Bitcoin Forum
December 11, 2018, 06:43:06 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: A thought experiment: PROVE you own a bitcoin  (Read 249 times)
Spendulus
Legendary
*
Offline Offline

Activity: 2086
Merit: 1088



View Profile
May 15, 2018, 11:49:34 PM
 #1

How would you prove it?

The bitcoin might be in an online wallet, a hardware wallet, a software wallet, or a paper wallet. You pick.

Here are some ideas to start.

A. Show a public key that has the bitcoin.
B. Show a public key that has the bitcoin, and show that you can move a token amount to and from this address.
C. Show a public key that has the bitcoin, and you  move 1 bitcoin to a new address.
D. Transfer the bitcoin to a wallet that is multi-key, the person that wants to know has part of the key.
E. Show the requestor your private key and it's value therein.
F. Transfer to bitcoin to a Reputable and Esteemed Holder of Assets, such as a Swiss Bank, who would then Vouch for Your Bitcoin.
G. The person asking for proof is required to have Faith that you have correctly stated you have a bitcoin.

LOL - on the last two....

Now if you have difficulty, don't despair. You are certain to have LESS DIFFICULTY than a nation has proving they have value in their paper money.

Hint: The correct answer is not listed above.
1544553786
Hero Member
*
Offline Offline

Posts: 1544553786

View Profile Personal Message (Offline)

Ignore
1544553786
Reply with quote  #2

1544553786
Report to moderator
1544553786
Hero Member
*
Offline Offline

Posts: 1544553786

View Profile Personal Message (Offline)

Ignore
1544553786
Reply with quote  #2

1544553786
Report to moderator
100% New Software
PC, Mac, Android, & HTML5 Clients
Krill Rakeback
Low Rake
Bitcoin Poker 3.0
Bad Beat Jackpot
SwC Poker Relaunch
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
ranochigo
Legendary
*
Offline Offline

Activity: 1610
Merit: 1103

Somewhat inactive.


View Profile WWW
May 16, 2018, 12:10:34 AM
 #2

Its inherently difficult to prove the sole ownership of your Bitcoins. A,B,C,E,F,G requires trust on either or both of the party and D just won't be sufficient.

The most accurate way is to sign a message with the address and the message must contain relevant information. However, this would just prove that you could have control of the address and the BTC associated with it. It is of course, possible for them to get someone else to sign a message using their address.

achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1610
Merit: 1789


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
May 16, 2018, 12:21:37 AM
 #3

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

Spendulus
Legendary
*
Offline Offline

Activity: 2086
Merit: 1088



View Profile
May 16, 2018, 01:00:15 AM
 #4

Its inherently difficult to prove the sole ownership of your Bitcoins. A,B,C,E,F,G requires trust on either or both of the party and D just won't be sufficient.

The most accurate way is to sign a message with the address and the message must contain relevant information. However, this would just prove that you could have control of the address and the BTC associated with it. It is of course, possible for them to get someone else to sign a message using their address.

C does not require trust, does it?

A person verifies a public address, then he sees that one bitcoin has moved to a new address, that was previously specified by you.

There is no way he could know whether you were the sole owner of the old address.

Now, how could a proof be devised that you owned the new address?

achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1610
Merit: 1789


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
May 16, 2018, 03:33:51 AM
Merited by suchmoon (1)
 #5

C does not require trust, does it?

A person verifies a public address, then he sees that one bitcoin has moved to a new address, that was previously specified by you.

There is no way he could know whether you were the sole owner of the old address.

Now, how could a proof be devised that you owned the new address?
Just send back to the same address. No need for a new address and it proves that you have the private key for that address and can move coins associated with it.

nc50lc
Full Member
***
Offline Offline

Activity: 434
Merit: 149


∙Self-proclaimed-Genius ㊙️


View Profile WWW
May 16, 2018, 05:46:42 AM
 #6

Paper Wallet? Show an edited picture of the printed paper wallet with covered private key and prvkey's QR code.
There are too many workaround to fake this like printing a bitcoin-loaded address paired with a random prv key but,
Paper Wallets' private keys are meant to be hidden and offline, the user didn't want to tell others that he own a bitcoin in the first place.

With this, leave Paper Wallets out of the available options.

LOL - on the last two....
No, LOL to this:
Quote from: Spendulus
E. Show the requestor your private key and it's value therein.
Roll Eyes

Other wallets? achow101 already replied with the best answer.

(っ◕‿◕)っ Newbies and Newbies at heart! Remember to Lock your Thread(s) after receiving enough replies/sufficient answers. 
FEELING GENEROUS?: 39EKeFj43inkH6Ctkosh9E7oskx3tvhSXi ∙ Do not buy non-mainstream ASICs at second-batch and onwards, you know the risk!
Karartma1
Legendary
*
Offline Offline

Activity: 1736
Merit: 1064


Be Revolutionary Or Die Trying


View Profile WWW
May 16, 2018, 06:53:58 AM
 #7

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys Wink

I am not interested in preserving the status quo; I want to overthrow it. Niccolò Machiavelli
nc50lc
Full Member
***
Offline Offline

Activity: 434
Merit: 149


∙Self-proclaimed-Genius ㊙️


View Profile WWW
May 16, 2018, 07:11:00 AM
 #8

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys Wink
"my UTXOs"; UTXOs contains Bitcoins, "my" means yours: You have Bitcoins, In other words. Tongue

Alright, you're trying to say that there are no bitcoin addresses in the network which most of us are claiming as "in their possession" and the private keys are the only "controller" of the funds.  Smiley

(っ◕‿◕)っ Newbies and Newbies at heart! Remember to Lock your Thread(s) after receiving enough replies/sufficient answers. 
FEELING GENEROUS?: 39EKeFj43inkH6Ctkosh9E7oskx3tvhSXi ∙ Do not buy non-mainstream ASICs at second-batch and onwards, you know the risk!
Spendulus
Legendary
*
Offline Offline

Activity: 2086
Merit: 1088



View Profile
May 16, 2018, 11:34:56 AM
 #9

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

Yes, that's the correct answer.

Paper Wallet? Show an edited picture of the printed paper wallet with covered private key and prvkey's QR code.
There are too many workaround to fake this like printing a bitcoin-loaded address paired with a random prv key but,
Paper Wallets' private keys are meant to be hidden and offline, the user didn't want to tell others that he own a bitcoin in the first place.

With this, leave Paper Wallets out of the available options.

LOL - on the last two....
No, LOL to this:
Quote from: Spendulus
E. Show the requestor your private key and it's value therein.
Roll Eyes

Other wallets? achow101 already replied with the best answer.

Yes, (E) is pretty funny.

Note that I pose both an interesting and practical question. You might want to meet up with someone from Localbitcoins to make a purchase, or want to sell something with bitcoin. Is the other party capable of making the transaction?

It's not uncommon in many transactions to require "show proof of funds."
Spendulus
Legendary
*
Offline Offline

Activity: 2086
Merit: 1088



View Profile
May 16, 2018, 11:41:37 AM
 #10

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys Wink

This is an important distinction, but in the context of the question, the problem simply shifts to "Prove you hold keys."

Like, "Dude. If you think I'll drive 50 miles to trade my riding lawnmower for your bitcoins, you gonna have to show me you have them first."
DannyHamilton
Legendary
*
Offline Offline

Activity: 2198
Merit: 1385



View Profile
May 16, 2018, 03:28:50 PM
 #11

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

This is insufficient.

It requires more than simply "any signed message".  The mesage MUST be phrased in such a way that it is extremely unlikely that someone else could be tricked or convinced into signing the message for the person claiming to hold the bitcoins"

If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:
Code:
As of 2018-05-16 this address contains at least 1 BTC

Then Achow101 could forward to me the message that Spendulus has signed.


Furthermore, a signed message only demonstrates that you are ONE of the people that have access to the bitcoins.  It does not prove that you have SOLE access.

I don't think there is ANY way to prove that nobody else has access to the coins.




C does not require trust, does it?

It does.

I must trust that you aren't asking someone else to move that bitcoin on your behalf.

Karartma1
Legendary
*
Offline Offline

Activity: 1736
Merit: 1064


Be Revolutionary Or Die Trying


View Profile WWW
May 16, 2018, 05:44:54 PM
 #12

I don't have bitcoins. I am simply able to control and use the private keys associated to my UTXOs that give me the opportunity to transfer thouse outputs onto other addresses that will become new UTXOs for the next guy on the blockchain.
Again, I have NO bitcoins. I HOLD keys Wink

This is an important distinction, but in the context of the question, the problem simply shifts to "Prove you hold keys."

Like, "Dude. If you think I'll drive 50 miles to trade my riding lawnmower for your bitcoins, you gonna have to show me you have them first."
Kudos  Wink
I tried mine, I'll turn my head around this some more but I don't think I'll come up with your answer. Therefore, I'm waiting for others to crack the code you have here.

I am not interested in preserving the status quo; I want to overthrow it. Niccolò Machiavelli
Spendulus
Legendary
*
Offline Offline

Activity: 2086
Merit: 1088



View Profile
May 16, 2018, 06:19:52 PM
 #13

If you want proof of "I can spend coins associated with this address", you can sign a message with the address (or specifically with the private key whose public key hashes to the hash encoded by an address).

This is insufficient.

It requires more than simply "any signed message".  The mesage MUST be phrased in such a way that it is extremely unlikely that someone else could be tricked or convinced into signing the message for the person claiming to hold the bitcoins"

If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:
Code:
As of 2018-05-16 this address contains at least 1 BTC

Then Achow101 could forward to me the message that Spendulus has signed.


Furthermore, a signed message only demonstrates that you are ONE of the people that have access to the bitcoins.  It does not prove that you have SOLE access.

I don't think there is ANY way to prove that nobody else has access to the coins.




C does not require trust, does it?

It does.

I must trust that you aren't asking someone else to move that bitcoin on your behalf.

I had noticed that when a pre existing private key was in use, there is no recorded history of it's having single or multiple users or "owners." The phrase "no recorded history" is meaningful, because now we must rely on trust.

Hence it appears that any means of proving ownership of a bitcoin must involve  the creation of a new private key.

A wishes to buy something from B with 1 bitcoin, and B asks for proof.

A sits down with B and tries various ways to prove he has coins.

Maybe he logs into Coinbase and shows B the screen.
B raises the objections listed above....

Maybe the answer is something like this.

"Yeah my wife also has access to the account but she also has access to our credit cards and bank accounts. So what? If you had verified those you verified the presence of funds at that instant and you didn't care about multiple people having access to them. Why are you demanding a higher standard here?"
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 577
Merit: 502



View Profile
May 17, 2018, 12:04:51 AM
 #14

Quote
If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:


That is true but most experienced BTC users wanting proof would require text that is specific to a transaction they are going to make.  e.g. "Coin-Keeper is able to send 1 BTC to DannyHamilton on May 16 from X address".  At least that is what I would require on a sig scenario where my being convinced is involved.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: http://fonstavka.com/index.php?topic=996318.msg17102755#msg17102755
RGBKey
Hero Member
*****
Offline Offline

Activity: 840
Merit: 628


rgbkey.github.io/pgp.txt


View Profile WWW
May 17, 2018, 03:13:56 AM
 #15

Quote
If Spendulus has 1 BTC and achow101 has 0 BTC, but is telling me that he has 1 BTC, then Achow101 could trick Spendulus into signing a message that says:


That is true but most experienced BTC users wanting proof would require text that is specific to a transaction they are going to make.  e.g. "Coin-Keeper is able to send 1 BTC to DannyHamilton on May 16 from X address".  At least that is what I would require on a sig scenario where my being convinced is involved.

