Author

Topic: [ANN] CRYPTOPROOF: CRYPTOGRAPHIC PROOF OF ASSOCIATION (Read 1524 times)

hero member
Activity: 707
Merit: 505
Pretty interesting. What's a use case?
There is an example use case mentioned above the API section in the OP Smiley
legendary
Activity: 2912
Merit: 1060
Pretty interesting. What's a use case?
hero member
Activity: 707
Merit: 505
Try it out at cryptoproof.info

Summary:
Cryptographic Proof Of Association is a method of identification by which users who submit their bitcoin extended master public keys which comply to the BIP32 standard can have their identity inferred by checking if a subsequent address is a product (subkey) of that public key.

A very simple website with very big implications.

Our service is completely unique and was thought up not only promote the use of bitcoin as a tool for liberation but to also help protect consumers in the new world of 3D printed products which is just on the horizon.

Built from the ground up to be a trustless system, no user names, no passwords, no risk of theft from subkey addresses and no public keys written to disk which means no risk of subkey address exposure even if the site were to become compromised.

Accounts are verified on the back of https certificate authority providers and so no formal identification is required of any kind either.


**UPDATES

    cryptoproof.info
(source) # 19/08/2016

    Scanner app for Android available for testing here.
(source) # NOT COMPATIBLE WITH NEW API, NEEDS UPDATING.
    SHA256 Hash: a5db1ff1e601cb8cd2e80648b74e81ef60765e52e16382cb619548ecda4750e7  cryptoproof_scanner.apk

    Docker container for easy and secure local BIP32 key generation is available here.
(source)
    Docker container to easily decode encrypted strings for account verification is available here.
(source)
    Cryptoproof api tools (withd docker container option) for easy api interaction is available here.
(source) # 27/08/2016

    Massive site redesign and overhaul.
    Connections to cryptoproof.info encrypted using modern cypher suite TLS 1.2
    SSL/TLS Account verification implemented. (a https url is required to use this feature)
    Deposits and withdrawls implemented.
    Key management interface implemented.
    Subkey monitoring and hit statistics interface implemented.
    Webcam QR code scanner implemented.
    Search API implemented.

    Reddit
    3DHubs.com
    3DPrintingForum.org
    3DPrintForums.com

    Article: 16112015 The Bitcoin News

    During beta, accounts are limited to 100 subkeys.
    Current cost per key: $0.01 USD.

    First 10 subkeys are free of charge and require no credit or deposit. No strings attached.


**STILL TO COME

    Android app # COMPLETED 12/11/2015
    Multisig Support # ENABLED 26/11/2015
    Publicly auditable database # ENABLED 28/11/2015
    Key comments
    Recursive verification

    and more...



How it works:
CPOA is a concept made possible by the recent(ish) introduction of BIP32 functionality into cryptocurrencies like Bitcoin.

For those not in the know, BIP32 is a standard by which it is possible to create master private and public keys from which many 'baby' subkeys can be produced.

These subkeys are mathematically linked to one another so for example Bitcoins can be sent to a sub public key address generated by Alice who lives in the UK using the master public key but the funds can only be spent by Bob who lives in America and has the master private key.

This is clearly very useful but what else can we do with this?
We can use it for verification and ID!

Our idea is simple, businesses and individual people can register their master public key with our website which members of the public will be able to visit and confirm if a subkey they have been provided with belongs to the company/individual they believe it does.


Example use case:
In the future when you order an item from a vendor such as a cup or a toy it seems sensible to envision a scenario where rather than have the vendor mail it to you or send it by drone they instead send the blueprint to your 3D printer which produces the item instantly for you at home or maybe they print the item for you themselves and then physically send it but in either case how can you know that you purchased the item from the producer in question and not someone who ordered an item themselves, intercepted the blueprint or scanned the product which was delivered to them and just sold you a clone? (this is a huge problem in the pharmaceutical industry)

Cryptoproof solves this by providing a common location where vendors can register their bitcoin extended public keys allowing them to brand each item with a unique subkey address which cryptoproof can verify so that the consumer can know if a product originates from the producer that they think it does (by seeing if a verified account is associated with it) and if there is more than one copy of that item in existence (by seeing if/how many times that address has been submitted in the past).

Using bitcoin addresses for this purpose adds an extra dimension to the scenario because value can be transmitted to and from them which allows not only for verification but also can be used to keep an immutable record showing how much was paid for the item, who paid it and when the transaction took place.

This technology has the potential to save lives.

Another feature of this method is 'blockchain unburdening', the scanning and submitting of keys in this way does not involve the blockchain and will not contribute to any unnecessary bloat.

Bullets, condoms, electronic parts, photo ID (passports - drivers licenses), receipts, invoices, files (torrents - legal documents), pharmaceuticals, etc.
The list is endless.


More features and use cases:
Json api features:
Cryptoproof now sports a feature complete api allowing users to interface with the application programmatically. You can now automate your server and build applications of your own to interact with cryptoproof!

Subkey features (to name a few):
Cryptographic proof of association,
Associate yourself, your products and even your employees with your company or brand by issuing them with a unique subkey addresses/qr codes which can be verified with cryptoproof.info

Single use seals,
Let your customers know that their product came from a genuine supplier by providing them with a never before seen subkey address which they can verify for themselves. Useful for perishable products such as medication and food.

Counterfeit detection,
Give your customers the opportunity to gauge if their product has been counterfeited by periodically checking the associated subkey address for additional hits which they are not responsible for generating. Useful for 3D printed products.

Issuing authority,
Become an ID issuing authority and produce cryptographically verifiable proof of age and ID photo-cards at near zero cost. You could even use them as registration numbers for vehicles.

Subkey analytics,
Designate subkey indices for specific geographical regions and analyse the volume of hits to deduce the likelihood of fraud in each, for example.

Voting,
Designate even subkey indices to represent Donald Trump and odd indices to represent Hillary Clinton. Email the qr codes to your constituents and count up the scans without incuring transaction fees or bloating the bitcoin blockchain.

Security features:
Account verification,
Accounts are verified on the back of your websites SSL cert. A random string is encrypted with your certificate and once you submit the unencrypted version back to cryptoproof.info your account will become verified.

Funds,
The private key to release funds from your account is derived at login and is only accessible for the life of your session which means an attacker would not have access to your funds if the platform were to be compromised.

Trust features:
No trust required. Subkeys are derived from your extended public key, we never have access to the private components of your extended key or any of its derivatives.

Other features:
No blockchain bloat,
Cryptoproof does not impact the bitcoin blockchain.


API: # Refer to github repo for more details
Code:
https://cryptoproof.info/api/search
Code:
status : bool # true
message : dict
  compressed_address : str
  associated_url : str
  verified_status : bool
  hits : int
-
Code:
https://cryptoproof.info/api/url
Code:
status : bool # true
-
Code:
https://cryptoproof.info/api/verify
Code:
status : bool # true
-
Code:
https://cryptoproof.info/api/account
Code:
status : bool # true
message : dict
  deposit_address : str
  credit : decimal
  available_keys : int
  upper_index : int
  free_keys : int
  balance : decimal
  price : decimal
-
Code:
https://cryptoproof.info/api/login_history
Code:
status : bool # true
message : list
-
Code:
https://cryptoproof.info/api/subkey_activity
Code:
status : bool # true
message : list
-
Code:
https://cryptoproof.info/api/transaction_history
Code:
status : bool # true
message : list
-
Code:
https://cryptoproof.info/api/index
Code:
status : bool # true
-
Code:
https://cryptoproof.info/api/withdraw
Code:
status : bool # true
-
Code:
error
Code:
status : bool # false
message : str

Account setup and verification video tutorial:



cryptoproof_scanner app for Android



cryptoproof id card (front and back)



user pubkey dashboard (after registration)


subkey deposit address returning valid and registered to cryptoproof (because we issued it)


subkey instantiated by user existing in database


pubkey dashboard showing subkey hit



FAQ

Quote
Can you explain what this solves that public key certificates don't solve ?
In essence we log the number or hits each subkey receives and so provide an indication to the consumer as to whether their particular item is unique or not.

The consumer is also able to see at a glance who the registered vendor is without having to understand what an SSL certificate is and how to verify it's signature, we take care of that for them by getting the vendor to verify their identity in advance using the SSL certificate provided at the https url they own.

An added advantage to this is that value may be sent to this key because it is a valid address on the BTC network which is a feature the vendor may make use of if they wish.

Vendors are also able to monitor the number of hits each subkey has received which can be used for analytical reasons.
Jump to: