what about allowing an owner to lock BTC to an address for a period of time? - page 2.

ElectricMucus

legendary

Activity: 1666

Merit: 1057

Marketing manager - GO MP

There already is a solution to this kind of problem without any tainted coins.

It would involve the possibility to "commit coins" to be payed to a certain address, requiring a third party (the exchange) to validate it. This way they exchange never as access to the coins at any point directly. Still that's a new feature which would have to be implemented in the blockchain.
(Wouldn't that be nice if that were the secret September announcement?

)

kjj

legendary

Activity: 1302

Merit: 1026

Quote from: nevafuse on September 06, 2012, 01:35:07 PM

Quote from: kjj on September 06, 2012, 01:04:17 PM

If the unlocked one has more fees, miners might just take it instead of the locked one.

Couldn't this same logic could be used for multisig as well? And what are the trade offs of these "features"? They all seem well intended, but I worry they will over complicate the protocol. Creating more bugs & increasing the opportunity for someone to obfuscate ill-intended code. Or create a fork. KISS = keep it simple, stupid. Bitcoin is already complicated enough.

You still have to satisfy the multisig script.

Ok, say you want to use nLockTime to send money to yourself in the future to prevent an attacker from stealing the timelocked coins. You create a transaction that will not be valid for a month (whatever) and broadcast it. Then an attacker gets in and steals the private key for that address. They can create a new transaction that sends the money to their own address. Honest nodes will consider that a double spend and refuse to relay it. But, if the attacker can give it directly to a miner, and if their attack transaction has a higher fee than the honest transaction, the miner now has an incentive to include the unlocked one rather than the locked one, making your timelock moot.

But, if you use M-of-N, and less than M keys are in places where they can be stolen (like on paper in a safe or bank vault), it is impossible for an attacker to spend, and even if a miner was willing to throw it into a block for a cut, it still couldn't happen.

paulie_w

sr. member

Activity: 420

Merit: 250

thread over.

Transisto

donator

Activity: 1731

Merit: 1008

Quote from: MysteryMiner on September 06, 2012, 03:42:10 PM

... Code your own client that will refuse tx containing ever growing list of "tainted" coins. Or better send your tainted coins to me, because "normal" clients and miners will ignore such censorship crap.

I guess being victim of a theft help having compassion for others who got stolen.

I hope not everyone is as "normal" as you are.

MysteryMiner

legendary

Activity: 1512

Merit: 1042

Death to enemies!

So the attacker could lock the coins for arbitrary long time. This idea is a brainfart.

Tainted coins? Code your own client that will refuse tx containing ever growing list of "tainted" coins. Or better send your tainted coins to me, because "normal" clients and miners will ignore such censorship crap.

Explodicle

hero member

Activity: 950

Merit: 1001

Quote from: DeathAndTaxes on September 06, 2012, 01:57:21 PM

All tx can go in the same block. 10 minutes later coins are in the last address.

Damn, that's true. I guess you could send each tx to a different set of independent servers, but that's still not 100% secure. Undecided

At least I learned something today, thanks!

flatfly

legendary

Activity: 1092

Merit: 1016

760930

Quote from: DeathAndTaxes on September 06, 2012, 02:06:23 PM

I am not sure what advantages a time locked address has over an offline address? I am just not seeing it.

However there are encryption algorithms which are time lock encryption.

Generate a private key & address.
Record the address.
Encrypt the private key with a time lock algorithm which requires x time.
Erase the private key.

The above 4 steps should likely be done on an offline non-persistent environment (i.e. live LINUX).

Start solving the time lock encryption problem.
You will have the private key after x time.*

* It isn't possible to specify the exact time as it will depend on hardware but time lock encryption algorithms are designed to make parallel work impossible (i.e. 2x GPU provides no more speed than 1x GPU). The single processor may get more powerful over time so if x is very long you may need to compensate for Moore's law.

Interesting... Do you know of any specific time-lock encryption open-source apps (on Linux or Windows)?

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

I am not sure what advantages a time locked address has over an offline address? I am just not seeing it.

However there are encryption algorithms which are time lock encryption.

Generate a private key & address.
Record the address.
Encrypt the private key with a time lock algorithm which requires x time.
Erase the private key.

The above 4 steps should likely be done on an offline non-persistent environment (i.e. live LINUX).

Start solving the time lock encryption problem.
You will have the private key after x time.*

* It isn't possible to specify the exact time as it will depend on hardware but time lock encryption algorithms are designed to make parallel work impossible (i.e. 2x GPU provides no more speed than 1x GPU). The single processor may get more powerful over time so if x is very long you may need to compensate for Moore's law.

Bitobsessed

sr. member

Activity: 291

Merit: 250

This does not solve the problem of exchange operators having a hot wallet. What happens with large withdrawals. This sounds like a decent idea for people that want to hoard their coins without worrying about them being hacked. On the other hand, encrypting your wallet sounds like it does about the same thing. For businesses that need BTC on hand at a moments notice, I do not think that this would solve their problems. Or solve any of the problems with exchanges getting hacked.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: ice_chill on September 06, 2012, 01:42:02 PM

Only issue is that emergencies happen in life and you might need the money, if you lock the money in a bank for example for 5 years so you can get increased interest rate, you can still take it out but will be hit with a fine.
What if you need the Bitcoins in an emergency ?

Which is why Bitcoin won't eliminate banks. The role of banks may change but some people want a trusted, bonded, and insured third party to secure their wealth for them. Long before fiat and FDIC there were banks.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

All tx can go in the same block. 10 minutes later coins are in the last address.

Explodicle

hero member

Activity: 950

Merit: 1001

To force yourself to wait at least X blocks:
Create x private keys
Create one offline transaction per key, sending the entire sum to the next address in series
Delete all but the last private key
Send the offline transactions to a bunch of different servers, all of which are set to automatically relay each transaction

That way, it's impossible to spend anything until every transaction has been processed, which will take ~10 minutes per key. So for 12 days you would need 24*6*12 keys.

ice_chill

sr. member

Activity: 336

Merit: 250

Only issue is that emergencies happen in life and you might need the money, if you lock the money in a bank for example for 5 years so you can get increased interest rate, you can still take it out but will be hit with a fine.
What if you need the Bitcoins in an emergency ?

nevafuse

sr. member

Activity: 247

Merit: 250

Quote from: kjj on September 06, 2012, 01:04:17 PM

If the unlocked one has more fees, miners might just take it instead of the locked one.

Couldn't this same logic could be used for multisig as well? And what are the trade offs of these "features"? They all seem well intended, but I worry they will over complicate the protocol. Creating more bugs & increasing the opportunity for someone to obfuscate ill-intended code. Or create a fork. KISS = keep it simple, stupid. Bitcoin is already complicated enough.

FreeMoney

legendary

Activity: 1246

Merit: 1016

Strength in numbers

What does the owner need in order to change the lock? Why would he be able to keep this safe but not the private key of the address?

kjj

legendary

Activity: 1302

Merit: 1026

Quote from: caveden on September 06, 2012, 12:52:39 PM

Question: is there a way, in bitcoin script, to get the block number?

If this was possible it would be possible to make what OP asks with a custom transaction script.

No, there is no way to get the block number in a script. People keep asking for it, but it wasn't left out by accident, it is missing for a reason. (Please think about how the network handles block reorgs for a while before you ask...)

nLockTime has some issues. For example, if you lose your keys, the network could see two transactions spending the same output, one locked until some time in the future, and one not locked. If the unlocked one has more fees, miners might just take it instead of the locked one.

The "right" way to do this is with P2SH M-of-N, and make sure that less than M keys are online waiting to be stolen. It also has the advantage that you don't need to guess the proper duration for the lock.

paulie_w

sr. member

Activity: 420

Merit: 250

that sounds like it could be the basis of the feature, especially if something could be embedded into it to have it automatically transfer to another address after that block. because there is a danger in this though, isn't there, of losing the wallet.dat file in the meantime.

caveden

legendary

Activity: 1106

Merit: 1004

Question: is there a way, in bitcoin script, to get the block number?

If this was possible it would be possible to make what OP asks with a custom transaction script.

caveden

legendary

Activity: 1106

Merit: 1004

Not exactly what you mean, but there's this feature, not yet enabled unfortunately, called nLockTime. It would allow you to specify a minimum block height for a transaction. For example, you say a transaction X should not enter the blockchain before block 210K. You may release the tx now, but it won't be accepted until then.

sippsnapp

sr. member

Activity: 322

Merit: 250

I like this idea very much indeed.
Beside that, the puplic should be aware of how many bitcoins are locked and how long.
Considered a huge amount of coins is locked up, this of course is a price driver.

Topic: what about allowing an owner to lock BTC to an address for a period of time? - page 2. (Read 3442 times)