Yeah, most people won't sign vague statements, and most people won't accept vague signed statements. They're usually very specific.

Wind_FURY
Hero Member
*****
Offline Offline

Activity: 938
Merit: 700


Crypto-Games.net: Multiple coins, multiple games


View Profile
May 17, 2018, 06:02:36 AM
 #16

OP, post your seeds on the internet and hope that no one will steal your coins. Hahaha.

But what is the point of this exercise? I believe we should be disproving that we have Bitcoins than prove that we do. Lips sealed


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
Kakmakr
Legendary
*
Offline Offline

Activity: 1498
Merit: 1151

★ ChipMixer | Bitcoin mixing service ★


View Profile
May 17, 2018, 06:18:23 AM
 #17

If you do not trust the second party, then just make use of a trusted Escrow. Why would you go through all the trouble to sign a message and not knowing if the owner has sole access to those coins. If the coins were send to a third party, you would be certain that the owner has sole access to those coins.  Roll Eyes

The whole point of proof is to make sure that the recipient receive their promised coins, right? This is where the trusted Escrow comes into play.  Wink

 

HCP
Hero Member
*****
Offline Offline

Activity: 812
Merit: 989

<insert witty quote here>


View Profile
May 17, 2018, 06:34:48 AM
 #18

If you do not trust the second party, then just make use of a trusted Escrow.
I think you're missing the entire point of a "trustless" system...


Quote
Why would you go through all the trouble to sign a message and not knowing if the owner has sole access to those coins. If the coins were send to a third party, you would be certain that the owner has sole access to those coins.  Roll Eyes
But how do you know that the Escrow (who is now technically the "owner") has sole access to the coins? Tongue


Quote
The whole point of proof is to make sure that the recipient receive their promised coins, right? This is where the trusted Escrow comes into play.  Wink
But as mentioned, that breaks the entire "trustless" system... you're still having to trust *someone* with something.


You can never really prove "sole" ownership or access to coins... at best you can prove you have the ability to spend coins. Whether or not you have exclusive access is not really the point in the "Ride on Mower" scenario. You just want to be able to provide evidence that you have access to the funds... a (specific) signed message should be adequate in this scenario.

xIIImaL
Legendary
*
Offline Offline

Activity: 1386
Merit: 1005


View Profile
May 17, 2018, 05:33:22 PM
 #19

Its inherently difficult to prove the sole ownership of your Bitcoins. A,B,C,E,F,G requires trust on either or both of the party and D just won't be sufficient.

The most accurate way is to sign a message with the address and the message must contain relevant information. However, this would just prove that you could have control of the address and the BTC associated with it. It is of course, possible for them to get someone else to sign a message using their address.

C does not require trust, does it?

A person verifies a public address, then he sees that one bitcoin has moved to a new address, that was previously specified by you.

There is no way he could know whether you were the sole owner of the old address.

Now, how could a proof be devised that you owned the new address?



Some years before we see most of the wallet providers giving the static address to receive the bitcoin from one person to your wallet. Nowadays due to security concern and want to more anonymous most of the wallet providers giving the dynamic wallet address whenever you go to see your bitcoin public address.
However as the above person said, you can use the same address to receive the bitcoin and you can use it to track the complete transaction with the block explorers.
lianghwajou
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
May 17, 2018, 07:37:32 PM
 #20

It's impossible to prove ownership without some out of band mechanism because the only relationship maintained by bitcoin network is between bitcoin and (pub/pri) keys. There is no way to tie an id to a key. Even when someone can move bitcoin or sign a message with private key, it still doesn't prove ownership. He can simple ask the owner of the key to do these operations for him.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!