FutureBitcoin security projects

[Satnamakoto]

Greetings ... before begin I want to congratulate the great contributors of this wonderful technology. bitcoin is in one of the best moments, 
however there are certain details that by contributing together we can improve and I apologize in advance because English is not my native language.

Regarding the security of the users and the stolen bitcoin I have decided to start a new project which I will call "FutureBitcoin"
For now I will post the theoretical framework, this is subject to changes and corrections, you as part of this great community can suggest changes 
or ideas so that this project is completed successfully and can be implemented in the blockchain.

We know that more and more people and companies are being attacked by hackers taking over their private keys and moving their precious bitcoins to
 other accounts making it almost impossible to recover them and for that reason I am underway with the “FutureBitcoin” project that I will briefly 
mention how it works.


I have devised a possible security method that could keep hackers out making it even more difficult for them to steal our bitcoins.


We will need a new bitcoin address and private key that we will call “master address” and its respective “master privatekey”.

the regular user will be able to generate his "master address" and "master privatekey" like any other current btc address, the "subwallet address" 
and "subwallet privatekey" will be obtained using your "master private key" + "master passphrase", similar to the current "passphrases", the "subwallet address"  
will be the carrier of the funds.

It is recommended to do it in an offline environment, in order to avoid the capture of this data by malicious sites and by viruses such as malware or keyloggers.

How does it work:

1. Creating "subwallet address":

The new btc addresses would be created from the "master address" with the following theoretical formula "master private key" + "master passphrase"
 (this is your unique key) = "new btc address" which for reference we will call "subwallets address" .

2. A transaction signed by the "master privatekey" + "subwallet privatekey" will be sent to the blockchain announcing that the created bitcoin address 
"subwallet address" is your property, this operation cannot be replaced and will be permanently saved in it. that we will call "owner's btc book"

once this is done we will implement the protection measures.

we must implement measures with parameters to control the amount per transactions.
-for transactions greater than "1 btc" it is necessary to sign with the "master privatekey" + "subwallet privatekey", this will be compared with the 
owner's btc book.
-for transactions smaller than "1 btc" that we will call "subtransaction", only the signature of the "privatekey subwallet" is necessary (as it currently works).

-transactions sent for less than "1 btc" are subject to the following limitation:
- if the sum of the amounts of all the "subtransactions" of a "subwallet address" exceeds the amount "1 btc", at least one of these transactions must 
be signed using "master privatekey" + "subwallet privatekey", otherwise If the transactions that override the limit are fulfilled, they will fail ... it must 
be verified as long as this is fulfilled for each "1 btc" sent.


results:


 -If a hacker violates your "privatekey subwallet" he will not be able to send more than 0.99 btc.

- If a hacker gets your "master privatekey" by skipping all the encryption or by brute force with a quantum computer, he will still need your 
"master passphrase", to generate the "subwallet privatekey" and be able to obtain the funds.

-If a hacker gets your "master privatekey", "master passphrase" (should not be stored together) your offline server for signing is compromised by an internal agent, check your 
security cameras.

What about "holding" ?: 

-Create your "subwallet address" using your "master privatekey" + "master passphrase".

-Send to the "owner's btc book" and announce authority signing with "master privatekey" + "subwallet privatekey".

-fund your "subwallet address".

-destroy the "subwallet privatekey"

-Save your "master privatekey" in a safe place and your "master passphrase" somewhere else for when you want to generate the "subwallet privatekey" again.

-By destroying the "subwallet privatekey" you increase security, a hacker would need to obtain your "master privatekey" and the "master passphrase" to access your funds.


This concludes the theoretical part of my project, soon the technical part, the amounts used are referential and could be changed.




If someone wants to contribute to my project, contribute ideas in comments, or you can send some coins that you don't need here. 13kqePsKgCD7LJerHSnx9JLwVxqsmD9NPi

[1715079926]

1715079926

[1715079926]

1715079926

[1715079926]

1715079926

[1715079926]

1715079926

[1715079926]

1715079926

[1715079926]

1715079926

[pooya87]

You would also need new OP codes and changes to bitcoin scripts so that they can fetch and verify output amounts and their total.
The idea also won't work because the attacker can simply send multiple 0.99999999BTC transactions out of that address even if you limit each transaction's total output value to 1BTC. Keep in mind that bitcoin blockchain is a not balance based database, it is an output based one.
The change can also be sent to a different address (eg. P2WPKH) then spent all at once.
You can't create any kind of limitation based on sum of multiple transactions because that would prevent regular use where user may need to make multiple payments themselves like the exchange's hot wallet handling thousands of 0.1BTC withdrawals.

[larry_vw_1955]

I have devised a possible security method that could keep hackers out making it even more difficult for them to steal our bitcoins.

you better be careful saying things like that. plenty of people here will tell you that bitcoin is already secure enough. that you could walk around the earth for a billion years and never see the same bitcoin address's private key ever.

i think ultimately your idea is not going to gain any interest/traction simply due to the fact that people will just tell you to use a multisignature wallet setup. or better yet, see what you can do with taproot.

[Satnamakoto]

You would also need new OP codes and changes to bitcoin scripts so that they can fetch and verify output amounts and their total.
The idea also won't work because the attacker can simply send multiple 0.99999999BTC transactions out of that address even if you limit each transaction's total output value to 1BTC. Keep in mind that bitcoin blockchain is a not balance based database, it is an output based one.
The change can also be sent to a different address (eg. P2WPKH) then spent all at once.
You can't create any kind of limitation based on sum of multiple transactions because that would prevent regular use where user may need to make multiple payments themselves like the exchange's hot wallet handling thousands of 0.1BTC withdrawals.

Thanks for answering, if the hacker wants to send more than 0.99BTC he would need the master private key regardless of the type of btc address he wants to send, exchanges should only reprogram his code so that the master private key acts when it is necessary, this is not a problem, the idea is to use the master private key to a lesser extent.

Aside from technical problem which already mentioned by @pooya87, who's the target of this security method? I expect that,
1. Regular users don't bother with such complex setup.
2. People with serious security concern already setup their airgapped/cold wallet and don't bother switch to new protocol.
3. Exchange won't find it's useful since they regularly move big amount of Bitcoin (which means they always need "master privatekey" & "master passphrase").

regular users will have the same benefits, the limit of the amount could be reduced in the aforementioned "owner's btc book" at the time of announcing that the "subwallet address" belongs to that "master privatekey". that is, if a user owns 2 BTC, he could establish that the master private key is used if the amount to be sent is equal to or greater than "0.2 btc", therefore his risk of loss is reduced to the established limit, while his master privatekey It will remain hosted, on paper, encrypted or in a hardware wallet.
Exchanges could increase this limit in the "owner's btc book" for example to "100 btc", if the requests for signatures with the master key is reduced, then the risk of hacking will be reduced.

Security protocols must be constantly updated. If we have learned anything from technology, it is that sooner or later they become obsolete. BitGrail, KuCoin, MtGox, Coincheck to mention a few, they relied too much on their security protocols, when talking about money the saying "if it ain't broke, don't fix it" is not valid.

I have devised a possible security method that could keep hackers out making it even more difficult for them to steal our bitcoins.

you better be careful saying things like that. plenty of people here will tell you that bitcoin is already secure enough. that you could walk around the earth for a billion years and never see the same bitcoin address's private key ever.

i think ultimately your idea is not going to gain any interest/traction simply due to the fact that people will just tell you to use a multisignature wallet setup. or better yet, see what you can do with taproot.

A difference from multiple signatures is that with this project you will be able to Hold without storing your "subwallet privatekey" nowhere, it will only store your "master private key" and even if it is violated, your funds will be safe because your "master passphrase" will be required to generate your" subwallet privatekey "

[DaveF]

Or they could just use an inexpensive hardware wallet and have 2 wallets on their machine. One that is password protected and the other that needs the HW wallet. Or another form of cold storage and only move when needed.

Security protocols must be constantly updated. If we have learned anything from technology, it is that sooner or later they become obsolete. BitGrail, KuCoin, MtGox, Coincheck to mention a few, they relied too much on their security protocols, when talking about money the saying "if it ain't broke, don't fix it" is not valid.

Would not have mattered for any of those
BitGrail was 99% a inside job
MtGox was a disaster from the start with no security at all.
Coincheck did not loose BTC they lost an alt.
KuCoin lost a bunch of different coins / tokens and while some was BTC it was from a hot wallet that an exchange needs to function. They need to have a large amount always available to be able to function. Needing human intervention with anything means that you don't need some fancy new setup for security or ANY new setup for security. If there had to be a human there to verify the BTC move then it would not have happened since they would have seen the issue.

-Dave

[Satnamakoto]

Or they could just use an inexpensive hardware wallet and have 2 wallets on their machine. One that is password protected and the other that needs the HW wallet. Or another form of cold storage and only move when needed.

Security protocols must be constantly updated. If we have learned anything from technology, it is that sooner or later they become obsolete. BitGrail, KuCoin, MtGox, Coincheck to mention a few, they relied too much on their security protocols, when talking about money the saying "if it ain't broke, don't fix it" is not valid.

Would not have mattered for any of those
BitGrail was 99% a inside job
MtGox was a disaster from the start with no security at all.
Coincheck did not loose BTC they lost an alt.
KuCoin lost a bunch of different coins / tokens and while some was BTC it was from a hot wallet that an exchange needs to function. They need to have a large amount always available to be able to function. Needing human intervention with anything means that you don't need some fancy new setup for security or ANY new setup for security. If there had to be a human there to verify the BTC move then it would not have happened since they would have seen the issue.

-Dave

the fact of their losses is the result of non-existent or obsolete security measures, that is the strong point of this project, limiting the risk of loss, currently anyone with access to a private key can empty the wallet completely, the same with multi-signatures always 2-3, 3-5 should be used. With this project, even if a subwallet has 10000BTC is hacked, your risk of losing will be the amount stipulated by you and not the total of the funds.

Aside from technical problem which already mentioned by @pooya87, who's the target of this security method? I expect that,
1. Regular users don't bother with such complex setup.
2. People with serious security concern already setup their airgapped/cold wallet and don't bother switch to new protocol.
3. Exchange won't find it's useful since they regularly move big amount of Bitcoin (which means they always need "master privatekey" & "master passphrase").

regular users will have the same benefits, the limit of the amount could be reduced in the aforementioned "owner's btc book" at the time of announcing that the "subwallet address" belongs to that "master privatekey". that is, if a user owns 2 BTC, he could establish that the master private key is used if the amount to be sent is equal to or greater than "0.2 btc", therefore his risk of loss is reduced to the established limit, while his master privatekey It will remain hosted, on paper, encrypted or in a hardware wallet.

You missed my point, i'm not talking about benefit for regular user, but complexity which faced by regular user. For example,
1. Do they bother setup offline environment to create "master address"/"master privatekey"?
2. Can they remember "master passphrase", password to encrypt wallet file and different between "master"/"subwallet"?

Exchanges could increase this limit in the "owner's btc book" for example to "100 btc", if the requests for signatures with the master key is reduced, then the risk of hacking will be reduced.

That makes sense if it's possible to setup the limit without using "master privatekey".

You missed my point, i'm not talking about benefit for regular user, but complexity which faced by regular user. For example,
1. Do they bother setup offline environment to create "master address"/"master privatekey"?

was a bad formulation of what I wanted to say, the concept was edited, thanks to your comment.

2. Can they remember "master passphrase", password to encrypt wallet file and different between "master"/"subwallet"?

"Master privatekey" will only be used to sign when required, create a subwallet, certify its ownership in the "owner's btc book" and set the output limit of the "subwallet address" (without requiring the signature of the "Master privatekey").

"subwallet address": the carrier of the funds.

"master passphrase" is a unique personal key depending on the user where you want to store it, it will only be used if you lose or destroy your "subwallet privatekey".

Destroying the "subwallet privatekey" is recommended for "HODL" (you can always recover in the future with the use of "Master privatekey" + "master passphrase", when you want to spend your funds).

Destroying the "subwallet privatekey" is not recommended if you make recurring payments because it will increase the use of your "Master privatekey" and "master passphrase" to generate the "subwallet privatekey".

Exchanges could increase this limit in the "owner's btc book" for example to "100 btc", if the requests for signatures with the master key is reduced, then the risk of hacking will be reduced.

makes sense if it's possible to setup the limit without using "master privatekey".

It is not possible, if this were allowed, to modify the limit of a "subwallet address" without the signature of the "master privatekey" your funds would be at risk in their entirety.

[DaveF]

the fact of their losses is the result of non-existent or obsolete security measures, that is the strong point of this project, limiting the risk of loss, currently anyone with access to a private key can empty the wallet completely, the same with multi-signatures always 2-3, 3-5 should be used. With this project, even if a subwallet has 10000BTC is hacked, your risk of losing will be the amount stipulated by you and not the total of the funds.

An exchange needs a hot wallet that can send enough to keep them running without human intervention.
No 2nd password or anything like that. Just Dave requested funds, here they are.

They should always keep most of their funds in a cold wallet that is multi-sig and / or hardware based to fill up the hot wallet.
Either one needs human intervention. You are just doing it a different way.

-Dave

[Satnamakoto]

the fact of their losses is the result of non-existent or obsolete security measures, that is the strong point of this project, limiting the risk of loss, currently anyone with access to a private key can empty the wallet completely, the same with multi-signatures always 2-3, 3-5 should be used. With this project, even if a subwallet has 10000BTC is hacked, your risk of losing will be the amount stipulated by you and not the total of the funds.

An exchange needs a hot wallet that can send enough to keep them running without human intervention.
No 2nd password or anything like that. Just Dave requested funds, here they are.

They should always keep most of their funds in a cold wallet that is multi-sig and / or hardware based to fill up the hot wallet.
Either one needs human intervention. You are just doing it a different way.

-Dave

Why do you assume that this proposal cannot be automated without human intervention?

[DaveF]

the fact of their losses is the result of non-existent or obsolete security measures, that is the strong point of this project, limiting the risk of loss, currently anyone with access to a private key can empty the wallet completely, the same with multi-signatures always 2-3, 3-5 should be used. With this project, even if a subwallet has 10000BTC is hacked, your risk of losing will be the amount stipulated by you and not the total of the funds.

An exchange needs a hot wallet that can send enough to keep them running without human intervention.
No 2nd password or anything like that. Just Dave requested funds, here they are.

They should always keep most of their funds in a cold wallet that is multi-sig and / or hardware based to fill up the hot wallet.
Either one needs human intervention. You are just doing it a different way.

-Dave

Why do you assume that this proposal cannot be automated without human intervention?

Because if there is any automation of opening the wallet with the possibility of moving all the funds then it's vulnerable.
That is the entire point of cold storage / hardware wallets. Someone has to physically do something. It's not 100% online and vulnerable. Even if it's click a button, you would like to assume the person moving the funds would at least check what is happening.

If you can do it without that, then what's the point.

-Dave

[larry_vw_1955]

 

How does it work:

1. Creating "subwallet address":

The new btc addresses would be created from the "master address" with the following theoretical formula "master private key" + "master passphrase"
 (this is your unique key) = "new btc address" which for reference we will call "subwallets address" .

why  does there have to be a deterministic relationship between the master private key and what you later refer to as the subwallet private key?

2. A transaction signed by the "master privatekey" + "subwallet privatekey" will be sent to the blockchain announcing that the created bitcoin address
"subwallet address" is your property, this operation cannot be replaced and will be permanently saved in it. that we will call "owner's btc book"

 what's the incentive for people running full nodes to want to store the "owner's btc book"? it's not making them any money but it will be costing them storage space and overhead. plus, there's no limit to the size it could grow and it never gets smaller.

-for transactions greater than "1 btc" it is necessary to sign with the "master privatekey" + "subwallet privatekey", this will be compared with the
owner's btc book.
-for transactions smaller than "1 btc" that we will call "subtransaction", only the signature of the "privatekey subwallet" is necessary (as it currently works).

Another problem with this idea is the arbitrary choice of "1btc". What's 1 btc worth? The blockchain doesn't know. It could be worth alot but it might not be worth much. That depends on its relationship to the US Dollar for example, something the blockchain doesn't know anything about. As if that issue weren't enough, there's the other issue that even if you have some way of adjusting "1btc", the value of "1btc" might have different meaning to different bitcoin users. So while 0.1 btc might be alot for me, it might mean very little to someone else. Your one size fits all valuation doesn't make much sense in that regard and is not useful as a security procedure for that reason also.

[NotATether]

Aside from technical problem which already mentioned by @pooya87, who's the target of this security method? I expect that,
1. Regular users don't bother with such complex setup.
2. People with serious security concern already setup their airgapped/cold wallet and don't bother switch to new protocol.
3. Exchange won't find it's useful since they regularly move big amount of Bitcoin (which means they always need "master privatekey" & "master passphrase").

Don't forget to add: Most people will unfortunately continue to put greed over logic and get scammed by sites and videos they see. There's no technological solution to that.