Author

Topic: Casascius Coins: Am I doing "Proof of Existence" right? (Read 1517 times)

legendary
Activity: 2618
Merit: 1007
You might make it even easier to counterfeit since you provide already high quality scans.3d printing technology in a few years might be able to replicate these dings and scratches perfectly.

All in all i don't really see a benefit of doing this.
legendary
Activity: 1330
Merit: 1003
Is the hash inserted into the blockchain via the public note feature?

I don't know of this feature, can you link a description? I inserted it in this case by "converting" the hash (using it as private key) to a bitcoin address and then sending 1 satoshi to it (feel free to take the satoshi, btw).

On some wallets you can embed a public note in the blockchain, Blockchain.info supports this, and you can see the notes in recent transactions.

EDIT: Using blockchain.info, you have to use custom send, not quick send.
donator
Activity: 2772
Merit: 1019

The attack I'm trying to prevent is someone outright counterfeiting a coin by making the same brass round and having an identical hologram produced and then just printing one of casascius' prefixes (already on a genuine coin produced by him).


Okay, I see.

This only seems useful if (1) You have a really sophisticated counterfeit, and (2) you have physical possession at the time you buy it.  If the counterfeit isn't sophisticated a visual inspection will already show it's fake.  If someone is selling on ebay, they can just use your image to sell it.

If someone uses an incorrect picture (of another coin) on eBay and says it's a picture of the actual coin (which the buyer should ask for), then he provably tried to scam you. It's probably not a good idea to do this. Also: A series 1 coin in 2023 (given bitcoin remains successful) is probably not going to be sold without prior physical inspection being at least made possible.

The seller can also say that any dings or scratches were just wear and tear.  "Picture was taken when the coin was MS-69, but now it's AU-55!"

He would have to reproduce the dings and scratches already present on the image, though. They don't just disappear by aging. New ones may have appeared, true, but those can be ignored. Have you looked at the scans? You can make out various irregularities. Those would likely be extremely hard to counterfeit, I guess.

EDIT: here's a closeup:


kgo
hero member
Activity: 548
Merit: 500

The attack I'm trying to prevent is someone outright counterfeiting a coin by making the same brass round and having an identical hologram produced and then just printing one of casascius' prefixes (already on a genuine coin produced by him).


Okay, I see.

This only seems useful if (1) You have a really sophisticated counterfeit, and (2) you have physical possession at the time you buy it.  If the counterfeit isn't sophisticated a visual inspection will already show it's fake.  If someone is selling on ebay, they can just use your image to sell it.

The seller can also say that any dings or scratches were just wear and tear.  "Picture was taken when the coin was MS-69, but now it's AU-55!"
donator
Activity: 2772
Merit: 1019
I don't get it, doesn't this only proof that the picture exists on the specific time?

You can match a coin with it's picture (using scratches, irregularities, rotation of hologram, etc...) if the picture is good enough.

Wouldn't this only make sense, to proof that the picture you show was indeed taken by Mice and not by you, so it's not a counterfeited coin you are selling, but indeed a casascius coin?

Yes, Mike will likely do something like this himself and that will be even better. However: he can't do it for the currently existing coins. But these coins are probably going to be the most desirable collectors items. Right now only the person in possession of a coin can do this.

What is the purpose of you doing this?

To enable the public to verify that a specific physical coin has existed at a certain point in time (e.g. April 11th 2013). Since it's unlikely that we already have good counterfeits floating around and therefor all currently existing coins are likely to be authentic, this results in proof of authenticity of the coin at some future date.

Think about a collector getting his hands on one of these rare series 1 coins. Let's say it's the year 2023. If he can prove without a doubt that this coin has existed in April 2013 (which is possible for coins we today "certify the existence" of), he has a much higher likelyhood of actually looking at an authentic coin.
donator
Activity: 2772
Merit: 1019
Is the hash inserted into the blockchain via the public note feature?

I don't know of this feature, can you link a description? I inserted it in this case by "converting" the hash (using it as private key) to a bitcoin address and then sending 1 satoshi to it (feel free to take the satoshi, btw).
legendary
Activity: 1232
Merit: 1001
I don't get it, doesn't this only proof that the picture exists on the specific time?

Wouldn't this only make sense, to proof that the picture you show was indeed taken by Mice and not by you, so it's not a counterfeited coin you are selling, but indeed a casascius coin?

