I just made my first Bitcoin ATM withdrawal... 3BTC from my printer.

[ErebusBat]

Actually I thought of a reason why to use AES instead of XOR, even if it were with no IV, and the key were a simple hash of the password (to prevent lengthening of the string).  It occurred to me that someone having an encrypted private key along with a decrypted version of that private key would be able to deduce the password hash if XOR was used, which could then be used to decrypt other private keys encrypted with that same password, without knowing the password.  AES would probably stop this.

So, back to square one: the actual key standard and encryption method needs to be worked out before Bitaddress.org or something similar can really implement it.

Also an IV and whatnot isn't a real big concern, just use KeyStreching http://en.wikipedia.org/wiki/Key_stretching, specifically PBKDF2

[1714238000]

1714238000

[1714238000]

1714238000

[1714238000]

1714238000

[1714238000]

1714238000

[1714238000]

1714238000

[Gyrsur]

I assume it's the private key that's under your finger. Without any additional security measures, how can one be sure that a paper coin is unspent?

The idea with these is that the receiver of a bill scans the private key, immediately moving the funds to another address. The bill can then be discarded.

So stupid... if you NEED INTERNET ACCESS to verify it, then why is it in paper in the first place?

This is only useful for personal offline backup, never to be used for public transfer.

not if you think about a restaurant or a shop. they have always there equipment on. if you want to buy on a flea market for examble the seller of goods have to check if the notes are funded via a mobile and give back the change notes. the big advantage should be that one party are able to take bitcoins with it offline in notes. and sure you can easily hoard it at home as BTC notes.

[RDWHAHB]

I assume it's the private key that's under your finger. Without any additional security measures, how can one be sure that a paper coin is unspent?

The idea with these is that the receiver of a bill scans the private key, immediately moving the funds to another address. The bill can then be discarded.

So stupid... if you NEED INTERNET ACCESS to verify it, then why is it in paper in the first place?

This is only useful for personal offline backup, never to be used for public transfer.

The recipient needs internet access. I plan to use this method if I for local, in person sale of my bitcoins for cash.

For example: I have a localbitcoin ad to sell 10BTC. Someone responds and we meet wherever he is comfortable with his internet access. I print and fund a 10BTC bill before going out to meet him/her. We exchange cash for paper, and they transfer the coin to there own wallet. Yes, they should have access, but I don't need anything other than my printed coin. I don't have a smart phone so this is ideal for me.

[Gyrsur]

I assume it's the private key that's under your finger. Without any additional security measures, how can one be sure that a paper coin is unspent?

The idea with these is that the receiver of a bill scans the private key, immediately moving the funds to another address. The bill can then be discarded.

exactly this is how the process should work.

[Gyrsur]

I assume it's the private key that's under your finger. Without any additional security measures, how can one be sure that a paper coin is unspent?

The idea with these is that the receiver of a bill scans the private key, immediately moving the funds to another address. The bill can then be discarded.

So stupid... if you NEED INTERNET ACCESS to verify it, then why is it in paper in the first place?

This is only useful for personal offline backup, never to be used for public transfer.

The recipient needs internet access. I plan to use this method if I for local, in person sale of my bitcoins for cash.

For example: I have a localbitcoin ad to sell 10BTC. Someone responds and we meet wherever he is comfortable with his internet access. I print and fund a 10BTC bill before going out to meet him/her. We exchange cash for paper, and they transfer the coin to there own wallet. Yes, they should have access, but I don't need anything other than my printed coin. I don't have a smart phone so this is ideal for me.

yeah also if you think about gifts. you want to spread the idea of bitcoin within your family and spend gifts of BTC bills to all. so they don't need to check if the bills are funded because they trust in you.

[unclemantis]

0.001BTC

1JkoYMWCEE65DyjHBFpC6Gg7YWQvc26FXz


AES 128 PASSPHRASE ENCRYPTED PRIVATE KEY

[CoinDiver]

The problem with self printed bills is always going trust. This is where it would be useful the have trusted third party vendors issuing paper currency, with bitcoins to back the value. Hide the private key under a tamper evident hologram just like the coins. You should be able to get these printed for pennies.

There is nothing wrong with having a central issuer of paper money... the problem is when they have an effect on the value of that money. This would not be the case here.

These self printed bills would be great for use where both parties trust the other.

[Dansker]

This stuff is begging for an article in The Bitcoin Magazine!

