Pages:
Author

Topic: what about allowing an owner to lock BTC to an address for a period of time? - page 2. (Read 3442 times)

legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
There already is a solution to this kind of problem without any tainted coins.

It would involve the possibility to "commit coins" to be payed to a certain address, requiring a third party (the exchange) to validate it. This way they exchange never as access to the coins at any point directly. Still that's a new feature which would have to be implemented in the blockchain.
(Wouldn't that be nice if that were the secret September announcement? Smiley )
kjj
legendary
Activity: 1302
Merit: 1026
If the unlocked one has more fees, miners might just take it instead of the locked one.

Couldn't this same logic could be used for multisig as well?  And what are the trade offs of these "features"?  They all seem well intended, but I worry they will over complicate the protocol.  Creating more bugs & increasing the opportunity for someone to obfuscate ill-intended code.  Or create a fork.  KISS = keep it simple, stupid.  Bitcoin is already complicated enough.

You still have to satisfy the multisig script.

Ok, say you want to use nLockTime to send money to yourself in the future to prevent an attacker from stealing the timelocked coins.  You create a transaction that will not be valid for a month (whatever) and broadcast it.  Then an attacker gets in and steals the private key for that address.  They can create a new transaction that sends the money to their own address.  Honest nodes will consider that a double spend and refuse to relay it.  But, if the attacker can give it directly to a miner, and if their attack transaction has a higher fee than the honest transaction, the miner now has an incentive to include the unlocked one rather than the locked one, making your timelock moot.

But, if you use M-of-N, and less than M keys are in places where they can be stolen (like on paper in a safe or bank vault), it is impossible for an attacker to spend, and even if a miner was willing to throw it into a block for a cut, it still couldn't happen.
sr. member
Activity: 420
Merit: 250
donator
Activity: 1731
Merit: 1008
... Code your own client that will refuse tx containing ever growing list of "tainted" coins. Or better send your tainted coins to me, because "normal" clients and miners will ignore such censorship crap.
I guess being victim of a theft help having compassion for others who got stolen.

I hope not everyone is as "normal" as you are.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
So the attacker could lock the coins for arbitrary long time. This idea is a brainfart.

Tainted coins? Code your own client that will refuse tx containing ever growing list of "tainted" coins. Or better send your tainted coins to me, because "normal" clients and miners will ignore such censorship crap.
hero member
Activity: 950
Merit: 1001
All tx can go in the same block. 10 minutes later coins are in the last address.
Damn, that's true. I guess you could send each tx to a different set of independent servers, but that's still not 100% secure.  Undecided At least I learned something today, thanks!
legendary
Activity: 1092
Merit: 1016
760930
I am not sure what advantages a time locked address has over an offline address?  I am just not seeing it.

However there are encryption algorithms which are time lock encryption.

Generate a private key & address.
Record the address.
Encrypt the private key with a time lock algorithm which requires x time.
Erase the private key.

The above 4 steps should likely be done on an offline non-persistent environment (i.e. live LINUX).

Start solving the time lock encryption problem.
You will have the private key after x time.*

* It isn't possible to specify the exact time as it will depend on hardware but time lock encryption algorithms are designed to make parallel work impossible (i.e. 2x GPU provides no more speed than 1x GPU).  The single processor may get more powerful over time so if x is very long you may need to compensate for Moore's law. 


Interesting... Do you know of any specific time-lock encryption open-source apps (on Linux or Windows)?
donator
Activity: 1218
Merit: 1079
Gerald Davis
I am not sure what advantages a time locked address has over an offline address?  I am just not seeing it.

However there are encryption algorithms which are time lock encryption.

Generate a private key & address.
Record the address.
Encrypt the private key with a time lock algorithm which requires x time.
Erase the private key.

The above 4 steps should likely be done on an offline non-persistent environment (i.e. live LINUX).

Start solving the time lock encryption problem.
You will have the private key after x time.*

* It isn't possible to specify the exact time as it will depend on hardware but time lock encryption algorithms are designed to make parallel work impossible (i.e. 2x GPU provides no more speed than 1x GPU).  The single processor may get more powerful over time so if x is very long you may need to compensate for Moore's law. 

sr. member
Activity: 291
Merit: 250
This does not solve the problem of exchange operators having a hot wallet.  What happens with large withdrawals.  This sounds like a decent idea for people that want to hoard their coins without worrying about them being hacked.  On the other hand, encrypting your wallet sounds like it does about the same thing.  For businesses that need BTC on hand at a moments notice, I do not think that this would solve their problems.  Or solve any of the problems with exchanges getting hacked.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Only issue is that emergencies happen in life and you might need the money, if you lock the money in a bank for example for 5 years so you can get increased interest rate, you can still take it out but will be hit with a fine.
What if you need the Bitcoins in an emergency ?

Which is why Bitcoin won't eliminate banks.  The role of banks may change but some people want a trusted, bonded, and insured third party to secure their wealth for them.  Long before fiat and FDIC there were banks. 
donator
Activity: 1218
Merit: 1079
Gerald Davis
All tx can go in the same block. 10 minutes later coins are in the last address.
hero member
Activity: 950
Merit: 1001
To force yourself to wait at least X blocks:
Create x private keys
Create one offline transaction per key, sending the entire sum to the next address in series
Delete all but the last private key
Send the offline transactions to a bunch of different servers, all of which are set to automatically relay each transaction

That way, it's impossible to spend anything until every transaction has been processed, which will take ~10 minutes per key. So for 12 days you would need 24*6*12 keys.
sr. member
Activity: 336
Merit: 250
Only issue is that emergencies happen in life and you might need the money, if you lock the money in a bank for example for 5 years so you can get increased interest rate, you can still take it out but will be hit with a fine.
What if you need the Bitcoins in an emergency ?
sr. member
Activity: 247
Merit: 250
If the unlocked one has more fees, miners might just take it instead of the locked one.

Couldn't this same logic could be used for multisig as well?  And what are the trade offs of these "features"?  They all seem well intended, but I worry they will over complicate the protocol.  Creating more bugs & increasing the opportunity for someone to obfuscate ill-intended code.  Or create a fork.  KISS = keep it simple, stupid.  Bitcoin is already complicated enough.
legendary
Activity: 1246
Merit: 1016
Strength in numbers
What does the owner need in order to change the lock? Why would he be able to keep this safe but not the private key of the address?
kjj
legendary
Activity: 1302
Merit: 1026
Question: is there a way, in bitcoin script, to get the block number?

If this was possible it would be possible to make what OP asks with a custom transaction script.

No, there is no way to get the block number in a script.  People keep asking for it, but it wasn't left out by accident, it is missing for a reason.  (Please think about how the network handles block reorgs for a while before you ask...)

nLockTime has some issues.  For example, if you lose your keys, the network could see two transactions spending the same output, one locked until some time in the future, and one not locked.  If the unlocked one has more fees, miners might just take it instead of the locked one.

The "right" way to do this is with P2SH M-of-N, and make sure that less than M keys are online waiting to be stolen.  It also has the advantage that you don't need to guess the proper duration for the lock.
sr. member
Activity: 420
Merit: 250
that sounds like it could be the basis of the feature, especially if something could be embedded into it to have it automatically transfer to another address after that block. because there is a danger in this though, isn't there, of losing the wallet.dat file in the meantime.
legendary
Activity: 1106
Merit: 1004
Question: is there a way, in bitcoin script, to get the block number?

If this was possible it would be possible to make what OP asks with a custom transaction script.
legendary
Activity: 1106
Merit: 1004
Not exactly what you mean, but there's this feature, not yet enabled unfortunately, called nLockTime. It would allow you to specify a minimum block height for a transaction. For example, you say a transaction X should not enter the blockchain before block 210K. You may release the tx now, but it won't be accepted until then.
sr. member
Activity: 322
Merit: 250
I like this idea very much indeed.
Beside that, the puplic should be aware of how many bitcoins are locked and how long.
Considered a huge amount of coins is locked up, this of course is a price driver.
Pages:
Jump to: