How does physical bitcoins' security work exactly?

ttookk

hero member

Activity: 994

Merit: 513

Quote from: dsattler on November 24, 2016, 05:13:03 AM

This very interesting and cheap device lets you create a private key yourself and can even sign a message with it, so you can be sure that it contains the correct private key:
https://opendime.com/

IMHO it's the next step of a physical bitcoin with private key under a hologram!
Unfortunately it's quite ugly and therefor won't become a collector's item. Sad

Dunno, as a Neuromancer fan, I think this thing looks rad as fuck

I'm asking about physical bitcoins, because of this:

https://bitcointalksearch.org/topic/pre-ann-hub-1689947

Ultimately, what I am trying there is not that different from creating a physical bitcoin, so I thought, I'd give it a look.

Thanks to all who contributed.

dsattler

legendary

Activity: 924

Merit: 1000

This very interesting and cheap device lets you create a private key yourself and can even sign a message with it, so you can be sure that it contains the correct private key:
https://opendime.com/

IMHO it's the next step of a physical bitcoin with private key under a hologram!
Unfortunately it's quite ugly and therefor won't become a collector's item. Sad

Sex Video Chat VKcams.com

sr. member

Activity: 490

Merit: 252

http://VKcams.com/

Quote from: ttookk on November 24, 2016, 03:33:54 AM

all the data used to generate the keypair can be monitored, therefore, the key can be duplicated

If Your code production system is not connected to Internet physically, no one have the chance to hijacking the data.

In the real world someone can introduct to Your system a spying devices with mobile Internet modem or trying to spy on Your machines from some short distance.
For example the Monitor is emitting the picture in radiofrequency, and this signal can be captured and reproduced to other monitor or registered.
Or someone can place the camera in Your Office.

But You probably just under audio/video/data spying on Your costs for someone with the Your smartphone (If You Use It).

No idea, who is the max expert in such question for today.
Try to listen https://blog.kaspersky.com/

ttookk

hero member

Activity: 994

Merit: 513

Thanks guys (and gals). This is a very intriguing problem, because I'm working on a project, that effectively has the same issues and I am trying to find a good solution for it:

Ideally, I want to generate a bitcoin private/public key pair "in the dark", with the pubkey/address being known, while the privkey stays "hidden" within a smart contract. The obvious problem is, that all the data used to generate the keypair can be monitored, therefore, the key can be duplicated.

Having multisig addresses by different entities is the best I've come up with until now. Still not an ideal solution, since the entities could be in fact one.

dsattler

legendary

Activity: 924

Merit: 1000

I've just saw someone selling a titan physical bitcoin. They have the option to secure the stored bitcoins with 2fa: https://www.titanbtc.com/titan-bitcoin-security/

Sex Video Chat VKcams.com

sr. member

Activity: 490

Merit: 252

http://VKcams.com/

Quote from: ttookk on November 23, 2016, 04:26:49 PM

the moment you send data to a printer, there is no way this data can't be accessed, right? Am I missing something here?

If this printer will broken and transfered to some technician (or taked from the garbage by a hacker), there is possibility to extract data from it.
Before printing the data is stored in printer memory.
Extracting this data is one thing.

Other thing is a hijacking of printed data.
There are different ways too.

ArcCsch

full member

Activity: 224

Merit: 117

▲ Portable backup power source for mining.

The trust issue can be somewhat mitigated by having multiple parties generate private-public key pairs, placing the private keys under holograms, and using a k out of n multisignature.
This works as long as more than n-k erase their private keys (as opposed to saving them or leaking them to hackers) and at least k generate an actual key-pair (as opposed to placing random junk or a blank under the hologram), the first type of dishonesty is somewhat unlikely (but still plausible) as it requires a collusion, while the second type provides very little benefit to the defectors.

dsattler

legendary

Activity: 924

Merit: 1000

I've once read a report about the casascius coins and that the founder really carefully created the private keys for his those, so that no data could leak outside. I guess he only used air gapped systems to calculate and print the keys. Other manufacturers could have a different philosophy though. In the end it's only a matter of trust.

ttookk

hero member

Activity: 994

Merit: 513

Hey,

I think the title says it all, but to be more specific here:

from my understanding, a physical bitcoin usually has some kind of hologram sticker under which the private key is hidden. So, as long as the sticker is intact, the privkey is unknown too. At least in theory.

In practise, I don't understand how the privkey is generated in the first place. Is this just a matter of trust, that the guys creating the coins are putting their reputation on the line? Or is there more to it?

I mean, the moment you send data to a printer, there is no way this data can't be accessed, right? Am I missing something here?

Topic: How does physical bitcoins' security work exactly? (Read 618 times)