offline address - or a way to explicitly freeze an address

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: btcusr on February 28, 2013, 12:32:09 PM

I still have to go a long way to answer questions like,
whether this can be implemented?
can I do this?
will this ever be released?

1. Probably can not be implemented.
2. Probably no easy way to do it yourself without changing the protocol. It could be client dependent.
3. Probably not ever be released.

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

Quote from: Timo Y on March 01, 2013, 07:24:48 AM

Instead of using time locks that expire on a fixed date, I would suggest using 'ratchet' time locks where the expiry date can be postponed indefinitely by the owner of the address.

so, someone gets they key can extend the lock and prevent you from spending.

how you could postpone a time lock? through a new transaction?

Timo Y

legendary

Activity: 938

Merit: 1001

bitcoin - the aerogel of money

Quote from: casascius on February 28, 2013, 12:02:17 PM

No matter how you cut it though, if you have a time-locked address, the bad guy has just as much chance of being the person to get the coins the minute the time runs out as the good guy, possibly even more so if the good guy is in a vulnerable position.

True. But my idea is to use the time lock as an additional security feature on top of already existing security features, such as offline wallets and multisig.

Instead of using time locks that expire on a fixed date, I would suggest using 'ratchet' time locks where the expiry date can be postponed indefinitely by the owner of the address.

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

Quote from: DannyHamilton on February 28, 2013, 12:27:49 PM

Quote from: btcusr on February 28, 2013, 12:18:39 PM

when in doubt, "frozen" addresses can be unlocked, and then locked with new "freeze" key.

You keep saying this. I give up.

easy for you, I can't do that.

I still have to go a long way to answer questions like,
whether this can be implemented?
can I do this?
will this ever be released?

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: btcusr on February 28, 2013, 12:18:39 PM

when in doubt, "frozen" addresses can be unlocked, and then locked with new "freeze" key.

You keep saying this. I give up.

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

I think, "time-based lock" is different from "frozen".

"time-based lock" is for predefined time, "freezing" is adhoc.

compromised "time-based lock" address, has no protection.
when in doubt, "frozen" addresses can be unlocked, and then locked with new "freeze" key.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

No matter how you cut it though, if you have a time-locked address, the bad guy has just as much chance of being the person to get the coins the minute the time runs out as the good guy, possibly even more so if the good guy is in a vulnerable position.

Timo Y

legendary

Activity: 938

Merit: 1001

bitcoin - the aerogel of money

Quote from: DannyHamilton on February 24, 2013, 11:19:50 PM

You can generate an address offline.

As long as you keep the private key secret, nobody can steal the bitcoin.

A frozen address with time-activated release would be far more secure than an offline address.

The requirement to 'keep a private key secret' makes security depend on humans, and humans are fallible. Best to outsource security to the protocol as much as possible.

I can see lots of real world scenarios where a time-locked address would be useful and an offline address isn't good enough:

(1) A large 'bank' or exchange that has billions of dollars worth of bitcoin in cold storage. Even if the bank assigns multiple signatories to spend those bitcoins, they could be kidnapped and forced to disclose the private key.
(2) A famous rich person who is publicly known to own a lot of bitcoins. Again, the frozen wallet would discourage kidnappers.
(3) A problem gambler who wants to keep his retirement fund safe from himself.
(4) A single parent who has terminal cancer and greedy relatives, and who wants to leave his bitcoins to his 13-year old child.
(5) A bitcoin enthusiast who lives under a tyrannical regime and fears that the authorities might imprison and torture him in order to obtain his bitcoins.

As bitcoin gains in value and maturity, these kinds of examples are going to gain relevance.

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

Quote from: casascius on February 28, 2013, 11:23:32 AM

How to freeze your bitcoins:

1. Print a paper wallet at bitaddress.org
2. Send your bitcoins to the address printed on it
3. There is no step 3

Recover your bitcoins later by creating a throwaway Blockchain.info web wallet, importing the paper wallet, and sending the coins to an address of your choice. You can avoid leaving any unused coins in the web wallet simply by printing a new paper wallet and sending the balance there.

@casascius, thanks for your post. finally, I think my post got some attention.
you are one of very few members, I can recognize by profile name.

now, how would you solve my main problem,

Quote

I want to keep my firstbits address 1vijay, 1visu forever, to receive and spend.

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: btcusr on February 28, 2013, 11:21:16 AM

thats ok, it is just an example. an incomplete idea.

