I have been thinking for months about how to pay offline with zcash in any situation.
What if it were possible, especially with zashi “only zashi”, to create transactions offline, sign them and transfer them to another device with zashi, without internet, but with Bluetooth only as example.
And this transaction is only transferred to the blockchain as soon as an internet connection is available. Let’s say zashi can creates an offline address with a private key. It would be important that the user himself can never read the private key in plain text specifically from this address and precisely for this purpose of offline transfer. The user pays 1 ZEC into his offline address. An internet connection must still exist until this event.
Now the user is traveling and is in the jungle and has no internet, but the user meets someone who also uses zashi and would like to buy some water from him. Now the user makes an offline transaction via zashi for 0.5 ZEC. It is enough to sign the transaction offline and transfer it wirelessly to the other user. Once it’s done and an internet connection is back, both can only redeem a maximum of 0.5 Zec.
As long as both users never have access to the plain text private key of the offline address, neither of them can ever claim more than 0.5 Zec.
I apologize in advance for having written this topic here but unfortunately I can not create a topic myself yet.
The primary problem with this idea is that it’s vulnerable to double-spending attacks: you pay your jungle friend for water, and then your malicious wallet pretends that those notes were never spent and allows you to pay another jungle inhabitant for a cold coconut, spending the same notes. Then, just to make sure, you also spend those notes in a transaction back to yourself, and make sure that you get back online before either of the vendors finish their workday; when they attempt to redeem the notes you gave them, the transactions will be rejected by the chain as double-spends.
I have already thought about what you say, but it is clearly a matter of security how to prevent such things in advance.
Basically what happens is
I transfer 1 Zec in zashi to an offline address that zashi has created.
This 1 Zec actually stays where it is. Basically, only future transactions are generated from this 1 zec that has not yet been redeemed or transferred on the blockchain. If I have say: 4 offline transactions * 0.2 Zec
zashi only allows me to redeem 0.2 Zec. Therefore it is important that zashi does not give me access to the privatekey in plain text.
I am almost sure that this will work.
Zashi could, for example, as soon as I make an offline transaction
send my own remaining amount to a new offline address with a new privatekey so that I no longer have access to the old offline privatekey.
even if none of these processes took place on the blockchain it would be possible as long as Zashi never allows anyone in the entire offline transaction chain access to an offline private key. maybe you could limit it to a maximum of 1 or 2 transactions with an offline address.
It is primarily about being able to make a transaction regardless of the situation, but above all offline.
I mean, I could also log into a malicious wallet and lose my funds. I think it’s a matter of implementation and security measures that one takes.
Perhaps both Zashi wallets would have to wirelessly exchange information with each other beforehand and prove that they are not compromised and legitimate.
The individual at risk in this protocol is the recipient. There is no way to prevent someone from creating a malicious build of Zashi and using that to defraud people. By creating a protocol that invites fraud-by-double-spending, we put people at risk of being defrauded. So we won’t do that.
Preventing double-spending is literally the only problem that blockchains solve.
I agree with you. In my version, this would be a purely software-based solution and therefore also an attack vector. That’s why I thought about it again during the night. There would probably need to be a hardware-based solution, i.e. a hardware wallet with a secure element to make offline transactions relaizable.A closed and isolated system. I claim that if it is possible to create a secure online transaction, it must also be possible offline. (You could design this secure chip element in such a way that it is destroyed as soon as you try to modify or compromise it). Just imagine you can use your wallet on and offline. Then it is a real wallet. That would be a revolution.
@Lixin to the Keystone team, how about thinking about the idea of making your wallet ready for offline transactions?
We can pay using paper wallets. Additionally, there could be an option in Zashi: “read from paper wallet” - where funds from the private key are immediately transferred to our Zashi shielded address (the private key is imported on the fly, and the funds are sent in the background).
Plus an option to create paper wallets with custom graphics.
Of course, this would mostly be suitable for smaller amounts.
Cool idea actually, a piece of paper like a bank note. But it is a QR code with access to to a fixed amount of ZEC that you can hand over to someone else.
The Cascasius coins were neat, before the US federal government forced cascasius out of business. I think though that some other companies have sprung up that offer load-it-yourself physical coins that have tamper-evident concealment of the associated private keys.
It’s not as simple as “finding a solution”, it’s about reinventing and revolutionizing cryptocurrencies altogether.
If Alice wants to buy something from Bob in the middle of the jungle, with no internet access, they’d have to exchange information offline (via Bluetooth or another wireless method). Suppose this offline wallet manages a “temporary blockchain.” When they transact offline, they both generate a commitment and verify they share the same view of this temporary blockchain. Later, they’d publish that information online so nodes can confirm the integrity of the transactions, and eventually the transaction can be mined and recorded on the global blockchain.
Here’s the main issue: Bob must trust Alice is using unmodified software. If Alice has a hacked version that secretly backs up her private key, she could go online first and spend the coins before Bob does. Or worse, maybe Alice never had the coins to begin with, she might have spent them already, and the offline wallet wouldn’t know.
Blockchains are trustless precisely because they don’t require the parties to trust each other.
In this extreme scenario, I believe they’d be better off using the Dollar or any other fiat currency.
Since most people find many reasons why something doesn’t work, try using this knowledge to work out how to make it work after all.
I think the whole thing would be possible with a hardware wallet on which there is a security chip or element that prevents exactly these problems of hacked software.
What if a hardware wallet no longer needed a computer or smartphone for a transaction but only a sim card. In other words, you insert a sim card into the hardware wallet and send the transaction directly via the sim card, i.e. via the internet or a telephone connection.