Bitcoin Forum
June 17, 2024, 02:44:32 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: The Collectibles Issue  (Read 399 times)
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18587


View Profile
January 31, 2023, 10:39:17 AM
 #41

The tamper protection to choose for this application would be protection by self-destruction, i.e. if the buyer gets a device that still works (e.g. signs messages which prove it has the secret keys to spend Bitcoin stored on the printed address), the chip has not been tampered with.
Again, personally I would be deeply uncomfortable with such a set up. If the chip self-destructs after signing a single transaction, then there is a significant risk that you lose coins by signing an incorrect or incomplete transaction. And for most users they will not be familiar with the processes required to create a transaction manually or using a complementary watch only wallet before transferring the transaction for signing, so the risk becomes higher still.

If you want to protect against clipboard malware, you'd also need a screen, but that would make the collectible quite bulky.
Which plays in to my issues above. If you only have one shot at signing a transaction before the chip self destructs, then not having a screen becomes too risky. If, however, you can simply unseal the device but sign as many transactions as you want, then you don't need a screen since you can double check your signed transaction on your computer before you broadcast it, and sign a different transaction should there be any issues.
n0nce
Hero Member
*****
Offline Offline

Activity: 882
Merit: 5829


not your keys, not your coins!


View Profile WWW
January 31, 2023, 12:19:03 PM
 #42

The tamper protection to choose for this application would be protection by self-destruction, i.e. if the buyer gets a device that still works (e.g. signs messages which prove it has the secret keys to spend Bitcoin stored on the printed address), the chip has not been tampered with.
Again, personally I would be deeply uncomfortable with such a set up. If the chip self-destructs after signing a single transaction, then there is a significant risk that you lose coins by signing an incorrect or incomplete transaction. And for most users they will not be familiar with the processes required to create a transaction manually or using a complementary watch only wallet before transferring the transaction for signing, so the risk becomes higher still.
That's true, this is one risk. It is the cost for not having to trust the designer or 'intermediary' owners / second-hand resellers.
Regarding accidental errors, there would need to be a software or extension for a popular wallet like Electrum that makes using these as simple as possible.

If you want to protect against clipboard malware, you'd also need a screen, but that would make the collectible quite bulky.
Which plays in to my issues above. If you only have one shot at signing a transaction before the chip self destructs, then not having a screen becomes too risky. If, however, you can simply unseal the device but sign as many transactions as you want, then you don't need a screen since you can double check your signed transaction on your computer before you broadcast it, and sign a different transaction should there be any issues.
The proposed software should definitely allow you to decode / check / auto-decode that signed PSBT and show you its contents before broadcasting it.
It will be much harder to hack someone's clipboard and the wallet such that it shows a different PSBT decoding result. Although I get what you're saying: the chip is already destructed, no way to re-sign if you notice something's off. You may be able to fit a cheap OLED screen in the collectible, since they make them starting from about $2.



Maybe, the solution will also just be to have 'pretty hardware wallets'. With their full functionality & security, but also full price, just with some nice limited-edition designs. Those won't really be tradeable, though..

Tibu is already making something I'd categorize between 'full hardware wallet' and 'collectible': https://satochip.io/product-category/satochip-designer-edition/

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18587


View Profile
January 31, 2023, 01:50:39 PM
Merited by n0nce (1)
 #43

Those won't really be tradeable, though.
I think that's the bottom line, really. Collectibles should either have nothing to do with private keys, and just be tradable objects in their own right, or they should be entirely self funded but then never traded. Given that the community as a whole makes such a big deal about telling people to only buy hardware wallets from the official site, avoid resellers, avoid second hand devices, always check for authenticity, etc., in order to try to minimize the risk of receiving a tampered device, it seems crazy that we also encourage people to trade funded collectibles which have been in the possession of an unknown number of people.

If someone can come up with a collectible with all the things you've suggested then it will certainly be better than the current situation which depends 100% on trust, but it will never be completely risk free.
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!