http://www.economist.com/blogs/babbage/2013/11/internet-security
Babbage unfortunately wrote the article so it sounds like I invented this concept. It's really the result of collaborative brainstorming on this forum between many people, but Jeff Garzik and especially Peter Todd deserve a tip of the hat for their contributions.
Quote
Internet security
Buying a new identity
Nov 19th 2013, 20:44 by G.F. | SEATTLE
BITCOIN hits the headlines when the virtual currency's exchange rate hits new highs (or lows) against real-world monies. And so it did when the rate spiked to $900 from around $400 a week earlier, following some positive noises during a hearing on it and its kind in the American Senate. (It has since fallen back to around $700.) Less talked about is the potential of Bitcoin's ingenious inner workings to transform other online activities.
Take internet identities, used to shop on the web, validate e-mail addresses or create social media accounts. Mike Hearn, one of the core developers of the software that powers the Bitcoin system (whose niceties we explain here), says that creating such identities poses a conundrum. Most forms of online ID (eg, a social-media account) are verified using other forms (such as an e-mail address) which are easy to crack, hijack or forge.
Mr Hearn suggests relying instead on the cryptographic trick that ensures the security of Bitcoin transactions. Bitcoin is a peer-to-peer computer network made up of its users’ machines, similar to BitTorrent, a file-sharing system. New Bitcoins are minted, or "mined", as the computers in this network execute hard number-crunching tasks. The entire network is then used to monitor and verify both the creation of new Bitcoins through mining and the transfer of Bitcoins between users.
Every new transaction is broadcast across the Bitcoin network and appended to a collective log, called a block chain, of all previous transactions in the system. The machines in the Bitcoin network communicate to create and agree on updates to the block chain. Roughly every 10 minutes a user whose updates to the log have been accepted by the network is awarded a fixed number (currently 25) of new Bitcoins.
The system makes it computationally difficult to create a doctored block—one containing illicit transactions such as sending the same Bitcoins twice to two people, say, or reversing a Bitcoin transfer to a vendor after he had dispatched the purchased product. That is because having such forged transactions validated and attached to the globally accepted block chain would require outpacing the network's combined computing power. Only a fraudster who controls more than half of the network's total number-crunching capacity—a tall order—could achieve such a feat, and only for transactions less than about an hour old.
Mr Hearn's secure-ID scheme similarly relies on a block chain and on rewarding miners who keep it up to date. An identity would be established by performing a transaction in which no Bitcoins are transfered from the owner to another named party. Instead, the owner would donate a sum—say, $200 worth of Bitcoins—that the first miner to approve a block with this transaction in it would get as his mining fee. (Since the winning miner is always revealed at random, the owner cannot simply redirect the virtual cash back into his account.)
The donor thus possesses a receipt of the transaction that can always be verified against the public Bitcoin ledger. Stealing someone's identity would require swiping his private key. It comes in the form of a unique private cryptographic key mathematically matched to a public key embedded in the donation record. The Bitcoin-based private key then comes to resemble traditional digital signatures, which also use a combination of private and public keys to verify the holder's identity. Except, that is, that Bitcoin's anonymity ensures that the donor's identity would no longer need to be verified by an outside, signature-granting authority. It could, in other words, be confirmed without ever being revealed to anyone.
Like account-passwords for many sites, private keys are vulnerable if stored in online Bitcoin wallets (which have been hacked); much less so if maintained on a user's computer (since hacking a particular desktop, while not impossible, is harder than inflitrating the cloud). Serious Bitcoin users anyway keep their private keys in "cold" storage on unpowered hard drives that are never linked up directly to internet-connected computers.
The scheme also has another feature Mr Hearn thinks desirable: accountability. If the ID-buyer uses it to access a website only to break its rules—for instance by trolling on online forums or slandering someone on Facebook—and be banished from it, he can always go back to Bitcoin and secure a new Bitcoin ID simply by making another donation. But at least it will cost him.
Buying a new identity
Nov 19th 2013, 20:44 by G.F. | SEATTLE
BITCOIN hits the headlines when the virtual currency's exchange rate hits new highs (or lows) against real-world monies. And so it did when the rate spiked to $900 from around $400 a week earlier, following some positive noises during a hearing on it and its kind in the American Senate. (It has since fallen back to around $700.) Less talked about is the potential of Bitcoin's ingenious inner workings to transform other online activities.
Take internet identities, used to shop on the web, validate e-mail addresses or create social media accounts. Mike Hearn, one of the core developers of the software that powers the Bitcoin system (whose niceties we explain here), says that creating such identities poses a conundrum. Most forms of online ID (eg, a social-media account) are verified using other forms (such as an e-mail address) which are easy to crack, hijack or forge.
Mr Hearn suggests relying instead on the cryptographic trick that ensures the security of Bitcoin transactions. Bitcoin is a peer-to-peer computer network made up of its users’ machines, similar to BitTorrent, a file-sharing system. New Bitcoins are minted, or "mined", as the computers in this network execute hard number-crunching tasks. The entire network is then used to monitor and verify both the creation of new Bitcoins through mining and the transfer of Bitcoins between users.
Every new transaction is broadcast across the Bitcoin network and appended to a collective log, called a block chain, of all previous transactions in the system. The machines in the Bitcoin network communicate to create and agree on updates to the block chain. Roughly every 10 minutes a user whose updates to the log have been accepted by the network is awarded a fixed number (currently 25) of new Bitcoins.
The system makes it computationally difficult to create a doctored block—one containing illicit transactions such as sending the same Bitcoins twice to two people, say, or reversing a Bitcoin transfer to a vendor after he had dispatched the purchased product. That is because having such forged transactions validated and attached to the globally accepted block chain would require outpacing the network's combined computing power. Only a fraudster who controls more than half of the network's total number-crunching capacity—a tall order—could achieve such a feat, and only for transactions less than about an hour old.
Mr Hearn's secure-ID scheme similarly relies on a block chain and on rewarding miners who keep it up to date. An identity would be established by performing a transaction in which no Bitcoins are transfered from the owner to another named party. Instead, the owner would donate a sum—say, $200 worth of Bitcoins—that the first miner to approve a block with this transaction in it would get as his mining fee. (Since the winning miner is always revealed at random, the owner cannot simply redirect the virtual cash back into his account.)
The donor thus possesses a receipt of the transaction that can always be verified against the public Bitcoin ledger. Stealing someone's identity would require swiping his private key. It comes in the form of a unique private cryptographic key mathematically matched to a public key embedded in the donation record. The Bitcoin-based private key then comes to resemble traditional digital signatures, which also use a combination of private and public keys to verify the holder's identity. Except, that is, that Bitcoin's anonymity ensures that the donor's identity would no longer need to be verified by an outside, signature-granting authority. It could, in other words, be confirmed without ever being revealed to anyone.
Like account-passwords for many sites, private keys are vulnerable if stored in online Bitcoin wallets (which have been hacked); much less so if maintained on a user's computer (since hacking a particular desktop, while not impossible, is harder than inflitrating the cloud). Serious Bitcoin users anyway keep their private keys in "cold" storage on unpowered hard drives that are never linked up directly to internet-connected computers.
The scheme also has another feature Mr Hearn thinks desirable: accountability. If the ID-buyer uses it to access a website only to break its rules—for instance by trolling on online forums or slandering someone on Facebook—and be banished from it, he can always go back to Bitcoin and secure a new Bitcoin ID simply by making another donation. But at least it will cost him.