A secure Bitcoin spending device doesn't need to store anything other than its private keys. It can give its public keys to the recipient and rely on them to create a valid unsigned transaction. The device just needs to figure out the BTC spent by the transaction (total output BTC minus output BTC to the device's keys) and get the user to confirm. It doesn't matter if the device is given an invalid transaction to sign, since the network will reject it.
It'd be nice for the device to store some transaction details for accounting purposes, of course.
Topic: Dedicated bitcoin devices - dealing with untrusted networks - page 2. (Read 4336 times)
LCD backlights consume a ton of power. Unlighted LCDs consume barely any, and regardless this is a device you'd only power up for a few seconds at a time. eink's nice, but it costs a lot more than a $2-5 LCD.
Point taken.
How much do they cost?
LCD backlights consume a ton of power. Unlighted LCDs consume barely any, and regardless this is a device you'd only power up for a few seconds at a time. eink's nice, but it costs a lot more than a $2-5 LCD.
Edit : hmm you would sync and the tx your friend sent to you you could transmit to the network, but it is not on the blockchain yet. Might be more trouble than its worth
The tx would have to send when THEY sync, then when it has x confirmations you can sync, confirm the tx and split it into 0.1 outputs.Also, customising the output size sent to the device would be nice, personally I would do 0.001, but would that overload the cpu?
Also, lcd screens consume a shit tonne of power. Use kindle-like eink black and white screens, they only need power to move the ink then it stays there without any more power.
Would the communication with the shop be nfc?
Thinking about it, there is no reason that you would have to just sync at home.
Say Starbucks accepts bitcoin and has a little cradle/ reader thing they use for payments. In a quiet moment you could always ask the barista if she minded you syncing. Pop your device in the cradle. Press a button on your device labelled 'sync'. Device asks cradle for up to date tx for it's address, updates it's records.
Because you explicitly requested a sync the device will say 'ok I can believe this data'.
Then if a friend sent you some BTC device to device you could sync and can then spend them.
Edit : hmm you would sync and the tx your friend sent to you you could transmit to the network, but it is not on the blockchain yet. Might be more trouble than its worth
Say Starbucks accepts bitcoin and has a little cradle/ reader thing they use for payments. In a quiet moment you could always ask the barista if she minded you syncing. Pop your device in the cradle. Press a button on your device labelled 'sync'. Device asks cradle for up to date tx for it's address, updates it's records.
Because you explicitly requested a sync the device will say 'ok I can believe this data'.
Then if a friend sent you some BTC device to device you could sync and can then spend them.
Edit : hmm you would sync and the tx your friend sent to you you could transmit to the network, but it is not on the blockchain yet. Might be more trouble than its worth
Any chance of a link where I could buy a board of this type.
Here you go:
http://www.mouser.com/Embedded-Solutions/Engineering-Tools/Embedded-Processor-Development-Tools/Development-Boards-Kits-ARM/_/N-8x0x4/
Here's a nice cheap one. The chip is a Cortex M4 with 192KB RAM, 1MB flash, ethernet, USB, LCD drivers, SD card support, and more; the board has some accelerometers, buttons, LEDs, a USB port, and some prototyping leads, all for $15:
http://www.mouser.com/ProductDetail/STMicroelectronics/STM32F4DISCOVERY/?qs=J2qbEwLrpCFMptdjNAVzZeZDfltJ6JKw1GLhrq7db5E%3d
Quote
A 32-bit ARM MCU with 256KB of RAM is only about $10 in single units or $5 in volume. That plus an SD card to store the blockchain would give you a full-function device. A CR123A battery would run it for two days of continuous 150MHz operation, and essentially unlimited sleep time. That's certainly heavier than an 8-bit micro running on a couple of watch batteries, but it's something to consider.
Any chance of a link where I could buy a board of this type.
Hi Revalin,
Interesting figures for hardware. That is pretty cheap.
My thinking about the change is that until you sync you cannot be sure that the shop actually sent your tx to the bitcoin network and that you will have the change available to spend later. Hence trying to keep it small.
For example if you use a 10BTC transaction output with 9.9 BTC in change (unconfirmed and possibly not transmitted to the bitcoin network) you cannot be sure that the 9.9 BTC tx output is available to spend at the next store. The device has no network connection of its own to know.
Your device might be declined at the checkout at the next store because your previous change tx output (which you are now trying to spend) does not exist yet. You could send the previous tx in addition to the new one at the second store but it soon gets complicated.
