Topic: Off-chain anonymous transactions by secure transfer of private keys - page 3. (Read 17282 times)

Thank you Beeblebrox, will reply there.

Regarding the use of smartcards in Samsung Knox, here's Samsung's official response:


The app itself works fine but access to the smartcard is blocked by the Knox container. I do plan to work around it by having a hosted smartcard in the cloud (a physical one, plugged somewhere in your computer). That is planned, just not implemented yet.

I'm going to reply to this in the other thread since what we are discussing is more relevant to "Project Development" than Bitcoin "Development and Technical Discussion".

Beeblebrox, I think I'm going to accept your offer. I've spent the past few days talking to various people and it looks like most of them do not really understand what OtherCoin is/does. They keep asking questions like "how is this different from spending Bitcoins between two Android smartphones" (as in using the Android Bitcoin Wallet to spend the funds directly via the blockchain) or "why do I need a microSD card in my phone to do this" (they don't know what a smartcard is or are even aware of how vulnerable an Android smartphone really is, especially when rooted).

On the other hand, distributors want to see a finished product (packaged, ready to sell) before they commit to anything, so I guess the first order of business would be to get these to look more "commercial", then into the hands of a few key people and reviewers that can understand how OtherCoin is different from a regular Bitcoin payment. I also need a demo video that shows the actual product in action, from the time you insert the card into your phone to your first payment through the system.

Just to clarify, is the 10 BTC part of your bounty still on (for when this becomes a commercial product, which should be in a few weeks)? If the 20 BTC loan removes the 10 BTC part of the bounty, I'd rather struggle to get it out the door on my own, then take the 10 BTC and use them on the project. As you can see, I am a bit reluctant to get into debt (managed to stay debt-free for 35 years ...) but I really believe in this idea and its potential.

You are also welcome to become more involved in the development/company if you wish to do so, I could use an adviser / partner, even if you don't want to do this in an official position (but also if you do).

Thank you,
Razvan

I've posted some initial pricing data and a few details on how to order a unit from our first batch in the Project Development area at https://bitcointalksearch.org/topic/m.4494688 .

Don't worry, that's coming:). Just didn't have time to implement that yet. This will be useful for completely offline transactions (right now transactions are simply off-chain but you still need access to a way to verify the balance associated with a private key - right now we use the BlockChain.info API with a pinned certificate to prevent man-in-the-middle attacks, but OtherCoin will also support signed "balance statements" that certify that at the time of the signature the balance of that particular key was x BTC (and as long as the key travels only between OtherCoin devices, its current balance can only be higher since nothing can be spent without the private key that is held securely in the smartcard).

I've also looked into using SPV to prove to the recipient that the key actually has a certain balance, but as far as I understood, SPV is _not_ safe if your only source of information is the potential attacker. SPV should be safe if the majority of the nodes you have access to are honest and in the case of an offline transaction, the only node you have access to is the sender of the funds who is also the most likely attacker.

In my opinion offering a validation / stamping service to "bless" the public key of a device you want to use with OtherCoin looks like a better idea and business model than a patent - especially since the process had already been disclosed here 

OtherCoin is channel agnostic, I've implemented SMS and QR codes as samples but you can also use NFC, Bluetooth, WiFi or even the Internet. SMS appeared safer (especially if parties are on the same network - meaning that the messages only go through the SMSC of the operator and do not leave their infrastructure).

You can also mix channels if you feel like it (even in the current implementation, you can send your request via SMS but scan the response from the QR code, although I don't see why you would do that).

SMS traffic goes through the internet nowadays.  Better use two channels

Thank you, 0.5BTC received as well. If the smartcard reader whitelist that Samsung support mentioned is real, I will try to work with our supplier to get the OtherCoin/cgToken Bluetooth reader certified with Samsung to make it usable in the Knox container. Their support guy didn't sound very sure about it though, they had specifically told me to only use Bluetooth 2.1 (not 4.0 - that's not supported) and never mentioned this "whitelist" until I actually tried it and saw the exception being thrown in their system classes (the app passed certification just fine).

I'm not sure if the split key setup is patentable (but I am not a patent attorney either) - after all, that's how the vanity Bitcoin address generation works. They are not storing the secret half of the key in a tamperproof smartcard though or using the system to securely transfer value between parties.

One other thing that is interesting is that OtherCoin is not limited to just Bitcoin - any altcoin that still has the notion of a private key (used to transfer funds) can be integrated with it. If the altcoin uses Elliptic Curve crypto, then the split key scenario also works, but you can also use the system without a second half stored in the smartphone and just trust the smartcard to transfer the private key around safely.

I would definitely like to claim the remaining 10 BTC from your bounty as well, what would you like to see before that happens? The Android app can be in the Play Store in a few days but it's not very useful without the hardware (the OtherCoin card) - additional OtherCoin microSD cards will take a few weeks to arrive. Please let me know how you see this. You can also email me at razvan.dragomirescu (at) veri.fi or send me a PM.

To everyone else reading this thread, if you would like to be appointed as the exclusive reseller in your country or region (considering that the solution is not currently patented and, as Beeblebrox mentioned, we are not sure if it is patentable at all), feel free to make me an offer - I'm also willing to consider offers that pay a reservation fee immediately with the rest of it being due at the time the application starts selling.

Yes, I should have realised  that Knox wouldn't allow communication to external storage such as the SD card.  But good to see that you've wrapped the parts anyway-- I am sending you 0.5BTC for that.




Anytime you wish to take my up on the offer just post a message here or in the other thread (which I've just discovered) about this project in the Project Development area and I'll send it to you.



PS: regarding buying distribution rights.  For me personally I would require that you have some sort of patent protection so that other competitors couldn't steal the market with alternative products.  Unfortunately, the basic concept of off-chain electronic transactions by  secure private key exchange would most likely not be patentable since the mechanism has been publicly detailed previously by others.  However, your idea of splitting the private key across the phone and card offering further customer protection I believe is novel (not only novel but also a great idea too   ) and should be patentable.  The split key feature could provide a selling edge to establish your product in a market dominating position-- a dominating position in this market is golden due to the fact that it has a native lock-in factor owing to the compatibility issue surrounding the cards being able to talk to each other and establishing secure connections.  

 (Actually, as-an-aside: In my particular case of Australia it may even be the case that you cannot patent the split key idea as it is my understanding that our law requires that the idea never be published before the patent application-- however I think this is the exception of most countries than the rule.  I believe that in places such as the USA you have up to one year after publicly detailing the mechanism to patent it-- but I'm not a lawyer so not so sure.)

Thank you Beeblebrox, 5 BTC received.

I'm not sure what you mean by "public" - taking it commercial will take a bit longer (the main showstopper being the actual hardware - I have a few of each of the various hardware form factors for the OtherCoin card and obviously need to get some initial stock and selling these to end users requires various little details like a manual, a logo (engraved or silkscreened) on the actual card, a streamlined card issuance/provisioning mechanism (right now it's all manual and I don't scale very well ). I also plan to have a limited beta test with a few users just to confirm that I haven't missed anything obvious.

My plan for the coming weeks is to raise enough funds (either via donations such as yours or by preselling exclusive distribution rights) to allow me to focus on this project exclusively and take care of these little details before I go fully public.

The source code for the Android app has just been published at https://github.com/razvandragomirescu/OtherCoin - any interested party can take a look and verify that it actually works the way I described (keys are split between the smartcard and the phone, the card has no access to any network and communicates only to the smartphone, etc). It should also serve as a reference on how to interface with the various form factors that the OtherCoin will have (microSD card, external Bluetooth token or NFC token).

Regarding Samsung Knox, it already works with it. I've actually had Samsung wrap OtherCoin + the official Android Bitcoin Client + the helper tools for the Bluetooth OtherCoin and they all run from within the Knox container (tested on a Galaxy Note 2). The problem comes when interfacing with the OtherCoin card - Knox containers disallow communication to external storage (so no microSD or USB) and also block NFC. Only Bluetooth should work, but it doesn't (there's an exception in the BluetoothSocket system class - not in my code). I'm all over Samsung's support for this, they have specifically told me that Bluetooth should work but now they claim that only very specific "whitelisted" Bluetooth smartcard readers are allowed. But yes, it works in Knox, if you have a Samsung device that supports it let me know and I'll email you the wrapped APKs to try it.

Regarding user adoption, the plan was to get some early regional resellers that can help by promoting it at local Bitcoin meetups and conferences in their area. Preselling exclusive distribution rights (per country or per region) would also help us raise the necessary funds to turn this from something I'm working on in my spare time into a real business. I'm not sure where you are located, but if you're interested in acquiring the exclusive distribution rights in a certain area or country, make me a reasonable offer and I'll take it. You would not only get the exclusive rights for OtherCoin in your area but also the rights to the Card2Coin sub-project (see https://bitcointalksearch.org/topic/distributed-btcusd-exchange-using-regular-chip-and-pin-credit-cards-339389) that will become part of the OtherCoin ecosystem, closing the loop by allowing you to exchange your OtherCoin keys to dollars directly, without ever having to touch the blockchain.

Depending on how much we raise from early regional resellers, I might take those 20 BTC you've offered as a loan, I really appreciate the offer. Thank you!

(we should probably move the discussion to the Project Development area sometime, right now it's a mix of tech + project dev)

Congratulations on achieving demo status for your project.  This is a game changer for Bitcoin- the greatest innovation in a year since Bitcoin ATM's.  I can't understand why this isn't the top comments thread of the month  -- no comments anywhere yet?.  I think most people here just don't understand what this project is.

Previously I pledged 15 BTC on this thread to you for this- I have just sent you 5BTC and will send another 10 when it has the finishing touches and is publicly realeased.  Please spend this as you see fit (preferably on the project though I don't mind if you spend it otherwise-- you deserve it!).  

I'm interested in knowing if you familiar with the Samsung Knox Android phone- it has very strong privacy and security feature with allow apps to run in secure isolated containers.  Knox would be a great match for this project.  I'll give you another 0.5BTC if you port your software to make use of the available Knox features.  This shouldn't be too hard or take too long, from what I understand you contract Samsung and provided they approve the app they assist in wrapping the Android files to make use of the Knox features.

Have you thought about patenting your split key idea of using both the phone and the card?  It would be a good idea even if you are motivated to introduce this system for the benefit of bitcoin and not so much for your personal gain because it would help your system to become standard.  The widespread use of electronic off-chain private key exchange needs/requires very few solution providers so that people can exchange with others without compatibility issues.

Also how do you plan to advertise/introduce it to the bitcoin community.  I imagine that you could perhaps gain access to users by introducing it to local bitcoin groups and retailers.  This project needs to penetrate where people meet face to face regularly to conduct bitcoin transactions.

By-the-way:  I want this project of yours to succeed, so if it would help it I can lend you interest free up to 20 BTC to be paid back at your leisure as a gentlemen's agreement.  If you would like more I could lend it to you interest free up to 250BTC but this would require a formal agreement (you would have to pay the costs of drawing up a contract).  Even more is possibly available but it would require that I receive benefits in return (eg: exclusive rights to sell in my country, or a part of the business, etc.)

As promised, I've uploaded a more detailed demo of the OtherCoin system to YouTube at http://www.youtube.com/watch?v=ZR8gz0uVBHk&feature=youtu.be (make sure you view it in HD).

It shows it running side by side on a Samsung Galaxy Note 2 and a Vodafone Smart Mini (a.k.a. Vodafone 875), sending keys back and forth over SMS and interfacing with the Android Bitcoin Wallet to reveal a key (remove it from Othercoin and import it into the wallet) and add funds to a key (stored securely in the OtherCoin smartcard). Sending/receiving keys via QR code still works, it's just not shown in this video.

If you have any questions, ask away. If you feel generous (or supportive), 1VeriFivRsUxUqdWMgUmHrgfQXL9J3dfe .

Thank you,
Ravan

I have spent the past few days polishing the UI and adding the ability to send/receive the keys over SMS. I am deliberately trying to avoid sending the keys over the Internet in any way - to make the transfer less likely to be noticed by someone looking at Internet traffic. SMS goes only through the facilities of the GSM operators while QR code goes nowhere (it's strictly screen to camera).

I will try to post another demo movie in the next few days to show off the new UI (new icons, less text) and demonstrate an SMS exchange.

I have also deliberately avoided exchange protocols over NFC and Bluetooth to keep the technical requirements as low as possible and also to "free" those two wireless options for communication with alternative form factors of the OtherCoin (NFC is used if you have a Yubikey Neo with the OtherCoin software on it while Bluetooth can be used to talk to the cgToken form factor (external Bluetooth smartcard reader).

If anyone's interested, I have completed a first version of the OtherCoin app (both the smartcard applet and an Android demo app).

The Android demo app can access 3 types of smartcards - a microSD internal card, a Bluetooth-based smartcard reader (namely this one: https://www.certgate.com/products/cgtoken/) and an NFC card (tested on the Yubikey Neo).

As mentioned in the whitepaper, private keys are generated by adding together two halves - one generated by the card and another one generated by the smartphone. This way the OtherCoin card never has access to your private key but can still guarantee the security of the system by keeping its half private.

The Android app can add new keys (that is ask the smartcard to generate them), request a BTC transfer (ask the card to send its signed public identity that the other card can verify to make sure it's talking to a legit card) and scan a response from the other smartphone (that contains the encrypted Bitcoin private key to import). It uses QR codes for the communication but it could be adapted to use Bluetooth, WiFi or just about anything else.

I've modified the protocol a bit to use ECDH key exchanges instead of RSA (that is the two parties now negotiate a symmetric encryption key using their EC public identities and use that to transfer the Bitcoin private key). RSA was just way too slow and keys were too large to fit into a decent (=readable) QR code.

Finally, it integrates with the Android Bitcoin Wallet to add funds to a specific OtherCoin key (it starts the Bitcoin Wallet with a prefilled destination address - you can see this in the demo movie at around 1:03) and to reveal a key (that is remove from the card and import it into the Bitcoin Wallet for use on the blockchain - see the demo movie at 0:35).

The video is at http://youtu.be/YXGOGMnRx2Y , it probably needs some annotations here and there, I will add them in the coming days.

Feel free to comment and ask questions. The Android app will be open-source to show you how to interact with an OtherCoin card (either via microSD, Bluetooth or NFC) and we're going to need some testers soon. The app is fully functional, everything described in the whitepaper is there and appears to be working fine.

I've described how private key transfer could be used in person to person transactions (between trusted parties) or by online merchants - even in the absence of a secure chip - in this thread: https://bitcointalksearch.org/topic/bitcoin-payphrase-human-friendly-payment-system-329320 .

I plan to make this a part of the OtherCoin ecosystem at a certain point - if the recipient supports OtherCoin off-chain transactions, the key will be securely pushed to him that way. If he doesn't support it, payment can still take place by a transfer of private keys, if said key is encoded in a short human-readable phrase (a PayPhrase) that can be read over the phone or simply typed in an input field on a website.

I hope to see a future when Bitcoin addresses will go the way of IP addresses - they're still the basis of communication but nobody uses them directly or types them into anything. Humans are not meant to read those and I think the same applies to Bitcoin addresses.

Also, paying by sending a private key allows for some very interesting form factors for the hardware wallets. Right now, the wallet needs to be able to read or receive the address of the recipient (so it needs a camera to read a QR code or an NFC reader or Internet connectivity). If payment is done by giving away the private key, the wallet no longer needs to "read" anything from the payee and payment can be prepared in advance, without knowing the final destination address. It's also safer since the payee has no way to inject any code/data into the wallet, it never sends it anything.

I was actually thinking of writing a wallet for these: http://wyolum.com/projects/badger/ - you would sync the wallet with the blockchain via USB once a day or so, then all payments would be done by simply selecting the amount using the 5 on-board buttons, then displaying a QR code containing the payment transaction to an address generated by the wallet and the private key associated with that address. The recipient would scan it, post the payment transaction to the blockchain, then post a second transaction sweeping the funds to whatever address it uses.

Just my 2 cents - this would be something separate from OtherCoin but equally interesting.

That only works if the majority of the merchants support the Payment Protocol. Otherwise the user will receive the "insecure payment" warning a lot and will eventually disable it altogether since most of the time it simply means the merchant (or individual) being paid does not run the protocol rather than something fishy going on.


Yes, that's precisely when it happens (when the Signature object is initialized when the applet is created). It does _not_ happen if the signature object is created right before signing. Thanks for your help, I would appreciate it if you could give it a try, let's move that part to the Yubico forum though, as you suggested.

Right, but I think that's easily solved by having the physical wallet boot in Payment Protocol only mode, and require a user action (physically on the wallet itself) to reenable the old insecure behavior.


Not to turn this thread into a Java Card support party, but do you have the same behavior if you get/initialize the signature object when the applet is created ? I'll make some tests later and move that to Yubico forum.

The problem with the payment protocol and malware is the one I described on the Trezor thread ( https://bitcointalksearch.org/topic/m.3448363 ). Basically, browser malware could simply strip the payment protocol parts and change the destination address. Since most individuals and some of the merchants will not have certificates, the wallet cannot simply refuse to pay to addresses that do not present a certificate.

So it's basically safe if you absolutely know that the merchant implements the protocol (so if it presents the wrong cert or no cert at all, you do not pay them) but kind of useless to secure interactions with merchants you've never used before or individuals.

The YubiKey Neo is a great tool for development, I've actually used it to test the OtherCoin code over NFC. It does have some problems though with RSA key generation and randomness - see my thread on the Yubico forums at http://forum.yubico.com/viewtopic.php?f=26&t=1207 .