoin run something like this to watch over their donation addresses.

[benjyz]

right. so one could have a distributed global store (DGS), which is like a DNS server. I haven't studied DNSSEC too much, but it looks like a mess. a different approach would be a forum with an API, which is mirrored. wikileaks uses several tricks to get an unattackable mirror system.

one thing one can do with this is use the inputs as a payment for salaries and to install hardcaps. for instance say you take donations up to 1 BTC for a task. after 1 BTC donations are blocked (send back automatically). usually all donations are open ended, so this would be a provable hardcap donation fund. that would allow for much more targeted donations. very useful in many contexts. it is a kind of pre-allocation that is not possible with fiat money.

[e4xit]

If only there was a cryptographically secure method of doing this..... perhaps something invoving un-forgable shared ledgers or something like that?

Perhaps someone could make it into a coin of its own?

 

[benjyz]

an organization like a public company keeps accounting records. non-profits partly keep full open records. so what we can potentially do is build different types of accounting systems. a fund is simply a pool of money with protection of its outputs - pension funds, mutual funds, ETF's, the IMF etc. usually its very costly to set these up.

in general a fund is based on a provable address. it is a subcase of a pure 1:1 relationship between identity and address, but more achievable. so if the aforementioned friendly.org has a provable address to its name, everyone knows how much the org has on the books. as long as the org has to use that address the inputs and outputs can be tracked. public accounting would simply mean tagging the outputs. no more money that gets lost in dark channels. this kind of system would improve donation flows, as usually 30-50% gets lost.
 
we can go even a step further in letting the domain registrar being an accounting mechanism, i.e. the org top-level domain watches over the orgs. actually Verisign is already enforcing stricter rules for .com than other TLD registrars. running a mutual fund currently costs more than 100,000$ p.a. and is incredibly ineffective. with an automatic fund system, this could done for 100$ and available to anyone.

HD wallets tackle this problem from a different perspective. the mentioned scheme builds only on standard PKI.

[jl2012]

With stealth address there is no need to reuse address https://bitcointalk.org/index.php?topic=418071.0

[benjyz]

this is the opposite of stealth. its providing information to the public at the choosing of a person or group, either because that group wants that, or because it is forced to by a general public (like people force corporations/non-profits/governments to act in certain ways by market forces or elections). a simple example is somebody working on an opensource project, taking time based donations. instead of asking for as much as money he wants, he asks for a provable limited amount. this can be coupled with an assurance contract (kickstarter).

this pattern applies to a very wide variety of transaction types, non-profit orgs and government like entities, but also various for profit economic vehicles. the topology of transaction types is largely unexplored, because most are focused on a very narrow set of types (pure p2p / e-shopping).

[jl2012]

this is the opposite of stealth. its providing information to the public at the choosing of a person or group, either because that group wants that, or because it is forced to by a general public (like people force corporations/non-profits/governments to act in certain ways by market forces or elections). a simple example is somebody working on an opensource project, taking time based donations. instead of asking for as much as money he wants, he asks for a provable limited amount. this can be coupled with an assurance contract (kickstarter).

this pattern applies to a very wide variety of transaction types, non-profit orgs and government like entities, but also various for profit economic vehicles. the topology of transaction types is largely unexplored, because most are focused on a very narrow set of types (pure p2p / e-shopping).

So BIP32 ( https://en.bitcoin.it/wiki/BIP_0032 ) is the answer

[benjyz]

no. HD addresses this question, but it does not solve the key sharing problem. keys, identities and transactions can appear in many different varieties as outlined above. my scheme above is in a larger context: how you share keys, how you create virtual/legal identities in the first place and what you would want to do with this kind of underlying system.

[jl2012]

no. HD addresses this question, but it does not solve the key sharing problem. keys, identities and transactions can appear in many different varieties as outlined above. my scheme above is in a larger context: how you share keys, how you create virtual/legal identities in the first place and what you would want to do with this kind of underlying system.

So simply use GPG or PKI. Print the hash of the key on your name card, and sign whatever your want (including bitcoin address) with the key

[Abdussamad]

If only there was a cryptographically secure method of doing this..... perhaps something invoving un-forgable shared ledgers or something like that?

Perhaps someone could make it into a coin of its own?

 

Even if you store the address and signatures in a namecoin blockchain entry, as opposed to the domain name's DNS records, you still need an external service checking the site periodically to make sure it contains the correct address.

[benjyz]

Abdussamad, I very much like your idea of combining this with a DNS record. so here we have actually an improvement of namecoin style DNS over RFC 1035 DNS. you get autonomous servers right out of the gate. very cool indeed.

namecoin does not have register functions per se (everything is .bit). on a namecoin style system it would be easy to let DNS have the power over the address, i.e. we have this kind of protocol:

Code:

service friendly.org > REQ friendly.org.bit at register service REG_XYZ

Code:

register server REG_XYZ > REP friendly.org.bit  URL friendly.org.bit addr #1234

Code:

third party > REQ friendly.org.bit 

Code:

DNS > REP 22.33.44.55 addr #1234

friendly would not be allowed to change the address, or rather only periodically (with some safeguards for attacks). this way one could send money to servers in a completely fluid way. you request the address of a server and send money to it. and the address is 1:1. that way you get rid of third parties who currently provide merchant API's. if a webservice wants to use a different model it can register under .com instead of .org.

I'm not a big fan of the .bit scheme. It would make more sense to use a different namesystem. not http://www.friendly.org.bit, but org:friendly.www or whatever.

in the end with an approach like this one seems to get something which is a more workable solution than BIP70-72. all extension efforts haven't gone very far.

a private person should be anonymous, but a merchant/non profit organization/government should be not. we see this with the current exchange problem. nobody should be able to run away with customers money or misappropriate funds. the very hard problem to solve is to define organizations and protocols which does not restrict freedom, but restrict them when they are wanted. there is a fundamental difference between one person and larger groups or legal entities, but bitcoin only knows about private nodes.

[benjyz]

so the clearest example of a use case at the moment are the exchanges, which are currently the end-nodes of regulation. if one major exchange blows up (which is currently speculated), this has a negative impact. they should be forced to post collateral of some sorts, as I have suggested in the other thread. this requires a mapping of address to DNS, i.e. a provable address mapping or simply provable named address. this is not a mapping of person to address, but organization to address, but there can be organizations with only one person , e.g. one person running an exchange.