Author

Topic: Your Public Key is Your Identity (Read 278 times)

jr. member
Activity: 57
Merit: 1
September 13, 2018, 09:12:49 AM
#14
This post is inspired by a chapter from the book "Bitcoin and Cryptocurrency Technologies", called "Public Keys as Identities".

In essence, the authors state that, the closest thing you can have to "identity" in the crypto-world is your public key (or equivalently, its hashed version, which is otherwise known as bitcoin address).

This is certainly nothing new to the more experienced members of this forum, but it can be somewhat confusing for the newbie users.

If you are a beginner, you already know that you have a username and, in addition, you have used an email address to register on the forum. So, at first glance, it might be logical that your identity should be tied to your email address.

However, it is NOT. Don't forget that this is a cryptocurrency forum. There is a better and more secure way in which you can prove your identity. And, it is not connected to your email address.

It has to do with a bitcoin address you own and you have control over. All you have to do is to publish it somewhere (in one of your unedited posts).

In case you need to prove that you are indeed the person who owns your account (for example, in case your account gets hacked), the administrator of this forum requires proof of ownership of that previously published bitcoin address.

In fact, on BCT you can't use your email address to prove your identity even if you wanted to. This inability to prove identity via email address is, surprisingly, something even some of the more experienced users whose accounts have been hacked complain about (from time to time).

But, as already said, your identity is your public key, and I'm not surprised that the administrator of this forum insists on it.

Let's get a little bit more into identities in the crypto space.

If you want to speak to the world on behalf of a certain identity (public key), you have to possess the private key that corresponds to that identity.

This makes a lot of sense, because you can then sign a message by using the corresponding private key and share that message with the world. The world can then verify that it is indeed you, the identity behind that public key, by verifying the signature.

So, again, in the crypto-world, your identity is your public key. Moreover, you can have a lot of public keys (aka bitcoin addresses), and this has as a consequence that you can create numerous identities.

You can use a certain identity for a couple of days and decide to switch to another identity after that.

In the real world, your identity (your identity document) has to be managed by a central authority. And this identity is permanent, or at least not so easy to change.

In the crypto world, your identity is managed by you in a decentralized way, and you can change it as many times as you like.

This loose sense of identity doesn't mean that you are totally anonymous or that you have total privacy. The reason is that your crypto identity leaves traces and behavioral patterns that can be traced and can lead back to your real-world persona.

You can read more about privacy/anonymity in bitcoin here.

Now, because your identity is essentially a random 26 to 35 alphanumeric sequence, you might be wondering if another person could possibly assume the same identity as yours (the technical term is collision). Even if you change your identity 1000 times every day, chances of this happening are negligible. In fact, here is a nice illustration of how impossibly difficult a collision with another bitcoin address is:

Quote
... if all the land on earth became as densely populated as Manila, the densest city in the world, and everyone generated 1000 addresses per day, it would take 184,025 years on average for the same address to be generated twice...
Source: https://www.reddit.com/r/Bitcoin/comments/790e9j/the_probability_of_the_same_bitcoin_address_being/


In conclusion, if you are a beginner, to be able to verify your identity in case of unforeseen circumstances, do the following:

 1) learn how to sign a message with your bitcoin address from this excellent tutorial.

 2) sign a message of a predefined format (as explained in step 1) and post it here.

Now you can then be sure that you can prove your identity in case such a proof is needed.

Edit: Revised according to the corrections indicated in @pooya87's post below.

What is the different between public address and public, because I open one online account and I see something like public key, private key and public address are them the same?
full member
Activity: 434
Merit: 246
September 10, 2018, 12:28:59 PM
#13
Now, because your identity is essentially a random 26-bit to 35-bit alphanumeric sequence
it is not "bit" it is "character". bit is something else. 1 bit is 1/8 of a byte. so in this case an address is 208-280 bit since each char is 1 byte. of course bit in this case doesn't mean anything i just posted the numbers so you can see how it works.
as you can see from the link you yourself posted it is not calling it 26... bits, it is calling it 26... alphanumeric characters.

You are right, of course. Thanks for correcting me. I'll edit the original post accordingly.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
September 10, 2018, 03:33:25 AM
#12
Regardless which own you're using, signed message/public key is not that relevant anymore because somebody can just sell it alongside the account they're selling (happened many times). This is probably one of the reasons why account recovery takes a very long time.
Yes, very true. The things that might happen is like this. Example: I sold an account to joniboini and after I received the payment I ask admin to recover my account and telling admin that my account is hacked and then giving the signed address as proof. So when that happens joniboini only loss his crypto for nothing or in short SCAMMED. That's why I'm not interested in buying accounts from someone  I don't know that offer me an account  to sell.
legendary
Activity: 2170
Merit: 1789
September 09, 2018, 11:51:14 PM
#11
So does it mean that we can't just easily signed an address or else bugs will just compromise the message? Huh

You can, pooya is telling you about the chance that some altcoin software might have a bug and that not everybody here owns that, so using that signed message has some inherent risk. Unless you trust/already review the software and unless there is other member who also use that software, there is no way using that signed message is good enough.

