Proving ownership of a cryptocurrency

In a private conversation we recently discussed how an individual can prove whether he owns Bitcoin, e.g. to prove solvency.

The most common answer to the question is to have the user send a small amount of Bitcoin to an address of the validators choosing, thus proving control of the Bitcoin in question. While this process surely works it lacks a deeper understanding of how Bitcoin functions and, on top, incurs an unnecessary transaction and the resulting fees.

Every time someone attempts to spend Bitcoin he needs to provide a signed transaction, proving to the network that he is in fact in possession of the private key and thus the owner of the funds spendable by the address (derived from the public key). Using common wallet software the exact process will be mostly hidden from the user.

Besides signing spending transactions with our private key we are also able to sign arbitrary messages with our private key. In fact thats what Public-
key cryptography was used for long before Bitcoin to prove authenticity of a message. Signing an arbitrary message with a private key is not limited to
 Bitcoin. It’s applicable to other cryptocurrencies as well. The following example uses Ethereum.

Using web3.js you can sign an arbitrary message programmatically

web3.eth.sign(web3.utils.sha3("Thanks for reading the article. Cheers Axel"), "0x38588822Bea476d5e1D56cFC9CE9781Fe5262196").then(console.log)
> 0x027d1dd45ab0eeee5803079086679a70d444a2d4ea7e8db221894977eabf8bfc

The signature 0x027d1dd45ab0eeee5803079086679a70d444a2d4ea7e8db221894977eabf8bfc7486d6a9413e4a9aeddccf851ba7c2ea81835576b0afabbcfd62493ff0924ff400 the
address 0x38588822Bea476d5e1D56cFC9CE9781Fe5262196 and the message Thanks for reading the article. Cheers Axel can then be relayed to the validator for verification.

To verify the message the validator can e.g. use a form provided by

Give it a try. In enter the adress, the message signature and the message itself. Then hit Verify.

Message Signature (with Geth Prefix) Verified. Pass!

Try to replace Axel with Bob in the message above. And you get

Sorry! The Signature Message Verification Failed

Thus the signature protects the message integrity

Bitcoin Wallets such as Electrum offer the same functionality.

By creating the signature above we prove ownership of the private key and thus of the funds. Instead of writing an arbitrary message we can state

I, Alice McBob, can spend the funds of this address

One issue arises when multiple companies or individuals share private keys and reuse the same address to prove solvency. A victim could then be tricked into believing an individual is solvent when in truth anyone in the group of the private key holders could siphon off the coins at any time.

We need a way to prove only one individual has access to the private key.

This is impossible

Even if he moves all funds to a new address and thus a new private key, there is no way for him to prove he has not shared the key with someone else or whether his key was stolen right after its generation due to someone having unauthorized access to his physical device where the key is stored.

Of course a similar problem exists outside of the blockchain. Say a customer uses Two-factor authentication to create a transaction with his online banking provider. He needs the password for the website of the banking provider and a physical device (e.g. phone) where he will be sent a TAN to confirm the transaction. If he loses both access to the phone and the credentials for his online banking an attacker will be able to create transactions with his account. Of course the banking provider knows its customer and thus who is the rightful owner of the account.

Thus to solve the issue of proof above we need to introduce a trusted intermediary. Something a public blockchain was introduced to avoid in the first place. The basic idea of a blockchain is to have consensus without trust.

Nevertheless the trusted intermediary, maybe a banking provider or a notary, can take care of the attestation and attest the following if authorized institutions are asking

The individual Alice McBob provided 1000 Dollars to us which we exchanged into Bitcoin and sent to the address 1A2a1NNjy4RCbabvnZWsAxJWrBRkyypq4H. We certify Alice McBob has access to these funds and the funds were still stored under this address at the time of attestation.

The statement can be encoded in a Bitcoin Transaction, which in turn requires someone attesting the attestor, or listed on a website, which is, hopefully, under the control of the attesting instance.

Whether the practice of attestation is a good thing has to be evaluated by the participating individuals.

Hopefully the article did shed some light on the problem of proving who controls the funds on a specific Bitcoin address.