Multiple wallet.dat files with routing table?

[Envrin]

Just throwing this out there...

Bitcoin advertises itself as "be your own bank", which is somewhat misleading.  That is true, but only if you're running the bitcoind/qt client.  As we know though, most people just signup for one of the online wallet services / exchanges out there.  Problem with this is, you're not your own bank -- you're sharing the wallet.dat file with every other user of that service.

I know bitcoind allows multiple wallets, but they each require their own instance, and obviously running 300,000 instances of bitcoind isn't feasible.  Plus if that service offers automated withdrawals of BTC (most do), then that wallet password has to somehow, somewhere be accessible to the software / server, and that's no good.

Why not change it so each user of these services can actually get their own wallet.dat file on that server, with the password only known to them, and not stored anywhere?  Add a "createwallet" function into bitcoind, then build a routing table of sorts into it, which routes the requests to the appropriate wallet.dat file as they come in?

This way when someone wants to withdraw funds, they will login to whatever site, enter their withdraw request including wallet password, which then gets fired off to bitcoind, gets routed to their personal wallet.dat file, unlocks it for a few seconds, and sends them their money.  Wouldn't this alleviate the problem of someone hacking an exchange, and wiping like 4000 BTC?  Even if they got into the exchange's server, there would be say 200,000 wallet.dat files laying around, with absolutely no passwords stored anywhere?

Or am I off base, and don't know what I'm talking about?

[Exbuhe27]

Wallets are small files, you can store you wallet locally and encrypted without having to store the entire blockchain, so why not just store it locally? It's always safer if you never have to store it un-encrypted with a third-party service. In that sense you can be your own bank - you can be the only one with access to your funds.

This doesn't work for exchanges, who need to accomplish atomic transactions between users by acting as a sort of mediator. Of course, exchanges are inherently unlike banks though, yes? If you have your funds stored at an exchange you're not going for the "be your own bank" model of bitcoin. Unless you have a mechanism for atomic exchanges between currencies (which there are some like Ripple, though they don't seem super popular for lay-people), at some point you'll have to trust a third party to act as a mediator of sorts - trust either that they're not malicious and swiping copies of your wallet everytime you unencrypt it, or trust that they're not incompetent or overlooking something small which allows someone else to swipe copies of the wallets, or to switch output addresses before the transactions are created. I think for a centralized exchange to work though, it needs to be in control of the funds at some point - whether through having access to your wallet unencrypted, having all the coins stored in a central pool that the exchange itself just draws from while keeping it's own separate accounting ledger, or by having your key in-hand to unlock the wallet stored on it's server.

I wonder if we could have atomic exchanges using something akin to coin-join, where the transaction is created, and everyone has to go through and sign the transaction to make the funds go through, and if one person doesn't then it doesn't go through. Only we would have to have that across multiple cryptos - fiat I think would be fairly well out of the question for that - I think in that case you pretty much have to have a central authority in control of the funds (other than meeting in person and handing over cash).

So I can see the merit of the functionality you're describing as far as ease-of-use for exchanges, but I don't think it actually creates any more security for users of exchanges - you still have to trust the exchange to not store your password or an unencrypted version of your wallet, and you still have to trust they don't have any security holes which allow a third party to do the same thing. I suppose it would mean that exchanges could use the reference implementation of the wallet and so we would know they have predictable code that everyone uses, which is nice.

What may be interesting is the idea of trusting calculations to larger computational powers, but reversed here. The exchange hands you one of the public inputs (the address you have to send funds to), and it generates a proof verification key, and you have to faithfully generate a transaction from your locally stored wallet (private input) and release it to them (maybe encrypted somehow) - along with a proof that you faithfully carried out the computation to generate the correct transaction. You would have incentive to not release the transaction ahead of time because you don't want to send the coins before the other user has verified that they have sent their coins. Then the exchange waits for both transactions to come in, and it only releases them to their networks once it has both transactions - still you're trusting the exchange to not release yours even if they don't recieve the other party's.

Who knows, exchanges are complicated. I think it's pretty hard to remove trust - even Ripple (if I'm remembering correctly) is based on a web-of-trust. It doesn't eliminate the trust mechanism, just distributes it a bit - I have no idea how robust it is though. Hopefully in the near future Bitcoin will be widely distributed enough so that exchanges play a much smaller role in the market - but until it's used for things like buying groceries every day I don't think that will be the case :/ As long as a currency that is unpredictable in it's supply, creation, and initial distribution exists (I'm talking about fiat here), there will always be money to make in the fiat/crypto market - hopefully one day these unpredictable manipulated currencies will be gone and the idea of an exchange will be one of the past.