[IDEA] Removing trust from physical coin makers re: Priv Key generation

[ClayCastCrypto]

I posted in the thread that I started about the possibility of eliminating the human element.
digicoinuser uses opendimes: https://bitcointalk.org/index.php?topic=5354556.0

I know there was some resistance to it but I would like to keep exploring that idea.
If we take ourselves as flawed humans out of the entire loop would that be better?

There would probably be a bunch of things to be worked out, but it should probably be considered.
Along with the possibility of some kind of standard. Not sure what what it would be / how it would look.

=Dave

Yes, top of mind for future projects.
Current work would be difficult.

[Kialara]

@smoothie, I recall you reaching out to me with this concept in 2014… yea it started getting a little too complex for me as my work has enough complexities as is... especially at that time. And working solo is always nice b/c you can go at your own pace.

@DaveF, I started exploring the idea of integrating Opendimes into my bars when they came out. The question that prevented me from going this direction is: How can you guarantee that the Opendime will be good in 100+ years? Or even 10 years.

I also considered a sculptural work that had let’s say ten Opendimes inside, where each would hold something like 0.1 BTC - to mitigate the risk a little.

And lately I've been looking into these Satschips as they’re much smaller, but still the same issue with a potential hardware failure.

In my minds eye I'm currently working on a concept that will be a DIY style piece but unique to what's currently on the market.

And perhaps as I transition to these DIY versions, it might make the previous versions that can hold bitcoin and be sold on the secondary market more valuable.

So yea, It's likely that the Kialara Builders will be the last pieces I created that will come loaded with public/private keys. I will confirm this soon. I do hope the issue of trust can somehow be solved... it's something I am thinking about all the time.

[MoparMiningLLC]

for bip38 and with having 2 entities involved with applying first the PK and then the pw - you would probably need two people somewhat close so as to not be paying a fortune to ship coins back and forth and without risk to losing them in the process.

there is the split key method https://en.bitcoin.it/wiki/Split-key_vanity_address

I apologize but someone here was working on it and at this time and moment, I cannot recall who it was.

another option is always offer DIY

[slimzak]

The truth is, DIY coins are not as appealing as maker funded coins. Most collectors like to collect due to the potential upside in value of the pieces. DIY coins don't trade well since you have to trust the buyer who generated the private key instead of just the maker of the coin.

Yogg destroyed a coldkey collection worth over a million dollars for the $15k he has stolen so far. I suspect there will be more cases like this especially since a lot of new makers are entering the space and the price of BTC will rise

I'm happy to see smoothie taking initiative in finding a solution and I hope a solution that involves 2 trusted makers to work together can happen. Maybe smoothie and another trusted maker can work together and do what Ballet have done:

"To improve the security of Ballet Wallet private keys, the keys are encrypted – the key is generated and printed in China, while the required passphrase is generated and printed in the USA."

[MoparMiningLLC]

The truth is, DIY coins are not as appealing as maker funded coins. Most collectors like to collect due to the potential upside in value of the pieces. DIY coins don't trade well since you have to trust the buyer who generated the private key instead of just the maker of the coin.

Yogg destroyed a coldkey collection worth over a million dollars for the $15k he has stolen so far. I suspect there will be more cases like this especially since a lot of new makers are entering the space and the price of BTC will rise

I'm happy to see smoothie taking initiative in finding a solution and I hope a solution that involves 2 trusted makers to work together can happen. Maybe smoothie and Kialara can work together and do what Ballet have done:

"To improve the security of Ballet Wallet private keys, the keys are encrypted – the key is generated and printed in China, while the required passphrase is generated and printed in the USA."

here is the deal with that - many of the coins are not actually "funded" by the maker. The maker has the buyer send funds to an address prior to shipment and then calls these "maker funded" and then they sell "buyer funded" where the buyer funds it when the receive it. There is no difference between these two scenarios - the buyer in both cases is directly funding the coin/collectible.

I do understand that not everyone wants to do their own keys though - so having a more secure way is a great idea.

Makers need to stop saving/keeping copies of the keys - use a system that puts the keys in RAM so when the machine is shut off the keys are gone - I have heard from some that do this.

Me personally, I dont save the fiile that comes out of the generator - I run the program copy the keys to a QR generator, copy that to a document and then print it - once done I close the document without saving, I close the programs without saving - essentially whatever I printed is all there is. I do typically do 2-3 of each address/key pair for in the situation I fuck up a holo. once the project is done, all remaining keys (good and peeled ones) are cross shredded and then burned. My system is airgapped - the wifi and bluetooth modules removed. I use disposable usb drives (made from paper) to update the laptop periodically - these are also cross shredded and burned after use and never ever go back to the online system. I also periodically replace the hard drive, drill it and burn it.

is there a chance that one time I could keep a key or two - sure.  But my face is known by many here - my name is known and my address is known.

There is not enough money in the world that would entice me - doing so would make me a marked man - I have too many kids and grandkids to go on the run lol

But I do get that this fear can still be there for some people. and a split key process or BIP38 or 2FA - something else would make it more secure.

It also makes the process longer and harder. Is it worth it?  and does it remove all the need to have trust?  hard to say...

[LoyceV]

I'm not familiar with BIP 38 specifically.

See I'm BIP38 curious, please help me out!: $1000 wasn't enough motivation to crack password "zLwMiR" in 2 years time.

[krogothmanhattan]

I'm not familiar with BIP 38 specifically.

See I'm BIP38 curious, please help me out!: $1000 wasn't enough motivation to crack password "zLwMiR" in 2 years time.

   I designed a stamp back in 2017 and loaded with 0.02 BTC. BIP38 encrypted...been onliine for 6 years now and the Bitcoin is still on it.

   Pretty secure design from the looks of it! 

   https://crypto-stamps.com/

 

[LoyceV]

I designed a stamp back in 2017 and loaded with 0.02 BTC. BIP38 encrypted...been onliine for 6 years now and the Bitcoin is still on it.

The problem is of course that whoever created the encrypted key, has to know both private key and password. So it doesn't remove trust from the coin maker, unless the buyer of the coin provides the encrypted private key by himself. That means the buyer already has the private key and can sweep it without peeling, but it also means the buyer can't sell the coin again because the second buyer has to trust the first buyer.

[krogothmanhattan]

I designed a stamp back in 2017 and loaded with 0.02 BTC. BIP38 encrypted...been onliine for 6 years now and the Bitcoin is still on it.

The problem is of course that whoever created the encrypted key, has to know both private key and password. So it doesn't remove trust from the coin maker, unless the buyer of the coin provides the encrypted private key by himself. That means the buyer already has the private key and can sweep it without peeling, but it also means the buyer can't sell the coin again because the second buyer has to trust the first buyer.

  Your absolutely right and I was not implying that just by one person generating it solves the trust issue.

   However, if you were to trust two people then as I told Smoothie this is how I woud do it....  https://bitcointalk.org/index.php?topic=5434754.msg61596323#msg61596323

        With the BIP38 the coin in my opinion would need to have two halos. One for the password and the other for the private key. You would need to have one person apply the private key under one holo and the other do the password under the other Holo and those people are not be next to each other whilst doing or even better...far away

     The program would be as such only one person can have access to the opriv key and the other just the password. One is useless without the other

      Or two coins...one with the priv key and the other with the password..I have made such coins as well

   I am sure this code is very doable...we have Mr Robots here. Mike created BIP38 already...this would have to be done remotley from each other and in synch to generate a private BIP38 encrypted key to one person and the other would be the password issued person.

   Very doable. But then again its a matter of trust...but in this case you would need to have a failure from two people in instead of one!

[BobbyCoins]

Why not outsourcing key-production at all? This 2-factor and multi-sig solutions can work but come with their cons for less tech-affine producers and artists...

Some years ago I drafted a cold storage where key generation is basically outsourced to the most trusted producer I could find (in terms of accountability and liability) and I came across this: https://www.cardwallet.com/en/home/

In corporation with the Austrian state mint (they produce passports but AFAIK not the crypto stamps) which would transfer trust back to the state again -and I know how this sounds but hear me out- also liability) they developed an automated production process -no humans involved- and they have to be compliant with security standards...

The cards are customizable; IDK to which extent but by placing keys & QRs in a way so you can cut them out and insert into the collectible this made sense to me.

Price is a different story (€39.90 for a single pair of keys... puh) which would have been manageable for my planed run of 21 pieces.
But what if some manufacturers of collectibles work out a design-pattern which defines sizes, shapes, fonts, positions of all needed infos and do a customized run at the best producer of private keys we can find?

Edit.
New coin producers and artists who run small series could share the same security as producers of high numbered series while not being liable... bringing down costs further and I tend to believe that a state is easier to hold accountable for messing up than someone who can rug-pull you and hide in a hole.

[Humble Bitcoiners]

Was chatting a lot with members here over the last days. Thinking about BIP 38 encryption, multisig, built in hardware...

As a non coin maker doing handmade, low output proof of work art pieces i thought about leaving holos and funding completely.

I can only speak for myself here of course. For me it's all about dedication, passion. What can be more beautiful than a rare piece of Bitcoin art in which 100s of hours of work got transfered.

Lifetime got spent, converted and saved in the Art

[minerjones]

QUESTION: Are there any physical coin creators that would be willing to contribute to the process of creating a physical collectible where they would create a portion of the key in a multi-sig coin that would collaborate with other physical coin creators?

