Skip to content

timohanke/bitcoin

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3,819 Commits
contrib
contrib
 
 
doc
doc
 
 
share
share
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
COPYING
COPYING
 
 
INSTALL
INSTALL
 
 
README.md
README.md
 
 
bitcoin-qt.pro
bitcoin-qt.pro
 
 
multiwallet-qt.txt
multiwallet-qt.txt
 
 

Repository files navigation

BCPKI

Goal

The BCPKI-project (blockchain-PKI) establishes the blockchain as a root CA. The goal is to allow a payment protocol to:

  • be all-bitcoin integrated
  • not rely on centralized CAs
  • allow for flexible certificates

BCPKI is not a payment protocol, but establishes a special kind of root CA that payment protocols may decide to use. There may be other applications besides payment protocols.

What has been done here

First, we have drafted a quite general specification for bitcoin certificates (protobuf messages) that allow for a variety of payment protocols (e.g. static as well as customer-side-generated payment addresses). This part has surely been done elsewhere as well and is orthogonal to the goal of this project. What is new here is the signatures under the certificates.

We have patched the bitcoind to handle certificates, submit signatures to the blockchain, verify certificates against the blockchain, pay directly to certificates (with various payment methods), revoke certificates. Signatures in the blockchain are stored entirely in the UTXO set (i.e. the unspend, unprunable outputs). This seems to make signature lookup and verification reasonably fast: it took us 10s in the mainnet test we performed (lookup is instant on the testnet, of course).

Payment methods include: static bitcoin addresses, client-side derived payment addresses (pay-to-contract), pay-to-contract with multisig destinations (P2SH)

Full-length real-world examples for all payment methods are provided in the tutorial pages. These examples have actually been carried out on testnet3.

For further details and specifications see the wiki: Technical.

Build

install protobuf:

apt-get install libprotobuf-dev python-protobuf
cd src/bcert
./make.sh
cd ..
ln -s bcert.pb.cc bcert.pb.cpp

continue as usual:

make -f makefile.unix

create directory for binary certificates:

mk ~/.bitcoin/testnet3/bcerts
mk ~/.bitcoin/bcerts

the python command line tools require:

pip install ecdsa

New RPCs (see rpcbcpki.cpp)

basic use (RPCs that appear in wiki examples)

do not access blockchain:

  • aliasdump : output all values associated with an alias name (normalization,hash,privkey,address,etc.)
  • importticket : import derived keys from a given base address and a given ticket number (pay-to-contract)

access blockchain:

  • bcverify : verify arbitrary signatures for a given alias, in particular verify certificates
  • bclist : list all signature values for a given alias

commit transaction (testnet only):

  • bcsigncert : sign a given certificate under a given alias name

  • sendtoalias : send money directly to alias (certificate must be available locally) this can handle various methods such as static bitcoin address, pay-to-contract with single or multiple basekeys.

  • spendoutpoint : spends a given outpoint (txid,vout) to a self-owned address

extended use (RPC that does not appear in wiki examples)

commit transaction (testnet only):

  • bcsign : sign given values under a given alias name

If you want to use the RPCs bcsigncert, sendtoalias, spendoutpoint and bcsign on the mainnet then you have to uncomment the calls to rpc_testnetonly() throughout rpcbcpki.cpp.

deprecated

  • aliasnew
  • aliasget

Python Tools

under src/bcert

library:

  • e.py : conversion functions between secrets, EC points, pubkeys, ids and bitcoin addresses
  • bcert.py : wrapper around bcert_pb2.py, parsers/conversion functions for certificates (binary, ascii, hexdump, yaml, etc.)

command line tools:

  • mkbcrt.py : generate binary protobuf certificates from yaml
  • dumpbcrt.py : convert binary protobuf certificate to various forms (pretty-print, ascii armored, hexdump, hash digest, etc.)

The python code builds upon the file bitcoin.py from the electrum client. Everything under src/bcert is GPLv3.

Changes

makefile.unix:

added object:

  • bcert.o
  • alias.o
  • bcert.pb.o
  • rpctojson.o
  • rpcbcpki.o added libs
  • protobuf

bitcoinrpc.cpp .h:

  • getnewaddress and dumpprivkey have new optional bool argument
  • new RPCs

rpcwallet.cpp:

  • gettransaction outputs more raw data
  • depends on rpctojson.h

rpcdump.cpp:

  • dumpprivkey accepts optional bool argument to output secret in hex format
  • importprivkey also accepts secret in hex format

rpcblockchain.cpp:

unchanged? copied snippets from here to elsewhere

txdb.cpp .h:

  • GetFirstMatch

main.cpp .h:

  • GetFirstMatch

script.cpp .h:

unchanged?

key.cpp .h:

  • CKey::SetSecret(vector) overloaded
  • CKey GetDerivedKey(std::vector ticket) const;

wallet.cpp .h:

  • CWallet::SelectCoinsMinConf
  • CWallet::SelectCoins setting fClear to false these functions now build upon the set of pre-selected coins that is passed as setCoinsRet and proceed as before, i.e. select more coins as required and a change address if required.

new files

  • alias.h .cpp
  • bcert.h .cpp
  • rpbcpki.cpp
  • rpctojson.h .cpp
  • bcert/bcert.proto

Useful Links

Hash/Conversion tools

Papers

About

Bitcoin integration/staging tree

www.bitcoin.org

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

94 tags

Packages

No packages published

Languages

  • TypeScript 60.3%
  • C++ 36.7%
  • Python 1.5%
  • C 1.3%
  • Shell 0.2%
  • Objective-C++ 0.0%