Pages:
Author

Topic: How would you like to design a bitcoin banknote? - page 7. (Read 94802 times)

vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
so anyone that is going to make notes for circulation purposes should have their own design hologram. and if your just an individual then a pgp key or your bitcointalk name on the hologram may suffice.

It's just so much easier to make coins than notes!
legendary
Activity: 4410
Merit: 4766
The less centralized solution, more in the spirit of bitcoin, is to sell only the hologram. This should contain something like the PGP signed email address of anyone wanting to start issuing their own notes. Still a chain of trust, but a short one: casascius has to be trusted only to sell his customized hologram stickers to the owner of the email address. After that the one remaining link is to trust the local issuer, identified by this very email address.

thats a better idea, where each person had a hologram. it does not have to even be a PGP key for businesses selling the notes, for example:
http://donttreadonmeme.com/what-is-a-bitcoin-bank-note/
they could have the snake image as their hologram making it instantly recognisable as to its origin.

so anyone that is going to make notes for circulation purposes should have their own design hologram. and if your just an individual then a pgp key or your bitcointalk name on the hologram may suffice.
full member
Activity: 151
Merit: 100
I don´t have anything more to offer than what people do today on a regular basis with ordinary government issued cash: they trust their ability to be able to notice a counterfeit note from eyesight inspection, by some hologram or intricate artwork printing which both identifies the issuer and makes counterfeiting of the visible parts hard to do.

If this trust is not misplaced, the only way for having no private key underneath is that the issuer is scamming the public - which rather would be done by simply making in all parts identical copies of notes, including the private key. And if this issuer is living nearby, you will know where to find her...


hero member
Activity: 742
Merit: 500

It seems to me that a would-be scammer could slice off the cap with an X-Acto knife or a razor blade, scan the QR code, and carefully apply a second layer of tape. Subsequent recipients of the note probably wouldn't notice until it was too late.

A last resort for tamper proofing is to apply the lottery scratch card method of rubbery sealing over the private key. But then the note might have to be in plastic?. It for sure will get a very ugly rubbery blob, in place of a beautiful BTC marked hologram  Sad .

I can´t imagine high tech is needed to apply the rubber (?) covering over the private key, and it can´t cost much as it is already in widespread use for cheap lottery tickets.


And how do you prove to the person you are paying that there is actually a private key underneath the rubber?
full member
Activity: 151
Merit: 100

It seems to me that a would-be scammer could slice off the cap with an X-Acto knife or a razor blade, scan the QR code, and carefully apply a second layer of tape. Subsequent recipients of the note probably wouldn't notice until it was too late.

A last resort for tamper proofing is to apply the lottery scratch card method of rubbery sealing over the private key. But then the note might have to be in plastic?. It for sure will get a very ugly rubbery blob, in place of a beautiful BTC marked hologram  Sad .

I can´t imagine high tech is needed to apply the rubber (?) covering over the private key, and it can´t cost much as it is already in widespread use for cheap lottery tickets.

hero member
Activity: 742
Merit: 500
Neither approach is likely 100% cheatproof. A custom or semi-custom seal might improve security a bit, but at what expense? Probably nothing short of a custom hologram (like what Casascius uses) would be truly secure, but the setup charges and minimum orders likely make that cost-prohibitive. The supplier I'm using can customize their designs with an overprint. That then raises another question: would they offer that same customization to all takers, or would it be for your exclusive use?
And what stops them from counterfeiting your bills?
hero member
Activity: 651
Merit: 501
My PGP Key: 92C7689C
The seals arrived in the mail today, so I've now finished my first batch of BTC1 notes:

[Edit by Michael_S: I removed one image for brevity reasons]


I printed them on 100% cotton paper, so they should be nice and durable.  Time to try putting some of them into circulation...

Nice indeed! But one question about these holograms (from ebay/sdm-security, I suppose, 1.125", right?):

Yes.

Quote
I understand they are tamper-evident in the sense that it is not possible to remove them without leaving a trace, i.e. I cannot remove them and stick them back to the note as if nothing happened.

BUT: Note that these are publicly available holograms, not special ones like the ones from casascius. So what if I remove them and stick a new one (I also have an ebay account! Wink) of the same type over it. Will this be noticeable?If not, maybe it is saver (depending on one's degree of security needs) to add in addition some transparent adhesive tape (scotch tape or so) stripes over the four hologram's edges and have them range over the complete width and height of the note and wrapping around the note's edges:



Now I can only tamper with the security hologram if I remove the tape stripes first. And this is probably not possible without violating the note's surface (depending on the note's material...any ideas?), so the tape stripes are also tamper-evident to some extend. Since they are transparent (unlike the hologram!), just sticking new stripes over it cannot conceal that the surface with the ink/toner was violated from tearing off the original stripes.

It seems to me that a would-be scammer could slice off the cap with an X-Acto knife or a razor blade, scan the QR code, and carefully apply a second layer of tape. Subsequent recipients of the note probably wouldn't notice until it was too late.

The seal leaves some residue behind; applying a replacement over it would leave some irregularities around the edge. Whether that would be more or less noticeable than a second layer of Scotch tape is left as an exercise for the reader. Smiley

Neither approach is likely 100% cheatproof. A custom or semi-custom seal might improve security a bit, but at what expense? Probably nothing short of a custom hologram (like what Casascius uses) would be truly secure, but the setup charges and minimum orders likely make that cost-prohibitive. The supplier I'm using can customize their designs with an overprint. That then raises another question: would they offer that same customization to all takers, or would it be for your exclusive use?
sr. member
Activity: 278
Merit: 251
Bitcoin-Note-and-Voucher-Printing-Empowerer
Hi all,

I have created some bitcoin note reverse side designs in the context of my activity of adapting the bitaddress.org html-tool to be an easy-to-use and universal bitcoin note printing tool [with Firefox of course, not with Opera or Chrome!].

The designs are included in my updated zip file (9.3 MB) (the main reason for the size are the many png files, the html file is just < 500kB).

UPDATE: Click here for version 4 with some fixes of the rear side images and many new features of the tool (10.3 MB)

UPDATE 30 Nov 2013: Get Version 10 (GPG signed zip file) of my tool with mBTC denomination support and some cleanups! (11.8 MByte)


In the subfolder "bitcoin_note_rear_side" you find 11 files for 3 design variants, in pdf format and in *.odt if you want to modify them yourself. I copy my "readme" here for your convenience:

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

About the Rear-Side Designs that are taylored for use with the bitcoin notes
produced by the "bitaddress.org" HTML-Tool* with Firefox:

*) modified by Michael_S to be able to print proper denominated bitcoin paper notes

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The previous designs have been overhauled such that the text is now printed at a
position on the paper that is now much better readable when printing the bitcoin notes
with my "modified bitaddress.org tool".

<> I took into account that the bitcoin note, when printed out, has an approx.
   size of 12.85 x 6.9 cm.
<> I also took into account that the left margin between the paper edge and the left
   edge of the brinted bitcoin note, when printing out, can be between 0.0 and 3.0 cm,
   which should cover all user scenarios.
<> I also took into accout that a hologram may be sticked onto the rear side of the
   bitcoin note, where the private key QR code is located. Even then, all useful
   information provided at the back side is still 100% visible, irrespective of the
   vertical offset of the printed note with respect to this rear-side design.


Under all these circumstances the new designs are always suitable, i.e. the text
information is accessible in an optimum way to the holder of the note, for all 3 types
of designes:

1) This is true for the 6 standard designs with the name "bitcoin_note_reverse_bw_*_v2"
   or "bitcoin_note_reverse_col_*_v2".

2) This is also true for the 3 designs "bitcoin_note_reverse_INFOS_*", that are
   particularly useful as they give all the most important first infos to a holder who
   is new to bitcoin
(important when used for promotional purposes!)

