Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Merits 1 from 1 user
Topic OP
Introducing Cheap Bitcoin Notes
by
sdp
on 10/06/2022, 12:19:20 UTC
⭐ Merited by dkbit98 (1)

                                                                          A Cheaper Bitcoin Note Project
                                                                                 =============

+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
|  Yi MILLIBITCOIN                                                                                                                       ONE MILLIBITCOIN   |
|                                                  Redeem with Issuer After :   November 6th, 2025                                                          |
|              +-------------------------+                                                                                      +---------------------+     |
|              |XX    X         X     XX |                                                                                      | [X]            [X]  |     |
|              |       XX        XX      |                             1                                                        |         X       X   |     |
|              |   XX    XX        X     |                     millibitcoin                                                     |   X      X         X|     |
|              |   X            X        |                                                                                      |                     |     |
|              | XX        X  X     X    |                                                                                      |   [X]               |     |
|              +-------------------------+         Redeem Alone After:   November 6th, 2030                                     +-------------------- +     |
|                                                                                                                                                           |
|                     Private         Key                                                                                                    Address        |
|                                                                                                                                                           |
|  Un MILLIBITCOIN                                                                                                                         EK MILLIBITCOIN  |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------+


Bitcoin's massive acceptance of the new unit of account, is finally manifest.  While many rush to sign up to exchanges to get theirs there is concern that Bitcoin is lacking in three important qualities:
1.  Darkness: Transactions sent without revealing who or how much. 
2.  Lower Transaction Fees.
3. Offchain transactions.

Changes in the Bitcoin Protocol in order to fix either of these issues has been tried but each attempt to do so either results in a forgotten source code fork or alt-coins (Monero, Bitcoin Dark, Dash, Bitcoin Cash).  These alt-coins must compete with name recognition and network effects of the currency when the distinct product is their improved payment system.

Far from sending standard amounts in multiple transactions to obscure the amounts, bitcoin transactions are easily identified by the amount sent.  In addition, bitcoin can be traced as it moves from address to address.  Most people having to trade from one crypto to another will have their address linked to their identity.  So much for anonymity and so much for darkness.

Because the bitcoin protocol requires the transaction specify where the currency output comes from, so even when sent to the same address it is more expensive to send when they had come in smaller increments rather than a single lump sum.  At the most extreme end of the scale it typically costs 85,120 satoshis (851 µBTC) to send transaction on the next block and only 224 satoshis if you are willing to wait days and be okay if it eventually fails.

When sending large amounts the transaction fees make up a smaller percentage.  It turns out that if paying the minimal fee on a transaction 50µBTC, the fee would only be 0.5% of the value of the funds sent.

Enter Bitcoin Note. Bitcoins are sent to a script which is a combination of time-locked, multi-signature and single signature. The user gets to use the coins as a physical bill and is unable to transfer funds from it.  It can only be transferred with the help of the issuer and the private key on the bill.  The private key is unique to each bill.  In order to protect the issuer from extortion, he must destroy the copy of the private key on the bills before they leave the shop.

The issuer also has another private key.  In combination with the private key of the issuer and the private key on the bill they can redeem the money after the redemption date with this combination.  There is an expiry date, after which the holder, of the private key on the bill can unilaterally move the underlying coins on the block-chain.  It is important to take your bills to the issuer prior to that date so anyone who ever had the bill doesn’t move the backing block-chain BTC.


Measures against counterfeiting

These Bitcoin notes should be used between people who know each other.  Down the road the issuer after spending his bitcoin notes at a shop, may take them back as change for some later purchase or there maybe more cyclical economies where money moves around in a circle without ever needing to be changed into fiat.

The issuer can create bills that have a torn side.  A serial number match with the torn bill can be used to validate the bill is the original and not a photocopy.  Other more involved forms of measures against counterfeit can include things found in regular fiat bills and they raise the bar in terms of what a counterfeiter has to do, what equipment one must buy, etcetera.

Suggested Bill Values used

Paper currency in bitcoin based on purchasing what you typically need at a clothing shop or electronics store, it seems that 1 mBTC is a good upper size.  Larger than that, you might as well just keep things on chain.  These days, 100 µBTC is an amount that would cost about 2.5% of its value for an online transaction.  Creating a special transaction for this amount once and putting it on a Bitcoin note, could allow zero fee transaction to happen with this note limited only by the ability to pass it between one user and another.
Scripting

The script for a single issuer and a private key for each note:

ki ->  issuer's public key (private key not on the paper)
kp -> paper public key whose private key is on the paper

<sig1> := (signature of the issuer)     
<pubkey> := k1
<sig2> := <sig>  (signature for the key that's on the paper)

In square brackets the stack of the Bitcoin Virtual Machine is placed next to the op codes to aid better understanding.

Script Template
OP_2
k1
k2
OP_2
OP_DEPTH
OP_2                 
IF_EQUAL             
OP_IF
  OP_2               
  <ki>               
  <kp>               
  OP_2               
  <redeem with issuer date>           
  OP_check_locktimeverify
  op_checkmultisigverify
OP_ELSE [sig]
  <k2>
  <redeem alone date>               
  check lock time verify
  drop                 
  dup       
  op_hash160
  <hash(k2)>
  op_equalverify
  op_checksig
OP_ENDIF
The script can be redeemed with the following inputs:
During the redeem period you can redeem them with:
<Issuer SIG>
<Another SIG using the private key on the note>
2
<Issuer Public Key>
<Paper Public Key>


During the post-redeem with issuer period it can be redeemed by anyone who has the private key.
<SIG>


At the start the stack is either [sig] or [sig1 sig2].

OP
Redeemable with issuer
Redeemable alone (single sig)

0 sigi sigp 2 ki kp 2
sigp
OP_DEPTH
... kp 2 => ... kp 2 7
Sigp => sigp 1
OP_7
... 2 7 => ... 2 7 7
Sigp 1 => sigp 1 7
OP_EQUAL
... 7 7 => 1
Sig 1 7 => sig 0
OP_IF
... kp 2 1 => ... kp 2
sig 0 => sig
  OP_DROP
... ki kp 2 => ... ki kp

  OP_2DUP
... ki kp => ki kp ki kp

  OP_HASH160
... ki kp => ki hash160(kp)

  PUSH hash160(kp)
... => ... hash160(kp)

  OP_EQUALVERIFY
... hash160(kp) hash160(kp) => ...

  OP_HASH160
... ki kp ki  => ki kp hash160(ki)

  PUSH hash160(ki)
... => ... hash160(ki)

  OP_EQUALVERIFY
... hash160(ki) hash160(ki) => ...

  OP_2
0 sigi sigp 2 ki kp => 0 sigi sigp 2 ki kp 2

  OP_3
0 sigi sigp 2 ki kp 2 => 0 sigi sigp 2 ki kp 2 3

  OP_PICK
... ki kp 2 3 => ki kp 2 2

  OP_EQUALVERIFY
0 sigi sigp 2 ki kp 2 2 => 0 sigi sigp 2 ki kp

  OP_2
0 sigi sigp 2 ki kp 2




  PUSH redeem

... kp 2 => ... kp 2 redeem
  OP_CHECKLOCKTIMEVERIFY

 ... => ...
  OP_DROP

... 2 expiry => 2



  OP_CHECKMULTISIGVERIFY
... 0 sig1 sig2 2 ki kp 2 => []

OP_ELSE


  PUSH kp

sig => sig kp
  PUSH expiry

sig kp => sig kp expiry



  OP_CHECKLOCKTIMEVERIFY


  OP_DROP

sig kp expiry => sig kp
  OP_DUP

sig kp => sig kp kp
  OP_HASH160

... kp kp => ... kp hash160(kp)
  OP_PUSH hash160(kp)

... kp => ... kp hash160(kp)
  OP_EQUALVERIFY

... hash160(kp) hash160(kp) => ...
  OP_CHECKSIGVERIFY

sig kp => []
OP_ENDIF





Seed creation phrase (Do not use for real (mainnet) funds!!!):

‘general image wine slam knee auction boat carry then adapt huge captain’

Bitcoin testnet faucet: https://testnet.help/
Bitcoin testnet address: tb1qq2z3t9lnpq370exmmjsrrt8lwhzf56pla4j4t0
`electrum --offline --testnet -w ~/.electrum/testnet/wallets/default_test_wallet -v getpubkeys tb1qq2z3t9lnpq370exmmjsrrt8lwhzf56pla4j4t0`

Let the Paper Data Be:
Public Address: tb1qq2z3t9lnpq370exmmjsrrt8lwhzf56pla4j4t0
Public key: 0x0237d0db0db60473c13dacd56043342f90263bc4545d91d92ae2bd2827ccdad0aa
Private key: p2wpkh:cPE1c91SAmiJ3gU7zdyJhQbiaqPX9dvvYdDutD1FDjstW8R3yNje
Hash160 of Public Key: 0xD357872E86E1D4D8B5BA09C3B3CBF0705656EF93


Issuer Data:
Public Address: tb1quh0mmjuwl0gu2wla4t76prdtuzt5hlh0dp6kn5
Public Key:     02c5def4d26d803be6c2ec38db7b693088b504801294276fba734687dcb86741d3
Private Key:    p2wpkh:cQbBdBtspSCEVdTugyZstGNyUZk79bdUkbbRYfyoq7dd5CJ8jHhh
Hash160 of Public Key: 0x60208BB5D099A4681E40DF8B335B29714EBB856A

Example with values filled in:

OP_0
OP_5
OP_16
OP_2

0x02c5def4d26d803be6c2ec38db7b693088b504801294276fba734687dcb86741d3
0x0237d0db0db60473c13dacd56043342f90263bc4545d91d92ae2bd2827ccdad0aa
OP_2
OP_DEPTH
OP_7
OP_EQUAL
OP_IF
  OP_DROP
  OP_2DUP
  OP_HASH160
  0xD357872E86E1D4D8B5BA09C3B3CBF0705656EF93
 
  OP_EQUALVERIFY
  OP_HASH160
  60208BB5D099A4681E40DF8B335B29714EBB856A
  OP_EQUALVERIFY
  OP_2
  OP_4
  OP_PICK
  OP_EQUALVERIFY
  OP_2

  621BA473
  OP_CHECKLOCKTIMEVERIFY
  OP_DROP

  OP_CHECKMULTISIGVERIFY
OP_ELSE
  621BA573
  OP_CHECKLOCKTIMEVERIFY
  OP_DROP
  OP_DUP
  OP_HASH160
  D357872E86E1D4D8B5BA09C3B3CBF0705656EF93
  OP_EQUALVERIFY
  OP_CHECKSIGVERIFY
OP_ENDIF


This idea had sat on my disk for years, but contrast it with https://bitcointalk.org/index.php?topic=5401680.0 perhaps we can combine ideas to make an even better project.