What is the purpose of you doing this?
donator
Activity: 2772
Merit: 1019
This seems too clever for its own good.

What is the attack you're trying to prevent?  I just happen to have a public key containing exactly 0.5 BTC from with the same prefix that was funded at the same time as an authentic coins?  Then later I print that on a bunch of coins?  It seems anyone who is going to take the trouble to verify the single-satoishi transaction can just use Casascius' signed list of public keys.

I think you would be better off just issuing a signed (either known pgp key or known bitcoin address) certificate of authority if there's a demand.

Seems like a lot of work just to get the blockchain to notarize the COA.

The attack I'm trying to prevent is someone outright counterfeiting a coin by making the same brass round and having an identical hologram produced and then just printing one of casascius' prefixes (already on a genuine coin produced by him).

I think your "bunch of coins" will physically look different (dents, scratches on the surface, exact orientation of hologram and prefix) from the specific original coins from which you have "stolen" the address, right?

Currently it would probably be too expensive to pull that off, but given some time, it can become worthwhile.

Counterfeiting all the little dents, scratches and artifacts on a coin (by which a physical coin can be associated with an image of one) is probably close to impossible.
legendary
Activity: 1330
Merit: 1003
Is the hash inserted into the blockchain via the public note feature?
kgo
hero member
Activity: 548
Merit: 500
This seems too clever for its own good.

What is the attack you're trying to prevent?  I just happen to have a public key containing exactly 0.5 BTC from with the same prefix that was funded at the same time as an authentic coins?  Then later I print that on a bunch of coins?  It seems anyone who is going to take the trouble to verify the single-satoishi transaction can just use Casascius' signed list of public keys.

I think you would be better off just issuing a signed (either known pgp key or known bitcoin address) certificate of authority if there's a demand.

Seems like a lot of work just to get the blockchain to notarize the COA.
donator
Activity: 2772
Merit: 1019
Mike Caldwell recently suggested to resellers (and others I guess) to insert a hash of a scan of coins into the blockchain to make checking for counterfeits easier. That way on can, by comparing the specifics of the coin with the scan and then verifying the hash of the scan has been in the blockchain at time x, prove that a particular coin has existed at a certain point in time.

This will only work for products I produce from today forward, but here is an idea you can do right now.  The counterfeiting hasn't happened yet.  Go throw your current stash of Casascius Coins on a scanner, scan a photo of them, take a 160-bit hash of the file, and then work that hash into the block chain somehow.  Convert the hash to a bitcoin address and send a satoshi to it (my Bitcoin Address Utility can do this, for example).  Your photo with its supporting hash in the block chain will be publicly verifiable proof that the coin in your photo existed today.

I want to do this for the 1/2 BTC coins I will at some point resell to add some value and am designed a process for this.

Best have it community-reviewed?

So here's an example:


(click for pdf)

This "certificate" is not really necessary, but it nicely wraps up the relevant information and I can give it to customers in printed form (adds value).

What is necessary to be able to verify existence of coin at specified time is the scan itself.

Here's the TIFF of the scan.

Here's the relevant data from the "Certificate" for easier access (you could copy/paste from pdf also I guess):

  • coin address: 1CsWiHgjQHHAfBhnfuxjLgLjjwh1Z6YN5E
  • scan hash: 7d12543c7f5f42e2aa18e1af1c2937a1ac33ca180f8c074446f4ab49fb6a1c8a
  • bitcoin address of scan hash: 1M92yAUsswQ5XfiPYpTyveaLvsQrYaSK6w
  • sent 1 satoshi to that address, tx_id: 11ac4700a5021579a8d5510911b3d33417b8075f5b657a389cfb6ac934aa65f9

Specific Question I have

  • Suggestions for changes in wording of the "proof of existence"
  • Should I put "Certificate" on top?
  • I used bitaddress.org to go from hash -> address, can I do that? Is there a better way that doesn't require any tools (I looked at casascius tools but it seemed more cumbersome to use than bitaddress.org).
  • Quality of the scan ok? (I forgot to clean the scanner glass, is that a problem?)
  • The way I made the tx ok?
  • Is TIFF a good choice or could I just as well go with something lossy like png or jpg to save on size?
  • ...

Looking forward to your input.

(I plan to share any scripts I write to automate this process and maybe also the certificate template which I plan to improve).
(In case someone wants to make a template, please use SVG, so a script can easily fill it with data and image and render it to pdf)
Jump to: