Pages:
Author

Topic: The Collectibles Issue (Read 468 times)

legendary
Activity: 2268
Merit: 18748
January 31, 2023, 08:50:39 AM
#43
Those won't really be tradeable, though.
I think that's the bottom line, really. Collectibles should either have nothing to do with private keys, and just be tradable objects in their own right, or they should be entirely self funded but then never traded. Given that the community as a whole makes such a big deal about telling people to only buy hardware wallets from the official site, avoid resellers, avoid second hand devices, always check for authenticity, etc., in order to try to minimize the risk of receiving a tampered device, it seems crazy that we also encourage people to trade funded collectibles which have been in the possession of an unknown number of people.

If someone can come up with a collectible with all the things you've suggested then it will certainly be better than the current situation which depends 100% on trust, but it will never be completely risk free.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 31, 2023, 07:19:03 AM
#42
The tamper protection to choose for this application would be protection by self-destruction, i.e. if the buyer gets a device that still works (e.g. signs messages which prove it has the secret keys to spend Bitcoin stored on the printed address), the chip has not been tampered with.
Again, personally I would be deeply uncomfortable with such a set up. If the chip self-destructs after signing a single transaction, then there is a significant risk that you lose coins by signing an incorrect or incomplete transaction. And for most users they will not be familiar with the processes required to create a transaction manually or using a complementary watch only wallet before transferring the transaction for signing, so the risk becomes higher still.
That's true, this is one risk. It is the cost for not having to trust the designer or 'intermediary' owners / second-hand resellers.
Regarding accidental errors, there would need to be a software or extension for a popular wallet like Electrum that makes using these as simple as possible.

If you want to protect against clipboard malware, you'd also need a screen, but that would make the collectible quite bulky.
Which plays in to my issues above. If you only have one shot at signing a transaction before the chip self destructs, then not having a screen becomes too risky. If, however, you can simply unseal the device but sign as many transactions as you want, then you don't need a screen since you can double check your signed transaction on your computer before you broadcast it, and sign a different transaction should there be any issues.
The proposed software should definitely allow you to decode / check / auto-decode that signed PSBT and show you its contents before broadcasting it.
It will be much harder to hack someone's clipboard and the wallet such that it shows a different PSBT decoding result. Although I get what you're saying: the chip is already destructed, no way to re-sign if you notice something's off. You may be able to fit a cheap OLED screen in the collectible, since they make them starting from about $2.



Maybe, the solution will also just be to have 'pretty hardware wallets'. With their full functionality & security, but also full price, just with some nice limited-edition designs. Those won't really be tradeable, though..

Tibu is already making something I'd categorize between 'full hardware wallet' and 'collectible': https://satochip.io/product-category/satochip-designer-edition/
legendary
Activity: 2268
Merit: 18748
January 31, 2023, 05:39:17 AM
#41
The tamper protection to choose for this application would be protection by self-destruction, i.e. if the buyer gets a device that still works (e.g. signs messages which prove it has the secret keys to spend Bitcoin stored on the printed address), the chip has not been tampered with.
Again, personally I would be deeply uncomfortable with such a set up. If the chip self-destructs after signing a single transaction, then there is a significant risk that you lose coins by signing an incorrect or incomplete transaction. And for most users they will not be familiar with the processes required to create a transaction manually or using a complementary watch only wallet before transferring the transaction for signing, so the risk becomes higher still.

If you want to protect against clipboard malware, you'd also need a screen, but that would make the collectible quite bulky.
Which plays in to my issues above. If you only have one shot at signing a transaction before the chip self destructs, then not having a screen becomes too risky. If, however, you can simply unseal the device but sign as many transactions as you want, then you don't need a screen since you can double check your signed transaction on your computer before you broadcast it, and sign a different transaction should there be any issues.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 30, 2023, 10:28:38 PM
#40
For this application, it would need to be paired with some secure and tamper-protected storage chip; these exist. They don't / can't directly output the secret key, and hardware-based data extraction techniques are prevented by that tamper protection.
I'm no expert in the field, but what are the specifics of the tamper protection? Could a buyer verify that it works for themselves, or are they having to take the word of a third party? Could the average buyer even verify for themselves that the tamper protection hasn't been breached? How easy is this to do?
The tamper protection to choose for this application would be protection by self-destruction, i.e. if the buyer gets a device that still works (e.g. signs messages which prove it has the secret keys to spend Bitcoin stored on the printed address), the chip has not been tampered with.

This would be a very cool concept, but yeah, how feasible is it for a reasonable price? The Passport costs $260 for comparison.
I'm not sure. The feature set would be drastically reduced. I'm not sure if you can do it with a single chip or need 2, but even in that case, what you need is:
  • Microcontroller
  • Secure storage chip with tamper protection
  • Avalanche noise circuit
  • USB interface

If you want to protect against clipboard malware, you'd also need a screen, but that would make the collectible quite bulky.
The components mentioned above and the software for them should be fairly reasonable in price. Since collectibles always have a price premium, which may be increased if they're marketed as 'especially secure collectibles' (which they are), the price for the hardware and software may work out.

To give concrete numbers: Passport costs $260; devices similar to what I'm describing are available already for around $50 (less in component costs, of course).
legendary
Activity: 2268
Merit: 18748
January 30, 2023, 04:43:25 AM
#39
For this application, it would need to be paired with some secure and tamper-protected storage chip; these exist. They don't / can't directly output the secret key, and hardware-based data extraction techniques are prevented by that tamper protection.
I'm no expert in the field, but what are the specifics of the tamper protection? Could a buyer verify that it works for themselves, or are they having to take the word of a third party? Could the average buyer even verify for themselves that the tamper protection hasn't been breached? How easy is this to do?

This would be a very cool concept, but yeah, how feasible is it for a reasonable price? The Passport costs $260 for comparison.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 29, 2023, 04:34:52 PM
#38
Not much different from a hardware wallet; just simplified the functionality to a minimum, but it would use very similar hardware.
This is probably the most straightforward option. If you can have a device which will sign transactions passed to it but will never reveal the private key, then whoever owns it can send any coins they like to it, knowing that all previous owners don't have the private key and couldn't have pre-signed transactions to steal their outputs which didn't exist at the time. The biggest issues the same as above, though. Can it be independently verified?
Verifiable hardware is (becoming?) a thing for such critical applications.
To the best of my knowledge, it really started with https://betrusted.io/. For this application, it would need to be paired with some secure and tamper-protected storage chip; these exist. They don't / can't directly output the secret key, and hardware-based data extraction techniques are prevented by that tamper protection.
The combination of a secure element and verifiable hardware is basically what Foundation Passport has accomplished.

In my mind, this is mostly an engineering and price challenge at this point and not really a design / concept challenge. The building blocks definitely exist.
legendary
Activity: 2268
Merit: 18748
January 28, 2023, 05:00:48 AM
#37
Any thoughts?
How is it independently verifiable by the buyer? How can the buyer (and indeed, all future buyers) verify that neither the original creator or any previous owners have been able to access the private key?

Not much different from a hardware wallet; just simplified the functionality to a minimum, but it would use very similar hardware.
This is probably the most straightforward option. If you can have a device which will sign transactions passed to it but will never reveal the private key, then whoever owns it can send any coins they like to it, knowing that all previous owners don't have the private key and couldn't have pre-signed transactions to steal their outputs which didn't exist at the time. The biggest issues the same as above, though. Can it be independently verified?
hero member
Activity: 1036
Merit: 642
Magic
January 26, 2023, 06:29:19 PM
#36

We could say the same thing about NFTs, but this is something I view differently from it (especially since there are entire courses dedicated to how to flip JPEGs for a profit).

Most people are not going to be selling their collectables unless they absolutely have to, because they love keeping them.

Collectables look pretty and have an artistic value, and that's about it. Doesn't make them worthless though.

It doesn't make them worthless in a monetary sense. But it makes them worthless in the sense, that they can never really be trusted. If you can not trust your wallet, then the whole point of bitcoin is lost. All bitcoin is about is "Do not trust, verify!". The collectibles put a new centralized organization in the system, even if the whole system was built specifically to be there without the centralized organisation.  Huh
Anyway I like to see collectibles as art, and just hope nobody will load them.
What I like to find out in the future, if there is a "good" way to implement the private key, without the trust.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 26, 2023, 10:29:31 AM
#35
So anyway, the OS uses that connection to the collectible to write the private key bytes inside some file contained on the SIM, and then the computer sets the SIM to be read-only (which also permanently disables the networking apparatus), before putting them for sale.
That's overcomplicating, no? How about the SIM / embedded SoC in the collectible generates a private key using a secure chip the first time it's powered on? Key never leaves the device.
You plug it in and it appears as a Linux device called /dev/bc1q..... so the creator knows where to send the funds. And a buyer can easily check the value.

To sign a transaction, you pipe (or copy) the PSBT to the device and it returns the signed PSBT.

I presented the idea before, though. Not much different from a hardware wallet; just simplified the functionality to a minimum, but it would use very similar hardware.

That would be good, but we still need some apparatus to display the private key on the LED when the user requests it (maybe by touching a metal pin to some kind of hidden button like those used by routers) which permanently activates the private key on the LED.
No, the private key is never shown. Otherwise, a buyer (or the creator) can read it out and save it for later. The device signs PSBTs and outputs the signed transaction, like any other hardware wallet.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
January 26, 2023, 08:45:54 AM
#34


3) For the highest level of funding something like the https://satschip.com/ would be acceptable. You just put that under the hologram. Not 100% sure of the cost of them in bulk but that or a similar solution would work.

Or?Huh


And what happens if you find your Satschip in 20 years, just to find out that coinkite went bancrupt/was sanctioned and therefore the URL that seems to be needed to verify the transaction can not be reached anymore?
I think this whole collectible area is simply an inventions of companies to make money. There is no benefit at all for the community. The issue is that satoshi did not implement the right tools for such things in bitcoin in the first place.

It's open source, you really don't need them just the code.

Also, I did not make myself clear I was not saying use THEM just that a product like THAT would work. My bad on that I knew what I wanted to say in my head, just didn't make it to the hands to type it.

Are there any open standards out there or similar for long term secure single use data storage? Can't find any but I just don't see this never having come up someplace else.

-Dave
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 26, 2023, 06:25:03 AM
#33
I think this whole collectible area is simply an inventions of companies to make money. There is no benefit at all for the community. The issue is that satoshi did not implement the right tools for such things in bitcoin in the first place.

We could say the same thing about NFTs, but this is something I view differently from it (especially since there are entire courses dedicated to how to flip JPEGs for a profit).

Most people are not going to be selling their collectables unless they absolutely have to, because they love keeping them.

Collectables look pretty and have an artistic value, and that's about it. Doesn't make them worthless though.
hero member
Activity: 1036
Merit: 642
Magic
January 26, 2023, 03:13:10 AM
#32


3) For the highest level of funding something like the https://satschip.com/ would be acceptable. You just put that under the hologram. Not 100% sure of the cost of them in bulk but that or a similar solution would work.

Or?Huh


And what happens if you find your Satschip in 20 years, just to find out that coinkite went bancrupt/was sanctioned and therefore the URL that seems to be needed to verify the transaction can not be reached anymore?
I think this whole collectible area is simply an inventions of companies to make money. There is no benefit at all for the community. The issue is that satoshi did not implement the right tools for such things in bitcoin in the first place.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 26, 2023, 02:44:01 AM
#31
So anyway, the OS uses that connection to the collectible to write the private key bytes inside some file contained on the SIM, and then the computer sets the SIM to be read-only (which also permanently disables the networking apparatus), before putting them for sale.
That's overcomplicating, no? How about the SIM / embedded SoC in the collectible generates a private key using a secure chip the first time it's powered on? Key never leaves the device.
You plug it in and it appears as a Linux device called /dev/bc1q..... so the creator knows where to send the funds. And a buyer can easily check the value.

To sign a transaction, you pipe (or copy) the PSBT to the device and it returns the signed PSBT.

I presented the idea before, though. Not much different from a hardware wallet; just simplified the functionality to a minimum, but it would use very similar hardware.

That would be good, but we still need some apparatus to display the private key on the LED when the user requests it (maybe by touching a metal pin to some kind of hidden button like those used by routers) which permanently activates the private key on the LED.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
January 25, 2023, 10:44:48 AM
#30
There could also be 2 solutions so to speak (3 actually)

1) For very low value amounts, what we have now does work, unless you have sales in the 10s of thousands the amount you can get if it's a valve of 0.0001 on the coin is not a big deal. You can still make and create collectables an even if BTC goes up 100X from where it is now you are still only looking at $225 a coin. Yes in large numbers it's a lot of money but people would have to be aware of what it is.

2) For the next step up some version of the split key.

3) For the highest level of funding something like the https://satschip.com/ would be acceptable. You just put that under the hologram. Not 100% sure of the cost of them in bulk but that or a similar solution would work.

Or?Huh

The downside is you would need a phone or something with NFC to get to tag. But I don't think that is a big deal anymore.

-Dave
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 25, 2023, 07:20:41 AM
#29
So anyway, the OS uses that connection to the collectible to write the private key bytes inside some file contained on the SIM, and then the computer sets the SIM to be read-only (which also permanently disables the networking apparatus), before putting them for sale.
That's overcomplicating, no? How about the SIM / embedded SoC in the collectible generates a private key using a secure chip the first time it's powered on? Key never leaves the device.
You plug it in and it appears as a Linux device called /dev/bc1q..... so the creator knows where to send the funds. And a buyer can easily check the value.

To sign a transaction, you pipe (or copy) the PSBT to the device and it returns the signed PSBT.

I presented the idea before, though. Not much different from a hardware wallet; just simplified the functionality to a minimum, but it would use very similar hardware.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 25, 2023, 05:28:40 AM
#28
I like the split key idea
It doesn't allow the collectible to sold on without introducing trust, though.

OK, what about an operating system specifically designed for loading the keys into the collectible?

I mean like this: Each collectible can have a SIM card. The operating system will generate the private key bytes without showing them to the operator, and an additional NFC chip contained inside the collectible can communicate with some NFC receiver inside the computer hardware as soon as you scan using the computer a QR code contained on the collectible that would have connection parameters (which change as soon as you disconnect - only one concurrent connection allowed).

So anyway, the OS uses that connection to the collectible to write the private key bytes inside some file contained on the SIM, and then the computer sets the SIM to be read-only (which also permanently disables the networking apparatus), before putting them for sale.

This does require however the paper containing the private key to be replaced by an electronic LED screen, also protected by a hologram (how? IDK) somehow.

It would be sort of how credit cards communicate with POS terminals. Although CCs have numbers at the back of them. But the idea here is to prevent the operator from seeing the private key bytes in the first place. Only the customer would be able to.

Any thoughts?
legendary
Activity: 2268
Merit: 18748
January 25, 2023, 05:11:15 AM
#27
I like the split key idea
It doesn't allow the collectible to sold on without introducing trust, though.

That would be prevented because when it's bricked, it won't output its address, either.
Doesn't stop someone from copying the address from their previous transaction.

Is it a problem if you can only tell by plugging it in?
I'm not sure. I wouldn't buy any pre-funded products regardless, so I'm probably not the best person to ask. If you are buying something in person then it is trivial to plug it in to check. If you are buying something online then hopefully your money would be kept in an escrow until you receive the item and plug it in to check.
hero member
Activity: 1036
Merit: 642
Magic
January 25, 2023, 02:17:32 AM
#26
Honestly the Coldkey scam is a shame for the community. The inventor sold part of the company for the price of 0.5 BTC to a German forum member and after the transaction was finished he destroyed the company by taking the funds of the sold coldkeys. Maybe with split key, this could somehow be prevented but I think it is not very practical.
The best I could find is this: https://www.cardwallet.com
They print the wallets under maximum security in the Austrian State Mint and therefore I doubt that something would go wrong. The wallet is however not really a collectible and more a tool in this moment.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 24, 2023, 07:07:31 AM
#25
Or you could accidentally send more coins to the collectible in the future, mixing it up for a similar one which is not bricked.
That would be prevented because when it's bricked, it won't output its address, either. I'm trying to think of a technical way that prevents the actual maker to pre-sign a transaction. Since key generation and bricking are both done on-device, that would be secure against a malicious maker. Meanwhile, a PCB-level seal would allow the maker to get a signature before sealing it all up / adding resistor / whatever board-level measures are put in place that require physical breakage to later get to the coins again.

There needs to be some obvious way of telling whether the device is sealed or unsealed, much like an OpenDime does, but the device still needs to function regardless.
Is it a problem if you can only tell by plugging it in? I mean, sure, for reselling it would be better if it was more visual, but you could be scammed if someone uses a picture of a physically sealed item that they later peeled. On the other hand, the solution I suggested would allow the seller to sign the latest block hash and thus provide timestamped proof of funds.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 24, 2023, 06:59:41 AM
#24
I like the split key idea but it would have to be done with a PGP-signed open source program so that people know what they are dealing with. Better if it was written for all platforms and if there were iOS and Android apps for such a tool as well, so that the user avoids having to do anything.

There would be three separate workflows for user generating the private key, the operator making a "mutated" private key that they send to the user, and the third one would combine the two private keys into a keypair using whatever operation you prefer.

Alternatively this feature could be added to hardware wallets so that people avoid having to trust software in the first place (instead they just have to trust the hardware vendor to be genuine and that's it).
Pages:
Jump to: