Pages:
Author

Topic: ⭕️LEALANA BRASS XMR COINS FOR SALE ⭕️ - page 3. (Read 4983 times)

newbie
Activity: 12
Merit: 0
I've ordered some of these coins now, and have been trying to throw together some code to be able to verify the balance of the coin.

I'm not 100% sure about how the signatures are generated and how to check them.  The code I'm using right now is taken from wallet2::import_key_images,
and I basically check using:

Code:
crypto::check_ring_signature(hash_input, key_image, pkeys, &signature)

In this case the hash_input would be the hash on the digital certificate.

Could you confirm if this is correct, Smoothie?

Looking forward to getting the coins Cheesy
hero member
Activity: 784
Merit: 501
Nice coins! Got my order in!
full member
Activity: 157
Merit: 102
pm sent
legendary
Activity: 1534
Merit: 1133
derp
I like these. PM sent
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
@miffman, yes that probably makes the most sense.

UPDATE: A large batch of U.S. giveaway coins were shipped out today via USPS first class mail.

An international batch will be shipped hopefully soon. Just more forms to fill out. (some of you have some crazy long addresses  Cheesy)
legendary
Activity: 3206
Merit: 1348
Could smoothie not just pgp sign each certificate? Anyone that tries to fake one with different info will not be able to sign it with smoothie's key. Unless I misunderstood part of the question.

That does seem like the best solution.
Alternatively Smoothie could just paste all the certificates in one PGP signed file. That could act as a central database for all the coins and the file could be used to search for specific addresses. That could also potentially be a solution but would mean that all the certificates would have to have been produced beforehand. (It wouldn't work for coins sold at a later date unless he decides to do something similar to Mike in terms of different funding dates).     
legendary
Activity: 1904
Merit: 1005
PGP ID: 78B7B84D
Could smoothie not just pgp sign each certificate? Anyone that tries to fake one with different info will not be able to sign it with smoothie's key. Unless I misunderstood part of the question.
newbie
Activity: 12
Merit: 0
Thanks Smoothie. I'm sorry if I'm being annoying, but this stuff is a bit tricky (interesting at the same time).

I'm hacking around trying to recover a wallet from just the spendkey now because of the discussion :p since simplewallet doesn't seem to let you do it.
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
Is there any way to verify that a given digital certificate belongs to a given coin?
It looks like with the digital certificate, you can check that the outputs are all unspent,
but not that the outputs actually belong to the coin.

If the hash from the digital certificate appeared on the coin (or something like that, perhaps around the edge) then you would
know for certain that the outputs you are checking can actually be spent using the private key under the hologram.

Maybe I'm missing something?  Would be good to know

This only applies to FUNDED coins. Unfunded coins are marked "UNFUNDED" on their holograms prior to shipping.

Are you asking this to determine if a fake digital certificate generated would lead a buyer to believe a coin was in fact funded when it was not?

If so, then first, the scammer would need to have already gotten access to the private spend key without showing any noticeable marks on the hologram. This is possible as tamper evident holograms are not "tamper proof". This is stated in my terms and conditions for each sale I make.

Yes someone could create a fake digital certificate, but:

1. If they can already gain access to the private spend key in the manner described above, what's the difference, they would not need to create a fake digital certificate.

2. If they can't gain access to the private spend key, then the coin should be funded.

Is this the scenario(s) you are speaking to?

Just so I have a starting point...

Hi Smoothie.  Yes I'm talking about funded coins.  It's maybe a silly scenario, but say:

1) I bought a funded coin from you serial number 999.
2) I completely lost the digital certificate because I'm an idiot.  Crud
3) I want to sell the coin (still not opened in any way) to someone else, but have no digital signature
4) I make a new wallet and deposit 5XMR into it.  I make a new digital certificate:

Code:
HASH:

-------------------------------------------------START------------------------------------------------------
LEALANA PHYSICAL BRASS COIN 5 XMR SERIAL #999

XMR ADDRESS:

VIEW KEY:
Total # of Outputs:1
************************************INDIVIDUAL OUTPUT INFORMATION*******************************************
key_image: ........INFO GENERATED FROM A 5 XMR DEPOSIT TO MY NEW ADDRESS (NOT COIN ADDRESS)
tx_id: ............ETC
output_public_key: ETC
xmr_amount: .......5.000000000000

------------------------------------------------END---------------------------------------------------------

SIGNATURES:


5) Some time after selling the coin I withdraw my funds from my wallet, pissing off the new owner (although the coin hasn't been opened so it hasn't lost funds).


It's maybe a strange scenario.  The coin is never opened and I never see the private spend key.


Edit:  I think you addressed my concerns.  Like I said I was a bit concerned because I thought you need Address, viewkey and spendkey to recover the wallet (I believe monero-wallet-cli asks for all of them), but you technically only need the spendkey, since the seed words are an encoding of spendkey, and the whole wallet can be recovered from the seed words.

Simple:

There is no harm in me keeping a copy of the digital certificate as it would not allow me to spend the contents of the coin.

The buyer could request another copy of it from me (assuming I am still alive).

Other solution is to have multiple copies of the digital certificate since it costs basically nothing to make duplicates.
newbie
Activity: 12
Merit: 0
Is there any way to verify that a given digital certificate belongs to a given coin?
It looks like with the digital certificate, you can check that the outputs are all unspent,
but not that the outputs actually belong to the coin.

If the hash from the digital certificate appeared on the coin (or something like that, perhaps around the edge) then you would
know for certain that the outputs you are checking can actually be spent using the private key under the hologram.

Maybe I'm missing something?  Would be good to know

This only applies to FUNDED coins. Unfunded coins are marked "UNFUNDED" on their holograms prior to shipping.

Are you asking this to determine if a fake digital certificate generated would lead a buyer to believe a coin was in fact funded when it was not?

If so, then first, the scammer would need to have already gotten access to the private spend key without showing any noticeable marks on the hologram. This is possible as tamper evident holograms are not "tamper proof". This is stated in my terms and conditions for each sale I make.

Yes someone could create a fake digital certificate, but:

1. If they can already gain access to the private spend key in the manner described above, what's the difference, they would not need to create a fake digital certificate.

2. If they can't gain access to the private spend key, then the coin should be funded.

Is this the scenario(s) you are speaking to?

Just so I have a starting point...

Hi Smoothie.  Yes I'm talking about funded coins.  It's maybe a silly scenario, but say:

1) I bought a funded coin from you serial number 999.
2) I completely lost the digital certificate because I'm an idiot.  Crud
3) I want to sell the coin (still not opened in any way) to someone else, but have no digital signature
4) I make a new wallet and deposit 5XMR into it.  I make a new digital certificate:

Code:
HASH:

-------------------------------------------------START------------------------------------------------------
LEALANA PHYSICAL BRASS COIN 5 XMR SERIAL #999

XMR ADDRESS:

VIEW KEY:
Total # of Outputs:1
************************************INDIVIDUAL OUTPUT INFORMATION*******************************************
key_image: ........INFO GENERATED FROM A 5 XMR DEPOSIT TO MY NEW ADDRESS (NOT COIN ADDRESS)
tx_id: ............ETC
output_public_key: ETC
xmr_amount: .......5.000000000000

------------------------------------------------END---------------------------------------------------------

SIGNATURES:


5) Some time after selling the coin I withdraw my funds from my wallet, pissing off the new owner (although the coin hasn't been opened so it hasn't lost funds).


It's maybe a strange scenario.  The coin is never opened and I never see the private spend key.


Edit:  I think you addressed my concerns.  Like I said I was a bit concerned because I thought you need Address, viewkey and spendkey to recover the wallet (I believe monero-wallet-cli asks for all of them), but you technically only need the spendkey, since the seed words are an encoding of spendkey, and the whole wallet can be recovered from the seed words.
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
Is there any way to verify that a given digital certificate belongs to a given coin?
It looks like with the digital certificate, you can check that the outputs are all unspent,
but not that the outputs actually belong to the coin.

If the hash from the digital certificate appeared on the coin (or something like that, perhaps around the edge) then you would
know for certain that the outputs you are checking can actually be spent using the private key under the hologram.

Maybe I'm missing something?  Would be good to know

This only applies to FUNDED coins. Unfunded coins are marked "UNFUNDED" on their holograms prior to shipping and do not have digital certificates provided.

Are you asking this to determine if a fake digital certificate generated would lead a buyer to believe a coin was in fact funded when it was not?

If so, then first, the scammer would need to have already gotten access to the private spend key without showing any noticeable marks on the hologram. This is possible as tamper evident holograms are not "tamper proof". This is stated in my terms and conditions for each sale I make.

Yes someone could create a fake digital certificate, but:

1. If they can already gain access to the private spend key in the manner described above, what's the difference, they would not need to create a fake digital certificate as they would just sell you the coin, and then redeem it right after. No need to fake anything.

2. If they can't gain access to the private spend key, then the coin should be funded.

3. If a coin was redeemed after the scammer gained access to the private spend key in #1 but before it was sold to a buyer, then this is where the digital certificate comes in to play as its whole role is to prove funding of a coin.

Perhaps #3 would require a public list of XMR addresses with associated serial #'s to be published by me in order for verification of a digital certificate is genuine or not (as a starting point).

Since XMR is fairly private, this may not be a problem to do going forward for my XMR coins.
newbie
Activity: 12
Merit: 0
I'm not a coin guy, so I don't know what's easy / hard to do and how hard to fake it is.

I would guess engraving characters somewhere visible, or adding them to the hologram are the options.

I'm just saying that at the moment, the digital signature seems easy to fake. 

Although in the end it might not be a big deal.  I originally thought that you need the address and viewkey as well as the spendkey to recover the wallet,
which would make having the wrong address / viewkey details pretty bad.  But looking at Monero code just now ( I'm interested in making a vanity address finder ) it
looks like the spendkey is all you technically need.
 
hero member
Activity: 679
Merit: 526
Quote
The digital certificate has the coins serial number.

I know, but I could create another certificate saying the same serial number, but with different address and transaction details.  If I then showed both digital certificates to someone I was selling the coin to,
how would they be able to tell which one is genuine?


 
It all comes down to the coin and how good of a fake it is.  Adding more information to the coin may or may not make the coin harder to fake depending on how it is done.  How do you propose to add more information to the coin in a way that makes it harder to fake?
newbie
Activity: 12
Merit: 0
Quote
The digital certificate has the coins serial number.

I know, but I could create another certificate saying the same serial number, but with different address and transaction details.  If I then showed both digital certificates to someone I was selling the coin to,
how would they be able to tell which one is genuine?


Adding the hash (or the first 8 characters of the hash, or something) would answer this question without having to open the coin.
hero member
Activity: 679
Merit: 526
Is there any way to verify that a given digital certificate belongs to a given coin?


The digital certificate has the coins serial number.  You could laser or engrave it to the coin somehow but that wouldn't add anything in terms of security and would possibly retract from its aesthetics depending how it is done.
newbie
Activity: 12
Merit: 0
Is there any way to verify that a given digital certificate belongs to a given coin?
It looks like with the digital certificate, you can check that the outputs are all unspent,
but not that the outputs actually belong to the coin.

If the hash from the digital certificate appeared on the coin (or something like that, perhaps around the edge) then you would
know for certain that the outputs you are checking can actually be spent using the private key under the hologram.

Maybe I'm missing something?  Would be good to know
hero member
Activity: 679
Merit: 526
With 4000 brass coins available, there can only be 200 holders of 1 roll each at maximum!

Do yourself a favor and buy the brass today.

I am trying but I need another trustable member from the usa to split a 20 roll with me 50/50. Escrow/Funding and/or shipping all handled by a highly trusted member by the name of minerjones. PM me if interested!  Cheesy

Thanks!

I'll cover the other half if you still need someone.
legendary
Activity: 3570
Merit: 1959
With 4000 brass coins available, there can only be 200 holders of 1 roll each at maximum!

Do yourself a favor and buy the brass today.

I am trying but I need another trustable member from the usa to split a 20 roll with me 50/50. Escrow/Funding and/or shipping all handled by a highly trusted member by the name of minerjones. PM me if interested!  Cheesy

Thanks!
legendary
Activity: 1610
Merit: 1004
With 4000 brass coins available, there can only be 200 holders of 1 roll each at maximum!

Do yourself a favor and buy the brass today.
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
Note: Only funded coins prior to shipment will receive a digital certificate

Can you explain the logic behind this?  How will people get the view key for the buyer funded coins?

Pretty sure at one point he ruled buyer-funded coins out altogether, so yes, this is a good question.

Edit - if anyone would like to split a roll with me, funded, shoot me a pm. I will pay in xmr, & you can pay me 1/2 in btc or xmr, we can work it out or use escrow if you wish.

thanks!  Smiley

I'd be happy to split a roll 50/50 with you. Smoothie, any way we can pay you separately to ensure the process goes smoothly?

Yes you can split a roll. Would rather just deal with one person though and one place to ship to.
Pages:
Jump to: