Author

Topic: Secure physical bitcoins using chip (Read 780 times)

legendary
Activity: 1512
Merit: 1057
SpacePirate.io
August 21, 2014, 07:26:43 AM
#2
I've seen a few variations on your idea over the past year, but it's interesting nonetheless. At the last bitcoin conference in vegas a guy had a small desktop 3d printer (about the size of a loaf of bread) that was printing coins. He developed a sort of metal frame that the coin was "printed" on with a public key, think of a casino chip that you could make at home. I think he was working on a site as well if I remember correctly that would act like a brainwallet for the coins. If you wanted to get the private key for the coin it was on the inside of the metalframe that you would have to destroy the printed parts to get to the private key.

And then there's the chocolate bitcoins.... Cheesy
newbie
Activity: 1
Merit: 0
August 21, 2014, 01:35:16 AM
#1
I have invented a new way of minting physical bitcoins, like casascius, but more secure. Has this been thought of before? Does it exist already? Would it work? I'd love to see something like this produced some day. Idea described below.

The minter loads the private key on a tiny chip, like a sim-card, and glues it on a plastic or metallic coin. The chip is made in such a way that the private key can not be read from the chip.

When a user receives the chip, he can read the public key and the balance from the chip, and a verification message signed by the minter. When the user wants to open/spend the bitcoin inside, he communicates with the chip and gives it a new address to move the bitcoins to. The chip will output a signed transaction, and it will stop outputting the verification message. The chip will then permanently go into "spent" mode (kindof self-destructed).

It will be impossible to make fake coins, as the verification output from the chip must be signed by the mint.

It is possible to duplicate the coin, by making one produce identical output of the verification message. If the verifier has access to the blockchain, he can check that the public key still has a balance, but that kindof ruins the point of a physical coin. A workaround for the duplication problem is to implement challenge and response messages. Then the verifier can feed the coin with some random data, and the coin can sign that data proving that it cointains a secret key from the mint. These mint private keys should preferrably be unique. I assume hierarchical keys come in handy there.
Jump to: