Friday, October 17, 2014

Using bitcoin based blockchain as notary service without third party

We have seen a lot of notary services that use bitcoin ( or any bitcoin based currency ) blockchain. Those services always have some server side component or require client side notary software.

If you have some bitcoin based crypto currency wallet then you have all you need to perform time stamping of a document and to prove that you have performed that time stamp. For this purpose I have developed https://github.com/Slavco/selfnotary and released under MIT licence.

What is the purpose of this software and how to use?

As a developer I want to be able to prove that I have created https://github.com/Slavco/selfnotary. That is why I have downloaded the selfnotary-master.zip, created a backup copy and i have verified this archive against Dogecoin blockchain.


Step by step how self notary service is used:

  1. Download the archive, extract to some folder and start index.html in your web browser. No need of internet connection for this .html page to work.

  2. Choose the desired blockchain and select the document you want to prove that is yours.
  3. The page will generate Document hash ( sha256 of the UTF-8 encoded file ) and Notary address where we need to send some amount of coins to prove that we hold this document. Funds on the address could not be spend by anyone.
  4. Send small amount of coins to the destination address ( my case Dogecoins )

  5. That's it. Now I have performed a backup of the document I want to prove that is mine and backup of the wallet that create the transaction.
     


Now I need to prove that I'm the owner of this file.


  1. I'll use the selfnotary tool to upload the document and to see generated address: DRdMhvJCnU6d9CYeu8kGCi92RbX5n4CgAg
  2. Let's check this address on some blockchain explorer: https://dogechain.info/address/DRdMhvJCnU6d9CYeu8kGCi92RbX5n4CgAg
  3. You can notice the first transaction to this address: https://dogechain.info/tx/880d239f9ae029d4b526cd878387e4b0d6d35d6fd0f5742274e5c6216f8ddac0


    This is the time I claim I have the file from.
  4. Lets prove that I'm the owner of the sender address:

  5. Here are the details:

    Message-    "Hello this is my archive"
    Signature-   "H6rbG9J42BJR23FSvfWsQOHgp32cqAlkakmt+woLTI/gagsrLq4bgtEXjHfXRX53dsw17L5W7y/KBuHyTO9WVzk="

    Now anyone could verify that I'm the owner of the private key of the sender address.

This way I can claim that I'm the first who poses this document and I can prove that I'm the owner of the private key that caused transaction. Having backup of my document ( archive ) and my wallet I have a proof forever that I'm holder of the archive at transaction time.

Hope you like this project and I hope this project will help saving your work from thief. This could be applied on any type of digital documents and any coin bitoin based blockchain.

For some large files this html/js application could be very slow and for that purpose next period i'll create command line selfnotary tool.


BTC:  1LuckAsHuFJ3Y59aztSxzHaBtRihc2vDmX
FTC:  6sLaveXfN6Nhi96LVufa4GjrojGnXsbc4w
VTC:  VpzZ7DnyoznqZxFjKqsJEVkSn74AiczX7a
DOGE:  DCze9pB2xcUWkKPYQ7BW6Lu8gaF5eqzk9o

Tuesday, February 11, 2014

Preventing transaction malleability on services that operate with 0 confirmations

This days become popular another "issue" about bitcoin protocol. It's named transaction malleability and it's nothing new in the bitcoin developers world and it has wiki entry https://en.bitcoin.it/wiki/Transaction_Malleability

Why this is interesting and important  for online blockchain based games that operate with transactions that have 0 confirmations?

The answer is simple. Third party or players could mess up with the service if listens the service for incoming transactions or is defeated by the service and try to create successful malleable transactions in order to harm it or to increase it's chances for win ( If malleable transaction is accepted then he plays x2 on probability of 75% ).

How to protect your service that operates with 0 confirmations transactions from malleable transactions?
Again answer is quite simple: Determine the play round by inputs txid and not by incoming transaction id.

In the PoC dice script I have created https://github.com/Slavco/dicestart now the play round checking is changed in order to avoid malleable transactions. Notice the code between the comments //prevent transaction malleability and commented old sql queries. That's it.

BTC: 1LuckAsHuFJ3Y59aztSxzHaBtRihc2vDmX
FTC: 6sLaveXfN6Nhi96LVufa4GjrojGnXsbc4w 

Friday, January 3, 2014

How to create your own satoshidice game

SatoshiDice introduced new and unique way of gaming / gambling online. It's the concept of wallet blockchain games. On the first sight isn't something special and probably we will say: OK no big deal yet another casino web site but there is much more behind it. As tech person my first question was how it's working and surfing all around there were no resources that explain how is created or better  to create similar game as your own product.

Then I started the research and here it's guided PoC framework scripts that show how to create your own blockchain based wallet game giving you freedom to use it on any size project. This could be applied on any crypto currency that is based on bitcoind and has the same API calls and ofc. you can implement any game with it.

Project: https://github.com/Slavco/dicestart

Requirements:
  • feathercoind, bitcoind or any another daemon ( will work with qt clients for test & isn't recomended for production environment )
  • mysql db server
  • php installed  

Configuration:

Follow the comments in the code. Basically you will need to set up your:
  • feathercoind, bitcoind, anycoind username and password 
  • path to the php executable 
  • generate storage address
  • generate play addresses
  • create game secret ( to prove your users that you are fair. Share with clients hash of your server key and not the server key) 
  • mysql username and password 
  • include scripts path 

When everything is set up you can test your system. To start the scripts just go to the console on your operating system and issue this command:  (path_to_php_executable) php go.php

Now you can send some amount between min - max bet and test the game. Lets take a look in the test game script. Here you will notice the following:
  • Get the arguments: plat transaction, odd and odd address
  • Load configuration
  • Connect to the DB
  • Connect to the coindaemon
  • Set max & min bet for this game and later decide what to do with incoming funds that are out of min - max boundary 
  • Calculate player address ( where to return the funds win or loose)
  • Perform the play ( according the play formula )
  • When player loose send the dust to the player address and rest of the coins to the storage address
  • When player wins then you must be careful! Loop trough unspent transactions inputs until you aggregate sum >= win+transaction fee, send to the player win amount and the rest send back to the your storage address because will be given to the network / miners. 
  • Create transaction, sign transaction & broadcast transaction to the network
  • Log the play data in the logs  


Why we create / hold the play logs? From the play logs we can publish data to the betting website where users will be able to see the latest plays. How to do that in most efficient way:

  • get the last N plays with: tail -N /path_to/playlogs/play_log2013-12-24.txt
  • hash the output
  • read output line by line and prepare for sending on the clientside
  • send to the client hash + data and add hash to the session
  • client pools the server with hash
  • if hash is the same, no new plays if not send new hash and data
  • on client side display only new data 

With this approach we show / propose architecture simple but very powerful for blockchain based wallet game.
  • Transactions receiving scripts could be on any machine that is able to run somecoind on it
  • If game is popular this scripts could be split ed on many machines that will use same db server ( to check if incoming tx is processed or not ) 
  • If game is popular ( too many transactions exec command in go.php could be easy changed with call to gearman, rabbitmq, ... )  
  • Logs could be pushed online via any protocol and displayed on the website for the users and because everything is generated this website could be easy hosted on any shared hosting
I hope you like this project.

BTC: 1LuckAsHuFJ3Y59aztSxzHaBtRihc2vDmX
FTC: 6sLaveXfN6Nhi96LVufa4GjrojGnXsbc4w



Friday, December 6, 2013

Secure printed wallet PoC / experiment 2 ( better materials + 2 strategies )


After struggle with sticky paper here it's some transparent paper in my hands. I have performed few experiments two different approaches and def. the results are just perfect.

Here it is the result from one of them:







Just perfect!

Thursday, December 5, 2013

Secure printed wallet PoC / experiment


After solving the problem in teory (adding extra security on paper wallet / cold storage), little math and PoC software http://btcluck.blogspot.com/p/private-key-protection.html it was time to see this method in action. I was struggling to find transparent paper in my near stores and I found one but sticky/with the glue ( similar as duck tape ), but it's transparency was enough for me to try.

What is done:

1. Print two images that will create QR code prepared with http://btcluck.blogspot.com/p/private-key-protection.html on normal paper and on transparent one.




2. Clean the sticky part ( remove the glue from another side )


3. Put the transparent part1 over the part 2 ( no need to be transparent )







4. Check the results


Success!!!

I have already ordered quality transparent plastic paper and for tomorrow and I hope I'll have high quality demo. Also software is almost done and some sketches are started for ultimate design of the super secure printed wallet.

1LuckAsHuFJ3Y59aztSxzHaBtRihc2vDmX

Private key QR extra protection

I got idea for creating a printed wallet where on easy way we can add extra security to it or to make it double secure than any another printed paper wallet.

Example: If we have a paper wallet of 1 BTC and we use it to make a payment from it for let say 0.01 BTC then our paper wallet is mainly vulnerable because we must to reveal the public QR code key. Yup we can set up sticker back but from few usages the sticker will get damaged (check the price of one BTC and calculate how many payments you can do with 1 BTC ). Also if someone get or take a picture of our paper wallet with QR codes then there isn't too much to be done.

How we can add extra security to our paper wallet of QR codes? Take a look into this:

http://btcluck.blogspot.com/p/private-key-protection.html

 As you can see there we get the possibility to split up private keys into two parts.
 Now imagine the following:

  •  you have a paper wallets where part of the private key is visible and you don't need to care about it's stolen or pictured 
  • you have one extra transparent card with your own custom structure like one part the two generated images from the http://btcluck.blogspot.com/p/private-key-protection.html and you can use on unlimited number of paper wallets you produce for yourself
  • When you position your card over the private key part, you got private key QR code. 
  • Your phone wallet shouldn't be always filled in with funds
  • Someone to get your funds need to stole your card + your printed wallet.
  • Having only one piece, can't reverse the private key 


Now I'm going to do some print experiments with this technique, share the results with you and ofc. I'll finish the code and publish it for free.

If you like the idea don't forget to support this and another researches like this:
1LuckAsHuFJ3Y59aztSxzHaBtRihc2vDmX