Linking Bitcoin Addresses to Keybase

[markus-hartley]

I'm not a programmer, but I had the vague idea that Keybase id's could be used as links to hidden Bitcoin addresses, to allow people to pay to a username instead of a Bitcoin address. Today I just found this blog post, explaining the general concept better than I can...

http://chrispacia.wordpress.com/2014/01/16/doing-away-with-bitcoin-addresses/

At least, I think that post is saying the same thing that I was thinking.

[malgorithms]

Thanks, Markus!

We've been talking for a while about how Keybase can be used with crypto currencies. In the simplest sense, PGP (and therefore Keybase) can be used to sign bitcoin addresses. So if I want to post a bitcoin address on my website or email it to someone, I can use Keybase to sign it. The sender can then tell that the address hasn't been attacked by a "man in the middle" and swapped out.

Something more complicated and way more convenient can exist if a bitcoin client can understand Keybase identity proofs.

For example, if someone Keybase-proves they are twitter user "markush", I can send bitcoin to that user, knowing via some signed bitcoin address exchange that I am sending to the person who owns that twitter account. It gets safer and more powerful if markush has proven more identities than just twitter.

There's nothing here happening that PGP in general hasn't already solved...the role of Keybase in this process is mapping to digital identities instead of just PGP fingerprints. But we think this step is important. So when the time comes to send the bitcoins, you don't have to meet in person or trust a web of trust to ensure you have the right key.

Other cool things can be done, too. If anyone else has ideas, maybe this would be a good issue to post on.

[aviau]

One cool thing is that you can prove that you own a bitcoin adress, publicly, with the blockchain.

Blockchain.info used to let people write messages in the blockchain, more discussions here: https://bitcointalk.org/index.php?topic=40264.msg1159289#msg1159289

You could write a short message like the current twitter verificaiton.

[gwillen]

Yes, in the same vein as being able to prove your identity on arbitrary websites other than Twitter and Github, it would be nice to be able to prove ownership of bitcoin addresses by signing things with them.

[markus-hartley]

So it would be possible to link a keybase profile to a bitcoin address by verifying with a transaction, and then people could send you money via your keybase username, which would be great.

To take it a step further, it would be nice if I could type "Send $5 to gwillen" into a keybase enabled client, and then a confirmation would pop up, showing your gwillen's profile picture, saying "Send $5 to this person?," and then I'd be fairly certain I was sending it to the right profile and I hadn't mistyped your username.

[bgpugh]

See also: https://github.com/keybase/keybase-issues/issues/518

[ewust]

If you do end up going this direction (allowing a keybase identity to vouch for an identity owning a particular bitcoin address), it looks like BIP 70 (https://github.com/bitcoin/bips/blob/master/bip-0070.mediawiki) could be extended to support this. That payment protocol currently aims to support x509 certificates from merchants (rooted in the CA PKI) to prove that the payment request is coming from the right place, but could be extended by adding a pki_type (e.g. "keybase+sha1"), to allow ordinary people to validate an address came from their identity.

[oricou]

Another use case would be to be able to find who sent you this payment (in btc). If I could just run

keybase search

and get its owner, it would be usefull for sellers for example (or those who would like to thank their donators). Of course it means the owner has registred his btc address and to be sure he is the good one I see two solutions:

• he writes a message in the blockchain with his keybase uid and keybase will search for it (maybe no very practical)
• when he registers the btc address to keybase, he signs with the private key of the bitcoin address his public PGP key to prove that he is the owner and keybase get it.

Of course bitcoin clients could include that to you can see who sent you this bitcoin.

[oricou]

keybase search bitcoinaddress

[aviau]

The current implementation of bitcoin addresses does not prove I own the address, why not ask users to sign something with the bitcoin address?

[malgorithms]

Good question, @ReAzem - we actually started with the intention of doing it this way, especially since it's a pretty clear parallel to how we do identity proofs. Here's the problem:

• many people who use bitcoin don't understand how to sign things with their private key, and many wallets don't even support it. or if they do, it's fairly hidden or confusing
• I put some work into making the UI for an advanced mode, where you could sign in both directions, optionally, and the site/client would label addresses by whether they were 2-way proven. Unfortunately no matter how hard I tried, I could not make this clear to the average user, and it made the 1-way signatures scary for sending to, which they shouldn't be.
• finally, we came to the conclusion that this use case covers the 95+% scenario.

What we're doing now is formalizing the equivalent of you posting a signed statement "If you ever want to send me bitcoin, send it here: ____" . Which really is what someone sending you bitcoin wants to see from you.

A proof in the other direction can serve one of a couple much rarer purposes:

1. if you want to prove you're the sender in a transaction, or
2. if you've signed something else with that bitcoin private key, and want to prove it's yours

Both of these are legitimate uses, but they're rarer. Rare enough, in fact, that we figured (1) it's not worth cluttering the user experience with advanced options, and (2) someone who wants to do these will know how to do them manually anyway. So it doesn't need to be an "official" signature type yet.

All that said, this is really just the first step in cryptocurrency support. So we may add it in the future.

[oricou]

die 13/06/14, ad 19h35, Alexandre Viau notifications@github.com dixit :

The current implementation of bitcoin addresses does not prove I own the address, why not ask users to sign something with the bitcoin address?

It is now a perfect proof but it gives a hint which is enough in many cases.

For example Linux Mint has a web page to thanks donators but when they receive bitcoins, they cannot know who sent the money (unless the sender sign something with his bitcoin address but it is too complicated for a donation). Now they can ask Keybase to get the sender's name and add the it to their thanks page.

Olivier.

[rmetzler]

if you want to prove you're the sender in a transaction

I was under the impression that Bitcoin transactions can have an optional message field. Wouldn't it be sufficient if you sign this with your key?

[gwillen]

@rmetzler Unfortunately no, there is no message field in bitcoin transactions.

[kjellskogsrud]

Since one person can have multiple bitcoin addresses it should also be possible to prove multiple addresses on keybase.

[grawity]

@kjellskogsrud This is for receiving payments mostly, so one "incoming" address should be enough IMHO.

[malgorithms]

@kjellskogsrud - there is support for this, we just aren't really showing it for UI reasons. Just presenting a list of bitcoin addresses isn't really more useful than presenting just one. So it brings up other questions: should they be labeled? Can you post different ones per viewer? Isn't it just going to clutter up the UI with little gain? Regarding the last 2 points, if you want to get a bitcoin address to an individual, it's so easy to either do keybase encrypt chris -s -m 'you dude, here is my address: 1dice...' and just pass the results along.

Still, we're thinking about all this...

[ghost]

Proof of ownership came up in #710 for SSH public keys. It's essentially the same problem as with the Bitcoin address field. Generally, I believe anything presented on a keybase user page should require proof-of-ownership, but I'll limit discussion to the Bitcoin address.

• Only a fraction of web users understand the security implications of web pages served with mixed SSL encrypted and plaintext content; not even all web developers understand. Similarly, the subtlety of mixing strongly proven identities with non-proven keys will be lost. The current graphical design of the page visually conflates the two as well.
• The dirty secret of disclaimers and fine print is that people don't read them. Likewise, the disclaimer "technically speaking, Bob hasn't proven they can extract funds from this address; they have only signed a statement claiming they can. This is probably what you wanted anyway, but we like to be clear at Keybase" will mostly go unnoticed.
• keybase.io: identity <=> BTC + hosted private key - two-way proof = target for attack

[dexX7]

Hey @malgorithms, just to clarify: you are well aware that a public key (-> public key hash ("address")) can be derived from a signed message solely?

... many wallets don't even support it. or if they do, it's fairly hidden or confusing.

I'll bite and claim almost all wallets do offer such an option. I further claim using GPG or curl might be more difficult for some than this - not even speaking about setting a DNS record.

many people who use bitcoin don't understand I could not make this clear to the average user Unfortunately no matter how hard I tried ...

There are two ways to claim domain ownership, so I assume the problem is related to the profile view.

I'm concerned, because a one-way proof is fundamentally different than a two-way proof. I can understand why you'd dislike big red warnings all over the place, but I think it's rather careless and might create a false sense of security, especially in the case of an average user who doesn't understand things.

The other issue is that red usually equals "danger", while blue is sort of neutral and green is almost all the time associated with "everything is fine". How comes the only verification that is actually less "secure", is highlighted in green?

technically speaking, dexx hasn't proven they can extract funds from this address; they have only signed a statement claiming they can. This is probably what you wanted anyway, but we like to be clear at Keybase.

it's certainly not what I want and vague language like this isn't helpful at all. Is there really no route you can think of to be more explicit?

To break the ice: