Author Topic: Secure sharedrops without private key import  (Read 5353 times)

pc

  • Moderator
  • Jr. Member
  • *****
  • Posts: 218
Secure sharedrops without private key import
« on: November 23, 2014, 08:12:24 pm »
Edit: here's a how-to: http://pts.cubeconnex.com/wiki/index.php?title=Secure_Asset_Import

You may have seen it over on btstalk: https://bitsharestalk.org/index.php?topic=11634.msg153439#msg153439
Someone has announced a new BTS fork and wants to sharedrop on PTS/AGS, which has brought an old subject back. We need a way to make sharedrops secure, i. e. find a way to claim shares without the need to import private keys.

Has anyone thought about how this could be implemented?

From the top of my head, it could work like this:
We assume you are the OWNER of an ADDRESS in some unrelated BLOCKCHAIN. Owning ADDRESS entitles you to shares in a new coin, for example NEWSHARES. The classic (insecure) way to handle this is to use "dumpprivkey ADDRESS" in the old BLOCKCHAIN-client, then "wallet-import-private-key PRIVKEY ACCOUNT" in the NEWSHARES-client.
The new (secure) way is:
0. We further assume that the BLOCKCHAIN-client is capable of signing arbitrary text messages with the private key for ADDRESS in such a way that the signature can be verified to belong to the owner of ADDRESS. We assume that this signing/verifying works as implemented in bitcoin.
1. OWNER creates a wallet and an ACCOUNT in the NEWSHARES-client. Let the account public key be NEWKEY.
2. OWNER creates a simple text message "Transfer ADDRESS to NEWKEY".
3. OWNER signes the message using BLOCKCHAIN-client, creating SIGNATURE.
4. OWNER opens NEWSHARES-client and issues the command "wallet-account-claim ADDRESS ACCOUNT SIGNATURE".
5. NEWSHARES-client verifies signature and creates a special transaction transferring the genesis balance from ADDRESS to NEWKEY, subtracting the configured TX fee.
6. NEWSHARES-client pushes the transaction out to the network.
7. NEWSHARES-delegates validate the signature and include the transaction into the next block.

I think this is somewhat straightforward to implement, but could be improved usability-wise.

Comments?

Edit: regarding usability - we could create a command "wallet-account-prepare-claim ADDRESS ACCOUNT" that output the message to sign, or maybe even a full "signmessage" command line to c&p into BLOCKCHAIN-client...
« Last Edit: December 24, 2014, 01:15:11 pm by pc »
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de/
My PTS binary packages for CentOS, Fedora, openSUSE: http://software.opensuse.org/download.html?project=home%3Ap_conrad%3Abts&package=PTS
Please donate: pts:cyrano - thanks!

cube

  • CoreTeam
  • Jr. Member
  • *
  • Posts: 293
  • Bit by bit, we will get there!
Re: Secure sharedrops without private key import
« Reply #1 on: November 24, 2014, 06:25:50 am »
I think it is more secured to have a function to claim based on a signed message rather than private key.  Yes, why not?

How about 'wallet_import_by_signedmsg' to be consistent with current command structure?
« Last Edit: November 24, 2014, 06:30:51 am by cube »
Contribute to the PTS Development Program!
Please send your donation to ID: bitcube

AlphaBar

  • CoreTeam
  • Jr. Member
  • *
  • Posts: 87
Re: Secure sharedrops without private key import
« Reply #2 on: November 27, 2014, 02:39:46 am »
This is incredibly important, and I would be surprised if the BitShares devs were not already working on it. May be something we can simply merge once they've implemented. If we have the resources to implement it ourselves then even better.

pc

  • Moderator
  • Jr. Member
  • *****
  • Posts: 218
Re: Secure sharedrops without private key import
« Reply #3 on: November 27, 2014, 04:37:11 pm »
Just pushed this into the develop branch. Including regression tests, which show it to be working. :-)

Currently bitcoin and (classic) pts are supported. The principle should be extendable to sharedrops on bitshares-derived chains as well.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de/
My PTS binary packages for CentOS, Fedora, openSUSE: http://software.opensuse.org/download.html?project=home%3Ap_conrad%3Abts&package=PTS
Please donate: pts:cyrano - thanks!

lafona

  • Newbie
  • *
  • Posts: 10
Re: Secure sharedrops without private key import
« Reply #4 on: December 04, 2014, 11:04:35 pm »
Just tested it and it seemed to work fine. I like how you can use the command, answer the prompts for account: and address, and receive the text to sign as an output. I did get an assert Exception error when I tried this, but once I signed the message and put it in the right format wallet_import_by_signedmsg ACCOUNT ADDRESS SIGNEDMESSAGE it worked fine. So to sum it up

1) Go to PTS wallet(old) -> Select Sign message -> copy address from address book
2) In PTS client(new) -> type wallet_import_by_signedmsg  -> at the prompts enter the account name to import to and then the address copied in step 1) -> this will output the message to sign
3)In PTS wallet(old) -> paste same account from step 1) into first box -> copy message in quotation from 2) and paste into second box -> sign and copy the output
4) In PTS wallet (new) -> type  the command followed by the account name to import to, the address from 1) and signed message from 3), it should look like this
wallet_import_by_signedmsg  ACCOUNT ADDRESS SIGNEDMESSAGE


lafona

  • Newbie
  • *
  • Posts: 10
Re: Secure sharedrops without private key import
« Reply #5 on: December 04, 2014, 11:12:59 pm »
Would you have to do this step multiple times if you have more than one receive address? I only had one, but I would imagine you could have pts split up amongst multiple receive addresses.

svk

  • Newbie
  • *
  • Posts: 11
Re: Secure sharedrops without private key import
« Reply #6 on: December 04, 2014, 11:36:44 pm »
Would you have to do this step multiple times if you have more than one receive address? I only had one, but I would imagine you could have pts split up amongst multiple receive addresses.

I can confirm that you need to repeat for each address. I had two, one gave an assert exception:

Code: [Select]
10 assert_exception: Assert Exception
balance.amount > 0 && balance.asset_id == 0: No unspent genesis balance found for xxxxVJ9xQuzdzdzdFENC3f3DkK

The second one worked. It's a little confusing however that you never get a prompt for the actual signed message, you need to enter everything on one line. If you enter first the new account, then the old address you get an error but that error does contain the message to sign.

Either way this is awesome and a great idea, I hope to this added to BTS as well.

pc

  • Moderator
  • Jr. Member
  • *****
  • Posts: 218
Re: Secure sharedrops without private key import
« Reply #7 on: December 05, 2014, 09:17:16 am »
Would you have to do this step multiple times if you have more than one receive address? I only had one, but I would imagine you could have pts split up amongst multiple receive addresses.
On the protocol level it should be possible to combine multiple claims in a single transaction. But the wallet command currently only supports one claim per tx.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de/
My PTS binary packages for CentOS, Fedora, openSUSE: http://software.opensuse.org/download.html?project=home%3Ap_conrad%3Abts&package=PTS
Please donate: pts:cyrano - thanks!

pc

  • Moderator
  • Jr. Member
  • *****
  • Posts: 218
Re: Secure sharedrops without private key import
« Reply #8 on: December 05, 2014, 09:21:01 am »

Code: [Select]
10 assert_exception: Assert Exception
balance.amount > 0 && balance.asset_id == 0: No unspent genesis balance found for xxxxVJ9xQuzdzdzdFENC3f3DkK

The genesis doesn't contain any addresses with FENC3f in them. Are you sure there should be a balance in that address (as of 2014-12-03)? Please check in the old block explorer: https://coinplorer.com/PTS .


It's a little confusing however that you never get a prompt for the actual signed message, you need to enter everything on one line. If you enter first the new account, then the old address you get an error but that error does contain the message to sign.

Uh, yes, the user interface is not exactly perfect...
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de/
My PTS binary packages for CentOS, Fedora, openSUSE: http://software.opensuse.org/download.html?project=home%3Ap_conrad%3Abts&package=PTS
Please donate: pts:cyrano - thanks!

svk

  • Newbie
  • *
  • Posts: 11
Re: Secure sharedrops without private key import
« Reply #9 on: December 05, 2014, 09:46:23 am »



Code: [Select]
10 assert_exception: Assert Exception
balance.amount > 0 && balance.asset_id == 0: No unspent genesis balance found for xxxxVJ9xQuzdzdzdFENC3f3DkK

The genesis doesn't contain any addresses with FENC3f in them. Are you sure there should be a balance in that address (as of 2014-12-03)? Please check in the old block explorer: https://coinplorer.com/PTS .


It's a little confusing however that you never get a prompt for the actual signed message, you need to enter everything on one line. If you enter first the new account, then the old address you get an error but that error does contain the message to sign.

Uh, yes, the user interface is not exactly perfect...

No I'm not saying there should have been a stake in there, it was just one of my change addresses that I tried.

Important thing is it works though which is cool!

Riverhead

  • Newbie
  • *
  • Posts: 32
Re: Secure sharedrops without private key import
« Reply #10 on: December 21, 2014, 04:40:02 am »
Just tested it and it seemed to work fine. I like how you can use the command, answer the prompts for account: and address, and receive the text to sign as an output. I did get an assert Exception error when I tried this, but once I signed the message and put it in the right format wallet_import_by_signedmsg ACCOUNT ADDRESS SIGNEDMESSAGE it worked fine. So to sum it up

1) Go to PTS wallet(old) -> Select Sign message -> copy address from address book
2) In PTS client(new) -> type wallet_import_by_signedmsg  -> at the prompts enter the account name to import to and then the address copied in step 1) -> this will output the message to sign
3)In PTS wallet(old) -> paste same account from step 1) into first box -> copy message in quotation from 2) and paste into second box -> sign and copy the output
4) In PTS wallet (new) -> type  the command followed by the account name to import to, the address from 1) and signed message from 3), it should look like this
wallet_import_by_signedmsg  ACCOUNT ADDRESS SIGNEDMESSAGE

Thank you :). I found this very helpful and I was able to import most of my stake via this secure method.

lafona

  • Newbie
  • *
  • Posts: 10
Re: Secure sharedrops without private key import
« Reply #11 on: December 23, 2014, 01:55:42 pm »
Just tested it and it seemed to work fine. I like how you can use the command, answer the prompts for account: and address, and receive the text to sign as an output. I did get an assert Exception error when I tried this, but once I signed the message and put it in the right format wallet_import_by_signedmsg ACCOUNT ADDRESS SIGNEDMESSAGE it worked fine. So to sum it up

1) Go to PTS wallet(old) -> Select Sign message -> copy address from address book
2) In PTS client(new) -> type wallet_import_by_signedmsg  -> at the prompts enter the account name to import to and then the address copied in step 1) -> this will output the message to sign
3)In PTS wallet(old) -> paste same account from step 1) into first box -> copy message in quotation from 2) and paste into second box -> sign and copy the output
4) In PTS wallet (new) -> type  the command followed by the account name to import to, the address from 1) and signed message from 3), it should look like this
wallet_import_by_signedmsg  ACCOUNT ADDRESS SIGNEDMESSAGE

Thank you :). I found this very helpful and I was able to import most of my stake via this secure method.


No problem. Glad it was helpful!

robrigo

  • Newbie
  • *
  • Posts: 5
Re: Secure sharedrops without private key import
« Reply #12 on: December 23, 2014, 03:48:17 pm »
I was happy to use your signed message method to import my stake. Nice work on that!

cube

  • CoreTeam
  • Jr. Member
  • *
  • Posts: 293
  • Bit by bit, we will get there!
Re: Secure sharedrops without private key import
« Reply #13 on: December 24, 2014, 04:37:18 am »
Yea. Nice stuff. Should update OP with the visual guide - http://pts.cubeconnex.com/wiki/index.php?title=Secure_Asset_Import
Contribute to the PTS Development Program!
Please send your donation to ID: bitcube

fftt

  • Newbie
  • *
  • Posts: 7
Re: Secure sharedrops without private key import
« Reply #14 on: December 24, 2014, 08:55:13 am »
Very nice feature.   ;)

I want to share with you my experience in using this feature. I have two PTS wallet-qt (both windows) installed (v0.8.5.0-unk-beta, and v1.0.0.0-unk-beta). When I used v0.8.5.0 to sign the message, the signature produced does not work. It means the claim failed.

To work around, I dumped the private key from v0.8.5.0 wallet and imported it into v1.0.0.0. And then I used v1.0.0.0 wallet to sign the same message. It works now.

For people who still using very old wallet (like me), please pay attention to this.   :)