3) The 2 stereoscopic designs "bitcoin_note_reverse-STEREO3D_*" provide a steographic
   view (this technology has experienced a hype in the early 90ies, some may remember).
   You can see a deep 3-dimensional impression of a 3-dimensional structure that goes
   step-wise up and down as you sweep your eyes from top to bottom.
   This technical gimmick should tell the bolder (and bitcoin-newbie) something like:
   "There is more to bitcoin than what you may think at first glance. If you have a
   DEEPER LOOK INTO IT, you will discover the true possibilities of bitcoin."


The binary code of 0s and 1s that you can find in all the new desings simply contains
the ASCII codes of the words "VIRES IN NUMERIS" (which is Latin for "Strength in Numbers"),
or sometimes the letters read "BTC VIRES IN NUMERIS" or "VIRESINNUMERIS" (w/o blanks),
i.e. there is no political message hidden in these digits (which I consider important).


Enjoy & have Fun!

Michael_S
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Edit: Adding some samples (note that this is the reverse side, so the hologram/seal is going to be located at the bottom left):

"Classic":


"Info":


"Stereo 3D":
full member
Activity: 151
Merit: 100
The proposed bills are possible to counterfeit.  Any solution where counterfeiting could be a problem is a non-starter for me.

I don´t know much about the security provided by a hologram sticker, but all I have said so far is on the assumption that these can be made as hard to counterfeit (or even harder) than ordinary bank cash notes.

The manufacturer of the holograms would then be the only one able to easily counterfeit notes.  But this is the very same issue you have already with the manufacturers of ordinary bank notes. Only this type of insider-counterfeiting scheme of bitcoin notes would be discovered way earlier by the process of people redeeming some of their notes to be used in a web shop or whatever.
hero member
Activity: 742
Merit: 500
Yes it is, centralized manufacturing of the hologram is a practical and economical way of identifying the issuer of the notes - and making them hard to forge also.

It will be nothing like a central bitcoin bank issuing all notes, which opens the possibility for all notes being redeemed by a scammer holding all private keys. The possibility for this happening with distributed issuing will have only local impact, and will be far less likely to happen.
A CENTRALIZED manufacturer is a problem.

IMO, for paper bills to work and remain in circulation, there has to be a 100% way for any party to validate that their bill is secure.  The bills presented here can only be fully trusted if you are part of the manufacturing process.

Bitcoin is impossible to counterfeit. The proposed bills are possible to counterfeit.  Any solution where counterfeiting could be a problem is a non-starter for me.
full member
Activity: 151
Merit: 100
Yes it is. Centralized manufacturing of the hologram is a practical and economical way of identifying the issuer of the notes, besides making them hard to copy.

It will be nothing like a central bitcoin bank issuing all notes, which opens for the possibility of all notes being redeemed by a scammer holding all private keys. This happening with distributed issuing will have only local impact, and is also far less likely to happen.

hero member
Activity: 742
Merit: 500
the hologram which only casasius produces.. never resells separately. insures its a casasius multiparty note and not a privately printed note where the producer has seen the private info
The less centralized solution, more in the spirit of bitcoin, is to sell only the hologram. This should contain something like the PGP signed email address of anyone wanting to start issuing their own notes. Still a chain of trust, but a short one: casascius has to be trusted only to sell his customized hologram stickers to the owner of the email address. After that the one remaining link is to trust the local issuer, identified by this very email address.
Everyone trusting a list issued by one person is not a "less centralized solution"...
full member
Activity: 151
Merit: 100
the hologram which only casasius produces.. never resells separately. insures its a casasius multiparty note and not a privately printed note where the producer has seen the private info
The less centralized solution, more in the spirit of bitcoin, is to sell only the hologram. This should contain something like the PGP signed email address of anyone wanting to start issuing their own notes. Still a chain of trust, but a short one: casascius has to be trusted only to sell his customized hologram stickers to the owner of the email address. After that the one remaining link is to trust the local issuer, identified by this very email address.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
the hologram which only casasius produces.. never resells separately. insures its a casasius multiparty note and not a privately printed note where the producer has seen the private info

I probably won't create notes of my own, I don't own any custom holograms that would cover a QR code with room to spare to not stick to it.
legendary
Activity: 4410
Merit: 4766
I don't think it's possible if you don't know the issuer.  Once the bill has changed hands a few times, how are you supposed to know that the bill you are holding was made securely by multiple parties or made by someone who knows all the private parts or made by parties that are colluding?

What if there is nothing under that security sticker? BIP 38 makes it somewhat better with the encryption key having a hash of the address exposed, but I'll have to think more about BIP 38 since I just saw it today.

Additionally, I could make a bill that looks exactly like whatever multifactor bill you come up with, but I know all the parts.  I then distribute the bills and if someone trusts the security measures, it won't get back to me.

the hologram which only casasius produces.. never resells separately. insures its a casasius multiparty note and not a privately printed note where the producer has seen the private info
hero member
Activity: 742
Merit: 500
Red Emerald

by you printing them off yourself the person you hand it to has to trust that you dont have the info stored elsewhere to then wipe the address clean once they walk 3 paces away from you. so encrypted or not/hologram or not you have still seen the private key or the bip38 to have had the opportunity to keep a copy to redeem whenever you like.

if you are seeking a one use only method between you and a friend for quick easy wallet transfer without having to have a smart phone on you then it would be more like a bitcoin bond/giftvoucher/cheque kind of thing which wont need any security as you have been the producer of all 3 stages, you have seen all the info.

the idea i said doesnt involve giving any one person trust as no one person sees all the info...allowing for circulation to happen between complete strangers without the worry of trust. the address generator/encrypter/api program i said would be open source for people to see that casasius only receives the bip38 and public address. and the program user only knows the passphrase and never sees the bip38 as the program doesnt show it and the notes delivered to him are already covered by the hologram.
leaving only the redeemer able to get at all the info once they remove the hologram and read the passphrase on the back to match it up

I don't think it's possible if you don't know the issuer.  Once the bill has changed hands a few times, how are you supposed to know that the bill you are holding was made securely by multiple parties or made by someone who knows all the private parts or made by parties that are colluding?

What if there is nothing under that security sticker? BIP 38 makes it somewhat better with the encryption key having a hash of the address exposed, but I'll have to think more about BIP 38 since I just saw it today.

Additionally, I could make a bill that looks exactly like whatever multifactor bill you come up with, but I know all the parts.  I then distribute the bills and if someone trusts the security measures, it won't get back to me.
legendary
Activity: 4410
Merit: 4766
Red Emerald

the idea i said doesn't involve giving any one person trust as no one person sees all the info...allowing for circulation to happen between complete strangers without the worry of trust.

by you printing them off yourself the person you hand it to has to trust that you dont have the info stored elsewhere to then wipe the address clean once they walk 3 paces away from you. so encrypted or not/hologram or not you have still seen the private key or the bip38 to have had the opportunity to keep a copy to redeem whenever you like.

if you are seeking a one use only method between you and a friend for quick easy wallet transfer without having to have a smart phone on you then it would be more like a giftvoucher/cheque kind of thing although the paper and ink is a waste for a one time use. thats what smart phones are for, or at worse case just the private key QR code on a small piece of paper you just hand to your friend and they instantly scan and redeem the funds. which wont need any security because you have been the producer you have seen all the info. so encryption is worthless.

if you seek long term storage for youself in paper form but don't want thieves breaking into your safe, or nosy neighbours seeing the notes and redeeming it. then a bitcoin bond is for you. where it would only show the public key on the front bip38 on the back and you only write the passphrase in your Will not on the bond.
hero member
Activity: 742
Merit: 500
I understand that it helps a bit with trust in some situations.  I was responding to franky saying that this would keep the bills in circulation longer. I don't agree since in that case you probably do not know who printed the bill.


my theory was if casascius was the only bill printer using his trademarked holograms which authenticates they are his bills. for instance. then also knowing that casascius doesn't know the passphrase. and i dont know the private key because all i seen and copy and pasted to him was the bip38 version.

.. break for 50 seconds of thinking...

apart from the fact that i could possibly have kept the bip38 lists and used my passphrase to decrypt it.. now i come to think about it.. its still not a 100% trust system.

.. break for 50 seconds of thinking...

maybe the vanity program i proposed casascius making with the added bip38 security does not reveal to me the bip38 but sends it via API to casascius. so when ordering bitnotes from casascius. i just type in a passphrase into the vanity/brainwallet program and an amount of bills. and the only response i see is "transaction sent - please allow 10 days for delivery"

thus i only know the passphrase.  casascius's servers only sees the bip38 and the end user who finally gives up circulating the notes and cashes out.. will get to see them both after ripping off the hologram and reading the hand written passphrase on the reverse side.
Sounds like too much trust is required for that to work.  It's safer and easier to just print them yourself without any encryption.

I really like the idea of paper wallets, I just think they need to be refined a bit.

Here are all the ways I could see using paper.

1) Note with address and unencrypted private key.  Useful for quick offline storage and paying friends.  If you are paid by someone untrusted with this note, you can easily sweep the private key to a new address.  Sweeping from the bill may incur a fee depending on how fresh the coins are.  The funds could potentially be stolen by someone peeking over your shoulder unless you have some sort of sticker or something covering the private key.

2) Note with address and encrypted private key.  Useful for cheap, easy, and secure offline storage.  The funds would be protected from someone peeking over your shoulder unless you don't cover the private key and you print the passphrase on the note.

3) Note with address and BIP38 encrypted key.  Useful for secure offline storage on pretty paper or in a coin that would be too hard to make yourself.  If you are paid with this by someone untrusted, you can relatively easily sweep the private key to a new address assuming you know the passphrase.  The funds would be protected from someone peeking over your shoulder as long as the code is covered by a sticker and you don't print the passphrase on the note.  This is what I would want to buy to store in a bank safe.

4) Note with address and no private key.  The key is kept elsewhere, either digitally or printed.  This would be useful for accepting bitcoin payments on the go when you can't load your wallet app because your smartphone's battery is dead.

5) Note with just a private key (encrypted or not).  Not really sure how useful as it would require some work to securely check the balance.  A note with just an encrypted private key could be very small.


I wrote a quick and dirty python script last night for printing codes.  It takes an electrum wallet, an image (I've been using Psy's beautiful note, but any will work) and a config file with x,y coordinates for the qr codes and then generates a few different things using electrum. Eventually, I want each note to look very different so they can be easily distinguished.  I'll throw it on github tonight or tomorrow once it works well enough.  I wrote it not because I don't trust Casascius' utility, but rather because I don't like running windows.

Note 1: Uses a randomly generated (and promptly discarded) electrum wallet to generate the addresses on each note.  I leave these notes unfunded until I need to use them, but they could be funded right away.  Losing the note loses the funds.  If I want to accept a payment, I have the other person pay to the public qr code and then I have a funded bill.  If I want to pay someone else, I pay to the note's address and then hand it to the other person. This requires that they trust me at least a little bit. I could, for example, not print the actual private key on the bill, or sweep the funds before they have a chance to.  Best case is that they have their own notes printed up, and I can scan one of their public qr codes and then they have no need to trust me.  These can stay in circulation, but I don't think they should as there is no guarantee that I didn't keep the private keys for myself.