Requirement: At least 3 known and trusted physical coin creators would be needed to do a 2-of-3 multi-sig coin.

I can see why those who turned me down in 2014-2015 did not want to participate or just never got back to me. I'm also not 100% sure I would want to do such an endeavor as it would depend upon the terms & agreement and the outlined responsibilities of each party

Sounds like a lot of work.  

Good in theory... but now you are trusting 3 makers
And the logistics of this sound horrible

How about just let makers make their collectibles however they want.... keyed, keyless, DIY, whatever....
It just comes down to if you trust the maker... if not... don't buy the collectible

Can't we just make collectibles that are just that? why do they have to have keys? why do they have to be loaded?

"NOT YOUR KEYS, NOT YOUR COINS"

[LoyceV]

       With the BIP38 the coin in my opinion would need to have two halos. One for the password and the other for the private key. You would need to have one person apply the private key under one holo and the other do the password under the other Holo and those people are not be next to each other whilst doing or even better...far away

     The program would be as such only one person can have access to the opriv key and the other just the password. One is useless without the other

This still doesn't work.

Example:
BIP38 encrypted private key: 6PYW6YBemMMAdxWXFmo264SZjtVN5DW5hu2xeXVJyDA8S3v9NRTk1i7G1y
Password: bQ68SmCCNEuRBGx8
You're absolutely right: one is useless without the other. If you puth them under separate holograms, you'll need to peel both to redeem the coin.

But: I made both of them. I know the unencrypted private key is Kxj464nKCGk4qwdDWx1ribWSjttT3e9Y1qzFDYVQYvYJdQ2HyHS7 and there is no way to prevent this. It gives a fake sense of security at best, and it's impossible to avoid.

[krogoth]

       With the BIP38 the coin in my opinion would need to have two halos. One for the password and the other for the private key. You would need to have one person apply the private key under one holo and the other do the password under the other Holo and those people are not be next to each other whilst doing or even better...far away

     The program would be as such only one person can have access to the opriv key and the other just the password. One is useless without the other

This still doesn't work.

Example:
BIP38 encrypted private key: 6PYW6YBemMMAdxWXFmo264SZjtVN5DW5hu2xeXVJyDA8S3v9NRTk1i7G1y
Password: bQ68SmCCNEuRBGx8
You're absolutely right: one is useless without the other. If you puth them under separate holograms, you'll need to peel both to redeem the coin.

But: I made both of them. I know the unencrypted private key is Kxj464nKCGk4qwdDWx1ribWSjttT3e9Y1qzFDYVQYvYJdQ2HyHS7 and there is no way to prevent this. It gives a fake sense of security at best, and it's impossible to avoid.

  Not if you have two people doing them separately.

  They would both need to try and scam you for it to work...instead of one person. One would not know the others keys or password

  But yes still a point of failure

[minerjones]

        With the BIP38 the coin in my opinion would need to have two halos. One for the password and the other for the private key. You would need to have one person apply the private key under one holo and the other do the password under the other Holo and those people are not be next to each other whilst doing or even better...far away

     The program would be as such only one person can have access to the opriv key and the other just the password. One is useless without the other

This still doesn't work.

Example:
BIP38 encrypted private key: 6PYW6YBemMMAdxWXFmo264SZjtVN5DW5hu2xeXVJyDA8S3v9NRTk1i7G1y
Password: bQ68SmCCNEuRBGx8
You're absolutely right: one is useless without the other. If you puth them under separate holograms, you'll need to peel both to redeem the coin.

But: I made both of them. I know the unencrypted private key is Kxj464nKCGk4qwdDWx1ribWSjttT3e9Y1qzFDYVQYvYJdQ2HyHS7 and there is no way to prevent this. It gives a fake sense of security at best, and it's impossible to avoid.

  Not if you have two people doing them separately.

  They would both need to try and scam you for it to work...instead of one person. One would not know the others keys or password

  But yes still a point of failure

Better have 2 different holograms then... what would prevent the 2nd person from peeling the first persons, taking the info and then reapplying that one and then their 2nd one??

[Humble Bitcoiners]

QUESTION: Are there any physical coin creators that would be willing to contribute to the process of creating a physical collectible where they would create a portion of the key in a multi-sig coin that would collaborate with other physical coin creators?

Requirement: At least 3 known and trusted physical coin creators would be needed to do a 2-of-3 multi-sig coin.

I can see why those who turned me down in 2014-2015 did not want to participate or just never got back to me. I'm also not 100% sure I would want to do such an endeavor as it would depend upon the terms & agreement and the outlined responsibilities of each party

Sounds like a lot of work.  

Good in theory... but now you are trusting 3 makers
And the logistics of this sound horrible

How about just let makers make their collectibles however they want.... keyed, keyless, DIY, whatever....
It just comes down to if you trust the maker... if not... don't buy the collectible

Can't we just make collectibles that are just that? why do they have to have keys? why do they have to be loaded?

"NOT YOUR KEYS, NOT YOUR COINS"

Exactly what i think. Trustless Bitcoin art needs no priv keys & holos.

Trust one person or 3 or 50...does that make a big difference?

If someone trusts me i'm happy & will try to integrate a priv key & load an item. If not i'm doing the essential thing only...spending time doing Bitcoin art

[Saint-loup]

       With the BIP38 the coin in my opinion would need to have two halos. One for the password and the other for the private key. You would need to have one person apply the private key under one holo and the other do the password under the other Holo and those people are not be next to each other whilst doing or even better...far away

     The program would be as such only one person can have access to the opriv key and the other just the password. One is useless without the other

This still doesn't work.

Example:
BIP38 encrypted private key: 6PYW6YBemMMAdxWXFmo264SZjtVN5DW5hu2xeXVJyDA8S3v9NRTk1i7G1y
Password: bQ68SmCCNEuRBGx8
You're absolutely right: one is useless without the other. If you puth them under separate holograms, you'll need to peel both to redeem the coin.

But: I made both of them. I know the unencrypted private key is Kxj464nKCGk4qwdDWx1ribWSjttT3e9Y1qzFDYVQYvYJdQ2HyHS7 and there is no way to prevent this. It gives a fake sense of security at best, and it's impossible to avoid.

  Not if you have two people doing them separately.

  They would both need to try and scam you for it to work...instead of one person. One would not know the others keys or password

  But yes still a point of failure

Yes but with BIP38 private keys you don't need to use the password if you already know the unencrypted key. You only need it if you only know the encrypted one starting by 6P. It means the unencrypted one should be generated by a kind of blackbox that will destroy it after receiving the password and encrypting it into the 6P one.
People will need to trust this blackbox, this process and its robustness against possible hacks.
IMO it's more convenient and reliable to use 2 keys from a multisig wallet instead of a BIP38 key and a password.

[LoyceV]

 Not if you have two people doing them separately.

  They would both need to try and scam you for it to work...instead of one person. One would not know the others keys or password

That's impossible. You can't encrypt the private key without knowing both password and private key.

It means the unencrypted one should be generated by a kind of blackbox that will destroy it after receiving the password and encrypting it into the 6P one.
People will need to trust this blackbox, this process and its robustness against possible hacks.

In that case, you need to trust whoever created the blackbox. I've thought of a scenario in which 3 trusted people work together to verify all equipment, create private keys, seal the holograms and destroy all other data, but giving more people access in the first place increases the risks again. Cameras can be very small and hidden.

[krogothmanhattan]

 Not if you have two people doing them separately.

  They would both need to try and scam you for it to work...instead of one person. One would not know the others keys or password

That's impossible. You can't encrypt the private key without knowing both password and private key.

It means the unencrypted one should be generated by a kind of blackbox that will destroy it after receiving the password and encrypting it into the 6P one.
People will need to trust this blackbox, this process and its robustness against possible hacks.

In that case, you need to trust whoever created the blackbox. I've thought of a scenario in which 3 trusted people work together to verify all equipment, create private keys, seal the holograms and destroy all other data, but giving more people access in the first place increases the risks again. Cameras can be very small and hidden.

  Dont think its impossible...I believe Ballet does it with their cards.

  And I am sure there are good programmers that can make this happen.

 

[krogothmanhattan]

        With the BIP38 the coin in my opinion would need to have two halos. One for the password and the other for the private key. You would need to have one person apply the private key under one holo and the other do the password under the other Holo and those people are not be next to each other whilst doing or even better...far away

     The program would be as such only one person can have access to the opriv key and the other just the password. One is useless without the other

This still doesn't work.

Example:
BIP38 encrypted private key: 6PYW6YBemMMAdxWXFmo264SZjtVN5DW5hu2xeXVJyDA8S3v9NRTk1i7G1y
Password: bQ68SmCCNEuRBGx8
You're absolutely right: one is useless without the other. If you puth them under separate holograms, you'll need to peel both to redeem the coin.

But: I made both of them. I know the unencrypted private key is Kxj464nKCGk4qwdDWx1ribWSjttT3e9Y1qzFDYVQYvYJdQ2HyHS7 and there is no way to prevent this. It gives a fake sense of security at best, and it's impossible to avoid.

  Not if you have two people doing them separately.

  They would both need to try and scam you for it to work...instead of one person. One would not know the others keys or password

  But yes still a point of failure

Better have 2 different holograms then... what would prevent the 2nd person from peeling the first persons, taking the info and then reapplying that one and then their 2nd one??

   Then it all boils down that even with one holo people can do exactly what you say if they create identical holograms which of course can be done easily.