[casascius]

So stupid... if you NEED INTERNET ACCESS to verify it, then why is it in paper in the first place?

Mainly because of the speed with which you can make the transfer.  You can pull out paper bills and pay in single-digit seconds, just like cash.  When everybody has a smartphone and could pull it out and wave it and pay with under 10 seconds, my proposal will be meritless.  But not everybody has a smartphone, and those that do will spend 30-60 seconds opening the app, scanning a code, initiating a transaction, and waiting for the merchant POS to detect the transaction, and those seconds are very long when you're holding up the line at the checkout counter figuring out your Bitcoin payment and wishing you just swiped your debit card.

[tonto]

I'm a newbie when it comes to QR codes, but I was wondering if there's enough 'room' in the QR code so that if you had a reader that would read those QR codes on the bills and send any remaining change to an address in the QR code?  That way you could easily tear/up and throw away the original bill, and not have to worry about security issues since that amount would then be zero.  Then your change is back to your wallet (either home or mobile).
 
Obviously the QR readers (POS?) and software would have to know how to deal with the left over but then you could reprint for the next time you went out, or maybe a mobile QR maker could make your QR code when you're ready to go back up to the bar and get a refill beer (assuming you're out of your pre-printed bills)?
 
I love your physical ideas casascius, and wondered if something like this might be thought about?

[casascius]

I'm a newbie when it comes to QR codes, but I was wondering if there's enough 'room' in the QR code so that if you had a reader that would read those QR codes on the bills and send any remaining change to an address in the QR code?  That way you could easily tear/up and throw away the original bill, and not have to worry about security issues since that amount would then be zero.  Then your change is back to your wallet (either home or mobile).
 
Obviously the QR readers (POS?) and software would have to know how to deal with the left over but then you could reprint for the next time you went out, or maybe a mobile QR maker could make your QR code when you're ready to go back up to the bar and get a refill beer (assuming you're out of your pre-printed bills)?
 
I love your physical ideas casascius, and wondered if something like this might be thought about?

There is room, and this could be implemented as one way to specify the change address.  (e.g. it includes a "changeto" section, so if the user doesn't scan a different specific change address, the changeto one is used by default, which points to the home wallet).

[unclemantis]

Mike. Do you like my example that I posted above? The passphrase is pretty obvious.

[casascius]

OK, Windows users can download my current version of the utility and print Bitcoin notes!  It's on the menu under Tools - Paper Wallet Generator.

Binary and source is included.  https://casascius.com/btcaddress.zip

Requires .NET Framework 4.0 (which should be present on any recent Windows system).  Compiling Source requires Visual Studio 2010 (and probably will work with the free versions of Microsoft's C# compiler)

Note there is a PNG file that contains the graphic used on the notes - you can change this with any other png file with the same aspect ratio.

EDIT: I forgot it also uses the Ubuntu font, and if you don't have this installed, it will probably substitute some other font on your system.

[unclemantis]

OK, Windows users can download my current version of the utility and print Bitcoin notes!  It's on the menu under Tools - Paper Wallet Generator.

Binary and source is included.  https://casascius.com/btcaddress.zip

Requires .NET Framework 4.0 (which should be present on any recent Windows system).

Note there is a PNG file that contains the graphic used on the notes - you can change this with any other png file with the same aspect ratio.

Downloading now.. will give it a shot.

[casascius]

Mike. Do you like my example that I posted above? The passphrase is pretty obvious.

I scanned it and got U2FsdGVkX1+GmmpNCQBb+zrHyMSmAQsnk4heY+SbUssaTj+d+E2Vd5eb7D30CAdr3HFSk6hifRqQDGWputN7qz6tdyHe/2YyNV2ElfZ7cXg= but didn't make any effort to guess at the passphrase.  I am also thinking that going forward, there should be a regular format for password-protected keys (i.e. instead of something looking like 5JVpCLEMPARHYy6zVu78PR9Tc7KvLhCBLfCib3qRt1KQTxFYMsP, it would be more like 6pEKRVv4ELhVm8nGJjQNmsoLBjYDXuuZG8RAzht9Z8L6TSYJaf1 where 6p means this is a passworded priv key).

[unclemantis]

Mike. Do you like my example that I posted above? The passphrase is pretty obvious.

I scanned it and got U2FsdGVkX1+GmmpNCQBb+zrHyMSmAQsnk4heY+SbUssaTj+d+E2Vd5eb7D30CAdr3HFSk6hifRqQDGWputN7qz6tdyHe/2YyNV2ElfZ7cXg= but didn't make any effort to guess at the passphrase.  I am also thinking that going forward, there should be a regular format for password-protected keys (i.e. instead of something looking like 5JVpCLEMPARHYy6zVu78PR9Tc7KvLhCBLfCib3qRt1KQTxFYMsP, it would be more like 6pEKRVv4ELhVm8nGJjQNmsoLBjYDXuuZG8RAzht9Z8L6TSYJaf1 where 6p means this is a passworded priv key).

That does seem to be a lot shorter. I am welcome to any standardization that you can bring to the base.

[Gyrsur]

OK, Windows users can download my current version of the utility and print Bitcoin notes!  It's on the menu under Tools - Paper Wallet Generator.

Binary and source is included.  https://casascius.com/btcaddress.zip

Requires .NET Framework 4.0 (which should be present on any recent Windows system).  Compiling Source requires Visual Studio 2010 (and probably will work with the free versions of Microsoft's C# compiler)

Note there is a PNG file that contains the graphic used on the notes - you can change this with any other png file with the same aspect ratio.

EDIT: I forgot it also uses the Ubuntu font, and if you don't have this installed, it will probably substitute some other font on your system.

+100 Thank you very much! Need a while to play around with it.

[OpenBNS]

Thanks for posting this.  I just printed 8 Bitcoin bank notes.  No problems.

[SgtSpike]

Love the looks!

I do like the idea of having "tear off" private keys in a variety of denominations all on the same piece of paper.  Maybe 10x 0.1 BTC tearoffs, 5x .25 BTC tearoffs, 2x 0.5 BTC tearoffs on a small one, and 10x 1 BTC tearoffs, 5x 2 BTC tearoffs, and 2x 5 BTC tearoffs on a large one.  Then, you just pull out one of the two bills and tear off the relevant denomination when a payment needs to be made.

How small could the private key QR code be made while still being readable by the typical QR reader?  Seems as though you'd need just three things on the tearoff:  A QR code for private key, a firstbits address for verifying that the address is funded, and a denomination (such as 0.25 BTC) on it somewhere to identify how much is SUPPOSED to be in that address.  If you could fit 17+ tearoffs on the same bill, it would be awesome. 

[Meatpile]

I assume it's the private key that's under your finger. Without any additional security measures, how can one be sure that a paper coin is unspent?

The idea with these is that the receiver of a bill scans the private key, immediately moving the funds to another address. The bill can then be discarded.

So stupid... if you NEED INTERNET ACCESS to verify it, then why is it in paper in the first place?

This is only useful for personal offline backup, never to be used for public transfer.

The recipient needs internet access. I plan to use this method if I for local, in person sale of my bitcoins for cash.

For example: I have a localbitcoin ad to sell 10BTC. Someone responds and we meet wherever he is comfortable with his internet access. I print and fund a 10BTC bill before going out to meet him/her. We exchange cash for paper, and they transfer the coin to there own wallet. Yes, they should have access, but I don't need anything other than my printed coin. I don't have a smart phone so this is ideal for me.

Offline bitcoin transactions will never work unless you have strong cryoptography based hardware, and the coins are held by an escrow third party. (escrow would need to hold those funds for an amount of time until both parties hardware has checked in with the master server)

Unless you are talking about just transacting with your well trusted friends, there is always a breakdown of trust in multiple locations:

- So only the recipient has internet access in your example: he doesnt want to hand you cash until he sees the private key you are handing over actually has money in it. So he can scan it, hand it back and say it was already empty and runs away. Well he just stole the coins.
- (Well just let him scan the public key and not the private one) well ok in that case you can scam him by NOT putting the REAL private key under your thumb
- He doesnt want to hand you cash until he knows he can get bitcoins, you dont want him to scan any private key until you have cash


Lets pretend for a minute none of that matters, say casascius physical coins have a hidden private key under a hologram... Well if casascius wants to make any profit at all he has to sell them for more than they are worth. This means that if it is at all possible to make a fake, that costs less than it is worth, the market WILL get flooded with fakes.

Now there is one scenario that may work: if it costs MORE to produce a physical bitcoin representation than it is worth. In that case you wouldn't want to make a fake that costs more than its worth.  But why on earth would anyone do such a thing? They can not make profit and lose money doing it?