Topic: Help me understand the ownership and provenance of the technology behind Bitcoin (Read 876 times)

I think the most important thing that the Blockchain is offering people are the fact that the information that are being stored in the Blockchain,

cannot be wiped by a single entity. The problem with previous methods are that people are misplacing records or even changing it to serve their

agendas. Once "data" is added to the decentralized Blockchain, it cannot be changed. { It is stored on 1000's of computers in many different

locations } I might not be "technically" capable to fully understand the details, but I have some idea why they want to use the Blockchain to store

that data in this manner.   ..... Bitcoin can be used for smart contracts too.... and there is space to save other "data" too.

Either way, they have been around long enough that they are not likely to pull anything shady and as long as your business gets done, then don't rock the boat.

It may be that coinbase uses a finite lot of addresses and recycles them.  One day an address is assigned to you for a specific TX and once the TX has confirmed and the outputs consumed, the address goes back in the pot for the next client.  That would be a major pain to handle on the server side, but who knows.  They very likely use an hierarchical wallet structure with many address generated under a smaller set of addresses.

We are getting into some technical details here, but...

There aren't actually any addresses in the blockchain or in transactions.  There is a 160 bit hash of the public key.  The concept of an "address" is something that wallets and services use to to communicate with us humans.  By entering an address we tell the wallet what type of script to create in the transaction output with the hash (P2PKH, P2SH, etc).

Then later when you want to spend that transaction output, the wallet uses the information that it knows (the private and public key) to provide an appropriate input script.  With the type of address you're probably most familiar with seeing (the version 0 addresses that start with a "1") this would mean supplying a digital signature of the transaction (calculated using the private key and the Secp256k1 ECDSA curve) AND the public key.

Every node that verifies the transaction would then be checking on two things:
1. The provided public key hashes to the exact value that was provided in the output.
2. The signature provided can be validated using that given public key.


The typical user never should.  The purpose of wallet software is to manage all the technical details for you and make it easy to secure your private keys.


I know Coinbase likes to call their service a "wallet", but in reality that is a bit misleading.

Typically, with bitcoin, a wallet is a collection of one or more private keys (for example "paper wallets"). Most software wallets additionally include interfaces to provide you with:

• Bitcoin addresses that are associated with those private keys
• An easy way to build transactions using bitcoin addresses
• The sum of all the value you have control over
• Information about transactions that transfer control over value to private keys the wallet software knows about
• An easy way to secure your private keys with encryption and to create backups of them
• The ability to sign other messages with those private keys

The most important thing about a wallet though is that you have exclusive control over your private keys (typically stored in a file on your computer/phone/etc).  Much like a physical leather wallet in your back pocket where you have exclusive control over the dollar bills you put into it.

What Coinbase provides is more like a bank account.  You give your bitcoins to them (or have others give bitcoins to them on your behalf).  In exchange, they give you a promise that they will send an equivalent amount of THEIR bitcoins wherever you ask whenever you ask. They keep track of your "balance" in their own database.  If one Coinbase user sends to another Coinbase user, no actual bitcoins ever move (since Coinbase already has the bitcoins and private keys).  Instead, they just reduce the "balance" in their database for one user and increase the "balance" in their database for the other user.

You have to decide for yourself if you trust Coinbase to ALWAYS be able live up to their promise to send THEIR bitcoins on your behalf.  You are trusting them to secure the private keys properly (from both external and internal threats), to create adequate backups of those keys, and to say NO to any government entity that may ask them to turn over control.

That being said.  The reason you never see your private keys with Coinbase is because you don't have any.  Coinbase has private keys for THEIR bitcoins, and you have an entry in their database that keeps track or their promise to you.


Yes.  The addresses that you see that start with a "1" are all "version 0 addresses" (also known as P2PKH, or Pay-to-public-key-hash)

You may also hear others call these "version 1" addresses since they are the first "address" type that was common in bitcoin AND they start with a "1".  I typically call it a "version 0" address because the character "1" in base58 represents the "nothing" value (there is no zero character in base 58), and the first byte in the address is literally the "version byte".  Therefore the address literally has a value of 00000000 in binary.


The other type of address is generally called "version 2" (also known as P2SH, or Pay-to-script-hash).  This type of address starts with a "3".  They are commonly used for multi-sig outputs.

This is the second address type that became common in bitcoin. Additionally in base58 (because of the lack of a zero) all of the other single digit values are represented by a character that is off by 1 position from what you are familiar with in other bases, so the value of 2 is represented by a character of "3".

There are a few other common output types that don't have a standard "address" representation (such as Pay-to-public-key AKA P2PK, and native multi-sig)


While Coinbase will give you a new address to use to have bitcoins credited to your account, the old addresses don't stop working.  Even after they've given you a new address, you can continue to receive bitcoins at your old addresses.


Exactly.


Coinbase has thousands (millions?) of addresses and private keys.  In their database they associate some of those with your account so that when they receive any transactions that are associated with those addresses they update the database entry.  Then they typically immediately transfer that value to a more secure address in their "vault".  Yes, for each address that they manage, they have a unique private key.


It is extremely fast and easy for a computer to start with a public key and calculate the associated address.  It is also extremely fast and easy for a computer to start with a private key and and calculate the associated public key.

Therefore, wallet software generates a random private key, then calculates the one associated public key, then calculates the ONLY compressed key P2PKH address that is associated with that public key.  Eventually when the bitcoins received with that address are spent the wallet published that ONE known public key to the blockchain along with the signature.  As such, the whole world knows that ONE public key is associated with THAT ONE address.

There is no known way to do the process backwards.  If you ONLY have a P2PKH address (or the associated 160 bit hash value), there is NO KNOWN WAY to calculate ANY of the public keys that would have resulted in that value.  As such, nobody ever knows any of the other public keys that could have resulted in the same address.

Only Coinbase can tell you how they do their business, but Bitcoin only works the one way.  It is a private/public key pair that is needed to work within the wallet.  Do not worry so much about the second public key that will likely confuse you.  The wallet "address" is not the either key.  The private/public key pair is not locked to the address, but they are all derived from each other.

Imagine that you go to a website and sign up.  They want you to choose a username, but that username can only be numbers, say six digits.  You do not pick your password, your password is automatically your username with each digit divided by 2.  Not good security, but dividing the username(public key) by 2 is a super simple algorithm to derive the password(private key).

It is is not a perfect analogy, but it gets the point across.  Now, back to Coinbase and the new addresses you keep getting.  As the blockchain needs to remain anonymous, but a website cannot work without some user data, there has to be way to associate the wallet info with the web site client.  Most sites will give the new user a generated address when they request it or sign up and then that wallet info is paired with the user info in a DB on the web server. 

I want to clarify this -- and keep in mind that I have only used online wallets. Are you saying the public key is used for spending bitcoins (I thought it was the private key)? Frankly, I never saw any public keys or private keys. Apparently, coinbase keeps the customers wallet private keys secret -- so that coinbase can take advantage of their cold storage. Is a version 0 address the common type we see today? What is the version of the other common bitcoin address?


Apparently, I was digging myself a deeper hole of confusion here. I assumed an address was a public key. Thank you for correcting me on this. The additional reason I confused myself is because I noticed my address for receiving bitcoins would sometimes change for my online wallet.

 
This must explain why coinbase generates a new address on my wallet for every transaction.

Does my coinbase wallet use several private keys? because coinbase generates a new address for every transaction.

You lost me on that last statement. Why is only 1 public key known to be associated with a Bitcoin address, when technically there are many associated public keys?

well there are many ways to prevent forgery, like this
firstly
take the example above of your address 1E7em3nT5AdDr35s

but this time imagine that the land registry had to be involved in the first 'official' stamp of approval. to vaildate it..

---

your address 1E7em3nT5AdDr35s is combined with another address 1L4ndR3g15tryAdDress belonging to the land registry service
these 2 addresses form a multisig
3E7em3ntL4ndr3gaDdre5s

and that address makes the 'log'/'registration'
3E7em3ntL4ndr3gaDdre5s (0.05) =>  unabletodecode
script decoded: DoL L594729

by it being a dual signed 'tx' by both sides
this then becomes the 'genesis log'. (proved it was official)

where you can prove you are you by signing a message
'i Mr element of 72 main road, klondike, alaska, own 1E7em3nT5AdDr35s'
and hand out the public signed message, signed using 1E7em3nT5AdDr35s to anyone wants to query it

---

now when you sell land you can sell the deed on and just 'spend' the tx with the L594729 token to the intended recipient. no longer needing the land registry service to be involved at each sale.. because the taint of the 'tx' shows the original official genesis log of registration..

so now the only real owner of the land is the latest owner of the token DoL L594729 which has a 'tx' taint  that goes back to the genesis tx of said token

It depends on the method being used.

If a government service is managing this and just using the blockchain to register public proof of the date and validity of paperwork they are storing, then he'd have to find a way to create legitimate looking paperwork that results in the exact same hash value.  There is currently no known way to do this if the proper hash algorithms are used.


If transactions in blockchain itself are being used to transfer peer-to-peer without a third party storing offline proof, then they'd need to steal your private key from you.

I have to tell my work to succeed in front of my own father, but why dad always support me in the right words. This will help me, and I'm sure others, explain Bitcoin and its crypto.

Thank you so much. Now to bring this home for me... what would someone need to do to forge documentation that he is the rightful owner, and not me?

Wow - I have been trying to explain to my father how this stuff works, but could never put it in the right words.  This will help me, and I am sure others, explain Bitcoin and other cryptocurrencies.

No.  They don't.  Take a look at all those posts that responded to you (if a moderator hasn't come in here and cleaned them out yet).  See the colorful advertisements in the signature space at the bottom of their post?  That means that they are getting paid by an advertiser to create posts in this forum.  Most of them don't know much, and they don't care if they give bad advice.  They just make stuff up and repeat things they think they've seen on other threads in hopes of getting past the forum moderators and getting paid for the post by the advertiser.

BrewMaster seems to be an exception to that.  While he does have a paid signature ad, he seems to actually be making an effort to learn and share knowledge.  I wouldn't call him an expert at this point, but he does have valid information to share.


You're doing ok.  Although some of what you think you already know isn't quite accurate.


Transactions have a unique identifier.  It isn't usually called an "address".  It is typically called a "transaction ID" or a "txid".  It is really just a SHA256 hash of the transaction data.


Generally when talking about bitcoin, "Public keys" and "addresses" are not the same thing.  A version 0 address can be generated from a public key, but they are two different values.  One is used when spending the bitcoins, and the other is used when receiving them.


Neither public keys nor addresses are "temporary".  Public keys are "permanently" stored in the blockchain when used, and the information necessary to generate the address is also permanently stored in the blockchain when you receive bitcoins.

For privacy and slightly increased security it is generally advised that you only use each address (and therefore each public key) only once, but that isn't enforced by the bitcoin protocol and many people choose to re-use that information for future transactions.


That's a very awkward way to say that the public key is mathematically associated with a private key, and that the public key can be calculated if you know the private key.  It isn't typically called "a private key address".  It's just a private key, which can be used to calculate a public key, which can be used to calculate an address.


This is false.

Each private key has only 1 associated public key.

Each public key has only 1 associated version 0 address.

Technically, each version 0 address is associated with an average of about 7.9 X 10²⁸ different public keys. However, in reality only 1 of those public keys is ever known.


There are a variety of methods.  I'm not sure what the book you are reading is suggesting.

One method would be to have a legal framework that associates a public key with the land and to send a specific amount of bitcoin to the address that is generated from that public key.  If the initial owner of the land is the only person with access to that public key, then that transaction output will ONLY be spendable by that person.  Therefore, if the appropriate legal framework were in place, then transferring ownership of the land could be as simple as spending that output and in the same transaction creating a new output with the exact same number of bitcoins under the control of a new public key for which someone else has the associated private key. That new person would be able to prove their ownership rights to anyone that questions them by simply signing a message with the same key.  If they want to transfer ownership, they'd do the same as the previous owner (spend their transaction output and in the same transaction creating a new output with the exact same number of bitcoins under the control of a new public key for which someone else has the associated private key).


You would spend the transaction output that you received control over when you received the land and use the hash of the new owner's public key in the output script of your transaction.


Depending on the online wallet that you used, you might not be able to perform the necessary tasks to accomplish any of this.  You'd need a wallet that provides "coin control" or else a piece of software designed specifically to handle the property control transfer transaction for you.



A hash is a digest that is mathematically calculated from some starting data.

There are different types of hashes, but for this purpose the "starting data" would be the text of a document that was securely stored somewhere and represented the land. The result of the hash would be a unique value within a large range.

The hash function would result in the exact same value every time you run it against the exact same input, and a completely different value if you run it against input that is not EXACTLY the same.  Therefore, you could prove the original document hasn't been modified (since that would result in a different hash value).  One of the most common hashes used for this purpose is SHA256.

adding onto what brewmaster said as he covered part of what i was going to say

then for the layman part


imagine you own
1E7em3nT5AdDr35s    address

usually you go on to blockchain.info and see lots of transactions

1R4ndomAddr3s5 (0.1) =>  1E7em3nT5AdDr35s (0.05)
1R4ndomAddr3s5 (0.1) =>  1R4ndomAddr3s5 (0.05)

now imagine
1E7em3nT5AdDr35s (0.05) =>  unabletodecode
script decoded: DoL L594729

which refers to

use smartbit to view these transcations, they show the OP_Return stuff, blockchain.info doesn't!
https://www.smartbit.com.au/tx/8745dfc0d189672abbce8ee09f3a314742b0023e4fdde3737ebc1c87e9eb62ff
this is the hash: 293d910d8d0ada5cf7647287047fafb6e8496b0e06660395d1ff5ebcec8f1208fffffffffffffff f

i am also not exactly sure how the document hash is obtained

the following is my assumption and may be wrong:
it probably is obtained by doing some hash function such as SHA256 or maybe MD5 on some data, it can be an string, JSON, PDF,... containing all the information belonging to the property trade that they want to save.

simple example:
SHA256("There's trouble abrewing!") = 30642FC17F957B390426CD016E10A194C903833E8105FEB9DFD4CFC894E163EC

then you put that hex in the OP_Return part and send the transaction.
that hash only belongs to that string and is unique. and having the private key of a bitcoin address like the one bitfury has, you will be the only one capable of saving that hash hex on the blockchain with that key.

then if you want to know what that hash is you have to find it in the property office database since hashes are irreversible and see what does it belong to.
you show me 30642FC17F957B390426CD016E10A194C903833E8105FEB9DFD4CFC894E163EC
then i tell you the string was "There's trouble abrewing!", you check and it is ok. if i lie and say "There's no trouble abrewing!" the hash doesn't check out so it can also be fraud proof.

the news article https://www.forbes.com/sites/laurashin/2016/04/21/republic-of-georgia-to-pilot-land-titling-on-blockchain-with-economist-hernando-de-soto-bitfury/#44da340744da

I think this might be exactly what I was looking for. Thanks!

Seeing that public key address on blockchain.info with the unique transaction id's makes so much more sense now. I had to basically imagine this in my head as I read through several pages. So does the document hash actually contain something like formal documentation with text (I am not geeky enough for this, so I don't know what document hash is)? Or is the document hash some arbitrary ownership-identity data that is associated to formal documentation?

So if you combine this with the inherent timestamps, and the fact of sealed-permanent blocks on the blockchain, there is some really valuable potential here for ownership of assets... this is really enlightening.

are you by any chance talking about "saving data on the blockchain"? because if you are talking literary about ownership of a land, then there is this thing called OP_Return which allows you to put arbitrary data in your transaction and then save it on the blockchain and that data can be anything that fits in there.

BitFury (a mining pool) is currently doing this. they save document hashes belonging to land ownership[1] (or something like that) on the blockchain.

you can see all their transactions in this address:

[1] edit: the word i was looking for was "property rights registration"

Ok, let me try this again. Lets make this really simple. I know you guys understand this a lot better than I do, so I think I need to simplify this for myself. I am so bad at trying to ask the right questions when I get confused.

I am aware that transactions have unique addresses and in those transactions there are public key addresses. I am also aware that those public key addresses are temporary (at least from my own personal use) and they represent a private key address; I know you can have more than one public key address attached to the same private key address.

I want to know how you can use a Bitcoin transaction to establish ownership -- lets say for a piece of land as an example.

Then lets say I transfer ownership of that land to someone else, because I decided to sell it to that person for whatever reason. How can you identify that the person I sold it to is the real owner of that land.

P.S. I don't know if this would be relevant, but I have only used online wallets.

You should start by looking at every Andreas Antonopoulos video that you can find. IT's the best way to start. People generally understand things better if they hear them unlike reading walls of text.

To verify that you own a certain private key, you send a transaction and enter a PGP key within the transaction that you own.