Regardless which own you're using, signed message/public key is not that relevant anymore because somebody can just sell it alongside the account they're selling (happened many times). This is probably one of the reasons why account recovery takes a very long time.
legendary
Activity: 3472
Merit: 10611
September 09, 2018, 11:06:37 PM
#10
~
So does it mean that we can't just easily signed an address or else bugs will just compromise the message? Huh

i didn't say it is a sure thing to happen, i said there is a good chance. and unless you are familiar with that cryptocurrency and its software you shouldn't just trust it. for example i don't own an ethereum wallet so if i wanted to verify your identity using a signed message from an electrum key i wouldn't be able to but i have an installed bitcoin wallet, i have verified messages before, i also have reviewed the code for it and it was tested enough so that i can be sure the chances of a bug in it practically is zero.
full member
Activity: 588
Merit: 128
September 09, 2018, 03:41:04 AM
#9
I think verifying bitcoin address is only useful when it comes verifying someone's identity. Nowadays, signed bitcoin address does not help bitcointalk users recover their account when it gets hacked or stolen.

I think you're confuse because in fact it's the best way how you can recover your account and it's a solid proof that it's really belongs to you.

Anyways, is there a possible way to also signed ETH address?

Yes it is, there you go.
https://medium.com/@eugen_lechner/sign-and-verify-a-wallet-address-with-myetherwallet-1a46f6e2853e



~
. but when you sign a message with an altcoin key you can no longer use the bitcoin software to verify it, you have to use that altcoin's software to do it. not everyone has that and also they may contain bugs that verify a wrong message and pass it as correct so we stick to bitcoin.

So does it mean that we can't just easily signed an address or else bugs will just compromise the message? Huh
legendary
Activity: 3472
Merit: 10611
September 08, 2018, 11:54:49 PM
#8
keys are not meant to be used for identity, they can be used. if you want to have a real way of identifying yourself then use PGP. we use bitcoin keys because this is a bitcoin forum and bitcoin already has a feature to sign messages and prove ownership of a key.
in fact an address and by extension the key pair you own is meant to be only used once. https://en.bitcoin.it/wiki/Address_reuse

Now, because your identity is essentially a random 26-bit to 35-bit alphanumeric sequence
it is not "bit" it is "character". bit is something else. 1 bit is 1/8 of a byte. so in this case an address is 208-280 bit since each char is 1 byte. of course bit in this case doesn't mean anything i just posted the numbers so you can see how it works.
as you can see from the link you yourself posted it is not calling it 26... bits, it is calling it 26... alphanumeric characters.


Anyways, is there a possible way to also signed ETH address?

ethereum and any other altcoin are the same as bitcoin, they have a private key, a public key and a hash of that public key that you use as your address. the process of signing a message is a cryptographic process using that private key so yeah any altcoin that has a private key (which is all of them) can be used, technically. but the problem is when you sign a message with bitcoin everyone can easily and securely verify the message. the software doing it (like the wallets) are already tested enough times that chances of a bug being present is minimal. but when you sign a message with an altcoin key you can no longer use the bitcoin software to verify it, you have to use that altcoin's software to do it. not everyone has that and also they may contain bugs that verify a wrong message and pass it as correct so we stick to bitcoin.
legendary
Activity: 2170
Merit: 1789
September 08, 2018, 09:36:13 PM
#7
For me, Privat e key is much better if you create your own key not from your identity,

No. If you make your private key your "identifier" in this forum/other crypto space, then you're essentially giving away your assets and your wallet. It makes me wonder did you really understand private key at all, 'cause you compare it to your date of birth or password.

I think verifying bitcoin address is only useful when it comes verifying someone's identity. Nowadays, signed bitcoin address does not help bitcointalk users recover their account when it gets hacked or stolen.

That's because recovering an account needs extra work. Sometimes a hacked account was sold alongside the address that was signed by the previous owner.

Anyways, is there a possible way to also signed ETH address?

Yes, it is. How long you've been in the forum and how much you've learned?
full member
Activity: 406
Merit: 100
September 08, 2018, 08:46:44 PM
#6
I think verifying bitcoin address is only useful when it comes verifying someone's identity. Nowadays, signed bitcoin address does not help bitcointalk users recover their account when it gets hacked or stolen.

Anyways, is there a possible way to also signed ETH address?
legendary
Activity: 2296
Merit: 1014
September 08, 2018, 07:59:37 PM
#5
For me, Privat e key is much better if you create your own key not from your identity,because if you used from your identity example from your birthdate,is easy to known of the hackers
Exactly, bitcoin has incredible random number addressess to provide without any user data needed.
Its crucial ale fool proof. Brain wallets were hacked often because users not too good in creating passwords.
hero member
Activity: 1190
Merit: 534
September 08, 2018, 09:33:52 AM
#4
In simple words, the public key is like the email address that allows us to accept payments (like emails) from anyone around the world. On the other hand, to access the received payment (eg: Emails)  we will need a confidential password that will give us exclusive access so that we can spend the received amount. The password is private key associated with the wallet.

Sometimes using real-life examples can help to articulate Bitcoin and cryptocurrencies to newbies in a better way.
jr. member
Activity: 448
Merit: 2
September 08, 2018, 08:22:38 AM
#3
For me, Privat e key is much better if you create your own key not from your identity,because if you used from your identity example from your birthdate,is easy to known of the hackers,I suggest you to use always special characters like *#$ like that,so hackers can't identify your key in easy way:)and please make a note.
legendary
Activity: 3220
Merit: 1374
Slava Ukraini!
September 08, 2018, 07:02:11 AM
#2
Yeah, public key can be used to identify people in crypto world. I think it's quite similar to bank account. Public key is like your bank account number and private jey is like a PIN code.
It's really important to know how to use Bitcoin address and signed message for identification. It can help to recover Bitcointalk account, prove that you hold needed amount of Bitcoin when you are escrow agent, lender or smth similar. This is why it's very important to use wallet which allow to sign a message from your public key.
On the other hand, public keys can help to hide your identity. People who want privacy always use new Bitcoin address for every transaction. Use of Bitcoin mixers also helps to increase privacy, hide source of Bitcoin if it was received in illegal ways.
@DropOnBy_1b

Why would you bump an old post with a totally unrelated answer?

That link of yours is shady as hell. I wouldn't click on it either.
Just use "Report to moderator" button and mods will delete offtopic spam.
full member
Activity: 434
Merit: 246
August 02, 2018, 08:15:36 AM
#1
This post is inspired by a chapter from the book "Bitcoin and Cryptocurrency Technologies", called "Public Keys as Identities".

In essence, the authors state that, the closest thing you can have to "identity" in the crypto-world is your public key (or equivalently, its hashed version, which is otherwise known as bitcoin address).

This is certainly nothing new to the more experienced members of this forum, but it can be somewhat confusing for the newbie users.

If you are a beginner, you already know that you have a username and, in addition, you have used an email address to register on the forum. So, at first glance, it might be logical that your identity should be tied to your email address.

However, it is NOT. Don't forget that this is a cryptocurrency forum. There is a better and more secure way in which you can prove your identity. And, it is not connected to your email address.

It has to do with a bitcoin address you own and you have control over. All you have to do is to publish it somewhere (in one of your unedited posts).

In case you need to prove that you are indeed the person who owns your account (for example, in case your account gets hacked), the administrator of this forum requires proof of ownership of that previously published bitcoin address.

In fact, on BCT you can't use your email address to prove your identity even if you wanted to. This inability to prove identity via email address is, surprisingly, something even some of the more experienced users whose accounts have been hacked complain about (from time to time).

But, as already said, your identity is your public key, and I'm not surprised that the administrator of this forum insists on it.

Let's get a little bit more into identities in the crypto space.

If you want to speak to the world on behalf of a certain identity (public key), you have to possess the private key that corresponds to that identity.

This makes a lot of sense, because you can then sign a message by using the corresponding private key and share that message with the world. The world can then verify that it is indeed you, the identity behind that public key, by verifying the signature.

So, again, in the crypto-world, your identity is your public key. Moreover, you can have a lot of public keys (aka bitcoin addresses), and this has as a consequence that you can create numerous identities.

You can use a certain identity for a couple of days and decide to switch to another identity after that.

In the real world, your identity (your identity document) has to be managed by a central authority. And this identity is permanent, or at least not so easy to change.

In the crypto world, your identity is managed by you in a decentralized way, and you can change it as many times as you like.

This loose sense of identity doesn't mean that you are totally anonymous or that you have total privacy. The reason is that your crypto identity leaves traces and behavioral patterns that can be traced and can lead back to your real-world persona.

You can read more about privacy/anonymity in bitcoin here.

Now, because your identity is essentially a random 26 to 35 alphanumeric sequence, you might be wondering if another person could possibly assume the same identity as yours (the technical term is collision). Even if you change your identity 1000 times every day, chances of this happening are negligible. In fact, here is a nice illustration of how impossibly difficult a collision with another bitcoin address is:

Quote
... if all the land on earth became as densely populated as Manila, the densest city in the world, and everyone generated 1000 addresses per day, it would take 184,025 years on average for the same address to be generated twice...
Source: https://www.reddit.com/r/Bitcoin/comments/790e9j/the_probability_of_the_same_bitcoin_address_being/


In conclusion, if you are a beginner, to be able to verify your identity in case of unforeseen circumstances, do the following:

 1) learn how to sign a message with your bitcoin address from this excellent tutorial.

 2) sign a message of a predefined format (as explained in step 1) and post it here.

Now you can then be sure that you can prove your identity in case such a proof is needed.

Edit: Revised according to the corrections indicated in @pooya87's post below.
Jump to: