Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: How to prove that the sender for a payment was truly me? - page 2. (Read 4488 times)

casascius
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 04:31:49 PM
#10
Quote from: Raulo on March 12, 2011, 03:11:33 PM
The best way for the merchant is to specify a different address for each transaction known to one person only.

This is an excellent and preferable idea before the payment is made.

Once the payment has been made, the address is part of the block chain and is no longer private.  If the amount, and/or especially the time of the transaction is known, then identifying the address is trivial.
theymos
administrator
Activity: 5222
Merit: 13032
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 04:00:31 PM
#9
Quote from: Stephen Gornick on March 12, 2011, 03:51:04 PM
I suppose the amount could be any amount (e.g., just 0.01 BTC) as long as I've emptied my wallet (down to 0 BTC) first.

Emptying your wallet would also work, but if you create an output with the exact value that you will use for an input, Bitcoin will choose that specific output to use for the input, and it'll use the correct address without having to send everything.
Stephen Gornick
legendary
Activity: 2506
Merit: 1010
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 03:51:04 PM
#8
Quote from: theymos on March 12, 2011, 03:23:10 PM
You could create a new address, give that to the merchant, and tell them an exact time at which you will transfer from the address in question to the new address. You can cause Bitcoin to send using a particular address like this:
- Send some unusual amount (like 54.37) to the address in question.
- Wait for 6 confirmations.
- Send that same unusual amount to the new address.
(You might have to do this a few times before Bitcoin chooses the right coin, though I think it will usually pick the right one.)

Ah ... got it.

I suppose the amount could be any amount (e.g., just 0.01 BTC) as long as I've emptied my wallet (down to 0 BTC) first.
JollyGreen
newbie
Activity: 42
Merit: 0
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 03:42:31 PM
#7
Quote from: Gavin Andresen on March 12, 2011, 03:27:32 PM
Quote from: Stephen Gornick on March 12, 2011, 02:49:14 PM
Let's say there is a scenario where I am one of two different people who claim to be responsible for sending bitcoins for a purchase.  How could I prove to the merchant that those bitcoins came from my wallet and nobody else's?

Something like this is possible (I've been thinking about doing it, although I have higher priority things on my TODO list):

  • Sophisticated user runs a tool on her computer that, giving the bitcoin address payment was sent to and "here's a description of me or what I paid for" string.  Tool looks in the wallet.dat and figure out which keypair(s) were used to pay.  Then it does some openssl magic and exports a file that contains the string, the public keys and ECDSA signatures using the private keys of the "description of me or what I paid for" string.
  • Sophisticated user uploads that file to a "Prove I Paid" website, which checks the signatures and adds info to the database.
  • Unsophisticated user goes to website and pastes the receiving address.  The public key corresponding to that address is looked up, and all the "here's a description of me or what I paid for" strings for that public key are shown.

bitcointools+openssl (see grondilu's thread about "a shell-script implementation of bitcoin) are enough to do all all the public/private key, file-creation, and signature generation/checking stuff.


Awesome idea, I've been thinking of different ways to do this, because it seems the thing holding bitcoin back the most is no ability to build up a web of trust without having +20 to nerd skills.  I think all of this could be made very easy for anyone to do thru the proper GUI, but it seems the easiest place to start would be to build a few basic commands into bitcoind so we don't have to have random tools looking thru peoples' wallets.  Does that sound good?

I would be interested in integrating these message signing commands into bitcoind, if you don't have time.
Gavin Andresen
legendary
Activity: 1652
Merit: 2301
Chief Scientist
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 03:27:32 PM
#6
Quote from: Stephen Gornick on March 12, 2011, 02:49:14 PM
Let's say there is a scenario where I am one of two different people who claim to be responsible for sending bitcoins for a purchase.  How could I prove to the merchant that those bitcoins came from my wallet and nobody else's?

Something like this is possible (I've been thinking about doing it, although I have higher priority things on my TODO list):

  • Sophisticated user runs a tool on her computer that, giving the bitcoin address payment was sent to and "here's a description of me or what I paid for" string.  Tool looks in the wallet.dat and figure out which keypair(s) were used to pay.  Then it does some openssl magic and exports a file that contains the string, the public keys and ECDSA signatures using the private keys of the "description of me or what I paid for" string.
  • Sophisticated user uploads that file to a "Prove I Paid" website, which checks the signatures and adds info to the database.
  • Unsophisticated user goes to website and pastes the receiving address.  The public key corresponding to that address is looked up, and all the "here's a description of me or what I paid for" strings for that public key are shown.

bitcointools+openssl (see grondilu's thread about "a shell-script implementation of bitcoin) are enough to do all all the public/private key, file-creation, and signature generation/checking stuff.
theymos
administrator
Activity: 5222
Merit: 13032
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 03:23:10 PM
#5
You could create a new address, give that to the merchant, and tell them an exact time at which you will transfer from the address in question to the new address. You can cause Bitcoin to send using a particular address like this:
- Send some unusual amount (like 54.37) to the address in question.
- Wait for 6 confirmations.
- Send that same unusual amount to the new address.
(You might have to do this a few times before Bitcoin chooses the right coin, though I think it will usually pick the right one.)
Raulo
full member
Activity: 238
Merit: 100
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 03:11:33 PM
#4
The best way for the merchant is to specify a different address for each transaction known to one person only.
casascius
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 03:07:16 PM
#3
Quote from: Stephen Gornick on March 12, 2011, 02:49:14 PM
I then considered the ability to send another amount, say a token 0.01 BTC, from the same address that my earlier payment originated from.  Even if I were able to force bitcoin to use a specific address for the input for the transaction, that transaction would then be recognized as an attempt to double spend and thus wouldn't be honored or relayed by any nodes.

If you were able to force Bitcoin to spend from a specific address, and the person asking for proof first sent 0.01 BTC to that address to send back, then it wouldn't need to be a double spend.
dirtyfilthy
member
Activity: 77
Merit: 10
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 02:56:12 PM
#2
It'd be pretty sweet to be able to include a short message with your transaction. While I guess this message would be pubically readable (i.e. in the blockchain) it'd be good for reference numbers and the like. There's no reason why this technically couldn't happen right?
Stephen Gornick
legendary
Activity: 2506
Merit: 1010
Re: How to prove that the sender for a payment was truly me?
March 12, 2011, 02:49:14 PM
#1
Let's say there is a scenario where I am one of two different people who claim to be responsible for sending bitcoins for a purchase.  How could I prove to the merchant that those bitcoins came from my wallet and nobody else's?

I was considering that I could sign a message using the address' private key, as described here,
http://bitcointalk.org/index.php?topic=2373.40
however in my scenario, I assume the merchant is non-technical and that this purchase isn't significant enough to warrant climbing the PKI learning curve.

I then considered the ability to send another amount, say a token 0.01 BTC, from the same address that my earlier payment originated from.  Even if I were able to force bitcoin to use a specific address for the input for the transaction, that transaction would then be recognized as an attempt to double spend and thus wouldn't be honored or relayed by any nodes.

Are there any other options for this?
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: