Bitcoin Forum
December 09, 2016, 04:09:35 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Novel Idea: Unlosable "Binary" Physical Bitcoins  (Read 2634 times)
Tril
Full Member
***
Offline Offline

Activity: 212


View Profile
December 03, 2011, 03:03:04 PM
 #21

This thread has convinced me not to invest further in physical bitcoins.  One of the best features of bitcoin is that you can back up your private keys.  The original Casascius coin guarantees there will only ever be one copy of a private key- in order to make the coin act like physical property.  This was novel, for a while, and the coins are beautiful.  Now the idea of taking a key and breaking it in two pieces, such that if one is lost, the value is lost, just makes the coin even weaker. 
I'm not talking about during shipping, but after both parts are received, I assume Casascius would destroy any remaining copies.

What do you think about going the other direction?  I would be interested in "twin coin" issue- where there are only ever exactly 2 copies of the private key, stored under holograms, and clearly marked that either one of the two will allow redeeming the full value.  Each coin with the same key would indicate it was unique by some graphic (left/right halves of an image) or code (simply numbering them would be enough - such as "copy 1 of 2" and "copy 2 of 2").  It's still not as good as a digital bitcoin since you can't make unlimited copies of the key.  But it may be useful to someone.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481256575
Hero Member
*
Offline Offline

Posts: 1481256575

View Profile Personal Message (Offline)

Ignore
1481256575
Reply with quote  #2

1481256575
Report to moderator
1481256575
Hero Member
*
Offline Offline

Posts: 1481256575

View Profile Personal Message (Offline)

Ignore
1481256575
Reply with quote  #2

1481256575
Report to moderator
phillipsjk
Legendary
*
Offline Offline

Activity: 1008

Let the chips fall where they may.


View Profile WWW
December 03, 2011, 06:19:40 PM
 #22

I like the concept, though it does not resolve this problem:


  • If I send unfunded bitcoins and they don't get lost, recipient could claim they were lost and ask for a replacement, but then they would have unfunded coins.


The recient can still wait for two pieces to arrive, snap them together, then claim neither piece arrived. To be trusted, physical coins should always be checked against the block-chain. In fact, to be truly trusted, they would be single-use.

This scheme also does not prevent collusion among the manufacturers known or not. If both manufacturers are using the same brand of printer with remote update capabilities, the printer manufacturer may be able to steal the bitcoins (for example).

I think ulimately, physical bitcoins are going to end up working more like checks. We just need a relatively simple, tamper evident way of hiding the secret key (The 'Bitbills' design is almost ideal for this)


James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 03, 2011, 06:24:31 PM
 #23

The recient can still wait for two pieces to arrive, snap them together, then claim neither piece arrived. To be trusted, physical coins should always be checked against the block-chain. In fact, to be truly trusted, they would be single-use.

The second piece won't be sent until the recipient has confirmed receipt of the first one, so that can't happen.

This scheme also does not prevent collusion among the manufacturers known or not. If both manufacturers are using the same brand of printer with remote update capabilities, the printer manufacturer may be able to steal the bitcoins (for example).

It doesn't.  But that's a much smaller risk than one manufacturer cheating (which could happen if, for example, manufacturer really kept the private keys, and fell on hard times or was somehow robbed or coerced into giving them up).

The likelihood of a printer manufacturer stealing bitcoins by manufacturing rogue firmware that steals people's print jobs is astronomically low.  Having your HP printer send a "mystery file" to HP's servers every time you print (and the mystery file just magically matching the size of each print job) is something that would be noticed by sysadmins in minutes.  It would be all over the press the same day.  They would probably have an easier time just guessing private keys.  Besides, I print these on an inkjet printer via USB and no internet connection, so this issue is moot.


I think ulimately, physical bitcoins are going to end up working more like checks. We just need a relatively simple, tamper evident way of hiding the secret key (The 'Bitbills' design is almost ideal for this)

Yeah, or maybe someone can make coins with embedded tamper evident holograms.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
phillipsjk
Legendary
*
Offline Offline

Activity: 1008

Let the chips fall where they may.


View Profile WWW
December 03, 2011, 06:52:23 PM
 #24

The recient can still wait for two pieces to arrive, snap them together, then claim neither piece arrived. To be trusted, physical coins should always be checked against the block-chain. In fact, to be truly trusted, they would be single-use.

The second piece won't be sent until the recipient has confirmed receipt of the first one, so that can't happen.

That makes in unprofitable to cheat, not impossible.

Edit: If the recipient does not check that the serial number on the bar matches the expected number, it is possible to for a postal worker to profitably assemble an empty bar:
  • Postal worker C  intercepts bar sent to recipient A. Recipient A receives a new bar with a new number.
  • Optionally, postal worker C sells intercepted bar on black market to postal worker D.
  • Postal worker D intercepts bar sent to recipient B; replaces it with bar intended for recipient A.
  • Recipient B, without checking the number, confirms receipt of bar.
  • Postal worker D intercepts the key intended for recipient B, and now has a complete, unloaded bar.
  • Recipient B requests a new key. Meanwhile, Postal worker D sells unloaded bar on black market.
  • When new key arrives, recipient B complains the serial numbers don't match.
Edit2: seems unlikely when I lay it out like that....

The likelihood of a printer manufacturer stealing bitcoins by manufacturing rogue firmware that steals people's print jobs is astronomically low.  Having your HP printer send a "mystery file" to HP's servers every time you print (and the mystery file just magically matching the size of each print job) is something that would be noticed by sysadmins in minutes.  It would be all over the press the same day.  They would probably have an easier time just guessing private keys.  Besides, I print these on an inkjet printer via USB and no internet connection, so this issue is moot.

The dumber the printer, the better in this case. Yes, was refering to the printers I heard about that can automatically print from e-mail. Remember, your two-token scheme is being used for high value bars. If the printer is running a full-blown OS, it can simply send the private keys (in a nightly batch with the update check) without sending the whole print job. With PCL or Postscript, OCR is not even needed Wink


I think ulimately, physical bitcoins are going to end up working more like checks. We just need a relatively simple, tamper evident way of hiding the secret key (The 'Bitbills' design is almost ideal for this)

Yeah, or maybe someone can make coins with embedded tamper evident holograms.

I was thinking something less coarse: the user would print off 2.379 BTC if that was how much they wanted to send, for example (this point is probably off-topic any way).

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!