Sergio_Demian_Lerner





Offline



Activity: 549

Merit: 544







Hero MemberActivity: 549Merit: 544 Firmcoins - A new kind of Bitcoin physical bill ready for off-line transactions June 12, 2013, 07:46:48 PM

Last edit: June 12, 2013, 08:33:01 PM by Sergio_Demian_Lerner #1





I'd like to present my latest innovative hardware project.

It's called Firmcoin. Check



It's like cheap eWallet. But it's so cheap that, in order to pay with Bitcoins, you can actually give the Firmcoin to the payee. And it's rechargeable!



Currently you can verify the authenticity of a Firmcoin with any NFC-enabled smartphone (that can run our software).



When requested, a Firmcoin will send you its Bitcoin private key, but will automatically and atomically wipe the private key from memory, preventing double-spends.



There are several ways to verify the authenticity of a Firmcoin. For low value payments, you can just query the device if it has funds or not. Also the device can cryptographically prove that it is holding a certain private key, by signing user provided messages (but not transactions!)



If you want to verify the authenticity of a Firmcoin with more confidence, you must have connected to the Bitcoin network in the last 24 hours in order to download the list of Firmcoin addresses with funds. The Firmcoin can only receive funds if the transactions that load the funds are 24 hours old.



Carrying this small database, you can check the full validity of a Firmcoin without being online!



Also you can download a physical description of random features of each manufactured token and check its physical authenticity by just taking a photo of the Firmcoin.

Last but not least, we have a novel method to verify the authenticity of the firmware loaded.



And we hope we can sell each Firmcoin for less than 5 USD when we start manufacturing in higher volumes.



Keep in mind that we're still developing the product to make it ready for mass production, so we're open to any ideas you may want to share with us. Also if you have the skills to help us develop a better product, we'd be glad to hire you in our team, or partner with you.



Best regards,

Sergio.

Part of the Firmcoin team.



(please note the image is not the actual prototype, it is photoshoped). Hi everybody!I'd like to present my latest innovative hardware project.It's called Firmcoin. Check http://FirmCoin.com It's like cheap eWallet. But it's so cheap that, in order to pay with Bitcoins, you can actually give the Firmcoin to the payee. And it's rechargeable!Currently you can verify the authenticity of a Firmcoin with any NFC-enabled smartphone (that can run our software).When requested, a Firmcoin will send you its Bitcoin private key, but will automatically and atomically wipe the private key from memory, preventing double-spends.There are several ways to verify the authenticity of a Firmcoin. For low value payments, you can just query the device if it has funds or not. Also the device can cryptographically prove that it is holding a certain private key, by signing user provided messages (but not transactions!)If you want to verify the authenticity of a Firmcoin with more confidence, you must have connected to the Bitcoin network in the last 24 hours in order to download the list of Firmcoin addresses with funds. The Firmcoin can only receive funds if the transactions that load the funds are 24 hours old.Carrying this small database, you can check the full validity of a FirmcoinAlso you can download a physical description of random features of each manufactured token and check its physical authenticity by just taking a photo of the Firmcoin.Last but not least, we have a novel method to verify the authenticity of the firmware loaded.And we hope we can sell each Firmcoin for less than 5 USD when we start manufacturing in higher volumes.Keep in mind that we're still developing the product to make it ready for mass production, so we're open to any ideas you may want to share with us. Also if you have the skills to help us develop a better product, we'd be glad to hire you in our team, or partner with you.Best regards,Sergio.Part of the Firmcoin team.

Mike Hearn





Offline



Activity: 1526

Merit: 1008







LegendaryActivity: 1526Merit: 1008 Re: Firmcoins - A new kind of Bitcoin physical bill ready for off-line transactions June 13, 2013, 02:51:22 PM #2 Awesome project!



So if I understand correctly, the NFC interface lets you both retrieve the public key and the atomically-destroyed private key?



Are you going to integrate this with the Android wallet app? It already has some NFC support and syncs with the network every 24 hours.



However, I must admit I am not entirely sure of the purpose. If you accept a firmcoin without checking it with your smart phone, it might be empty, so that's dangerous. And if you have a working smartphone, you could just as well do a direct P2P payment. I suppose the difference is, the payer doesn't have to have a phone, just the receiver. But is that really an advantage?

Sergio_Demian_Lerner





Offline



Activity: 549

Merit: 544







Hero MemberActivity: 549Merit: 544 Re: Firmcoins - A new kind of Bitcoin physical bill ready for off-line transactions June 13, 2013, 05:49:14 PM #3 Quote from: Mike Hearn on June 13, 2013, 02:51:22 PM Awesome project!



So if I understand correctly, the NFC interface lets you both retrieve the public key and the atomically-destroyed private key?

It let's you retrieve both keys and atomically change the state of the firmcoin to "empty".



Quote from: Mike Hearn on June 13, 2013, 02:51:22 PM Are you going to integrate this with the Android wallet app? It already has some NFC support and syncs with the network every 24 hours.



It would an interesting feature, I will think about it. But we're not ready to manufacture in high volumes.



Quote from: Mike Hearn on June 13, 2013, 02:51:22 PM However, I must admit I am not entirely sure of the purpose. If you accept a firmcoin without checking it with your smart phone, it might be empty, so that's dangerous. And if you have a working smartphone, you could just as well do a direct P2P payment. I suppose the difference is, the payer doesn't have to have a phone, just the receiver. But is that really an advantage?



For a first security level, none of them have to be online. If you trust the manufacturer (us) then you can trust a firmcoin has coins. You query the firmcoin with a NFC-enabled smartphone and it will tell you if it has coins or not. Another version we're building has a LED that flashes when it has coins when you touch it.



And you don't even need to trust us: we've done things so that you have to trust only "ST Electronics" (at least now).



For a higher security level, you can carry with you the UXTO set of the day before (and update them once each day).

A firmcoin will only respond that it has funds if the transactions that fund the firmcoin are at least one day old.



For a higher security level, you can photograph the firmcoin and check its random features against a small database of physical features you can download from our servers.



For more security you can even query the firmcoin to prove it has a private key related to a certain public key (without the firmcoin disclosing the private key).



For even more security you can access our database online which can track which addresses are associated with each firmcoin.



For even more security you can upload the photographs of the device and we'll check the authenticity of the firmcoin against high definition images taken during the manufacturing process.



For even more security you can just extract the private key, transfer the funds using any Bitcoin client, and then send new funds to the firmcoin.



This is (IMHO) the future of off-line anonymous transactions (bills and coins),

Best regards, Sergio.

It let's you retrieve both keys and atomically change the state of the firmcoin to "empty".It would an interesting feature, I will think about it. But we're not ready to manufacture in high volumes.For a first security level, none of them have to be online. If you trust the manufacturer (us) then you can trust a firmcoin has coins. You query the firmcoin with a NFC-enabled smartphone and it will tell you if it has coins or not. Another version we're building has a LED that flashes when it has coins when you touch it.And you don't even need to trust us: we've done things so that you have to trust only "ST Electronics" (at least now).For a higher security level, you can carry with you the UXTO set of the day before (and update them once each day).A firmcoin will only respond that it has funds if the transactions that fund the firmcoin are at least one day old.For a higher security level, you can photograph the firmcoin and check its random features against a small database of physical features you can download from our servers.For more security you can even query the firmcoin to prove it has a private key related to a certain public key (without the firmcoin disclosing the private key).For even more security you can access our database online which can track which addresses are associated with each firmcoin.For even more security you can upload the photographs of the device and we'll check the authenticity of the firmcoin against high definition images taken during the manufacturing process.For even more security you can just extract the private key, transfer the funds using any Bitcoin client, and then send new funds to the firmcoin.This is (IMHO) the future of off-line anonymous transactions (bills and coins),Best regards, Sergio.

jl2012



Offline



Activity: 1792

Merit: 1010







LegendaryActivity: 1792Merit: 1010 Re: Firmcoins - A new kind of Bitcoin physical bill ready for off-line transactions June 13, 2013, 06:07:34 PM #4 I don't know how Firmcoins exactly works but I think there is a potential problem.



As you said, Firmcoin can export the private key to a smartphone through NFC. Is the following attack possible?



1. The phone requests the private key through NFC

2. Firmcoin sends the key through NFC

3. The phone receives the key but does not response

4. Firmcoin is not sure whether the key has been successfully sent, and does not delete the key. (If Firmcoin deletes they key without confirmation from the phone, the key may be lost if there is communication error)



Possible solution: the Firmcoin will always send a warning to the user if it had any unsuccessful key export attempt. Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)

LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)

PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517

Sergio_Demian_Lerner





Offline



Activity: 549

Merit: 544







Hero MemberActivity: 549Merit: 544 Re: Firmcoins - A new kind of Bitcoin physical bill ready for off-line transactions June 13, 2013, 06:17:17 PM #5 Quote from: jl2012 on June 13, 2013, 06:07:34 PM I don't know how Firmcoins exactly works but I think there is a potential problem.



As you said, Firmcoin can export the private key to a smartphone through NFC. Is the following attack possible?



1. The phone requests the private key through NFC

2. Firmcoin sends the key through NFC

3. The phone receives the key but does not response

4. Firmcoin is not sure whether the key has been successfully sent, and does not delete the key. (If Firmcoin deletes they key without confirmation from the phone, the key may be lost if there is communication error)



Possible solution: the Firmcoin will always send a warning to the user if it had any unsuccessful key export attempt.



The firmcoin BEFORE sending the private key enters a special internal state "no-funds". The private key is NOT immediately wiped. You can query the device for the private key as many times as you want until you're satisfied the transmission has no errors.



Then you send the firmcoin a command "wipe" and the firmcoin will wipe the private key.



The firmcoin will never go back to the state "funded" after the state "no-funds" without going through the state "create-new-key".



Sergio.

The firmcoin BEFORE sending the private key enters a special internal state "no-funds". The private key is NOT immediately wiped. You can query the device for the private key as many times as you want until you're satisfied the transmission has no errors.Then you send the firmcoin a command "wipe" and the firmcoin will wipe the private key.The firmcoin will never go back to the state "funded" after the state "no-funds" without going through the state "create-new-key".Sergio.

caveden



Offline



Activity: 1106

Merit: 1002









LegendaryActivity: 1106Merit: 1002 Re: Firmcoins - A new kind of Bitcoin physical bill ready for off-line transactions June 14, 2013, 11:52:12 AM #13



$5 as cost seems too much for people to pass it around as they do with cash/coins, though. It's probably higher as amount than a significant number of all cash transactions done in the world.

But it's still great as a gift card, or if anything, as a cool way to show people how real Bitcoin is getting.



I want one. This is awesome. Transparent acrylic card with holograms, buttons, LEDs and NFC tag. How futurist is that?$5 as cost seems too much for people to pass it around as they do with cash/coins, though. It's probably higher as amount than a significant number of all cash transactions done in the world.But it's still great as a gift card, or if anything, as a cool way to show people how real Bitcoin is getting.I want one.

Sergio_Demian_Lerner





Offline



Activity: 549

Merit: 544







Hero MemberActivity: 549Merit: 544 Re: Firmcoins - A new kind of Bitcoin physical bill ready for off-line transactions June 14, 2013, 06:01:22 PM #16 Quote from: killerstorm on June 14, 2013, 07:36:29 AM

Quote from: Sergio_Demian_Lerner on June 13, 2013, 05:49:14 PM For a higher security level, you can carry with you the UXTO set of the day before (and update them once each day).

A firmcoin will only respond that it has funds if the transactions that fund the firmcoin are at least one day old.



I don't see how it gives higher security level.



I don't see how it gives higher security level.

I believe that trust is not a boolean variable. You may trust me to hold 1 BTC for you but not to hold 1000 BTC.

If we (the manufacturers) make all possible measures to help you identify authentic hardware from counterfeit, authentic firmware from counterfeit, and so on, then you will trust us a little bit more.



We've made every possible effort so that even if we are hacked the next month, and all our private keys are stolen, a hacker cannot create counterfeit Firmcoins that pass all the tests and tools we give you to verify them.



Keep in mind that:



1. If you change the firmware of a device, then the device won't pass an offline verification tests.

2. If you change the hardware of the device, then the device won't pass offline and online verification tests

3. If you change the look of the device, then the device won't pass offline and online verification tests.

4. If you create a perfect counterfeit device, and you handle it to someone else, you're giving him the proof of your criminal act.



Best regards, Sergio.

I believe that trust is not a boolean variable. You may trust me to hold 1 BTC for you but not to hold 1000 BTC.If we (the manufacturers) make all possible measures to help you identify authentic hardware from counterfeit, authentic firmware from counterfeit, and so on, then you will trust us a little bit more.We've made every possible effort so that even if we are hacked the next month, and all our private keys are stolen, a hacker cannot create counterfeit Firmcoins that pass all the tests and tools we give you to verify them.Keep in mind that:1. If you change the firmware of a device, then the device won't pass an offline verification tests.2. If you change the hardware of the device, then the device won't pass offline and online verification tests3. If you change the look of the device, then the device won't pass offline and online verification tests.4. If you create a perfect counterfeit device, and you handle it to someone else, you're giving him the proof of your criminal act.Best regards, Sergio.