Topic: [IDEA] Removing trust from physical coin makers re: Priv Key generation - page 3. (Read 748 times)

https://bitcointalksearch.org/topic/protocol-proposal-to-associate-a-multisig-22-to-bitcoin-themed-collectibles-5434764

I would suggest to have a look into this idea proposed by @gbianchi.

long story short:
- Multisignature 2 of 2 (1 customer / 1 producer)
- Collectibles must be "broken" to access directly to private key made by producer.

even if there are some weakness and disadvantage it is a nice update/idea... I'm curious to read your comments and ideas about it...

We definitely need to solve the problem of pk trust in the physical crypto space.

Currently, nothing is stopping a maker from keeping a copy of all the private keys generated as a "just in case"

We're working on an overhaul as well. I'll post an update soon.

yes I follow you 100%.

I would just not be in favor of selling it as a service (personally for myself being involved in such an endeavor) if the parties I'm making multi-sig keys with would be selling it as a service to another coin maker that is not directly involved with being part of the key gen process.

There might be a market out there for it and perhaps others who would likely go along with making such a service available.

Personally not for me.


I'm not familiar with Ballet's key gen process but if the same entity (under the same umbrella) is making 2FA or multisig coin keys, I'm not sure how that works to speak on the matter with any accuracy.

Seems like a conflict if two parties associated with the same entity are making all parts of the overall key that allows redemption of funds and selling it as a 2FA key or multi-sig coin.

I can't speak on Ballet's process as I'm too uninformed to make any judgements.

The 'service' would consist of two or three parties like you suggested.
It's like asking Ballet to make the keys for your coins (believe they do BIP38 with two different entities under the Ballet umbrella).

   Smoothie....I'm doing this on my cell so not at my computer
   Shamir's secret is all explained here on coins that I made
 https://bitcointalksearch.org/topic/m.59485933

    With the BIP38 the coin in my opinion would need to have two halos. One for the password and the other for the private key. You would need to have one person apply the private key under one holo and the other do the password under the other Holo and those people are not be next to each other whilst doing or even better...far away

     The program would be as such only one person can have access to the opriv key and the other just the password. One is useless without the other

  Or two coins...one with the priv key and the other with the password..I have made such coins as well
    

Oh okay I see.

Personally I would not be in favor of making it a service for other coin makers unless they were directly involved with assisting with the key generation process I was involved in for a multisig coin. There may be a market for this, not something I would likely get involved with personally.

Having skin in the game may make people less willing to scam.

A scammer would have to convince one of the other two parties to scam with them in order to be successful.

Yes multisig.

Yes humans are imperfect beings.

I'm unfamiliar with Shamir's secret shares. Do explain please.

Does bip38 coins allow the owner to successfully transfer ownership to another party should they want to sell it? Or is it the same as 2FA where you have a password and basically half the key to access the funds?

Yes, as a maker. No coins though; handmade (funded / unfunded) silver objects.

The trust would be towards the other parties (as a service).

   I think your talking of multisig wallets.

   I have made bip38 coins

    There is also Shamir's secret shares that I also did

    But there is always the weak link of humans involved

 You can see the various coin ideas I made here

https://bitcointalksearch.org/topic/m.59485933

https://bitcointalksearch.org/topic/cypher-hodl-timeline-5412935

The "not doing" everything route assumes you trust all of the other parties.

I'm assuming you are speaking as a coin maker?

Just as a n00b i could imagine a system where a private key is locked to an owner. It is solidified by a unique code that is created, when the pk is created. You need this code to crack the pk open. Whenever the owner switches, it will pass on its unique code, which then can be changed by the new owner for a new unique code. Its basically a password to get to the funds, which only the owner has access/ownership to.

Anyway, back to the belgian beer tasting we go, peace🍺🤗

I'm not familiar with BIP 38 specifically.

You would generate one third (1/3) of the key, second party does the same, third party the same.

Only two of those three keys generated would be needed to redeem the funds.

This is of course assuming you have three "trusted" parties with the same goal in mind.

Thank you,

Either this, or the customer DIY collectible route (or doing literally everything).

Part of me would like to see this 'as a service'. Which would have logistical and practical issues (shipping, stickers, etc).
Am a small fry, but would be nice to focus on (silver)work instead of doing everything.

Clay

 BIP 38 private keys possibly like ballet does it?

  One would need to generate the private key and not know the password and vice versa

  So two separate entities.

  Again ...trust is an issue here as the parties involved hopefully do not scheme together

In an attempt of removing the need to have to trust physical coin makers in generating private keys, I wanted to share the following...

In 2014-2015 I'd been contacted by Mike Caldwell and we had a few discussions on how to remove trust from loaded physical collectibles. We went back and forth a bit. In the end the discussion ended with the following possible solutions.

I approached several coin makers back then including Mike and all of them either did not get back to me or declined being involved with altogether what I’ve outlined below:

IDEA #1 - 2-factor keys generated by TWO trusted parties. Downside you need both parties to be 100% correct in their math to execute this.

IDEA #2 - 2-of-3 multisig with keys generated by THREE trusted parties. Downside you need to trust one of the other two parties did their math and key generation correctly.

The idea was to use a 2-factor or 2 or 3 multisig coin where multiple parties would create part of a key that would be added to the overall physical coin secured under each of our respective holograms.

Assuming it is a 2 of 3 multisig coin, then if one party wanted to scam, they would require at least one other person (i.e. 2 of 3 parties) to sweep/move the funds.

There is a possible downside. Not 100% sure how likely if things are tested correctly. If one party or more does their math wrong or doesn’t put the correct piece of the key on the coin, that can mess up the validity of the coin.

You can do everything on your end (like myself) but I would have to trust that the other parties involved actually did put the correct key on to the coin securely and that their math was done correctly.

This would be as close to a removal of trust from the key producers from scamming as possible.

As more ideas and items come up in this discussion I will collect them here in OP here.


Looking forward to hearing all of your thoughts, any and all.