Author

Topic: Protocol proposal to associate a multisig 2/2 to bitcoin-themed collectibles (Read 490 times)

legendary
Activity: 3276
Merit: 2898
Thread closed.

Following your suggestions I created the new TX_CERT protocol https://bitcointalksearch.org/topic/txcert-a-protocol-to-certify-a-collectible-using-bitcoin-network-5439719
which is a big improvement over this.

with TX_CERT we can certify:
 - the uniqueness of a product
 - the originality of the product
 - the manufacturing date of the product
 - all transfers of ownership and the relative dates.
 - who is the last owner, i.e. the current owner.
legendary
Activity: 2604
Merit: 2353
This exceptionally well-written idea
It's an ironic compliment I guess  Cheesy

I don't understand why you are using a QR-code @gbianchi? And why it only contains the MS address (if I understand correctly)? Why this QR-code doesn't contain all the datas from the certificate "cc"?

You say
Quote
a) cc is that of the bitcoin-themed collectibles (ms of the qr-code on the bitcoin-themed collectibles and that on cc correspond)
If there is no other way to check if the certificate "cc" is the real one, how will you prevent scammers to forge fake ones?

By the way, your method would be more understandable if you provided one example at least. With human readable names instead of those boring chinese abbreviations. You are posting from a smartphone?
legendary
Activity: 3206
Merit: 3596
Again... we don't need bitcoin-themed collectibles to have an associated key/address.
Multi-Sig means trusting another process.. someone else involved.
Not sure what people's obsession with other people's keys is.....

take 5 minutes to yourself and learn how to generate your own secure key pairs.
Plenty of good guides provided by forum members here.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
This exceptionally well-written idea tries to overcome recent development in the collectable space.

Thinking about advesal use case.

I am a not so onest collectible producer.
I produce object and I sell it to myself, as C1. I am then in possession of both keys.
I sell all the product on the secondary market to C2’s. I then rip off all my client à la Yogg.
Apparently unexplainable.

Yes, i know about this:

Quote from: gbianchi
Weaknesses:

P make an agreement with C1 in order to scam C2:
P could do it even in the single key case and with much less effort.


the passage from C1 to C2 and any subsequent passages must be better protected.

I'm thinking about a recursive version of the protocol that also protects
the subsequent customers of the chain.



My case is: P and C1 are the same person. Ho do you know if you are purchasing from P or C1? It’s very difficult to prevent a self-transfer.
legendary
Activity: 3276
Merit: 3537
Nec Recisa Recedit
Let's not forget about the first guy to do it .. kwerptywork or something like that? Made two releases, second one you had to guess why he picked the name for a free one.

I searched his posts (not very thoroughly Roll Eyes ) but I didn't find anything... can you tell me where it was originally posted? One of two releases is enough at least for me Smiley
legendary
Activity: 3276
Merit: 2898
This exceptionally well-written idea tries to overcome recent development in the collectable space.

Thinking about advesal use case.

I am a not so onest collectible producer.
I produce object and I sell it to myself, as C1. I am then in possession of both keys.
I sell all the product on the secondary market to C2’s. I then rip off all my client à la Yogg.
Apparently unexplainable.

Yes, i know about this:

Quote from: gbianchi
Weaknesses:

P make an agreement with C1 in order to scam C2:
P could do it even in the single key case and with much less effort.


the passage from C1 to C2 and any subsequent passages must be better protected.

I'm thinking about a recursive version of the protocol that also protects
the subsequent customers of the chain.

hero member
Activity: 2268
Merit: 960
100% Deposit Match UP TO €5000!
Let's not forget about the first guy to do it .. kwerptywork or something like that? Made two releases, second one you had to guess why he picked the name for a free one.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
This exceptionally well-written idea tries to overcome recent development in the collectable space.

Thinking about advesal use case.

I am a not so onest collectible producer.
I produce object and I sell it to myself, as C1. I am then in possession of both keys.
I sell all the product on the secondary market to C2’s. I then rip off all my client à la Yogg.
Apparently unexplainable.
newbie
Activity: 24
Merit: 19
sorry for noob proposal. feel free to delete.
sorry for additionally prefix I am not an expert, uneducated technical bitcoin.
T1 : Member of community with highly reputable or transparent organizations/people/offices
T2 : Member of community with highly reputable or transparent organizations/people/offices 2

---
Multi-signature application 2-of-3 in short  2-of-3: A board of three directors maintaining funds for their organization — those funds cannot be spent unless any two of those directors agrees.[1]
---
P collaborate with T1,T2 > P print k back holo-seal then publish or print p to cc or face-coin.
until this 2-of-3 able to see a. Funded first to a.
T1 print k in cc with holo-seal.
---
if C1 want redeem coins, C1 open holo-seal k by P and T1 then coin is spendable.
if P not print real k
C1 hold cc within k inside, generated by T1
C1 contact T2 to do Multi-signature then coin is spendable.
---
[1] https://en.bitcoin.it/wiki/Multi-signature

full member
Activity: 1318
Merit: 184
Krogothmanhattan alt account
 Neat idea ...looks great
legendary
Activity: 3276
Merit: 2898
here was a glass bell jar that i have designed for my casascius coin: https://bitcointalksearch.org/topic/casascius-coin-display-bell-jar-5432957

Now I have now modified the project to expose my Block Erupter:

 

In the project I have included two cavities to contain the rolled up sheets with the private keys.
A sealed cavity for the Pk key (right with an inspection hole ) and an open cavity for storing the C1k (left)

legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
  Very well written and technical as well. Interesting concept kinda like a Multi sig correct?

Thank you!

In a nutshell,  is a Bitcoin multisig 2 of 2 
one key from producer sealed into the object,
one key from customer.

  Yes Love the idea! It could definitely work.
legendary
Activity: 3276
Merit: 2898
  Very well written and technical as well. Interesting concept kinda like a Multi sig correct?

Thank you!

In a nutshell,  is a Bitcoin multisig 2 of 2 
one key from producer sealed into the object,
one key from customer.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
  Very well written and technical as well. Interesting concept kinda like a Multi sig correct?
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
This may be a great way for tech savvy individuals, but not for the average non-techie person.

Definitely doable I'd imagine.

Thanks for sharing your write up.
legendary
Activity: 3276
Merit: 2898
legendary
Activity: 3276
Merit: 2898
Protocol proposal to associate a multisig 2/2 address to bitcoin-themed collectibles
 
Author: gbianchi
Revision 0.2 dated January 14th 2023

Abstract
In cryptography, using a private key generated by another user does not guarantee security in the management of associated funds.
With this protocol we offer a valid alternative to the use of a 2 of 2 multisignature system capable of guaranteeing security for the user in the purchase and use of bitcoin-themed collectibles.

Introduction
Thanks to @bitbollo I learned about the world of bitcoin-themed collectibles.
I also learned that collectibles are often manufactured with an associated bitcoin address and relative private key, suitably hidden, for the purpose of loading amounts in bitcoins,
associated with the collectible, sometimes even substantial.[1]
 
Obviously the first objection/observation that came to my mind was: if the producer keeps a database of the generated keys, once a certain volume of customers is reached he can scam them all.[2]
Coincidentally, the @yogg scam related some Coldkey ™  cards occurred just a few days later which was the blatant manifestation of these doubts.[3]
 
The purpose of this document is to propose a multisignature[4] 2 of 2 for the production of collectibles with an associated multisig address at a higher security level than
to the private key system generated by the manufacturer.


Abbreviations
Prefix
P = Manufacturer (producer of bitcoin-themed collectibles)
C1 = direct customer of the manufacturer
C2 = customer of C1 (and any other customer later C1)
 
Suffix
k = Private Key
p = Public Key
a = bitcoin address
 
Symbols
ms = address multisignature 2 of 2
cc = paper certificate
 

------ Production ------------------------------

C1 wants to buy a collectible from P
C1 produces C1k and C1p
C1 sends C1p to P
P produces Pk and Pp
P generates ms from Pp + C1p
P generates Pa from Pp and C1a from C1p
P generates paper certificate cc with printed Pp, Pa, C1p, C1a, ms
P inserts his Pk into bitcoin-themed collectible and seals it
P prints a ms qr-code outside the bitcoin-themed collectible
P sends bitcoin-themed collectible to C1 accompanied by cc
 
Note: the loading of an amount on ms by P or other parties has no influence on the description of the protocol. In any case P is unable to spend ms, he does not know the key C1k to sign a possible transaction.
  

------- passing the bitcoin-themed collectible to c1 -------------
 
C1 receives bitcoin-themed collectible and cc
With the cc, C1 can verify that ms was generated by Pp + C1p .
He can also verify that the qr-code printed on the bitcoin-themed collectible corresponds to that of cc.
C1 if later wants to spend any ms content must break the bitcoin-themed collectibles, to withdraw Pk and be able to sign, together with C1k, the transaction.
 

------------ Selling the items from C1 to C2 (and so on)-------------------
 
C2 wants to buy from C1, but wants proof of ownership:
C1 sends C2 a photo of the qr-code of the bitcoin-themed collectible (address ms)
C1 sends C2 a photo of the paper certificate (and then Pp, Pa, C1p, C1a, ms ).
C1 proves to C2 that it can sign a message with address C1a (then prove it have the private key)
 
Then C2 it is certain that:
   a) cc is that of the bitcoin-themed collectibles (ms of the qr-code on the bitcoin-themed collectibles and that on cc correspond)
   b) C1 owns the private key C1k (is able to sign a message with C1a)
 
If C1 and C2 agree
C1 transcribes its own C1k and inserts it in the bitcoin-themed collectible.
C1 sends the bitcoin-themed collectibles to C2
 


------------ Advantages over the one key protocol------------
P  can never withdraw the amount paid in ms.
Even if you keep a database with all the Pk's it has generated, nothing can be done with it, so it can never scam C1
 
C1 interacts with P and is certain that the object is customized for him and UNIQUE.
 
C1 can demonstrate to C2 by sending the photo the paper certificate and signing with C1a (because he owns C1k) that he really possesses C1k[/i], therefore that he is aware of C1k (so if it's not C1 it must have somehow interacted with C1 and/or with the object).
 
Disadvantages:
The protocol does not lend itself to industrial production
Requires knowledge of bitcoin protocol and multi signature addresses from C1 and C2
The object must be "broken" in order to access P private key (that is inserted during the creation of the bitcoin-themed-collectibles), this kind of process has been already introduced by Kialara [5]


 
Weaknesses:
P doesn't actually put Pk inside the object, or it puts a wrong key:
P cannot spend any ms content, so if he doesn't introduce the key on purpose he has no advantage. If he introduces an incorrect one, he still has no advantage, as he could not gain anything in a scam attempt and would lose his reputation as a producer, so he could only lose out.
 
P make an agreement with C1 in order to scam C2:
P could do it even in the single key case and with much less effort.
Also P should agree with various C1 level clients for being able to scam all C2 level clients, which is unthinkable since items are available to all kind of users hence C1.
The bigger the number of customers of P the more unlikely an agreement between C1 and P to scam becomes possible.
 
if C1 does not send the key C1k to C2
C1 is not able to use / redeem the amount because the object remains intact, therefore it would have no advantage in not sending it, it loses its reputation in the face of any economic or trust advantage. In this case a reputable escrow during the transaction could be another viable solution to avoid any potential scam.
 
C1 loses C1k: is no longer able to sell the item, a C2 wouldn't buy it.
In any other way C1 tries to scam C2, they are cases identical to those
of the system with only one unique private key "hidden" in the object.
 
I ask all of you to review and suggest further implementations of this method for introducing keys into collectibles and increasing security in this type of transaction.


Summary
In the first level passage P -> C1 the risks for C1 are almost eliminated compared to the single key system.
In the second level passages C1 -> C2 the risks of C2 are slightly lower than in the single key system


References
[1] https://en.bitcoin.it/wiki/Casascius_1000_BTC_gold_coin
[2] https://bitcointalksearch.org/topic/info-breached-or-scam-coin-makers-list-3315347
[3] https://bitcointalksearch.org/topic/--5434506
[4] https://en.bitcoin.it/wiki/Multi-signature
[5] https://www.coindesk.com/markets/2016/04/01/how-kialara-uses-physical-bitcoins-to-explore-the-value-of-art/



Acknowledgments
I thank @bitbollo for the fundamental contribution, the constructive exchange of ideas and the patience.
Jump to: