Long term storage in transaction form

1. Long term storage in transaction form
2.  
3. One of Bitcoin's popular usages is long term storage of funds.
4. A few methods exist :
5.  
6. 1. Digital form
7. A copy of the private key is kept in a file on a hard drive or other digital media either off or online, usually encrypted with a password.
8.  
9. The downside :
10. The integrity of the file can not be verified without actually testing the file on a computer. Downloading the file or loading the media is a must.
11. If the file is online, it will be copied, maybe even deleted.
12.  
13. 2. Physical form
14. A copy of the private key is printed on a physical medium, usually paper encrypted with a password.
15.  
16. The downside :
17. The key can be lost, stolen or damaged.
18. Creating multiple copies of the key also poses a problem. It's hard to keep track of many copies, and also requires the usage of a very strong password, in case one is stolen without the knowledge of the owner.
19.  
20. 3. Mnemonic form
21. A seed for generating a private key in a deterministic process is chosen by the owner.
22.  
23. The downside :
24. The key or seed simply cannot be backed-up or verified without resorting to one of the previous methods.
25. To withdraw the funds, the owner must use a computer to sign the transaction, and also be connected to the bitcoin network, to transmit the signed tx.
26.  
27.  
28. I propose a method that combines all of the first three, and a couple of new processes to create a safer long term storage solution.
29.  
30. The process :
31.  
32. Alice wants to store her bitcoins for long term.
33.  
34. Offline:
35. She creates two private and public key pairs and the two corresponding public addresses. Address A and address B.
36.  
37. Online:
38. She sends all the bitcoins she would like to store to address A like she would normally.
39. The bitcoins are now signed to address A.
40.  
41. Offline again:
42. She then signs a transaction (T) for these same bitcoins, this time from address A to address B.
43. She does not transmit this signed transaction.
44.  
45. Alice now holds:
46.  
47. Private key for address A. The address that holds Alice's bitcoins on the blockchain.
48. Private key for address B. A second address, currently holding 0 BTC not seen on the blockchain.
49. Signed transaction T, ready to be transmitted to the network, of bitcoins from address A to address B.
50.  
51. Alice now destroys the private key for address A.
52.  
53. This slightly different method allow for some complex operations. These are some examples :
54.  
55. 1. A digital will :
56.  
57. Alice funds address A with 3 different bitcoin transactions.
58. Along with address B, Alice creates addresses C and D.
59. She signs each one of the 3 tx's in A like so :
60. T1 = T:A->B
61. T2 = T:A->C
62. T3 = T:A->D
63.  
64. She gives away the private keys for addresses B, C and D to their owners, and in time, the pre-signed transactions T{1,2,3} will be spent on the network.
65. Addressed B, C and D are funded without the need for Alice's private key for address A, and without the need for trust.
66.  
67. 2. A physical "security by obscurity" case :
68.  
69. In addition to address B, Alice can create addresses {C, D, E...} which will be used as decoy paper wallets in an off-site location.
70. Alice only needs to create one real BIP0038 encrypted paper wallet, and the rest could be used as encrypted decoys, wasting time for a thief.
71. Since all paper wallets hold 0 balance, and have never been seen on the network, a theif would have a very hard time picking the right one.
72. The transaction that spends the bitcoins to the real paper wallet should remain private, however even if the transaction does leak into the network, the bitcoins are still not lost.
73.  
74. 3. Minimizing exposure of secrets :
75.  
76. Alice uses the same method as the original, except she creates address B using a deterministic process from a seed.
77. She now has no digital or physical assets to keep, except for the transaction T.
78. It's safer for her to use any method of backup for T, instead of the seed or A's private key.
79. In case T leaks and is transmitted to the network, Alice is still in full control over her coins.
80.  
81. 4. This last kind of operation is still considered sci-fi today (the code does not exist yet), but in theory this can be done :
82.  
83. A sort of "trip-wire" system can be built that will:
84.  
85. 1. Store a copy of a transaction T(A->B)
86. 2. Be connected to as many nodes as possible on the network, preferably to major pools' nodes
87. 3. Constantly monitor the bitcoin memory pool for any transactions, call them M(A->?), outbound from address A to any other address
88. 4. In case of such transaction M, immediately transmit transaction T to all connected nodes
89. 5. With any luck, transaction T is mined on the next block, and transaction M is considered a double spend
90.  
91. Alice gets a second chance.
92. The process can even repeat for a number of "hops" between addresses, if more than one was compromised.
93.  
94.  
95. In conclusion, Alice's only real thing of value now is the pre-signed transaction T.
96. Trusting a 3rd party with the transaction is much easier and safer than trusting it with the private key that holds the bitcoins themselves.
97. Since the transaction was actually designed to be public there is no major threat in it leaking to the network prematurely, and if it does actually leak, Alice is the first to know.
98.  
99. The process of withdrawing the bitcoins is simple. Either transmit the original transaction T, or if a system like in (4) is employed, a "release" switch could be used to do that too.
100. Address B should now hold the bitcoins, and it can now be imported to the wallet.
101.  
102. - arubi
103. 15.02.14
104. 19oufRirjCDHrbLouLJ2X3Zc3t1HaYRdf6
105. ----------------------------------
106. H97JNnedREQT0CwA41JYp5y2Fckx7BFv1NXnKkSE9y6e15OG+DB1UI/841iZ+r8JA+2Q1hNtdah8X57qIZu5Z8M=