Topic: Theft-Resistant "Specific Use Only" Wallets - page 2. (Read 1965 times)
You could create and sign (but not send) multiple transactions from your address to another specific address in various amounts and then carry those instead of your actual private key. That's the only way I can think of, and it's kind of cumbersome.
I think this is one of the clear cases where some sort of multisig approach makes sense.
Naively, I would think a 2 out of n (where n is a really big number consisting of "trusted" merchants) approach could work. Though this has the obvious problem of n being very big, and vulnerable to cases where one of the merchants gets compromised (the risk of which scales linerally w/ the number of merchants).
Thinking some more, there are two other alternatives:
2 out of 3 multisig, where the third is someone trusted (like bitpay) - less compromise, but more reliance on a centralized entity
2 out of n, where n is a much smaller number than above - some sort of "hierarchial" trust model, where each merchant in turn trusts n other merchants. This would be the most "ripple-like" scheme, but I'm having trouble wrapping my head around how this would work exactly.
In any case, I think multisig is a critical part of the solution.
Naively, I would think a 2 out of n (where n is a really big number consisting of "trusted" merchants) approach could work. Though this has the obvious problem of n being very big, and vulnerable to cases where one of the merchants gets compromised (the risk of which scales linerally w/ the number of merchants).
Thinking some more, there are two other alternatives:
2 out of 3 multisig, where the third is someone trusted (like bitpay) - less compromise, but more reliance on a centralized entity
2 out of n, where n is a much smaller number than above - some sort of "hierarchial" trust model, where each merchant in turn trusts n other merchants. This would be the most "ripple-like" scheme, but I'm having trouble wrapping my head around how this would work exactly.
In any case, I think multisig is a critical part of the solution.
The thief would then purchase Gold from a legitimate seller and then resell it for fiat or plain BTC?
Not knowing anything about anything, I would think no, because the private key would have to be present in order to be able to send the coins to whitelisted addresses. It could be a feature of the client, of course, but it wouldn't mean much if the private key itself was compromised. So I guess the question becomes how secure is the phone / hardware wallet?
...
I have a feeling this is presently under development.
Idea is flawed because there's no such thing as a theft-resistant wallet.
Idea is flawed because there's no such thing as a theft-resistant wallet.
I hope that you still remembered to wipe.
Was pooping, reading about Nigerian wealth disparity, and... no, no, wait - it's not racist, just hear me out!
Assuming people begin regularly carrying around bitcoins in a wallet for daily expenditure, could an organization pop up which, say, represents all Bitcoin merchants in North America - or perhaps BitPay could handle this all centrally... Anyway, is it possible to create separate "specific-use-only" wallets you could store in, say, your phone or your Trezor, where funds could only be sent to specific whitelisted addresses? (the whitelisted addresses must be impossible to edit with only the "specific use only" wallet, though maybe it could take an auto-updated list from the merchant organization?)
The idea is that the coins in the wallet could only be sent to specific addresses -- legitimate merchants. If a thief demanded your bitcoins, he'd have to steal the entire physical wallet device and could only spend the coins at legitimate merchants. He could not simply transfer coins to his own wallet. If the hardware wallet were stolen, the police can easily put together a database of blacklisted addresses which are pushed to merchants (this could be very effective if bitcoin change could be forced to go into old addresses instead of generating new ones). This DOES NOT affect fungibility. Since this is a "specific use only" wallet derived from a full-access wallet, it would be assumed that the user has a full-access wallet still at home on his more-secure device. Therefor, when he goes home, he simply transfers coins to a new address of his which does not need to be whitelisted because he'll be on the full-access wallet (the thief could not do this just by having, say, his cell phone). He can do whatever he wants from the full-access wallet, maybe create a "specific-use-only" wallet for terrorism and drugs - Idunno - or he could maybe create gift cards, where perhaps you can only spend the coins at, say, Amazon. (Oh. Giftcards. Maybe there's another application in this idea.)
I'm having trouble explaining this because I don't have the slightest idea how it would be implemented, but seems fairly plausible and maybe beneficial. Figured was worth throwing out there before I forget it.
Assuming people begin regularly carrying around bitcoins in a wallet for daily expenditure, could an organization pop up which, say, represents all Bitcoin merchants in North America - or perhaps BitPay could handle this all centrally... Anyway, is it possible to create separate "specific-use-only" wallets you could store in, say, your phone or your Trezor, where funds could only be sent to specific whitelisted addresses? (the whitelisted addresses must be impossible to edit with only the "specific use only" wallet, though maybe it could take an auto-updated list from the merchant organization?)
The idea is that the coins in the wallet could only be sent to specific addresses -- legitimate merchants. If a thief demanded your bitcoins, he'd have to steal the entire physical wallet device and could only spend the coins at legitimate merchants. He could not simply transfer coins to his own wallet. If the hardware wallet were stolen, the police can easily put together a database of blacklisted addresses which are pushed to merchants (this could be very effective if bitcoin change could be forced to go into old addresses instead of generating new ones). This DOES NOT affect fungibility. Since this is a "specific use only" wallet derived from a full-access wallet, it would be assumed that the user has a full-access wallet still at home on his more-secure device. Therefor, when he goes home, he simply transfers coins to a new address of his which does not need to be whitelisted because he'll be on the full-access wallet (the thief could not do this just by having, say, his cell phone). He can do whatever he wants from the full-access wallet, maybe create a "specific-use-only" wallet for terrorism and drugs - Idunno - or he could maybe create gift cards, where perhaps you can only spend the coins at, say, Amazon. (Oh. Giftcards. Maybe there's another application in this idea.)
I'm having trouble explaining this because I don't have the slightest idea how it would be implemented, but seems fairly plausible and maybe beneficial. Figured was worth throwing out there before I forget it.
Jump to: