Edit: here's a how-to:
http://pts.cubeconnex.com/wiki/index.php?title=Secure_Asset_ImportYou may have seen it over on btstalk:
https://bitsharestalk.org/index.php?topic=11634.msg153439#msg153439Someone has announced a new BTS fork and wants to sharedrop on PTS/AGS, which has brought an old subject back. We need a way to make sharedrops secure, i. e. find a way to claim shares without the need to import private keys.
Has anyone thought about how this could be implemented?
From the top of my head, it could work like this:
We assume you are the OWNER of an ADDRESS in some unrelated BLOCKCHAIN. Owning ADDRESS entitles you to shares in a new coin, for example NEWSHARES. The classic (insecure) way to handle this is to use "dumpprivkey ADDRESS" in the old BLOCKCHAIN-client, then "wallet-import-private-key PRIVKEY ACCOUNT" in the NEWSHARES-client.
The new (secure) way is:
0. We further assume that the BLOCKCHAIN-client is capable of signing arbitrary text messages with the private key for ADDRESS in such a way that the signature can be verified to belong to the owner of ADDRESS. We assume that this signing/verifying works as implemented in bitcoin.
1. OWNER creates a wallet and an ACCOUNT in the NEWSHARES-client. Let the account public key be NEWKEY.
2. OWNER creates a simple text message "Transfer ADDRESS to NEWKEY".
3. OWNER signes the message using BLOCKCHAIN-client, creating SIGNATURE.
4. OWNER opens NEWSHARES-client and issues the command "wallet-account-claim ADDRESS ACCOUNT SIGNATURE".
5. NEWSHARES-client verifies signature and creates a special transaction transferring the genesis balance from ADDRESS to NEWKEY, subtracting the configured TX fee.
6. NEWSHARES-client pushes the transaction out to the network.
7. NEWSHARES-delegates validate the signature and include the transaction into the next block.
I think this is somewhat straightforward to implement, but could be improved usability-wise.
Comments?
Edit: regarding usability - we could create a command "wallet-account-prepare-claim ADDRESS ACCOUNT" that output the message to sign, or maybe even a full "signmessage" command line to c&p into BLOCKCHAIN-client...