Topic: Introducing Cheap Bitcoin Notes (Read 205 times)

I don't understand script you posted, but it looks like interesting idea, and I would like to have some usable cash alternative that is based on Bitcoin, but I think that you should contact developers of bitcoinnote.com in private if you want some cooperation with them.
However, I don't like centralized exchanges and I don't want to trust some third party issuer if they can prevent me from spending my Bitcoins.
Some regulator or government agencies could potentially also use this issuer for tracking people.

Sure, but on a centralized exchange a fraud or an error would be catched fast since there’s no redeeming period, and yet we see frauds happening there. Also they’re in competition with each other, while it will be harder here to just switch to a competitor for a different bill. Also we’re already trying to get people of centralized exchanges, because of the damage that can be done.

Offline payments are neat, but i see a potential problem on not relying on PCs or smartphones, because

1. They will need a computer or smartphone to redeem it anyways.

2. I think if we’re trying to bring people into Bitcoin, it’s crucial they have access to all tools, to really use it. Just relying on a centralized authority can bring them into a vulnerable position.

I like your idea tho and you seem like a smart and well intentioned guy. So my advice is to change the trust model and make it a top priority to not require trust, and this will succeed. See even if you as the owner have well intentions, as the business grows it will be harder and harder to control the whole supply chain, and many things won’t be in the owners control anymore, one bad apple can rot the whole tree here.

All valid points.  Just like when you buy Bitcoin on some centralized exchange, you trust there is actually that much Bitcoin in the exchange's underlying wallet.  If you can pay 224 satoshis for say a 50 µBTC bill (5,000 sats) then you need to charge more than the tx fee, perhaps 300 sats to the buyer.  There would have to be a cost to create the bill.  The transaction fee happens once and then you can have five years of transactions.  You can verify the issuer has not spent the coins.  A little bit like banks would issue dollars before the Federal Reserve act came to be.

The lightning requires internet for transactions.  With these bills, transactions can be anonymous and offline and free apart from the one-time cost.

The issuer needs to be trusted for these to work as money..  The money could be for small communities that don't want to use a LETS system or fiat but don't want the expense of smart phones or PCs. The use of these should be for ready spending rather than saving but will stay fixed with respect to the Bitcoin price.  We already pay per transaction for Bitcoin everytime it changes hands when using it online so paying up front one transaction to give a community zero fees seems like a group of people could agree to contribute to get these things.

Wouldn’t trusting the issuer bring in the same danger, Fiat brought us into? E.g. inflating the money supply. How can the user verify the same bill wasnt printed twice, without waiting for years? Also how do we make sure there isnt another copy of the private key with the issuer? One bad merchant could open the door to mass fraud. I think its crucial for a Bitcoin bill to be trust minimized, otherwise we can run into Fiat 2.0. There needs to be some element of verification by the user.

Also: how will the issuer make money? He has to pay transaction fees, has to pre-fund the bill and has to make a high quality bill. These factors all cost money and could be way higher than the fees that are actually saved with this approach. Its important to calculate the cost of low quantity bills to see if this approach even brings in savings.

Isnt it just cheaper in the end to just open a lightning channel(and more secure and efficient)?

                                                                          A Cheaper Bitcoin Note Project
                                                                                 =============

+---------------------------------------------------------------------------------------------------------------------------------+
|  Yi MILLIBITCOIN                                                                                             ONE MILLIBITCOIN   |
|                                                  Redeem with Issuer After :   November 6th, 2025                                |
|              +-------------------------+                                                            +---------------------+     |
|              |XX    X         X     XX |                                                            | [X]            [X]  |     |
|              |       XX        XX      |                             1                              |         X       X   |     |
|              |   XX    XX        X     |                     millibitcoin                           |   X      X         X|     |
|              |   X            X        |                                                            |                     |     |
|              | XX        X  X     X    |                                                            |   [X]               |     |
|              +-------------------------+         Redeem Alone After:   November 6th, 2030           +-------------------- +     |
|                                                                                                                                 |
|                     Private         Key                                                                          Address        |
|                                                                                                                                 |
|  Un MILLIBITCOIN                                                                                               EK MILLIBITCOIN  |
+---------------------------------------------------------------------------------------------------------------------------------+


Bitcoin's massive acceptance of the new unit of account, is finally manifest.  While many rush to sign up to exchanges to get theirs there is concern that Bitcoin is lacking in three important qualities:
1.  Darkness: Transactions sent without revealing who or how much.  
2.  Lower Transaction Fees.
3. Offchain transactions.

Changes in the Bitcoin Protocol in order to fix either of these issues has been tried but each attempt to do so either results in a forgotten source code fork or alt-coins (Monero, Bitcoin Dark, Dash, Bitcoin Cash).  These alt-coins must compete with name recognition and network effects of the currency when the distinct product is their improved payment system.

Far from sending standard amounts in multiple transactions to obscure the amounts, bitcoin transactions are easily identified by the amount sent.  In addition, bitcoin can be traced as it moves from address to address.  Most people having to trade from one crypto to another will have their address linked to their identity.  So much for anonymity and so much for darkness.

Because the bitcoin protocol requires the transaction specify where the currency output comes from, so even when sent to the same address it is more expensive to send when they had come in smaller increments rather than a single lump sum.  At the most extreme end of the scale it typically costs 85,120 satoshis (851 µBTC) to send transaction on the next block and only 224 satoshis if you are willing to wait days and be okay if it eventually fails.

When sending large amounts the transaction fees make up a smaller percentage.  It turns out that if paying the minimal fee on a transaction 50µBTC, the fee would only be 0.5% of the value of the funds sent.

Enter Bitcoin Note. Bitcoins are sent to a script which is a combination of time-locked, multi-signature and single signature. The user gets to use the coins as a physical bill and is unable to transfer funds from it.  It can only be transferred with the help of the issuer and the private key on the bill.  The private key is unique to each bill.  In order to protect the issuer from extortion, he must destroy the copy of the private key on the bills before they leave the shop.

The issuer also has another private key.  In combination with the private key of the issuer and the private key on the bill they can redeem the money after the redemption date with this combination.  There is an expiry date, after which the holder, of the private key on the bill can unilaterally move the underlying coins on the block-chain.  It is important to take your bills to the issuer prior to that date so anyone who ever had the bill doesn’t move the backing block-chain BTC.


Measures against counterfeiting

These Bitcoin notes should be used between people who know each other.  Down the road the issuer after spending his bitcoin notes at a shop, may take them back as change for some later purchase or there maybe more cyclical economies where money moves around in a circle without ever needing to be changed into fiat.

The issuer can create bills that have a torn side.  A serial number match with the torn bill can be used to validate the bill is the original and not a photocopy.  Other more involved forms of measures against counterfeit can include things found in regular fiat bills and they raise the bar in terms of what a counterfeiter has to do, what equipment one must buy, etcetera.

Suggested Bill Values used

Paper currency in bitcoin based on purchasing what you typically need at a clothing shop or electronics store, it seems that 1 mBTC is a good upper size.  Larger than that, you might as well just keep things on chain.  These days, 100 µBTC is an amount that would cost about 2.5% of its value for an online transaction.  Creating a special transaction for this amount once and putting it on a Bitcoin note, could allow zero fee transaction to happen with this note limited only by the ability to pass it between one user and another.
Scripting

The script for a single issuer and a private key for each note:

ki ->  issuer's public key (private key not on the paper)
kp -> paper public key whose private key is on the paper

:= (signature of the issuer)    
:= k1
:=  (signature for the key that's on the paper)

In square brackets the stack of the Bitcoin Virtual Machine is placed next to the op codes to aid better understanding.

Script Template
OP_2
k1
k2
OP_2
OP_DEPTH
OP_2                  
IF_EQUAL              
OP_IF
  OP_2                
                  
                  
  OP_2                
              
  OP_check_locktimeverify
  op_checkmultisigverify
OP_ELSE [sig]
  
                
  check lock time verify
  drop                
  dup        
  op_hash160
  
  op_equalverify
  op_checksig
OP_ENDIF
The script can be redeemed with the following inputs:
During the redeem period you can redeem them with:


2




During the post-redeem with issuer period it can be redeemed by anyone who has the private key.



At the start the stack is either [sig] or [sig1 sig2].

OP
Redeemable with issuer
Redeemable alone (single sig)

0 sigi sigp 2 ki kp 2
sigp
OP_DEPTH
... kp 2 => ... kp 2 7
Sigp => sigp 1
OP_7
... 2 7 => ... 2 7 7
Sigp 1 => sigp 1 7
OP_EQUAL
... 7 7 => 1
Sig 1 7 => sig 0
OP_IF
... kp 2 1 => ... kp 2
sig 0 => sig
  OP_DROP
... ki kp 2 => ... ki kp

  OP_2DUP
... ki kp => ki kp ki kp

  OP_HASH160
... ki kp => ki hash160(kp)

  PUSH hash160(kp)
... => ... hash160(kp)

  OP_EQUALVERIFY
... hash160(kp) hash160(kp) => ...

  OP_HASH160
... ki kp ki  => ki kp hash160(ki)

  PUSH hash160(ki)
... => ... hash160(ki)

  OP_EQUALVERIFY
... hash160(ki) hash160(ki) => ...

  OP_2
0 sigi sigp 2 ki kp => 0 sigi sigp 2 ki kp 2

  OP_3
0 sigi sigp 2 ki kp 2 => 0 sigi sigp 2 ki kp 2 3

  OP_PICK
... ki kp 2 3 => ki kp 2 2

  OP_EQUALVERIFY
0 sigi sigp 2 ki kp 2 2 => 0 sigi sigp 2 ki kp

  OP_2
0 sigi sigp 2 ki kp 2




  PUSH redeem

... kp 2 => ... kp 2 redeem
  OP_CHECKLOCKTIMEVERIFY

 ... => ...
  OP_DROP

... 2 expiry => 2



  OP_CHECKMULTISIGVERIFY
... 0 sig1 sig2 2 ki kp 2 => []

OP_ELSE


  PUSH kp

sig => sig kp
  PUSH expiry

sig kp => sig kp expiry



  OP_CHECKLOCKTIMEVERIFY


  OP_DROP

sig kp expiry => sig kp
  OP_DUP

sig kp => sig kp kp
  OP_HASH160

... kp kp => ... kp hash160(kp)
  OP_PUSH hash160(kp)

... kp => ... kp hash160(kp)
  OP_EQUALVERIFY

... hash160(kp) hash160(kp) => ...
  OP_CHECKSIGVERIFY

sig kp => []
OP_ENDIF





Seed creation phrase (Do not use for real (mainnet) funds!!!):

‘general image wine slam knee auction boat carry then adapt huge captain’

Bitcoin testnet faucet: https://testnet.help/
Bitcoin testnet address: tb1qq2z3t9lnpq370exmmjsrrt8lwhzf56pla4j4t0
`electrum --offline --testnet -w ~/.electrum/testnet/wallets/default_test_wallet -v getpubkeys tb1qq2z3t9lnpq370exmmjsrrt8lwhzf56pla4j4t0`

Let the Paper Data Be:
Public Address: tb1qq2z3t9lnpq370exmmjsrrt8lwhzf56pla4j4t0
Public key: 0x0237d0db0db60473c13dacd56043342f90263bc4545d91d92ae2bd2827ccdad0aa
Private key: p2wpkh:cPE1c91SAmiJ3gU7zdyJhQbiaqPX9dvvYdDutD1FDjstW8R3yNje
Hash160 of Public Key: 0xD357872E86E1D4D8B5BA09C3B3CBF0705656EF93


Issuer Data:
Public Address: tb1quh0mmjuwl0gu2wla4t76prdtuzt5hlh0dp6kn5
Public Key:     02c5def4d26d803be6c2ec38db7b693088b504801294276fba734687dcb86741d3
Private Key:    p2wpkh:cQbBdBtspSCEVdTugyZstGNyUZk79bdUkbbRYfyoq7dd5CJ8jHhh
Hash160 of Public Key: 0x60208BB5D099A4681E40DF8B335B29714EBB856A

Example with values filled in:

OP_0
OP_5
OP_16
OP_2

0x02c5def4d26d803be6c2ec38db7b693088b504801294276fba734687dcb86741d3
0x0237d0db0db60473c13dacd56043342f90263bc4545d91d92ae2bd2827ccdad0aa
OP_2
OP_DEPTH
OP_7
OP_EQUAL
OP_IF
  OP_DROP
  OP_2DUP
  OP_HASH160
  0xD357872E86E1D4D8B5BA09C3B3CBF0705656EF93
  
  OP_EQUALVERIFY
  OP_HASH160
  60208BB5D099A4681E40DF8B335B29714EBB856A
  OP_EQUALVERIFY
  OP_2
  OP_4
  OP_PICK
  OP_EQUALVERIFY
  OP_2

  621BA473
  OP_CHECKLOCKTIMEVERIFY
  OP_DROP

  OP_CHECKMULTISIGVERIFY
OP_ELSE
  621BA573
  OP_CHECKLOCKTIMEVERIFY
  OP_DROP
  OP_DUP
  OP_HASH160
  D357872E86E1D4D8B5BA09C3B3CBF0705656EF93
  OP_EQUALVERIFY
  OP_CHECKSIGVERIFY
OP_ENDIF


This idea had sat on my disk for years, but contrast it with https://bitcointalksearch.org/topic/introducing-the-bitcoin-note-physical-bitcoin-that-looks-and-feels-like-cash-5401680 perhaps we can combine ideas to make an even better project.