Topic: [IDEA] Casascius physical Bitrings (Read 3612 times)

Although I can't quite provide what you are looking for, have a peek at what Yubico just recently released. It is called the Yubikey Nano, and it is very awesome: http://www.yubico.com/yubikey-nano
$40 bucks each though. 

I would like a USB enabled ring with both Yubikey and encrypted wallet.dat storage capabilities. Go.

So here's what I ended up doing for my wearable paper wallet - dog tags.

Dog tags are durable (made of steel), cheap (a set of 2 with chain and silencers cost me $9), and hold a lot of text (5 lines of 14 characters each per tag and it's customary to wear two).

The major downside? Most of the places that emboss dog tags don't allow lowercase letters so I couldn't use base58, I had to default downward to base32. Luckily, base32 is a recognized standard (unlike base58 which we more or less made up for Bitcoin) so if you want to do fancier things than me there are pre-existing libs for it. Also, since each character of b32 is worth 5 bits of entropy we only need 160/5=32 digits for entropy to be >= the amount of entropy in a Bitcoin address or about 24 digits to match the entropy in one of Casascius' mini private keys.

Now if you're super paranoid you could just put half of your key on one tag and half on another and have them engraved by separate companies but I opted for a different (and I think more clever) approach. Since each tag can hold up to 5 lines of text, I generated some random 40-bit (8 character) base32 and labeled my tags thusly:

Tag 1:
0 RNESQS5Y
1 KI3QGVP3
2 IY4EZIIH
3 OYHBET4C
4 CLMAD264

Tag 2:
5 QEPOOXFJ
6 JRIIEL2K
7 VAIV5HU4
8 I2H4ZGP5
9 C6NPVY3Y

(note: not my actual key values, I'm not that dumb...)

Now I just need to remember any number with at least 3 (preferably 4+) digits and use the tags as a lookup device. If my pin were 1286, for example, I'd look up the values for those numbers on my tag and come up with a key of KI3QGVP3IY4EZIIHI2H4ZGP5JRIIEL2K. I can enter this value into something like Casascius' BitcoinAddress utility and generate an address (or even a whole deterministic wallet) just like it were a valid mini private key from one of his coins. I could also add another bit of entropy by varying whether I enter the b32 values above in upper or lowercase characters and could even "salt" the values with a simple/descriptive passphrase.

IMO this is the best combination of a physical wallet and a mental wallet since it requires both a physical device and a value known only to me to recreate any given wallet. It also allows me to store an effectively limitless number of privkeys on my person (limited only by however many PINs or salt passwords I can memorize).

For the truly insane, most embossers do support a small number of special characters - hyphens, colons etc. so it's possible to extend base32 as you see fit, and I'm sure if you hunt you can find someone that will emboss mixed case letters, but for cheapness and simplicity base32 just works. It also has the advantage of representing a number of bits that 160 is divisible by, so Bitcoin-related entropy math is very easy.

Any thoughts?

Not a bad idea. Perhaps that'd be a better use of the extra space in my wacky sliding nested ring thing up there than storing multiple keys. I'd trust you to come up with the scheme for that better than I'd trust myself, you tell us?

If one did more than 30 characters for a private key, the additional characters ought to contribute to some sort of forward error correction scheme (e.g. Reed-Solomon codes), so that the key can be recovered with any substantial fraction of the message.

This ring seems almost custom-made to hide a privkey. If you use the mini privkey format you could actually keep up to 4 on it, though 1 would be visible to the outside world, so in practice only 3. The engraving fields aren't long enough to hold an entire address, though you could definitely fit the firstbits on there. Assuming the firstbits for all 3 addresses are <= 7 characters long you could fit the firstbits for all 3 addresses on the inside of the ring and the firstbits on the outside. 3 complete privkeys and everything you need to make payments to them all on one ring. Snazzy.

Stamp the private key on a tungsten chip and embed it inside a gold coin. The only way to retrieve the key would be to melt it down to retrieve the chip.

Wearable Password Card anybody?

You could even just make it a cipher reminder for a brain wallet. The enigmatic writing can be on the outside and/or inside the ring.

Also keep in mind that mens rings are usually wide enough to fit 2 or 3 lines of text @ 30 characters each, so you could potentially put up to 90 characters inside the ring and if you got the right material, style and finish another 90 characters outside. It might be wise to use a separator character on each line to show where the characters start and stop, depending on how the engraving works out so 87 inside and 87 out for a total of 174 characters. If you use Bitcoin's standard Base58 encoding that gives you log2(58)*174≈1019 bits for both sides or  log2(58)*87≈510 bits - WAY more than you'd actually need for a privkey. Even falling back to hex would give you log2(16)*174=696 bits for a double-sided inscription or log2(16)*87=348 bits, still more than adequate.

Given that the Casascius mini private key is kind of an industry standard though, it's probably best to stick with it for compatibility's sake.

I also found this interesting: https://bitcointalksearch.org/topic/korean-11267

You could use a secret alphabet, or glyph set that allows higher base than 58. Or use Chinese characters, some dictionaries assign a number to each character (some have over 40000). Or use the Kanji SKIP system for steganography (Due to the redundancy, you could create a meaningful sentence that you could decode to a private key).

Decentralise the engraving, use N jewellers and have each jeweller only know part of the key :p

...

Imagine the treasure hunt in 150 years for hidden private keys after the block rewards reach 0... Don't publicise that you got buried with bitcoins lol (not to self, buriedwithbitcoins.com)

I love it but I dont think my fiance would go for it. she said she would go for it.

I like the idea but it all depends on the ring design. Might be better off getting a plain/any ring and having the jeweler in grave it with a private key.(thats a security risk there too having the jeweler engrave it.)

check out this thread:
https://bitcointalksearch.org/topic/m.621359

If they are wedding rings, half a private key on each of the pair...

Fantastic idea. You could put some of the private key on the outside and some on the inside without any real security risk.

I'd love a ring like this... and in fact the private key needn't be that hidden at all. I'd be happy if the private key was engraved on the inside band. Thus if the ring was stolen, the funds would be also (but this is true of all nice rings, no?).  Would also need to be real silver - I'd want something classy

I guess your coin should be easier to wear as a pendant than as a ring.

Good point, from a quick search it looks like at least 30 characters are not a problem at all, so for the most basic usage we don't need to wait for anyone to offer this as a specific product. But I wonder if some provision needs to be made to make stealing the key a bit harder.

I have a 10 BTC silver coin I bought from him, that I've slowly moves around ~200 BTC

I'd love to be able to put them on a ring and then be able to wear my investment!