(pics) Physical Bitcoin Bills - For Real World Transactions - Printcoins.com

[BurtW]

Would be nice, but probably not critical to have a very nice custom watermark on the paper...

[1714867481]

1714867481

[1714867481]

1714867481

[1714867481]

1714867481

[1714867481]

1714867481

[casascius]

Would be nice, but probably not critical to have a very nice custom watermark on the paper...

It's all in the budget.  Certainly would enhance collectibility if he could pull it off.

Google brings me to yourownwatermark.com.

[PrintCoins]

Thank you all for all your feedback!

A couple updates:
 
  * Minimum order requirements have been removed
  * International orders have been added. If you would like to help translate the bill into your local language, I can do that with that for no extra charge.

I also changed the address part of the form to a text area block. This should accommodate for some of the more interesting addresses in other countries.



I was wondering, why would making the list of public addresses be a good thing? Doesn't that destroy the anonymity factor?

I was thinking a better way would just be a verification page. Enter in a public address and complete a captcha, and it verifies whether this was a bill that was shipped.

[JusticeForYou]

I was wondering, why would making the list of public addresses be a good thing? Doesn't that destroy the anonymity factor?

No, anonymity doesn't truly exist here. The difference is that it makes them "easily" accessible to everyone rather than the few that would know.

True Transparency is always a good thing, although it might have negative or positive results.

[Littleshop]

Thank you all for all your feedback!

A couple updates:
 
  * Minimum order requirements have been removed
  * International orders have been added. If you would like to help translate the bill into your local language, I can do that with that for no extra charge.

I also changed the address part of the form to a text area block. This should accommodate for some of the more interesting addresses in other countries.



I was wondering, why would making the list of public addresses be a good thing? Doesn't that destroy the anonymity factor?

I was thinking a better way would just be a verification page. Enter in a public address and complete a captcha, and it verifies whether this was a bill that was shipped.

I do not think publicly listing the addresses serves your customers.  A customer of yours can list the addresses of their bills themselves if they (why??) wanted to. 

[casascius]

I published all my Casascius Coin addresses, but partly out of need:  I'm only putting 8 characters on my coins, and without the list, one cannot be certain of the full address.

Publishing a signed list also has one useful effect, it would also enable someone to prove to a court I had scammed, if I were to ever scam.  Me scamming, for example, would result in a lot of people holding intact coins but with balances spent off them... would be strong evidence against me, and therefore a strong scam deterrent.

[netrin]

I published all my Casascius Coin addresses, but partly out of need:  I'm only putting 8 characters on my coins, and without the list, one cannot be certain of the full address.

Publishing a signed list also has one useful effect, it would also enable someone to prove to a court I had scammed, if I were to ever scam.  Me scamming, for example, would result in a lot of people holding intact coins but with balances spent off them... would be strong evidence against me, and therefore a strong scam deterrent.

Since you must send btc to each public address, you can determine the firstbits (I see you've got one in your sig!). Random 1+7 characters is more than 99.9% likely to be unambiguous today (no, I did not calculate birthday paradox *). You could post-scan all of the addresses and pull any ambiguous prefixes. Anyway, with a large enough production, I think a transparent list is as good as anonymous. Once someone sees the physical address, how does the public list compromise identity? - or vise versa?

*
days|keyspace d =58^7
people|address n ~= 8 - 800 Million
d! / dn(d-n)!

[DeathAndTaxes]

Interesting proof of concept but I wouldn't be selling these.  As soon as someone scams someone w/ them you name is dirt and anybody who bought any of the bills is equally screwed.

1) A custom holograph is a must.  It took me about 2 minutes to find a supplier who makes the exact hologram you use.  I could pump out counterfeit bills right now w/ minimal work.  

2) You want to use security paper.  A holograph on normal paper is worthless.  Someone simply needs to dissolve the paper to get intact holographs and then stick them on normal paper counterfeit bills.

3) I would reconsider the whole "unfunded" bill concept.  Pretty easy to wash checks so it wouldn't be that tough to wash the bill to remove the public QR code and then replace it with one which has funds but doesn't match the 0BTC private key.

4) You also should make the public keys semi-unique.  Use a vanity generator to make all "good" public keys start w/ a known prefix (i.e. 111BC).  This will require attacker to generate public keys from the same sequence.  To add more security make the holograms contain unique ID and publish a list of all valid ID and their corresponding public key.

Like I said interesting concept but please either do it right or don't do it at all.  If it can be scammed it WILL be scammed and then all remaining bills are worthless, Bitcoin takes another "scam hit" in the PR dept and your name isn't worth anything either.

[DeathAndTaxes]

<snipped the oversize quote>

You forgot to add:

Use security paper, not home printer paper.

He seems to already be using a pretty decent quality of paper.  "Security paper" could mean anything - a unique label is what will really make the biggest difference.

I disagree.  True security paper is mandatory just like custom holograph.  Using plain "good quality" paper makes counterfits trivially easy.

Two approaches:
1) Cut & Replace
Cut the holograph off a good bill and place it on a fake bill so now QR code of private key doesn't match QR code of public key.  Merchant checks the public key = good 10 BTC.  Later removing private key reveals 0 BTC value.

2) Wash the paper.  
Using the same methods used to wash checks (remove amount to change to a larger amount) you could remove the current public key QR code and replace it with a different one which has the proper stored value.

I think the OP idea is interesting but more thought/work needs to be put into security.  Someone should build this thinking people WILL try to scam/fake/counterfit these and then design it to be as difficult as possible.  I can't see any paper bitcoin "note" providing more than token security without private security paper and numbered holograms.

[BurtW]

A while back when I dreamed up this same project my idea was to print the public key QR code on one side of a small piece of material and print the private key on the other side.  That way they are physically together, then create a hologram with a window and place the material under the windowed hologram with the public key showing.  This fixes some of the objections but not all.

The hologram MUST be custom or, as has been stated, anyone can make totally empty fakes by just running off multiple copies one of your good bills and then pasting stickers on them.  They don't even need to put a private key of any kind on them - just leave that blank.

Since I just bought one of each of your bills, technically I am set up to be a bad guy.  I just fund them, buy some holograms, and then make many copies of each bill and start passing them off.  Customer checks the public key, shows good, open it up, no private key to be seen.

[teflone]

Dont be discouraged from all the criticism, but I do agree the hologram needs to be unique, I did a bit of research on tamper evid. seals recently, its not too expensive to get a custom one made up..

Ideally, get one with serial numbers, it could help in the counter- counterfit area somehow Im sure.

[casascius]

Ideally, get one with serial numbers, it could help in the counter- counterfit area somehow Im sure.

The provider I use and the one I recommended can laser-etch serial numbers into holograms from a text file.

My series 2 holograms have laser etched denominations (e.g. "ONE BTC").  They could have easily etched a unique number per hologram.  And at a large size, you could probably etch the entire bitcoin address into the label.  This would go at the edge, since wherever the laser hits, the hologram becomes transparent.

[Matthew N. Wright]

Anyone else finding it hilarious to see everyone so concerned about investing into anti-counterfeiting and security measures when bitcoin already has them built in?

What a bunch of nutjobs. You're doing it wrong.

[cbeast]

Anyone else finding it hilarious to see everyone so concerned about investing into anti-counterfeiting and security measures when bitcoin already has them built in?

What a bunch of nutjobs. You're doing it wrong.

Agreed. But Casascius collectable coins are kewl.

[BurtW]

Yes, I am one of the nutjobs that likes collecting Bitcoin physical money and other Bitcoin related items for my future Bitcoin display at the Smithsonian

For example I collected some of Mike's paper wallets that he made before https://www.bitaddress.org basically overtook that business.

Speaking of which:  What the heck ever happened to BitBills at http://bitbills.com    I never was able to order any and the ordering page at http://bitbills.com/order is still disabled.  Are they ever coming back?  I think they had a great idea - embed the private key inside the plastic card so you have to destroy the card to get it out.  Except for the nutty idea of making physical Bitcoin money in the first place - these looked like a pretty good way to go - and I need some for my collection.

[btc_artist]

Interesting idea.  Watching and waiting for series 2 (that hopefully follows Mike's advice on all points).

[casascius]

Here is another way I have considered to accomplish the same thing, potentially at a fraction of the cost.

Call up Pollard Banknote, a company that makes lottery tickets.  Get them to quote you on 100,000 scratchoffs that are physically like lottery tickets in every way, but they are really just single-use bitcoin paper wallets, denominated just like these bills.  Each one should have a non-concealed barcode with the bitcoin address so they can be scanned with a barcode scanner (so the BTC can be loaded).  Find out what controls they have in place to make sure that someone can't get a copy of the concealed data.  Who knows, maybe they can mass-produce these for as little as a dime or a nickel.  If so, that would be the perfect price for something like this.  0.42 BTC isn't a bad price for a bill, but if 0.42 can buy a strip of 10 of them, and they are all high quality and visually appealing, the community will like that much more than getting just one.

[PrintCoins]

Thank you all for your feedback.

Summary
If this was used as intended, which is not as a collectable, but as a form of money that would circulate from person to person until it was taken out of the economy, it is possible it could face a number of attacks along the circulation path:

[ul]

• one agent could remove the hologram, grab the private key, reapply the a new hologram, and pass the bill off and take the funds at a later date.
• The alternative method is that a funded bill is copied many times and distributed with again the same generic hologram.

[/ul]


DeathAndTaxes presented a more challenging attack, which was with a custom hologram, the bill could be dissolved, and the hologram could be applied to a copy of a bill that was already funded. Being that this is archival quality paper, and the hologram does a darn good job of holding on to the cotton fibers, I am not sure this is a meaningful attack vector. Keep in mind the hologram covers both sides of the bill in a sandwich.

He also presented the idea of bleaching out the unfunded public qr code and reprinting a funded public qr code. This seems a little more possible, but the paper isn't linen, it is pressed cotton. It won't survive a washing machine cycle for example, though the private key hologram sandwich would likely survive. It will likely survive a simple bath though. I'll have to do some experiments with bleach to test this out, since this seems like the one way that the custom hologram would become nullified.

If the hologram was lazer etched with the value and the bill was already funded (not funded by the first owner of the bill) DeathAndTaxes' second argument would become moot. Essentially the bill would be the hologram sandwich, and everything else would be fluff that makes it more money like to new users.

Result

All orders are being refunded (I am contacting users to see what addresses to direct funds to). None of the bills have been circulated, and that is for the best. The denominated bills will not be available for sale until a custom hologram is produced that would be difficult to clone.

I think the design with the non-custom holograms is acceptable as a personal check (or cheque) that is from one individual to another. I will be taking the open/non-denominated bill and tweaking it to make it more cheque like, and removing the suggestion on the back that this is something to pass around. I'll post up the design for you guys to look at.

My mission is still to have denominated bitcoin bills. I think physical cash is a vital part of bitcoin. It needs to be low cost, secure enough to pass through many user's hands, and easily convertible back to bitcoins. I want to make it look good, but I don't want it to be a collectable (it can be, but that is not a goal). I want people to be making transactions with bitcoins without any access to electronic devices, and with the same redemption qualities as gold & silver bills printed long ago. Basically a very user friendly currency that is backed by something that is valued and is uncontrolled by any government.

A little help

I need to get a sense of if anyone is interested before investing in this. If the bills had a 0.45 BTC markup (at current bitcoin/dollars) over actual denominated value how many would you buy? Please send a PM to me with what you would like.

Also, if anyone would like to buy in bulk for reselling let me know as well. I can do custom promotional bills.

Thanks,
Rob

[casascius]

I wouldn't worry about refunding.  These are likely being collected as bitcoin memorabilia, not circulated.  Those of us who bought them surely must have been aware of this.

Consider this.  Those guys I gave you the referral for... They could laser etch the bitcoin address AND denomination on your holograms.  They could also etch a transparent window like I have in my series 2 bitcoins.  That transparent window could reveal a few characters of the bitcoin address printed on the paper underneath, as a visual confirmation that the private key printed underneath actually corresponds to the bitcoin address on the hologram.  If you have seen my physical bitcoins and peeled one, you probably know that their material is SUPER TAMPER SENSITIVE and there is probably nothing to worry about with the paper being dissolved, especially if you have back to back holograms.  With all the vital information printed on the hologram itself, even if someone successfully washed the paper and reprinted it, they couldn't wash the hologram, and any changes would be detectable.

So example... your holograms say, at the bottom, "20.00  1ADDSLfkjasdflakjsdfalskdjfaksdljdfjk  [window]" (and through the window, you can see "1ADDSLfkj" which is printed on the bill... so you can confirm the hologram matches the bill).

If you have back to back holograms, what would improve security even more, is if there is a hole punched in the paper underneath the holograms, so the two holograms actually stick to each other at some point, not just sticking to the paper.  Once stuck together, there is just no way anyone is going to separate them without leaving behind obvious evidence.

[DeathAndTaxes]

If the hologram was lazer etched with the value and the bill was already funded (not funded by the first owner of the bill) DeathAndTaxes' second argument would become moot. Essentially the bill would be the hologram sandwich, and everything else would be fluff that makes it more money like to new users.

Personally I think that is the strongest approach.  If you can get a custom hologram, w/ amount & public key etched onto a pair of holograms it will be much more resistant to tampering/fraud/counterfeiting.   

While the ability to ship unfunded notes is interesting it opens up a lot more attack vectors.  Defending against all those vectors would be tough. 

If you do come up w/ an upgraded product you may want to void some of them and give them to some testers unfunded.  Having a peer testing likely could improve security.   Maybe even offer a bounty for best counterfeit attempt (results only to be shared with you). 

IMHO the perfect (and possibly uneconomical  ) paper note would combine the following:
* tested against xray snooping.
* hologram sandwich.
* public key & denomination etched into serial number (even better public key could be denomination using vanity key).
* solvent reactive security paper.