Discussion:
[bitcoin-dev] Visually Differentiable - Bitcoin Addresses
shiva sitamraju via bitcoin-dev
2017-10-30 08:56:40 UTC
Permalink
Hi,

When I copy and paste bitcoin address, I double check the first few bytes,
to make sure I copied the correct one. This is to make sure some rogue
software is not changing the address, or I incorrectly pasted the wrong
address.


With Bech32 address, its seems like in this department we are taking as
step in the backward direction. With the traditional address, I could
compare first few bytes like 1Ko or 1L3. With bech32, bc1. is all I can see
and compare which is likely to be same anyway. Note that most users will
only compare the first few bytes only (since addresses themselves are very
long and will overflow in a mobile text box).

Is there anyway to make the Bech32 addresses format more visually distinct
(atleast the first few bytes) ?
Ben Thompson via bitcoin-dev
2017-10-30 12:49:18 UTC
Permalink
Checking the first few bytes of a Bitcoin Address should not be considered
sufficient for ensuring that it is correct as it takes less than a second
to generate a 3 character vanity address that matches the first 3
characters of an address.

On Mon, 30 Oct 2017, 11:44 shiva sitamraju via bitcoin-dev, <
Post by shiva sitamraju via bitcoin-dev
Hi,
When I copy and paste bitcoin address, I double check the first few bytes,
to make sure I copied the correct one. This is to make sure some rogue
software is not changing the address, or I incorrectly pasted the wrong
address.
With Bech32 address, its seems like in this department we are taking as
step in the backward direction. With the traditional address, I could
compare first few bytes like 1Ko or 1L3. With bech32, bc1. is all I can see
and compare which is likely to be same anyway. Note that most users will
only compare the first few bytes only (since addresses themselves are very
long and will overflow in a mobile text box).
Is there anyway to make the Bech32 addresses format more visually distinct
(atleast the first few bytes) ?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
shiva sitamraju via bitcoin-dev
2017-10-30 13:13:56 UTC
Permalink
For example bc1qeklep85ntjz4605drds6aww9u0qr46qzrv5xswd35uhjuj8ahfcqgf6hak
in 461e8a4aa0a0e75c06602c505bd7aa06e7116ba5cd98fd6e046e8cbeb00379d6 is 62
bytes ! This is very very long. This will create lot of usability problems
in

- Blockexplorers (atleast user should be visually able to compare in a
transaction having multiple outputs which one his address)
- Mobiles
- Payment terminals

From my limited understanding, the purpose of inventing a bitcoin address
format is for usability and ease of identification (versus a ECDSA public
key), While I get the error/checksum capabilities Bech32 brings, any user
would prefer a 20 byte address with a checksum over an address that would
wrap several lines !!


On Mon, Oct 30, 2017 at 6:19 PM, Ben Thompson <
Post by Ben Thompson via bitcoin-dev
Checking the first few bytes of a Bitcoin Address should not be considered
sufficient for ensuring that it is correct as it takes less than a second
to generate a 3 character vanity address that matches the first 3
characters of an address.
On Mon, 30 Oct 2017, 11:44 shiva sitamraju via bitcoin-dev, <
Post by shiva sitamraju via bitcoin-dev
Hi,
When I copy and paste bitcoin address, I double check the first few
bytes, to make sure I copied the correct one. This is to make sure some
rogue software is not changing the address, or I incorrectly pasted the
wrong address.
With Bech32 address, its seems like in this department we are taking as
step in the backward direction. With the traditional address, I could
compare first few bytes like 1Ko or 1L3. With bech32, bc1. is all I can see
and compare which is likely to be same anyway. Note that most users will
only compare the first few bytes only (since addresses themselves are very
long and will overflow in a mobile text box).
Is there anyway to make the Bech32 addresses format more visually
distinct (atleast the first few bytes) ?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Pieter Wuille via bitcoin-dev
2017-10-30 14:26:29 UTC
Permalink
On Oct 30, 2017 15:21, "shiva sitamraju via bitcoin-dev" <
bitcoin-***@lists.linuxfoundation.org> wrote:

For example bc1qeklep85ntjz4605drds6aww9u0qr46qzrv5xswd35uhjuj8ahfcqgf6hak
in 461e8a4aa0a0e75c06602c505bd7aa06e7116ba5cd98fd6e046e8cbeb00379d6 is 62
bytes !


...

While I get the error/checksum capabilities Bech32 brings, any user would
prefer a 20 byte address with a checksum over an address that would wrap
several lines !!


That's an unfair comparison. You're pasting a P2WSH address which contains
a 256-bit hash.

A P2WPKH address (which only contains a 160-bit hash, just like P2PKH and
P2SH) in Bech32 is only 42 characters, not 62.

Cheers,
--
Pieter
Moral Agent via bitcoin-dev
2017-10-30 14:39:07 UTC
Permalink
If you are going to rely on human verification of addresses, the best way
might be map it to words.

For example, with a 6000 word list, a 25 byte address (with a checksum)
could be mapped to 16 words like this:

vocally acquire removed unfounded
euphemism sanctuary sectional driving
entree freckles aloof vertebrae
scribble surround prelaw effort

In my opinion, that is much faster to verify than this:

13gQFTYHuAcfnZjXo2NFsy1E8JGSLwXHCZ

or

bc1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3qccfmv3

Although I really do love Bech32.

On Mon, Oct 30, 2017 at 9:13 AM, shiva sitamraju via bitcoin-dev <
Post by shiva sitamraju via bitcoin-dev
For example bc1qeklep85ntjz4605drds6aww9u0qr46qzrv5xswd35uhjuj8ahfcqgf6hak
in 461e8a4aa0a0e75c06602c505bd7aa06e7116ba5cd98fd6e046e8cbeb00379d6 is 62
bytes ! This is very very long. This will create lot of usability problems
in
- Blockexplorers (atleast user should be visually able to compare in a
transaction having multiple outputs which one his address)
- Mobiles
- Payment terminals
From my limited understanding, the purpose of inventing a bitcoin address
format is for usability and ease of identification (versus a ECDSA public
key), While I get the error/checksum capabilities Bech32 brings, any user
would prefer a 20 byte address with a checksum over an address that would
wrap several lines !!
On Mon, Oct 30, 2017 at 6:19 PM, Ben Thompson <
Post by Ben Thompson via bitcoin-dev
Checking the first few bytes of a Bitcoin Address should not be
considered sufficient for ensuring that it is correct as it takes less than
a second to generate a 3 character vanity address that matches the first 3
characters of an address.
On Mon, 30 Oct 2017, 11:44 shiva sitamraju via bitcoin-dev, <
Post by shiva sitamraju via bitcoin-dev
Hi,
When I copy and paste bitcoin address, I double check the first few
bytes, to make sure I copied the correct one. This is to make sure some
rogue software is not changing the address, or I incorrectly pasted the
wrong address.
With Bech32 address, its seems like in this department we are taking as
step in the backward direction. With the traditional address, I could
compare first few bytes like 1Ko or 1L3. With bech32, bc1. is all I can see
and compare which is likely to be same anyway. Note that most users will
only compare the first few bytes only (since addresses themselves are very
long and will overflow in a mobile text box).
Is there anyway to make the Bech32 addresses format more visually
distinct (atleast the first few bytes) ?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Danny Thorpe via bitcoin-dev
2017-10-30 16:15:45 UTC
Permalink
Humans are very visually oriented, recognizing differences in images more
easily than differences in text.

What about generating an image based on the bytes of an address, using
something like identicon, used by gravatar? Any small change to the text
input produces a significantly different image.

