Topic: Help: The two wallet system (Read 2913 times)

Hmm... that just gave me an idea for dealing with some of the problems of encrypting private keys. Divide private keys into two pools, encrypted and cleartext. Allow users to move keys from one pool to the other by entering an amount, and attempting to approximate that amount with the coins owned by one or more private keys.

Think it could work?

edit... Fleshed out idea, cross posted from github/issues:

Suppose we encrypt keys with the public key of a separate private key. That private key is encrypted with a symmetric algorithm, whose key is derived from the passphrase. I believe this is how GnuPG works. When we store this encrypted key in the wallet, we also store a reference to the associated private key. (Or, perhaps have it elsewhere on the file system... usb drive? smart card? keyring?) With this functionality, we could prompt the user for a password once and decrypt multiple keys. It also means that a wallet could be separated into virtual partitions with different encryption keys. I think it would allow a smooth transition, but would it be backwards compatible?[1]

Here's the way I imagine interacting with this. I would keep a small amount of bitcoin in the clear. This allows me to easily spend the small amount while assuring I won't lose much if my device is compromised (good for mobile devices). I can easily encrypt/decrypt keys by entering a target amount to "transfer". The actual amount is determined by picking keys with transactions (outputs?) summing to approximately the target[2]. In order to spend more than is in the clear, I must enter one (or more) passphrases, but the rest is automated.

[1]Can the structure of the wallet be modified for encrypted keys and a reference to the encrypting private key without causing a breaking change?

[2]You can't split the output of a transaction without writing to the block chain, right?

It's just terminology but people probably already have two or more "wallets" that they use differently. It just clarifies that the safe is the place where you can put large amounts safely and the wallet is where you can put small amounts that are easier to access and don't have as many overheads, back-ups, off-site copies, etc.

If you had one wallet with BTC 50,000 in it you are going to treat that a lot more carefully than the wallet with BTC 50 in it, no? Just easier to call one the safe and the other the wallet ... take it or leave it, just trying to put some words with concepts that already in practice.

Wallet, safe, vault ... straightforward translation from physical specie.

Entering a password every time you want to send coins (or pulling out your... dongle... err, that didn't come out right, uhh, fetching your one-time-password-generating-device) might be annoying enough that withdrawing 50 or 100 bitcoins that you can spend with minimal hassle would be a nice feature.

Why? It's all the same thing, a group of private keys. If it needs to be more secure, require a password, biometric access, whatever. There's no good reason I can think of to distinguish between one keystore and another.

Eventually I would like to see some bitcoin software featuring a SAFE and WALLET system.

Obviously, the safe stays at home on a system that has significantly higher security specs than the wallet.

By the same token, safes are designed to be harder to get into, even by the user, but hold more and are more rigourously backed-up.
Of the pair, the wallets are easy to open but only hold small amounts and can easily be moved around mobile devices.

Further out, there could be a VAULT for corporate holdings, or a vault for collective holdings held by a trusted security center for people who don't feel confident guarding their own safes.

Your wallet contains keys for all of the addresses you've received bitcoin to, plus 100 that haven't been used. Your backup is good until you've used all 100 extra keys.

The key pool is not a limit, it’s just that 100 addresses already exist. You generate them in the client, but technically they are already there, so the first 100 will always stay the same no matter which backup you’re using.

Hold on, if at any point you only have those 100 keypairs, how is money retained from key 3 to key 304 if each is signed by a given keypair?

The limits will be increased once the network is mature enough to handle it.

thank you very much, sir.
i did not read the c/cpp sources of the bitcoin project. in my vildest dreams the number of transactions per hour was more or less unlimited (or at least 5 digits). i like to learn new stuff (even if it's marked with blood of dead concepts)

The fees are specified in GetMinFee in main.h.

27k of the block is available for free transactions, 250k is available for normal 0.01/k transactions, and 500k is available for higher-paid transactions (required fees are scaled after 250k). These limits overlap. Mainline Bitcoin therefore only fills the block to 500k, and blocks over 1000k will be rejected.

I used an average transaction size of 250 bytes, which is close to the real average of 254.

wat? could you, please, provide me with a pointer to specs how the limits are imposed on the network?
is it the size limit of a block?

He's talking about the faucet. The network will accept ~650 free transactions per hour, and ~6000 transactions at the normal paid rate per hour.

You're talking about the BTC faucet, not the Bitcoin network as a whole, right? If that's all that Bitcoin can process, there's a serious bottleneck right there that could stop early adoption.

if your client has downloaded all blocks in the chain, you would see any incoming payment instantly.
it would have 0 confirmations but you would see the payment as broadcasted in the network and waiting for confirmation.

as for why you do not see it, 'gavin' wrote somewhere that there's a limit of 120 transactions in 2 hours. if you were waiting, you were probably processed in the "next" round. post your address here or PM me and i send you two cents so that you can fool around (p.ex. send one of them to a mybitcoin like web wallet and send it back to you to see the speed of transactions)

the waiting for confirmation does not meat it did not happen.

Bitcoin Block Explorer also has an RSS feature, so you can subscribe to the RSS feed of your savings address to make sure the funds are being delivered.

There's no need to backup your savings wallet more than once if you're using just one address in it and not making any sends. The problem is when new addresses are created. Counter-intuitively, the most common time when an address is created is when you send coins. They are not created when you receive coins. So you should back up after you make 100 sends from your savings account.

[/quote]
It takes one block to be produced (approximately 10 minutes, but that can vary a lot) and after that, you should be able to see the transaction in your client.
[/quote]

Wow, that is one robust system...

Not that I worry, I assume this has all been figured out, but what happens to unconfirmed coins that are sent? 

The reason I understood why people would say to backup your wallet after every transaction is because of address creation. If you have an old version of your wallet backed up, and then create a new address, receive 50 BTC to that address from somebody, and then your hard drive dies a few days later without another backup, the wallet.dat that you have backed up does not have the keys for that address you created. Your 50 BTC would be lost!

If I'm not right, please correct me.

Well, actually you don’t even need to ever backup if you only use a single address in your bank, but that would make it less anonymous. As I said, the wallet stores your private keys to the addresses. The keypool has 100 addresses, so that means that if you use 100 addresses, you will have to backup. I would just backup after each transaction to make sure, I guess.

It takes one block to be produced (approximately 10 minutes, but that can vary a lot) and after that, you should be able to see the transaction in your client.

First of all, thanks so much for the tips, this community is great.

But why is it I don't have to update the savings account at all if I just send to it, but as you guys say, I need to backup after every transaction?

Also, how long does it take to confirm the .05 coins I got from the appspot program by gavin?  If what I understand is right, the transaction needs to be verified by the hashes of more clients?   (8 connections is what I max out at if that has any bearing)

Good to meet a fellow SN listener!

From what I understand:

1) You don't have to have Bitcoin running to receive transactions. If you want to send from A to B, you open up Bitcoin with A's wallet, and send it to an address associated with B. If you don't know what that address is, then you will need to open B's wallet, copy it down, close bitcoin, copy A's wallet over, and then send the transactions.

2) The coins are received. To test it out, setup an account at mybitcoin.com, and transfer .01 BTC. Then shut down your bitcoin client, and transfer it to your client's address. Stay away as long as you can, and then bring it back up. As blocks are downloaded, you will see your transaction suddenly appear!

3) The savings wallet should be updated as frequently as you want. No transactions are lost, it will just take time to download the blocks that you are missing. I open/update mine every day because I want to be able to send BTC within a few minutes if I want.

4) Not from what I can tell. The only traffic is the getwork command and the report back. Other than that, it's just your CPU or GPU crunching numbers.

5) Yes, but without the ability for a government to issue more. It's more like vaporizing gold; the material is destroyed forever, until somebody figures out how to sort through all the molecules of the air and extract the gold particles to recombine them. Not an easy task.

Good luck, and glad to have you here!

1) You don’t have to use wallet B if you just want to send it to B if you have B’s address. Check out blockexplorer if you want to see transactions without your client. Don’t forget to backup your wallet every time a transaction is done.

2) Right, all transactions are stored in the blocks, so you never have to be online.

3) You can update it however often you want, it doesn’t matter. If you load your wallet and all the blocks, you’ll have what you have been sent.

5) Yes, excactly. The private keys to your public key addresses are stored in the wallet. Once you lose it, you have no chance to get back your bitcoins.

No, it's easier. You just start up your B "saving" instance once, so it creates a wallet.dat with the private key. Then, you write down your B's receiving address and backup your B wallet, and start your normal bitcoin client again. Whenever you want to save something, just create the transaction to B's receiving address. Then if the transaction is known to the network it's done. You could start your B instance like you describe to see the money you sent do yourself, but there's no need to do so. The transaction is known in the block chain, and is non-revocable. So even if you just start your B instance in 20 years, it would catch your transaction while scanning the new blocks.

Right, there's no need to be online while a transaction is done to be able to receive it.

In your wallet.dat you have your keys, plus 100 new keys. So, you have to update your B wallet every 100 transactions that you do with your B instance. If you just receive money with one of your B wallet's addresses, there's no need to backup your wallet.dat file again.
So, just create your B wallet.dat, write down the receiving address, lock the B wallet.dat in an encrypted container and don't bother with it again until you want to withdraw from your saving account.

Not much. Maybe a few MB per hour?

Yes, it's totally gone, forever! It's like burning a dollar bill and swallowing the ashes ;-)

Hi guys, just got into Bitcoin thanks to GRC's Security-Now podcast.  Quick question that I haven't seen answered on the wiki.

It suggests creating a 2 wallets, one that has all the "savings" and one for the other normal transactions. 

1) If coins are sent from A to B, I need to close BTC, open it up with a B's wallet.dat, wait until payment is received, and then switch it back out correct?

2) What, in general, happens to coins that are sent to an account that is not online?  (From what I understand the blocks will catch you up right?)

3) How often should the "savings" wallet be updated with new blocks?  Sealing it away in an encrypted container can't possibly make it a proper wallet...right? 

4) All these blocks we're all getting, is this taking much bandwidth?

5) As I recall, losing your wallet.dat with any funds inside means those BTCs are gone forever - is this equivalent to burning a dollar bill or melting a penny?