FTFY

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

How to freeze your bitcoins:

1. Print a paper wallet at bitaddress.org
2. Send your bitcoins to the address printed on it
3. There is no step 3

Recover your bitcoins later by creating a throwaway Blockchain.info web wallet, importing the paper wallet, and sending the coins to an address of your choice. You can avoid leaving any unused coins in the web wallet simply by printing a new paper wallet and sending the balance there.

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

finally, I got 1 more want in the poll. I am happy as if it is implemented.
I will edit first post for clarity.

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

Quote from: DannyHamilton on February 28, 2013, 11:16:42 AM

Quote from: btcusr on February 28, 2013, 11:10:39 AM

something like this.. Roll Eyes

Code:

{
"hash":"...",
"ver":1,
"vin_sz":1,
"vout_sz":2,
"lock_time":0,
...
"frozen":1,
...
}

I don't see where the "unfreeze key" is in that example?

thats ok, it is just an idea. an incomplete example.

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: btcusr on February 28, 2013, 11:10:39 AM

something like this.. Roll Eyes

Code:

{
"hash":"...",
"ver":1,
"vin_sz":1,
"vout_sz":2,
"lock_time":0,
...
"frozen":1,
...
}

I don't see where the "unfreeze key" is in that example?

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

something like this.. Roll Eyes

Code:

{
"hash":"...",
"ver":1,
"vin_sz":1,
"vout_sz":2,
"lock_time":0,
...
"frozen":1,
...
}

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: btcusr on February 28, 2013, 10:44:05 AM

Would like to end this thread, as I figure out implementation further.

your suggestions always welcome.

Yes. Please end this thread.

Your suggestion of:

Quote from: btcusr on February 28, 2013, 10:26:55 AM

the same way how script spends coins.

verify unlock signature, unlock, verify spend signature, spend

or, something similar to that.

offers no improvements over multisig. You would need to provide anyone who sends you bitcoin with the public key of your "unlock keypair" and they would have to create a transaction that includes that in the "script". This would only lock that transaction, not the entire address, until the "unlock keypair" was compromised. Then you would have to send out to everyone another unlock public key, and would have to move all your own old coins to a new transaction using the new unlock keypair.

This is essentially a multisig solution that requires giving out a public key instead of an address?

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

Would like to end this thread, as I figure out implementation further.

your suggestions always welcome.

btcusr

sr. member

Activity: 405

Merit: 255

@_vjy

> The "script" that is used in a bitcoin transaction describes
> what is required to spend the transaction. How can
> this be used to lock and unlock an address?

the same way how script spends coins.

verify unlock signature, unlock, verify spend signature, spend

or, something similar to that.

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

just use Armory, can even be the same wallet (then u have to use Coin Control) Wink

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: btcusr on February 28, 2013, 04:16:10 AM

Yet, I am not very sure.

This much is now very clear to me.

Quote from: btcusr on February 28, 2013, 04:16:10 AM

Frozen or not is just 1 bit detail, I hope this is possible through 'script'ing, so requires zero or minimal change.

The "script" that is used in a bitcoin transaction describes what is required to spend the transaction. How can this be used to lock and unlock an address?

Quote from: btcusr on February 28, 2013, 04:16:10 AM

Just we need to check whether address is frozen before proceeding with sign validation.

Easy to say. As far as I know, impossible to do without a "hard fork". Do you know of a method that would avoid a "hard fork" that you haven't described yet?

Quote from: btcusr on February 28, 2013, 04:16:10 AM

I am suggesting that this can be implemented as specialized freeze/unfreeze transaction, or through a new flag in usual transactions.

Which would require a "hard fork" as far as I know. Do you know of a method that would avoid a "hard fork" that you haven't described yet?

Quote from: btcusr on February 28, 2013, 04:16:10 AM

We are not going to redo all the hashing from Genesis block.

Nobody said anything about hashing from the Genisis block. Perhaps you don't understand what a "hard fork" is?

Quote from: btcusr on February 28, 2013, 04:16:10 AM

This again for the emotional attachment with the random bits. I want to include compromised address as one of multisig address. Now, I have to let everyone know my new address. When this address gets compromised, or every time I want to use different key to sign, then I have to create another multisig address.

Ok, I think I see your concern with multisig, but I still don't see how you are going to fix that problem with you "address freezing" process.

Topic: offline address - or a way to explicitly freeze an address (Read 2619 times)