There is actually one form of digital offline transactions which would work, but it relies on trusting secure enclaves in payment cards. Its basically a payment channel for trading privkeys (for any crypto), but it has some weird tradeoffs:
channel funds can be used with any other card holder – instead of just one channel party like LN
transfers have to use atomic amounts, sorta like ‘bills’ in a wallet
no need to adjudicate disputes on chain – hw protocol ensures a malicious card cannot steal or mint coins*
need to only interact with trusted cards (cards check certs in protocol)
Theoretically, we could add support for grin in these cards. I’m not sure I love the ‘trust that your secure card is actually secure’ approach, but secure elements have come a long way these days. Might be worth a look for those interested in doomsday scenarios
How would you prove only 1 person has the private key to 10 coins and not 1000 people having that same private key each thinking they’re the owner?
Exchanging the private key offline creates the problem of “who’s the owner?”. If two people know the private key, it’s impossible to tell who the owner is.
I suspect this is impossible without a blockchain. The main advantage of a blockchain is seeing what others see and in the same order. A blockchain can thus, due to its one-way nature, define a series of steps or evolutions over time. Coins exchanging hands is a series of steps so we can define a transfer of ownership. It’s seems there are at least two options so far: transact offline and only report proofs of double-spend attempts if/when they happen (Lightning) or publish the transaction for everyone to see.
I appreciate the option to trade offline. As Andrew Grove famously said, “Only the paranoid survive.” I believe we could enhance our wallet’s functionality by implementing a feature similar to Ironbelly, which would only allow transactions between Ironbelly wallets. Here’s how it could work:
Larry initiates a transfer of 20 coins to an offline wallet, which then encrypts the seed phrase, preventing Larry from accessing it. Once the transfer is complete, Larry sends the encrypted file to Steve, who becomes the new owner of the 20 coins. Larry no longer has access to the funds, and a log could be created to track the number of times the file has been transferred as a risk gauge. Additionally, we could implement a check-in mechanism like Ironbelly’s to ensure that the funds are still valid and online
I think you over-red the part about using a secure-chip/hardware wallet in my answer. If you store the public key with read access for all on a secure-chip/hardware wallet, you proof the funds are linked to the chip. Since the private-key can only be accessed physically after the relative lock-high is met, since only then its pin is published on the chain, only the person who physically holds the chip at that time the relative lock-high is met can access the private-key and spend the funds. The two problems that remain are 1) you need to trust the creator of the chip and 2) trust the central authority who had access to both the private-key and pin of the chip upon creation.
You are right, with the exception of the above solution, trusting the security of a chip instead of a block chain. In case of my solution, basically a hardware wallet. It is far from ideal, but it is the only solution I think of. Similar to how the solution of @coolwhip depends on a secure chip to ensure there are no double spends.
In the end, the is a reason why people came up with blockchains, exactly to solve the issues of double spending we describe, by sharing a single source of truth, proven to be shared/decentralized, an immutable digital ledger. Still, I think the idea of physical offline tokens is cool. Would love to get my hands om some secure NFC coins with Grin logo like the ones that were for sale on slatepackmarket.com (unfortunately offline now).
I do not want my wife to get jealous because I have a drawing of a greater beauty than here on my wall
I think quite a lot of grinners are relatively poor, myself included, hence there is very little money/grin to spend on fun things, even on the drawings of a disturbingly beautiful man.
You keep using the words relative timelock and years which do not go together. While an absolute timelock can delay transactions for years, a relative (NoRecentDuplicate) timelock only works for about 1 week…
Thx, I mean absolute time lock. It has been a while sice I red mastering Bitcoin or otherwise consumed technical information. My knowledge on crypto decreased in recent years😕.
I don’t have the time to dive into that now, but I do hope such solutions come about! OpenDime has kind of a similar concept, but, like a banknote, it’s not divisible unfortunately.
(cards check certs in protocol)