Thanks for your feedback.
Interesting figures for hardware. That is pretty cheap.
My thinking about the change is that until you sync you cannot be sure that the shop actually sent your tx to the bitcoin network and that you will have the change available to spend later. Hence trying to keep it small.
For example if you use a 10BTC transaction output with 9.9 BTC in change (unconfirmed and possibly not transmitted to the bitcoin network) you cannot be sure that the 9.9 BTC tx output is available to spend at the next store. The device has no network connection of its own to know.
Your device might be declined at the checkout at the next store because your previous change tx output (which you are now trying to spend) does not exist yet. You could send the previous tx in addition to the new one at the second store but it soon gets complicated.
Thanks for your feedback.
A few thoughts:
The store does not have to send the change. The device can create a transaction so 0.05BTC goes to the store and .05BTC goes back to you. There is no need to trust the store to return it or to verify the change.
There is no need to split the inputs into 0.1BTC amounts. It's just as easy (actually easier) to have a single 10BTC input and send a 3.55BTC output to the store and the remainder as change to yourself.
A 32-bit ARM MCU with 256KB of RAM is only about $10 in single units or $5 in volume. That plus an SD card to store the blockchain would give you a full-function device. A CR123A battery would run it for two days of continuous 150MHz operation, and essentially unlimited sleep time. That's certainly heavier than an 8-bit micro running on a couple of watch batteries, but it's something to consider.
The store does not have to send the change. The device can create a transaction so 0.05BTC goes to the store and .05BTC goes back to you. There is no need to trust the store to return it or to verify the change.
There is no need to split the inputs into 0.1BTC amounts. It's just as easy (actually easier) to have a single 10BTC input and send a 3.55BTC output to the store and the remainder as change to yourself.
A 32-bit ARM MCU with 256KB of RAM is only about $10 in single units or $5 in volume. That plus an SD card to store the blockchain would give you a full-function device. A CR123A battery would run it for two days of continuous 150MHz operation, and essentially unlimited sleep time. That's certainly heavier than an 8-bit micro running on a couple of watch batteries, but it's something to consider.
Mainly due to a serial line hack I am attempting (see thread in Alternative Clients) I have been thinking about if it is practical to have
dedicated bitcoin devices.
Here is what I have got so far. Your feedback is very welcome.
What is a dedicated bitcoin device ?
It is a small device with:
1) A small LCD. (A few lines of text, non-touch)
2) A keyboard.
3) It has enough computing power and memory to sign transactions but not enough to maintain a blockchain.
4) No dedicated network connection (no WiFi, no cell phone connection)
5) IO is over a serial connection - micro USB and infrared (IRDA).
6) Low power - you could run it off button lithium batteries for a longtime.
Think: a glorified calculator or Casio electronic dictionary.
Think: cheap to mass produce.
What can you use it for ?
1) You can use it to pay for things in shops with bitcoin.
2) You can use it to send bitcoin directly from one device to another.
3) You sync it (like an iPod) with your main computer to see the transactions in detail and recharge it.
What are the problems ?
There are two main problem areas:
1) Yeah, show me one that works and I will believe it. It's vaporware unless I can hold it in my hand.
2) If it does not have its own network connection how does it know what its balance is ? What is to stop Mallory screwing around with it and sending it bogus transactions?
(Mallory is the generic 'Bad Guy').
Detailed operation in a shop
Here is how I think it would work at Point of Sale:
1) Prior to your shopping spree you sync your device at home against your home PC. The PC creates a watching wallet for the private key that is created on the device (and never leaves it). Because of iPods etc people are used to syncing their devices by plugging them in to their PC. You trust your home PC to give you the real blockchain transactions.
2) The user 'charges' the device by sending it some BTC using your desktop client. The watching wallet sees the transaction and tells the device what unspent outputs it has available to spend. The transaction that the desktop bitcoin client uses to recharge the device has many small transaction outputs (say a tenth of a BTC each).
For instance, if you charged it with 10 BTC , you would have available 100 transaction outputs each of a 0.1 BTC value.
The device stores a list of its unspent outputs and hence knows its balance. Because this is a sync with a PC you trust the device will be happy to spend these unspent outputs. It believes they are real.
3) At the shop, there would be a data exchange as follows. IRDA is at 115.2 kbps so you should be able to do it quickly enough for realtime use.
edit: simplified
3.1) Shop -> device. Shop identifies itself as, say 'Walmart'. Requests a payment of, say, 3.55 BTC using a Bitcoin URI.
3.2) Device -> user. Prompts user with payment amount. User presses 'Confirm' or 'Cancel'.
3.3) Device -> shop. Device creates transaction for the 3.55 BTC, using a total of 3.6 BTC of transaction outputs and sending itself 0.05 BTC of change. Device signs tx and sends it back to shop
3.4) Shop -> bitcoin network. Transmits tx out to bitcoin network.
3.5) Shop -> device. Shop confirms that the tx has been transmitted to the bitcoin network.
The device would then go through its unspent outputs and mark off the spends. The change transaction output it does not believe it can spend yet as it depends on whether Walmart really transmitted the tx. It marks it internally as:
Walmart says: Sent you 0.05 BTC
The shop also does not trust the transaction outputs used in the tx at stage (3.3). It would do a network webservice lookup with a well connected node to check that those outputs were REALLY unspent. It would know the txid and output number so this should be relatively quick. This limits the ability of Mallory to perform a double spend as he has a very short attack window.
Summary of shop transaction.
The device initially had 100 unspent transaction outputs of value 0.1 BTC.
Now it has:
64 unspent outputs of value 0.1 BTC
36 spent outputs of value 0.1 BTC
1 transaction output of value 0.05 BTC that is marked as "Walmart says it sent it to you".
What happens at the next shop
At the next shop the device will not try to spend the "Walmart says" transaction output, only its unspent outputs.
When the user gets home s/he syncs the device and it and the watching wallet compare notes to:
4.1) Confirm the tx are spent and change has been received (It should be as the shop wants its money)
4.2) Perhaps the user also wants to recharge the device and hence there will be new outputs available to spend.
Sending BTC from one device to another
To send BTC from one device to another the exchange would be similiar to in a shop. Say Bob sends Alice 10 BTC. Alice's device stores the transaction but marks it internally as:
"Bob says: Sent you 10 BTC"
Again Alice's device will not try to spend this BTC until the next sync.
The basic principle here is:
You cannot spend a promise
There is more opportunity for Mallory here admittedly as he could hack his device and keep (trying to) spend the same BTC. When Alice syncs she will see that Mallory's tx has been double spent. I expect she will immediately get onto Facebook and start flaming him. Alice's device and desktop in combination say:
"Mallory said he sent you 10 BTC at 10:35am but he is a lying piece of s**t and cheated you"
Perhaps I would not use those exact words in the internationalisation file :-)
How would the UI present the information
Whilst the general public is not very good with technical ideas, everyone knows the difference between these two statements:
"Charlotte thinks you are totally hot and wants you to take her to the prom on Saturday"
and
John says: "Charlotte thinks you are totally hot and wants you to take her to the prom on Saturday"
For the UI on, say, a 2 line LCD you would have something like:
LCD Top row: Balance 12.4 BTC
LCD Second row: Bob says: Sent you 10 BTC
Scrolls: You sent Walmart 3.55 BTC
Scrolls: Walmart says: Sent you 0.05 BTC
Scrolls: Balance with promises: 22.45 BTC
Is this :
Practical ?
Doable ?
Simple enough for the general public ?
Can Mallory brick my device or mess me about ?
dedicated bitcoin devices.
Here is what I have got so far. Your feedback is very welcome.
What is a dedicated bitcoin device ?
It is a small device with:
1) A small LCD. (A few lines of text, non-touch)
2) A keyboard.
3) It has enough computing power and memory to sign transactions but not enough to maintain a blockchain.
4) No dedicated network connection (no WiFi, no cell phone connection)
5) IO is over a serial connection - micro USB and infrared (IRDA).
6) Low power - you could run it off button lithium batteries for a longtime.
Think: a glorified calculator or Casio electronic dictionary.
Think: cheap to mass produce.
What can you use it for ?
1) You can use it to pay for things in shops with bitcoin.
2) You can use it to send bitcoin directly from one device to another.
3) You sync it (like an iPod) with your main computer to see the transactions in detail and recharge it.
What are the problems ?
There are two main problem areas:
1) Yeah, show me one that works and I will believe it. It's vaporware unless I can hold it in my hand.
2) If it does not have its own network connection how does it know what its balance is ? What is to stop Mallory screwing around with it and sending it bogus transactions?
(Mallory is the generic 'Bad Guy').
Detailed operation in a shop
Here is how I think it would work at Point of Sale:
1) Prior to your shopping spree you sync your device at home against your home PC. The PC creates a watching wallet for the private key that is created on the device (and never leaves it). Because of iPods etc people are used to syncing their devices by plugging them in to their PC. You trust your home PC to give you the real blockchain transactions.
2) The user 'charges' the device by sending it some BTC using your desktop client. The watching wallet sees the transaction and tells the device what unspent outputs it has available to spend. The transaction that the desktop bitcoin client uses to recharge the device has many small transaction outputs (say a tenth of a BTC each).
For instance, if you charged it with 10 BTC , you would have available 100 transaction outputs each of a 0.1 BTC value.
The device stores a list of its unspent outputs and hence knows its balance. Because this is a sync with a PC you trust the device will be happy to spend these unspent outputs. It believes they are real.
3) At the shop, there would be a data exchange as follows. IRDA is at 115.2 kbps so you should be able to do it quickly enough for realtime use.
edit: simplified
3.1) Shop -> device. Shop identifies itself as, say 'Walmart'. Requests a payment of, say, 3.55 BTC using a Bitcoin URI.
3.2) Device -> user. Prompts user with payment amount. User presses 'Confirm' or 'Cancel'.
3.3) Device -> shop. Device creates transaction for the 3.55 BTC, using a total of 3.6 BTC of transaction outputs and sending itself 0.05 BTC of change. Device signs tx and sends it back to shop
3.4) Shop -> bitcoin network. Transmits tx out to bitcoin network.
3.5) Shop -> device. Shop confirms that the tx has been transmitted to the bitcoin network.
The device would then go through its unspent outputs and mark off the spends. The change transaction output it does not believe it can spend yet as it depends on whether Walmart really transmitted the tx. It marks it internally as:
Walmart says: Sent you 0.05 BTC
The shop also does not trust the transaction outputs used in the tx at stage (3.3). It would do a network webservice lookup with a well connected node to check that those outputs were REALLY unspent. It would know the txid and output number so this should be relatively quick. This limits the ability of Mallory to perform a double spend as he has a very short attack window.
Summary of shop transaction.
The device initially had 100 unspent transaction outputs of value 0.1 BTC.
Now it has:
64 unspent outputs of value 0.1 BTC
36 spent outputs of value 0.1 BTC
1 transaction output of value 0.05 BTC that is marked as "Walmart says it sent it to you".
What happens at the next shop
At the next shop the device will not try to spend the "Walmart says" transaction output, only its unspent outputs.
When the user gets home s/he syncs the device and it and the watching wallet compare notes to:
4.1) Confirm the tx are spent and change has been received (It should be as the shop wants its money)
4.2) Perhaps the user also wants to recharge the device and hence there will be new outputs available to spend.
Sending BTC from one device to another
To send BTC from one device to another the exchange would be similiar to in a shop. Say Bob sends Alice 10 BTC. Alice's device stores the transaction but marks it internally as:
"Bob says: Sent you 10 BTC"
Again Alice's device will not try to spend this BTC until the next sync.
The basic principle here is:
You cannot spend a promise
There is more opportunity for Mallory here admittedly as he could hack his device and keep (trying to) spend the same BTC. When Alice syncs she will see that Mallory's tx has been double spent. I expect she will immediately get onto Facebook and start flaming him. Alice's device and desktop in combination say:
"Mallory said he sent you 10 BTC at 10:35am but he is a lying piece of s**t and cheated you"
Perhaps I would not use those exact words in the internationalisation file :-)
How would the UI present the information
Whilst the general public is not very good with technical ideas, everyone knows the difference between these two statements:
"Charlotte thinks you are totally hot and wants you to take her to the prom on Saturday"
and
John says: "Charlotte thinks you are totally hot and wants you to take her to the prom on Saturday"
For the UI on, say, a 2 line LCD you would have something like:
LCD Top row: Balance 12.4 BTC
LCD Second row: Bob says: Sent you 10 BTC
Scrolls: You sent Walmart 3.55 BTC
Scrolls: Walmart says: Sent you 0.05 BTC
Scrolls: Balance with promises: 22.45 BTC
Is this :
Practical ?
Doable ?
Simple enough for the general public ?
Can Mallory brick my device or mess me about ?
Jump to: