Topic: [Idea] The Bitcoin Banking Project - page 2. (Read 3928 times)

In the case of a properly implemented nym->address system, a MITM attack couldn't spoof an address because he can't forge a signature.  This would work especially well if a nym's pubkeys were registered in a system like Namecoin.

A large class of attacks are spoofing / MITM attacks. If a server is compromised the attacker can trick users into sending money to him. What would make sense for me is to run bitcoind on servers through a secured connection, like electrum. But Electrum lists some servers run by people I don't know. Instead I would like to easily run my own server. Integrating server control (SSH) into a HD wallet is a very good idea. You only need one master key on the client IMO.

The BBP network doesn't need a blockchain and proof of work systems because there are no BBP-specific transactions.  All transactions are legitimate Bitcoin transactions.  A server compromise by itself is of generally no consequence because the server isn't authoritative over anything: it requires your permission to do anything.

XMPP is a pretty cool idea.  It definitely makes sense to not have to reimplement a messaging network, as these things already exist.  I didn't really explicitly mention this, but building upon other open source software is the right thing to do.  sx and the unSYSTEM project are making great strides doing similar things (though not really focused on the ease of use functionality).

Well, you have to be much more precise in what you are talking about. Bitcoin works, because there is the proof of work and blockchain. This scheme removes those features, which makes little sense. One server compromise is enough for an attacker to compromise the network. Anyway.

This is a great idea! I have developed something like this just days ago as a Bitcoin payment protocol. Same concepts but based entirely on XMPP for the federated servers system. One client create an account on the server they choose and get an email address (Jabber IDs). Each clients communicate with the server through the standardized "mainhandler@server" entry-point to ask for the recipient Bitcoin address, send txs, get payment notifications with optional additional data... and servers to servers communications all derived from the Jabber ID domain part of the sender/recipient addresses. Each servers can have there own fees policy and ask for inclusion of an txout to themselves, pool and match txs for CoinJoin between servers and allow direct user to user communication scheme for complex contracts. All of this made possible with the XMPP protocol which allow storage of messages and online presence detection of when the client software are on/off-line. Not to mention the direct xmpp-http bind capability for websites interactions... All your schemes can be implemented with this and an optional anonymity layer per transaction basis with the added benefit of human readable addresses. This is basically the equivalent of a Bitcoin address DNS. The possibilities are endless...     

Perhaps there's some misunderstanding here.  This idea for a bank is absolute trustless: if you are curious, inspect the code.  It's an absolute requirement that all code be open so that you *can* trust your own server.



Huh?  TCP/IP is just a transport layer for data.  The "second class" network is no different than Bitcoin's network except in the data it exchanges. The whole point of joining a network of peers is to facilitate CoinJoin, mixing, and other potential improvements in the future.


Pretty sure this is off-topic..

Very interesting concepts. However, this is really moving far away from Bitcoin protocol, which is based on P2P nodes. If you have nodes and servers like electrum, you introduce the problem of server trust. And to solve that you need something else than what is traditionally thought of as a server. The whole beauty of the system lies in the fact that trust is not needed, or rather is forced by the protocol. Security/trust are not just features, they are the fundamental primitive of the network. Bitcoin is based on the fact that one doesn't really have to trust any other node. Even if I own a server and control that server I have introduced several new problems. You are talking about a BBP network. How are these different from cloud wallets? Why introduce a second class network? I think that makes no sense. Bitcoin protocol runs on TCP/IP which everyone has access to. One might imagine a sort of institution which gives approval to cloud wallets, which is what government regulators already partly do.

Having said that, it is clear that a) something else than cloud wallets are needed, because they completely undermine the algorithm b) mining centralization/ASIC/botnets are a major problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Idea: The Bitcoin Banking Project

Abstract: The Bitcoin Banking Project (BBP) is an open source bank software
package (client and server) that aims to implement a form of "federated"
banking for Bitcoin.  The primary goal is to eliminate as many sources of
errors that cause lost or stolen Bitcoins as possible.

Foundation: BBP is separated into three pieces, the client source code that executes
in a typical web browser, the server that responds to client requests, and the
distributed network application that connects to other banking peers, processes
long-standing requests, etc.

Setup: User logs into a publicly available BBP server -- or downloads and
configures his own -- and is greeted with an easy to use several-step process
that walks the user through creating an account. The process would resemble
something like this:

    1. The user is required to enter a password. The password must be
       sufficently secure. Typical measures are provided to help the user recover
       the password in case of loss.  2-Factor Authentication could be provided if
       it were something of interest, though may not be useful due to the nature
       of the design of this project.

    The users password is hashed in accordance with BIP32 (see my BIP32 stuff
    at https://github.com/sarchar/brainwallet.github.com/tree/bip32gen) to produce
    master extended private key MASTER_KEY_USER_PW.  Perhaps different hashing
    mechanisms would be useful to help alleviate brute-force attacks on a user's
    password.

    Next, the client code then uses secure random number generation to produce
    a second key, which forms another master extended private key
    MASTER_KEY_CLIENT. 

    2. The MASTER_KEY_CLIENT is turned into a set of words (like Multibit's 12-word
       paper wallet backup) and the user is prompted to print or write the words
       onto paper and store them in a safe location.

       Other options: BIP38 encrypted private key + QR code can be printed.
       Whatever option is used here isn't important, but what's important is
       that the user is walked through creating an offline backup of
       MASTER_KEY_CLIENT. It must be stressed that this MUST be done.  No
       exceptions.  If the user decides not to create this paper backup, he is
       putting his money at risk of accidental loss.

    While #2 is happening, the server also uses secure random number generation
    to generate a third master extended private key, MASTER_KEY_SERVER.  This
    key is unique to each user of the system, and it is never shared with the
    client frontend.

    It's important to note here that neither MASTER_KEY_CLIENT nor
    MASTER_KEY_USER_PW are ever seen by the server, and the client never sees
    MASTER_KEY_SERVER.

    At this point we have three keys. The client will turn the two keys it knows
    into master public keys: MASTER_PUB_USER_PW and MASTER_PUB_CLIENT and sends
    these keys to the server. The server responds by returning MASTER_PUB_SERVER.

    These three public keys form what I call a Master Public Key Package:

        Master Public Key Package =
            (MASTER_PUB_USER_PW, MASTER_PUB_CLIENT, MASTER_PUB_SERVER)

    The client code now completely forgets MASTER_KEY_CLIENT and through the
    use of BIP32 (using the same derivation channel on each master public key),
    we can now produce a chain of multisignature addresses. BBP will *only* use
    2 of 3 multisignature addresses, for every user, for every transaction.

    The master public key package is built only of public information, so the
    public key package ought to be stored in as many places as possible.

    3. The user is walked through the process of creating a backup of the master
       public key package in several places: one copy is sent to his email, another
       copy is printed out and stored with MASTER_KEY_CLIENT, another copy is stored
       on the server's database, and other locations as wanted.

    4. The user is brought into his "wallet" home page, where he can make the
       typical pay/receive actions related to standard wallet functionality.

Features:

* The server can create new deposit addresses for the user, without the user ever
  needing to disclose private keys.  If the user is offline or away, yet someone
  wishes to send him money, the payer requests from the server, "give me an
  address for user XYZ", and the server happy responds with a new address based
  on BIP32 key derivation.

* Every transaction occurs in 2 of 3 Multisignature P2SH space and because there are
  only two keys required to spend (out of three), we have the following safety net:

     1. If the user forgets his password and is unable to recover it, his paper
        key backup plus the server key will allow him access to his funds.

     2. If the paper key backup is lost or stolen, a new one can be produced and
        his funds transfer to a new chain of addresses.

     3. If the server goes out of commission for any reason whatsoever (hacked,
        taken down, etc.), then the users funds are safe and still accessible
        from the paper key backup and his password.

* The server cannot steal the users Bitcoins because the server only has one key
  and two are required to spend.

* Transactions are created by the client and partially signed with the correct derived key
  before being sent to the server, which then signs and broadcasts the transaction.

* If the advanced user is concerned about trust or privacy, he can download and
  configure his own server.

The distributed part:

Along with the above advanced Bitcoin features, the BBP should also implement
CoinJoin (see https://bitcointalksearch.org/topic/coinjoin-bitcoin-privacy-for-the-real-world-279249) by default on
every transaction.

This means it makes sense to have a daemon process running alongside the server
that connects to other nodes in the BBP network. This network is where CoinJoin
transactions can be discovered and built.  A paranoid user would configure Tor
and the BBP will happily proxy through that.

A message is broadcast to the network declaring "I want to pay XYZ to ABC.
Contact me." whenever a user wishes to spend. Meanwhile, all the nodes in the
network are building a collection of who wants to pay what. When a server is
ready to broadcast a transaction, he searches his list of 'who wants to pay
what' and starts directly talking to those machines, building a CoinJoin
transaction and signing along the way.  This means that a user's transaction
will take longer to be sent, but with the benefit that it helps anonymize
his activity in the network.  Chaum-blind signatures could be used to further
anonymize behavior.

Perhaps obviously, because the BBP server can be used by multiple users, a
CoinJoin transaction can be built using only the transactions being executed
within the same server.

The daemon should also connect to the Bitcoin network to monitor transactions
and new blocks.  A new server doesn't need to download the entire blockchain
because there's no need to have the current UTXO set.  The server could start
with downloading headers-only up until "today" and then download full blocks
after that point, storing only the relevant transactions to users within the
server's database and discarding the rest of the block.

Other thoughts:

* Monetizaiton wouldn't be too hard: be the first player in the game with
  a notable domain name and the average user will use your site. Ad revenue
  seems like the most common sense source.

* Using a public-key signature scheme, two separate servers could arrange
  addresses for users through the distributed network and you could theoretically
  implement a system that allows you to send money using an E-mail address
  as the recipient:

    User A on server S wants to send User B on server T some money. User A
    builds a BBP-specific transaction that sends money to "B@T". The daemon
    on server S queries the network with "I need an address for B@T."  If
    T sees the message, T responds with an address for B and a signature
    proving the address really belongs to B.

  Care would have to be taken in determining the right signature scheme for
  this to work.

* The daemon + server + client could be packaged into a single executable. User
  downloads the program, runs it, and connects to http://localhost:1234/.

* Someone could pre-package server + client + daemon onto an embedded system or
  Raspberry Pi-like device, and sell it as an all-in-one wallet solution.

* Derived accounts:
 
  Support you're BigBussinessAccount on a server, and you want to give
  AccountingAccount an account of their own using company funds. You could
  derive a set of private keys from the master public key package and create a
  new user account based on these derived private keys. BigBusinessAccount can
  see and spend AccountingAccount's funds, but not the other way around.

* Account info in the cloud:

  A scheme could be devised so that user account information is stored all
  in the Bitcoin or Namecoin blockchain, thus making the server completely
  neutral. A user could log into *any* BBP server so that if a server ever
  goes offline, a user can access his account on any other server trivially.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSvlD6AAoJEBSq1Xfbtr1cJ70H/R9jvBU6W4jnbey9I7mvord+
UCdsV7igPIl7pYMNdntnh+cogdrOWNCedm1RUrCAC0Pw7lW6URRhvj4A28S9mS0+
kOv0fNrceXiz1dgHNieRSVqzs+cs70klBqEv2awyBgPMoRvrvj5ddk2FqDyFgMQl
YXe8T36JqeI5SwP5GyHq8WG77uLkof0+Fp1UjrlQRqeYUNnhLuzgKbUh2a54BV6M
040zAjUNKPSlRUvvvty13VtZmmI6mYMxwTJ1XLcsS0Ecfh3TUlHB/IkR2+y2Wtjc
k1jGOpfFO/aSktkUCTQeS6N7uoaMr58gph2QZk8D9gOSywlXDDSq79MhIrii/gs=
=LCdh
-----END PGP SIGNATURE-----