-Danny

On Oct 30, 2017 7:43 AM, "Moral Agent via bitcoin-dev" <
Post by Moral Agent via bitcoin-dev
If you are going to rely on human verification of addresses, the best way
might be map it to words.
For example, with a 6000 word list, a 25 byte address (with a checksum)
vocally acquire removed unfounded
euphemism sanctuary sectional driving
entree freckles aloof vertebrae
scribble surround prelaw effort
13gQFTYHuAcfnZjXo2NFsy1E8JGSLwXHCZ
or
bc1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3qccfmv3
Although I really do love Bech32.
On Mon, Oct 30, 2017 at 9:13 AM, shiva sitamraju via bitcoin-dev <
Post by shiva sitamraju via bitcoin-dev
For example bc1qeklep85ntjz4605drds6aww9u0qr46qzrv5xswd35uhjuj8ahfcqgf6hak
in 461e8a4aa0a0e75c06602c505bd7aa06e7116ba5cd98fd6e046e8cbeb00379d6 is
62 bytes ! This is very very long. This will create lot of usability
problems in
- Blockexplorers (atleast user should be visually able to compare in a
transaction having multiple outputs which one his address)
- Mobiles
- Payment terminals
From my limited understanding, the purpose of inventing a bitcoin address
format is for usability and ease of identification (versus a ECDSA public
key), While I get the error/checksum capabilities Bech32 brings, any user
would prefer a 20 byte address with a checksum over an address that would
wrap several lines !!
On Mon, Oct 30, 2017 at 6:19 PM, Ben Thompson <
Post by Ben Thompson via bitcoin-dev
Checking the first few bytes of a Bitcoin Address should not be
considered sufficient for ensuring that it is correct as it takes less than
a second to generate a 3 character vanity address that matches the first 3
characters of an address.
On Mon, 30 Oct 2017, 11:44 shiva sitamraju via bitcoin-dev, <
Post by shiva sitamraju via bitcoin-dev
Hi,
When I copy and paste bitcoin address, I double check the first few
bytes, to make sure I copied the correct one. This is to make sure some
rogue software is not changing the address, or I incorrectly pasted the
wrong address.
With Bech32 address, its seems like in this department we are taking as
step in the backward direction. With the traditional address, I could
compare first few bytes like 1Ko or 1L3. With bech32, bc1. is all I can see
and compare which is likely to be same anyway. Note that most users will
only compare the first few bytes only (since addresses themselves are very
long and will overflow in a mobile text box).
Is there anyway to make the Bech32 addresses format more visually
distinct (atleast the first few bytes) ?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Moral Agent via bitcoin-dev
2017-10-30 16:48:09 UTC
Permalink
Or like keyart:
https://pthree.org/2014/04/18/the-drunken-bishop-for-openpgp-keys/

Images would definitely be quicker to verify by a human, but I don't think
humans can RELIABLY verify anything close to 25 bytes through an image.

Our visual processing system is designed wrong for this purpose, since it
subconsciously "corrects" visual input to whatever we expect to see.

It isn't enough to say that any small change produces a "significantly"
different image. What you need is for it to be (practically) impossible to
construct an image that looks similar but is wrong, which is a far higher
standard. For example, any change to a private key renders a significantly
different address -- but it is possible for an attacker to grind their way
to a similar-looking address.

I would recommend displaying 16 words in a 4 x 4 grid, but otherwise with
no visual distractions.

For example, don't provide an image next to the words as a help. Don't use
colors to differentiate two different sets of 16 words. What will happen is
people will see a pattern that triggers a sensation of familiarity, and
they will not carefully verify all of the words -- which is what security
requires.

For higher security keys, you could grind an address with enough zeros at
the beginning to be expressed by fewer words. For example, you could grind
to an address that could be fully expressed with a 12 word (4 x 3) grid
that would be easier for a human to verify reliably.
Post by Danny Thorpe via bitcoin-dev
Humans are very visually oriented, recognizing differences in images more
easily than differences in text.
What about generating an image based on the bytes of an address, using
something like identicon, used by gravatar? Any small change to the text
input produces a significantly different image.
-Danny
On Oct 30, 2017 7:43 AM, "Moral Agent via bitcoin-dev" <
Post by Moral Agent via bitcoin-dev
If you are going to rely on human verification of addresses, the best way
might be map it to words.
For example, with a 6000 word list, a 25 byte address (with a checksum)
vocally acquire removed unfounded
euphemism sanctuary sectional driving
entree freckles aloof vertebrae
scribble surround prelaw effort
13gQFTYHuAcfnZjXo2NFsy1E8JGSLwXHCZ
or
bc1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3qccfmv3
Although I really do love Bech32.
On Mon, Oct 30, 2017 at 9:13 AM, shiva sitamraju via bitcoin-dev <
Post by shiva sitamraju via bitcoin-dev
For example bc1qeklep85ntjz4605drds6aww9u0qr46qzrv5xswd35uhjuj8ahfcqgf6hak
in 461e8a4aa0a0e75c06602c505bd7aa06e7116ba5cd98fd6e046e8cbeb00379d6 is
62 bytes ! This is very very long. This will create lot of usability
problems in
- Blockexplorers (atleast user should be visually able to compare in a
transaction having multiple outputs which one his address)
- Mobiles
- Payment terminals
From my limited understanding, the purpose of inventing a bitcoin
address format is for usability and ease of identification (versus a ECDSA
public key), While I get the error/checksum capabilities Bech32 brings, any
user would prefer a 20 byte address with a checksum over an address that
would wrap several lines !!
On Mon, Oct 30, 2017 at 6:19 PM, Ben Thompson <
Post by Ben Thompson via bitcoin-dev
Checking the first few bytes of a Bitcoin Address should not be
considered sufficient for ensuring that it is correct as it takes less than
a second to generate a 3 character vanity address that matches the first 3
characters of an address.
On Mon, 30 Oct 2017, 11:44 shiva sitamraju via bitcoin-dev, <
Post by shiva sitamraju via bitcoin-dev
Hi,
When I copy and paste bitcoin address, I double check the first few
bytes, to make sure I copied the correct one. This is to make sure some
rogue software is not changing the address, or I incorrectly pasted the
wrong address.
With Bech32 address, its seems like in this department we are taking
as step in the backward direction. With the traditional address, I could
compare first few bytes like 1Ko or 1L3. With bech32, bc1. is all I can see
and compare which is likely to be same anyway. Note that most users will
only compare the first few bytes only (since addresses themselves are very
long and will overflow in a mobile text box).
Is there anyway to make the Bech32 addresses format more visually
distinct (atleast the first few bytes) ?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Ricardo Filipe via bitcoin-dev
2017-10-30 12:14:42 UTC
Permalink
start double checking the last few bytes instead?

2017-10-30 8:56 GMT+00:00 shiva sitamraju via bitcoin-dev
Post by shiva sitamraju via bitcoin-dev
Hi,
When I copy and paste bitcoin address, I double check the first few bytes,
to make sure I copied the correct one. This is to make sure some rogue
software is not changing the address, or I incorrectly pasted the wrong
address.
With Bech32 address, its seems like in this department we are taking as step
in the backward direction. With the traditional address, I could compare
first few bytes like 1Ko or 1L3. With bech32, bc1. is all I can see and
compare which is likely to be same anyway. Note that most users will only
compare the first few bytes only (since addresses themselves are very long
and will overflow in a mobile text box).
Is there anyway to make the Bech32 addresses format more visually distinct
(atleast the first few bytes) ?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Ben Thompson via bitcoin-dev
2017-10-30 14:23:51 UTC
Permalink
The last few bytes can be generated to be the same also.

On Mon, 30 Oct 2017, 14:20 Ricardo Filipe via bitcoin-dev, <
Post by Ricardo Filipe via bitcoin-dev
start double checking the last few bytes instead?
2017-10-30 8:56 GMT+00:00 shiva sitamraju via bitcoin-dev
Post by shiva sitamraju via bitcoin-dev
Hi,
When I copy and paste bitcoin address, I double check the first few
bytes,
Post by shiva sitamraju via bitcoin-dev
to make sure I copied the correct one. This is to make sure some rogue
software is not changing the address, or I incorrectly pasted the wrong
address.
With Bech32 address, its seems like in this department we are taking as
step
Post by shiva sitamraju via bitcoin-dev
in the backward direction. With the traditional address, I could compare
first few bytes like 1Ko or 1L3. With bech32, bc1. is all I can see and
compare which is likely to be same anyway. Note that most users will only
compare the first few bytes only (since addresses themselves are very
long
Post by shiva sitamraju via bitcoin-dev
and will overflow in a mobile text box).
Is there anyway to make the Bech32 addresses format more visually
distinct
Post by shiva sitamraju via bitcoin-dev
(atleast the first few bytes) ?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Loading...