Secure sharedrops without private key import

[pc]

Edit: here's a how-to: http://pts.cubeconnex.com/wiki/index.php?title=Secure_Asset_Import

You may have seen it over on btstalk: https://bitsharestalk.org/index.php?topic=11634.msg153439#msg153439
Someone has announced a new BTS fork and wants to sharedrop on PTS/AGS, which has brought an old subject back. We need a way to make sharedrops secure, i. e. find a way to claim shares without the need to import private keys.

Has anyone thought about how this could be implemented?

From the top of my head, it could work like this:
We assume you are the OWNER of an ADDRESS in some unrelated BLOCKCHAIN. Owning ADDRESS entitles you to shares in a new coin, for example NEWSHARES. The classic (insecure) way to handle this is to use "dumpprivkey ADDRESS" in the old BLOCKCHAIN-client, then "wallet-import-private-key PRIVKEY ACCOUNT" in the NEWSHARES-client.
The new (secure) way is:
0. We further assume that the BLOCKCHAIN-client is capable of signing arbitrary text messages with the private key for ADDRESS in such a way that the signature can be verified to belong to the owner of ADDRESS. We assume that this signing/verifying works as implemented in bitcoin.
1. OWNER creates a wallet and an ACCOUNT in the NEWSHARES-client. Let the account public key be NEWKEY.
2. OWNER creates a simple text message "Transfer ADDRESS to NEWKEY".
3. OWNER signes the message using BLOCKCHAIN-client, creating SIGNATURE.
4. OWNER opens NEWSHARES-client and issues the command "wallet-account-claim ADDRESS ACCOUNT SIGNATURE".
5. NEWSHARES-client verifies signature and creates a special transaction transferring the genesis balance from ADDRESS to NEWKEY, subtracting the configured TX fee.
6. NEWSHARES-client pushes the transaction out to the network.
7. NEWSHARES-delegates validate the signature and include the transaction into the next block.

I think this is somewhat straightforward to implement, but could be improved usability-wise.

Comments?

Edit: regarding usability - we could create a command "wallet-account-prepare-claim ADDRESS ACCOUNT" that output the message to sign, or maybe even a full "signmessage" command line to c&p into BLOCKCHAIN-client...

[cube]

I think it is more secured to have a function to claim based on a signed message rather than private key.  Yes, why not?

How about 'wallet_import_by_signedmsg' to be consistent with current command structure?

[AlphaBar]

This is incredibly important, and I would be surprised if the BitShares devs were not already working on it. May be something we can simply merge once they've implemented. If we have the resources to implement it ourselves then even better.

[pc]

Just pushed this into the develop branch. Including regression tests, which show it to be working. :-)

Currently bitcoin and (classic) pts are supported. The principle should be extendable to sharedrops on bitshares-derived chains as well.

[lafona]

Just tested it and it seemed to work fine. I like how you can use the command, answer the prompts for account: and address, and receive the text to sign as an output. I did get an assert Exception error when I tried this, but once I signed the message and put it in the right format wallet_import_by_signedmsg ACCOUNT ADDRESS SIGNEDMESSAGE it worked fine. So to sum it up

1) Go to PTS wallet(old) -> Select Sign message -> copy address from address book
2) In PTS client(new) -> type wallet_import_by_signedmsg  -> at the prompts enter the account name to import to and then the address copied in step 1) -> this will output the message to sign
3)In PTS wallet(old) -> paste same account from step 1) into first box -> copy message in quotation from 2) and paste into second box -> sign and copy the output
4) In PTS wallet (new) -> type  the command followed by the account name to import to, the address from 1) and signed message from 3), it should look like this
wallet_import_by_signedmsg  ACCOUNT ADDRESS SIGNEDMESSAGE

[lafona]

Would you have to do this step multiple times if you have more than one receive address? I only had one, but I would imagine you could have pts split up amongst multiple receive addresses.

[svk]

Would you have to do this step multiple times if you have more than one receive address? I only had one, but I would imagine you could have pts split up amongst multiple receive addresses.

I can confirm that you need to repeat for each address. I had two, one gave an assert exception:

Code: [Select]

10 assert_exception: Assert Exception
balance.amount > 0 && balance.asset_id == 0: No unspent genesis balance found for xxxxVJ9xQuzdzdzdFENC3f3DkK
The second one worked. It's a little confusing however that you never get a prompt for the actual signed message, you need to enter everything on one line. If you enter first the new account, then the old address you get an error but that error does contain the message to sign.

Either way this is awesome and a great idea, I hope to this added to BTS as well.

[pc]

Would you have to do this step multiple times if you have more than one receive address? I only had one, but I would imagine you could have pts split up amongst multiple receive addresses.

On the protocol level it should be possible to combine multiple claims in a single transaction. But the wallet command currently only supports one claim per tx.

[pc]

Code: [Select]

10 assert_exception: Assert Exception
balance.amount > 0 && balance.asset_id == 0: No unspent genesis balance found for xxxxVJ9xQuzdzdzdFENC3f3DkK

The genesis doesn't contain any addresses with FENC3f in them. Are you sure there should be a balance in that address (as of 2014-12-03)? Please check in the old block explorer: https://coinplorer.com/PTS .

It's a little confusing however that you never get a prompt for the actual signed message, you need to enter everything on one line. If you enter first the new account, then the old address you get an error but that error does contain the message to sign.

Uh, yes, the user interface is not exactly perfect...

[svk]

Code: [Select]

10 assert_exception: Assert Exception
balance.amount > 0 && balance.asset_id == 0: No unspent genesis balance found for xxxxVJ9xQuzdzdzdFENC3f3DkK

The genesis doesn't contain any addresses with FENC3f in them. Are you sure there should be a balance in that address (as of 2014-12-03)? Please check in the old block explorer: https://coinplorer.com/PTS .

It's a little confusing however that you never get a prompt for the actual signed message, you need to enter everything on one line. If you enter first the new account, then the old address you get an error but that error does contain the message to sign.

Uh, yes, the user interface is not exactly perfect...

No I'm not saying there should have been a stake in there, it was just one of my change addresses that I tried.

Important thing is it works though which is cool!

[Riverhead]

Just tested it and it seemed to work fine. I like how you can use the command, answer the prompts for account: and address, and receive the text to sign as an output. I did get an assert Exception error when I tried this, but once I signed the message and put it in the right format wallet_import_by_signedmsg ACCOUNT ADDRESS SIGNEDMESSAGE it worked fine. So to sum it up

1) Go to PTS wallet(old) -> Select Sign message -> copy address from address book
2) In PTS client(new) -> type wallet_import_by_signedmsg  -> at the prompts enter the account name to import to and then the address copied in step 1) -> this will output the message to sign
3)In PTS wallet(old) -> paste same account from step 1) into first box -> copy message in quotation from 2) and paste into second box -> sign and copy the output
4) In PTS wallet (new) -> type  the command followed by the account name to import to, the address from 1) and signed message from 3), it should look like this
wallet_import_by_signedmsg  ACCOUNT ADDRESS SIGNEDMESSAGE

Thank you . I found this very helpful and I was able to import most of my stake via this secure method.

[lafona]

Just tested it and it seemed to work fine. I like how you can use the command, answer the prompts for account: and address, and receive the text to sign as an output. I did get an assert Exception error when I tried this, but once I signed the message and put it in the right format wallet_import_by_signedmsg ACCOUNT ADDRESS SIGNEDMESSAGE it worked fine. So to sum it up

1) Go to PTS wallet(old) -> Select Sign message -> copy address from address book
2) In PTS client(new) -> type wallet_import_by_signedmsg  -> at the prompts enter the account name to import to and then the address copied in step 1) -> this will output the message to sign
3)In PTS wallet(old) -> paste same account from step 1) into first box -> copy message in quotation from 2) and paste into second box -> sign and copy the output
4) In PTS wallet (new) -> type  the command followed by the account name to import to, the address from 1) and signed message from 3), it should look like this
wallet_import_by_signedmsg  ACCOUNT ADDRESS SIGNEDMESSAGE

Thank you . I found this very helpful and I was able to import most of my stake via this secure method.

No problem. Glad it was helpful!

[robrigo]

I was happy to use your signed message method to import my stake. Nice work on that!

[cube]

Yea. Nice stuff. Should update OP with the visual guide - http://pts.cubeconnex.com/wiki/index.php?title=Secure_Asset_Import

[fftt]

Very nice feature.   

I want to share with you my experience in using this feature. I have two PTS wallet-qt (both windows) installed (v0.8.5.0-unk-beta, and v1.0.0.0-unk-beta). When I used v0.8.5.0 to sign the message, the signature produced does not work. It means the claim failed.

To work around, I dumped the private key from v0.8.5.0 wallet and imported it into v1.0.0.0. And then I used v1.0.0.0 wallet to sign the same message. It works now.

For people who still using very old wallet (like me), please pay attention to this.