Bitcoin Forum
March 29, 2024, 11:51:08 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
Author Topic: BitcoinSpinner  (Read 55408 times)
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
November 30, 2011, 05:02:27 PM
Last edit: September 13, 2013, 10:29:01 AM by Jan
Merited by ABCbits (2)
 #1

BitcoinSpinner was originally announced on the main board, and it is time for it to have a life in the Alternative Clients section.

A Danish software company Miracle A/S has implemented an awesome Bitcoin client for Android called BitcoinSpinner. The developer is not active on this forum, and since it is built on top of the BCCAPI, and I have participated with testing and suggestions I am proud to announce it here.

BitcoinSpinner is minimalistic, to the point, and is intended for broad adoption.

Features:
  • Ready for use right after installation - The block chain is managed by a server.
  • NOT a Bitcoin bank - All private keys are kept in app-private storage on your device.
  • Send & Receive Bitcoins using QR codes.
  • Share your Bitcoin address using Gmail, Twitter and more.
  • Backup & Restore your wallet using QR codes.
  • It is Open source - Geeks can download the code, review it, and roll their own.

Because BitcoinSpinner does not download and manage the Bitcoin block chain it is ready for use immediately.
This also means that it has:
  • Low storage requirements.
  • Low bandwidth requirements.
  • Low CPU requirements.
  • Low battery consumption.

BitcoinSpinner comes in two versions and is available on the Android Marketplace:

Note that this is a beta release. Use with caution.

You cannot have an announcement like this without a bounty: The first one to post a picture in this thread of their Android device with a scannable QR address code displayed with BitcoinSpinner will get a shiny new Bitcoin.

Your feedback is appreciated!


The feedback has been impressive, and in the mean time forum members have provided a French and Swedish translation. To get the new version just go ahead and update BitcoinSpinner on the Android Market.
While you are there please give BitcoinSpinner a rating!

We should have BitcoinSpinner in all major languages, so if you are up to it then please go to the  Google Code page and contact the developers.

Mycelium let's you hold your private keys private.
"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
December 02, 2011, 09:51:06 AM
 #2

German translation added.

Mycelium let's you hold your private keys private.
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
December 05, 2011, 01:36:20 PM
 #3

Spanish translation added. Keep em coming!

Mycelium let's you hold your private keys private.
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502



View Profile
December 06, 2011, 01:19:03 PM
 #4

Very, very nice.

Close to being exactly what I want from a mobile wallet.

Minor nits:

  • I've had a few force-closes when bringing a previously running instance to the foreground
  • It would be nice if it coped better with intermittent network (i.e. I could see the last balance, and address even if not connected).  All network communication should be done in a different thread from the GUI.
  • I don't like the backup/restore method.  Perhaps this is to do with BCCAPI rather than BitcoinSpinner.  A bitcoin private key is 32 bytes.  Give me them rather than this weird 32 byte random seed thing.  I don't want to have to do another conversion before I can import that private key into the desktop bitcoin client.
  • A little bit of history would be pleasant to have.  A simple list, "Sent 10BTC to 1ywhwklk...", "Received 5BTC", and some timestamps would be sufficient.  Perhaps a pro version would allow annotation?

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
December 06, 2011, 02:25:15 PM
 #5

Thanks.

Regarding backup/restore, this is as you also noted an artifact of the BCCAPI. Let me try and explain why it is so:
BCCAPI requires the app to manage N+1 key pairs. That is one key for authentication purposes, and N keys for your wallet (one for each Bitcoin address). Knowledge of the authentication private key allows the app to access the API (and add public keys), and the BCCAPI server side then knows which public keys are associated with the authentication public key.
How the app manages keys is entirely its own business, but the BCCAPI provides a number of ways to make this easy. BitcoinSpinner has chosen to have 1+1 keys (one bitcoin address) and a randomly generated seed that allows the app to generate the two keys as required. Going forward BitcoinSpinner could choose to support several Bitcoin addresses, and still be able to do simple backup/restore of the entire wallet using one QR-code.

This said, I think it would be a great feature if BitcoinSpinner provided a way to export the private key associated with its Bitcoin address in a standard plain format, but it should not be a replacement for Backup/Restore. Speaking of Bitcoin private key formats, I don't think that there is a formal specification. So far I have only seen an unofficial patch that you can apply to the Satoshi client.

As for the other nits I totally agree, and have forwarded them to the devs.

Mycelium let's you hold your private keys private.
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502



View Profile
December 06, 2011, 02:36:50 PM
 #6

BCCAPI requires the app to manage N+1 key pairs. That is one key for authentication purposes, and N keys for your wallet (one for each Bitcoin address). Knowledge of the authentication private key allows the app to access the API (and add public keys), and the BCCAPI server side then knows which public keys are associated with the authentication public key.
How the app manages keys is entirely its own business, but the BCCAPI provides a number of ways to make this easy. BitcoinSpinner has chosen to have 1+1 keys (one bitcoin address) and a randomly generated seed that allows the app to generate the two keys as required. Going forward BitcoinSpinner could choose to support several Bitcoin addresses, and still be able to do simple backup/restore of the entire wallet using one QR-code.

Ouch.  That sounds pretty bad.  32 bytes of randomness can't be used to create 64 bytes of randomness, merely because you seeded a random number generator.  It's good enough for video games, but since every private key is derived from those 32 bytes, the subsequent addresses aren't random enough for financially sensitive applications.

I appreciate that it's been done to solve a problem; but I'm not sure I like it.

I'm also not sure why the app needs to authenticate to the server at all.  The server holds no secret information; the balance on every bitcoin address is public knowledge anyway.  Surely the app can just generate N keys, and ask the server about each of the matching public keys in turn?  In fact, the grouping together is itself a security risk as it provides a way of associating separate addresses together.  All a BCCAPI server really needs to provide is a HTTP interface around transaction broadcasting (the app can create the transaction), and balance monitoring.

for Backup/Restore. Speaking of Bitcoin private key formats, I don't think that there is a formal specification. So far I have only seen an unofficial patch that you can apply to the Satoshi client.

Quite so; there isn't an official format.  Whatever format is chosen though, it's going to be a way of representing 32 bytes.  Since that is the size of the ECDSA secret.  It might be that some checksumming and versioning bytes are added (just as for the public address), but those 32 bytes are all you really need.

As for the other nits I totally agree, and have forwarded them to the devs.

Great.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
December 06, 2011, 07:35:07 PM
 #7

BCCAPI requires the app to manage N+1 key pairs. That is one key for authentication purposes, and N keys for your wallet (one for each Bitcoin address). Knowledge of the authentication private key allows the app to access the API (and add public keys), and the BCCAPI server side then knows which public keys are associated with the authentication public key.
How the app manages keys is entirely its own business, but the BCCAPI provides a number of ways to make this easy. BitcoinSpinner has chosen to have 1+1 keys (one bitcoin address) and a randomly generated seed that allows the app to generate the two keys as required. Going forward BitcoinSpinner could choose to support several Bitcoin addresses, and still be able to do simple backup/restore of the entire wallet using one QR-code.

Ouch.  That sounds pretty bad.  32 bytes of randomness can't be used to create 64 bytes of randomness, merely because you seeded a random number generator.  It's good enough for video games, but since every private key is derived from those 32 bytes, the subsequent addresses aren't random enough for financially sensitive applications.

I appreciate that it's been done to solve a problem; but I'm not sure I like it.

The attack you are addressing is computationally >=  brute forcing a 256 bit EC key. If you are worried that this is feasible you better start looking for the Bitcoin exit signs. As soon as someone is able to do that everyone will panic, and at that time it is too late to exit.

I'm also not sure why the app needs to authenticate to the server at all.  The server holds no secret information; the balance on every bitcoin address is public knowledge anyway.  Surely the app can just generate N keys, and ask the server about each of the matching public keys in turn?  In fact, the grouping together is itself a security risk as it provides a way of associating separate addresses together.  All a BCCAPI server really needs to provide is a HTTP interface around transaction broadcasting (the app can create the transaction), and balance monitoring.

The goal of the BCCAPI is to provide an API that allows you to make really light weight clients. Light weight measured in bandwidth, CPU power, storage and battery life. If I chose to make the client asks the server for transactions associated with a number of keys, then the client would have to download, process and store all the transactions, which defeats the purpose of being light weight. Furthermore, the server would be able to deduce the key relationship anyway, as the same device would query the same server.

Another aspect is that if you want a server where you can ask it for transactions related to any key then you need a much more powerful server side, which is able to determine transactions associated with ANY key in existence in real-time. With the BCCAPI the server side only needs to monitor the block chain for well-known public keys. This is a lot cheaper, and one of the reasons why I can keep this as a free service.

You are however right that you loose some of the anonymous properties by letting the server know which public keys a wallet comprises of. However, so far BitcoinSpinner only uses one address.

for Backup/Restore. Speaking of Bitcoin private key formats, I don't think that there is a formal specification. So far I have only seen an unofficial patch that you can apply to the Satoshi client.

Quite so; there isn't an official format.  Whatever format is chosen though, it's going to be a way of representing 32 bytes.  Since that is the size of the ECDSA secret.  It might be that some checksumming and versioning bytes are added (just as for the public address), but those 32 bytes are all you really need.

BCCAPI has a tool that allows you to export keys. The version out there now does it based on passphrases etc, so it just needs to be tailored a bit. However, it does output them in a format compatible with the Satoshi client patch:
http://code.google.com/p/bccapi/source/browse/trunk/src/com/bccapi/tool/WalletExporter.java
I'll ask the BitcoinSpinner if they can add an export function.

As for the other nits I totally agree, and have forwarded them to the devs.

Great.


Mycelium let's you hold your private keys private.
BitcoinSpinner
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 09, 2011, 08:01:19 AM
 #8

Updated! Now with Danish translation and Transaction History! Grin
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
January 03, 2012, 03:17:21 PM
 #9

Just before Christmas I joined the BitcoinSpinner dev team. Previously I was (just) making the BCCAPI, and during the holidays I gave BitcoinSpinner a major swing. This should greatly improve user experience with no or poor network connectivity.
Please upgrade to the latest version (0.4b) on the Android Market place. If you find any issues post them in this thread, and I'll respond as quickly as I can.

Major Changes in v0.4 beta:
Replaced Account with a clean asynchronous version. This means that
  • whenever executing an API call we automatically re-login in case of session timeouts
  • we no longer have background threads in the UI code.
  • we properly cache balances
  • we have improved error handling in case of API call failures
  • we can start the client without network connectivity

Minor Changes in v0.4 beta:
  • Transaction history now uses a different color for unconfirmed transactions
  • Larger title for Transaction history
  • Reversed sort order for transaction history
  • Added titles to the various QR codes shown. This makes it easy to distinguish them once you have them on paper.
  • General cleanup

All of the above, combined with the private key export feature ( Settings -> Advanced -> Export private key available in v3.1b) makes it possible for you to export your private even if the server side is not running. This is your guarantee that you will have a way out if the server side should ever get discontinued (god forbid).


Mycelium let's you hold your private keys private.
BTCurious
Hero Member
*****
Offline Offline

Activity: 714
Merit: 503


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
January 03, 2012, 03:32:34 PM
 #10

Updated. My wallet still seems fine, and it hasn't crashed yet. Nice Smiley

ffe
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
January 03, 2012, 06:56:38 PM
 #11

I use this wallet and love it. I hope this is the forum to ask for desirable features.

I would love BitcoinSpinner to support "shadow wallets".


•   By clicking a “shadow” button, the client is instructed to put aside the main wallet and create a “shadow wallet” at any time.

•   The shadow wallet is opened by entering a salt and a password (or a printed QR code). This could be a new wallet if this is the first time this password was used.

•   The shadow wallet resides in RAM and is never put in permanent memory. It is actively cleared from memory when the user is done with it and the client switches back to the main wallet. Any tricks to keep shadow data off the swap files during memory management should be used. No evidence of the shadow wallet should remain in the client after it is closed.

The idea is you can go to any client you trust, maybe even a friend's phone, and open a wallet you keep in your head, spend some coin or copy a public key to receive coin, then close it.
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
January 04, 2012, 08:16:33 AM
 #12

I use this wallet and love it. I hope this is the forum to ask for desirable features.

I would love BitcoinSpinner to support "shadow wallets".


•   By clicking a “shadow” button, the client is instructed to put aside the main wallet and create a “shadow wallet” at any time.

•   The shadow wallet is opened by entering a salt and a password (or a printed QR code). This could be a new wallet if this is the first time this password was used.

•   The shadow wallet resides in RAM and is never put in permanent memory. It is actively cleared from memory when the user is done with it and the client switches back to the main wallet. Any tricks to keep shadow data off the swap files during memory management should be used. No evidence of the shadow wallet should remain in the client after it is closed.

The idea is you can go to any client you trust, maybe even a friend's phone, and open a wallet you keep in your head, spend some coin or copy a public key to receive coin, then close it.
Interesting idea.
However, with BitcoinSpinner I am trying to make a client that has the right cut of features to be usable by anyone not necessarily being tech savvy. Simplicity is key.
That being said, I think it is worthwhile to investigate whether this should be a separate client (ShadowSpinner Wink) or something for BitcoinSpinner Pro.

Another member of the forum has been working on an Android client based on a salt and passphrase on top of the BCCAPI. There is a prototype here. It calculates a seed from the passphrase and salt, which is used for deriving keys. The seed is then encrypted under a PIN and stored on the device. If it did not store the encrypted seed, but asked the user to enter the passphrase + salt when launched you would basically have what you want. However it is cumbersome to enter each time.
I wrote a short paper on a solution to this using QR codes and
 Shamir's Secret Sharing as an alternative to passphrases and salts. I do however not have the bandwidth to implement it right now. BitcoinSpinner is open source, and has all the bits needed to implement ShadowSpinner, knock yourself out  Grin

Mycelium let's you hold your private keys private.
pazor
Legendary
*
Offline Offline

Activity: 966
Merit: 1000



View Profile
January 07, 2012, 05:37:21 PM
 #13

hi jan,

nice job the work on the bitcoinspinner app.

i tried the app last night. quick response, easy handling, good looking, clever restore/save wallet functions!

1 BTC transfered from my bitcoin client and immediately the amount was on the app (about 60 sec)
and now i try to return the btc. but i can't do that.

the receivers address is valid, the amount 0.999500 is entered but the button send bitcoins remains gray.
do i make something wrong ?

greetings
pazor

treuhand-Dienst gewünscht? - frag per PM an
BTC 174X17nR7vEQBQo4GXKRGMGaTmB49Gf1yT
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
January 07, 2012, 07:57:45 PM
 #14

hi jan,

nice job the work on the bitcoinspinner app.

i tried the app last night. quick response, easy handling, good looking, clever restore/save wallet functions!

1 BTC transfered from my bitcoin client and immediately the amount was on the app (about 60 sec)
and now i try to return the btc. but i can't do that.

the receivers address is valid, the amount 0.999500 is entered but the button send bitcoins remains gray.
do i make something wrong ?

greetings
pazor
It sounds like you are doing everything right. Can you send a smaller amount, like 0.999?
Did you cut'n'paste the address or scan a QR code? Please try it the other way around. Let me know the results.
Thanks, Jan

Mycelium let's you hold your private keys private.
vuce
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
January 07, 2012, 08:21:25 PM
 #15

Tried sending some coins but the Send Bitcoins button is always disabled no matter what I do...
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
January 07, 2012, 09:35:11 PM
 #16

Tried sending some coins but the Send Bitcoins button is always disabled no matter what I do...
I need a bit more info.
I guess you are addressing the Send Bitcoins button on the Send page and not the main page.
Is your balance larger than zero?
Does the amount you send leave 0.0005 for a fee?
Is the address valid?
Did you scan a QR code or enter it by hand?

Mycelium let's you hold your private keys private.
vuce
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
January 07, 2012, 10:07:57 PM
 #17

Tried sending some coins but the Send Bitcoins button is always disabled no matter what I do...
I need a bit more info.
I guess you are addressing the Send Bitcoins button on the Send page and not the main page.
Is your balance larger than zero?
Does the amount you send leave 0.0005 for a fee?
Is the address valid?
Did you scan a QR code or enter it by hand?


I had 0.1 btc of balance and tried to send 0.05. The fee is mandatory, as far as I can tell? I don't think I can change it anywhere. I went into the send bitcoins view (the right one), scanned the qr code of the address on another android phone (also using the new version of bitcoinspinner), wrote 0.05 in the amount box and pressed enter, but the button was still disabled.

I'm using android 2.2.2 (2.6.32.15) if that's relevant.

edit: as for the fee, under the amount box there's "A Bitcoin transaction fee of 0.0005 btc is automatically added to your transaction."
pazor
Legendary
*
Offline Offline

Activity: 966
Merit: 1000



View Profile
January 07, 2012, 10:30:02 PM
 #18

hi jan,

nice job the work on the bitcoinspinner app.

i tried the app last night. quick response, easy handling, good looking, clever restore/save wallet functions!

1 BTC transfered from my bitcoin client and immediately the amount was on the app (about 60 sec)
and now i try to return the btc. but i can't do that.

the receivers address is valid, the amount 0.999500 is entered but the button send bitcoins remains gray.
do i make something wrong ?

greetings
pazor
It sounds like you are doing everything right. Can you send a smaller amount, like 0.999?
Did you cut'n'paste the address or scan a QR code? Please try it the other way around. Let me know the results.
Thanks, Jan

i tried the amount 0.999500 and 0.40 -> same result
the address is copied through the clipboard, same result with qr scaning.

the button remains gray.

any idea ?

treuhand-Dienst gewünscht? - frag per PM an
BTC 174X17nR7vEQBQo4GXKRGMGaTmB49Gf1yT
vuce
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
January 07, 2012, 10:31:19 PM
 #19

hi jan,

nice job the work on the bitcoinspinner app.

i tried the app last night. quick response, easy handling, good looking, clever restore/save wallet functions!

1 BTC transfered from my bitcoin client and immediately the amount was on the app (about 60 sec)
and now i try to return the btc. but i can't do that.

the receivers address is valid, the amount 0.999500 is entered but the button send bitcoins remains gray.
do i make something wrong ?

greetings
pazor
It sounds like you are doing everything right. Can you send a smaller amount, like 0.999?
Did you cut'n'paste the address or scan a QR code? Please try it the other way around. Let me know the results.
Thanks, Jan

i tried the amount 0.999500 and 0.40 -> same result
the address is copied through the clipboard, same result with qr scaning.

the button remains gray.

any idea ?

seems like this is the exact same problem I have. Totally missed it.
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
January 08, 2012, 06:35:32 AM
 #20

Yes. It is the same problem, and i can reproduce it. There is currently a bug with sending amounts smaller than one BTC. The UI simply doesn't enable/disable the button right.
I'll see if i can get a fix out by monday.

Mycelium let's you hold your private keys private.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!