Note 2: Uses an electrum wallet to generate addresses and keys for each note. I keep this wallet file somewhere safe and offline.  I can leave these notes unfunded or fund them as I print them.  If I ever lose a note, I can still recover the funds through electrum.  I can use these like checks.  If I want to place a "stop order" I can do so until the funds have been swept elsewhere.  I like these because I am less wary of losing them or having them stolen.  If I pay someone with these, they should sweep the funds right away, and not keep them in circulation as I admit to having the private keys.

Note 3: Uses a deseeded electrum wallet to generate addresses, but not keys, for each note.  I use these notes to easily accept payments to my savings account.  I can easily and securely print off an unlimited number of these with a system connected to the internet without risk of having any funds stolen.  These are only useful for accepting payments, and not for paying others.  I'm considering printing the master_public_key where the private key would go so that you can tell which wallet the funds are in.


Now my main problem is a crappy printer.  Any recommendations for cheap color printers that don't have wifi that handle that cotton paper well?  Also, any recommendations for cotton paper?
legendary
Activity: 4410
Merit: 4766
I understand that it helps a bit with trust in some situations.  I was responding to franky saying that this would keep the bills in circulation longer. I don't agree since in that case you probably do not know who printed the bill.


my theory was if casascius was the only bill printer using his trademarked holograms which authenticates they are his bills. for instance. then also knowing that casascius doesn't know the passphrase. and i dont know the private key because all i seen and copy and pasted to him was the bip38 version.

.. break for 50 seconds of thinking...

apart from the fact that i could possibly have kept the bip38 lists and used my passphrase to decrypt it.. now i come to think about it.. its still not a 100% trust system.

.. break for 50 seconds of thinking...

maybe the vanity program i proposed casascius making with the added bip38 security does not reveal to me the bip38 but sends it via API to casascius. so when ordering bitnotes from casascius. i just type in a passphrase into the vanity/brainwallet program and an amount of bills. and the only response i see is "transaction sent - please allow 10 days for delivery"

thus i only know the passphrase.  casascius's servers only sees the bip38, the people whos hands it changes between only see the load address and the passphrase (not private/bip38) and the end user who finally gives up circulating the notes and cashes out.. will get to see them both after ripping off the hologram to get to the bip38 and reading the hand written passphrase on the reverse side.

to casascius:
i love your designs. i also see how your avoiding double sided printing. but maybe the passphrase could be hand written on the back along with the redeem instructions, much like signing the backstrip of a credit card. if you catch my drift
sr. member
Activity: 278
Merit: 251
Bitcoin-Note-and-Voucher-Printing-Empowerer
The seals arrived in the mail today, so I've now finished my first batch of BTC1 notes:

[Edit by Michael_S: I removed one image for brevity reasons]


I printed them on 100% cotton paper, so they should be nice and durable.  Time to try putting some of them into circulation...

Nice indeed! But one question about these holograms (from ebay/sdm-security, I suppose, 1.125", right?):

I understand they are tamper-evident in the sense that it is not possible to remove them without leaving a trace, i.e. I cannot remove them and stick them back to the note as if nothing happened.

BUT: Note that these are publicly available holograms, not special ones like the ones from casascius. So what if I remove them and stick a new one (I also have an ebay account! Wink) of the same type over it. Will this be noticeable?If not, maybe it is saver (depending on one's degree of security needs) to add in addition some transparent adhesive tape (scotch tape or so) stripes over the four hologram's edges and have them range over the complete width and height of the note and wrapping around the note's edges:



Now I can only tamper with the security hologram if I remove the tape stripes first. And this is probably not possible without violating the note's surface (depending on the note's material...any ideas?), so the tape stripes are also tamper-evident to some extend. Since they are transparent (unlike the hologram!), just sticking new stripes over it cannot conceal that the surface with the ink/toner was violated from tearing off the original stripes.

And then, thinking one step further, one may also consider relying solely on the tape-based seal without any hologram at all (this is what I have considered in my modification of the bitaddress.org tool - it can optionally print out two black rectangles that take the place of the hologram... ["optional" because if not needed no unnecessary waste of toner]).
Pages:
Jump to: