Use envelopes containing Litecoin private keys as cash

Hard-to-fake and tamper-evident envelopes that contain Litecoin private keys can be used as cash and could enable easy adoption of Litecoins. Two versions are proposed: one is easy to use and cheap but less secure; the other is based on smart cards, which offers very high security and convenience and still remains cost effective.


1.1 Description

On the surface of the envelope, there should be some textures like those on dollar notes to prevent it from being faked and the amount of Litecoins contained in the private keys to indicate the value it contains. The technology involved is called Security Printing [1]. The cost of printing one piece can be as low as 0.18 USD [2].

In most cases, you just need to check the appearance of the envelop like you check notes to make sure it is not faked. If you don’t trust, you can simply open it and check the private keys.

1.2 Legal Status

Although purchasing from stores using these envelopes could cause legal issues, trading them between fiat money is no different from trading LTC directly and thus should have no problem. Interestingly, in many countries including the U.S, using this as currency can actually be legal [3, 4, 5].

1.3 Discussion

The advantages are: It is cheap. It works like cash and requires no mobile devices in most cases, so it is easy and convenient to use.

While dollars are used to be backed by gold but got changed later, this kind of Litecoin backed envelops are always backed the Litecoins contained inside. Moreover, the fact that those Litecoins can easily be redeemed gives it a big advantage compared with other private currencies like Digital gold currency [5].

Envelopes are just a metaphor. As long as we hide the private keys in a tamper evident way and we use security printing to prevent faked ones and we make them durable and easy to carry, we should be good.


2.1 Description

For higher value ones containing like more than 10 Litecoins, we can create a more secure version using smart cards.

Instead of directly putting the private key of the Litecoins inside the envelope, we put inside the envelope a password and a NFC based smart card containing 1) the private key of the Litecoin, and 2) the private key of the issuing organization. We design the smart card in such a way that to read the private key of the Litecoins from the smart card, you will need the password contained in the envelope, and once the read is finished, the private key of the Litecoins will be automatically destroyed by the smart card immediately. So you cannot read the private key twice from the smart card.

Then, without opening it, we can use a mobile phone to verify that the envelope is indeed produced by the organization because it signs using the issuing organization’s private key. Also, we can verify that the smart card indeed contains so much Litecoins because it signs using the private key of the Litecoins.

Also, we can see the envelope and the smart card need to be used together to retrieve the Litecoins. Without the envelope, you lack the password to retrieve the private key from the smart card. Without the smart card, the password inside the envelope is simply useless.

2.2 Discussion

The envelope including the password is required. There are two cases if we use only a smart card without the envelope.

  • If any user can read the private key from the smart card, the smart card is basically useless. It’s the same as printing out the private key on a paper and send it directly to another guy.
  • If the private key in the smart card cannot be read by anybody and can only be used to sign, people then need to absolutely trust the issuing organization that it does not write the same private key into multiple smart cards.

Faking/duplicating the smart card is impossible as you don’t have the private key of the organization. Opening the envelope and retrieve the private key of the Litecoins and then put the smart card into a faked envelope will not work as the private key has already been destroyed after you read it, so a mobile phone can verify that easily.
And normal envelopes can be used. There is no need for money printing technologies.

For normal paper wallets or the one above, once you verify, they cannot be used anymore as you’ve already got the private keys. But it is good for small amounts.

Mobile wallets need network connection to send and receive Litecoins. It’s good when both you and the receiver have network connection and wallets.

With this, the sender needs no network connection. And the receiver can verify within 2-3 seconds both the amount and the issuing organization if he/she has network connection. If there is no network connection, the receiver can still use a phone to verify whether it is from a trustworthy organization or not. If it is from a trustworthy one, and if the envelope seems OK, the receiver can pretty confidently accept it if the amount is within a few hundreds of dollars.

Many Chinese guys just want to buy Litecoins and store there and wait for the news about Litecoin price. It should be as easy as buying and storing gold. Right now, it’s too difficult for them to download a mobile wallet and generate an address. And they have no idea about how to use a wallet securely. What if they lose their phones or reformat their hard disks? Making it physical is important. With this, they just need buy and lock them in their cabinets and forget about it.

Also, it provides absolute anonymity.

The cost of one smart card can be as low as 0.2 USD [6]. So the total cost should be less than 0.18 (security printing) + 0.2 (smart card) = 0.38 USD.


In Section 2, it appears that the issuing organization will have access to all private keys, which thus makes it the single point failure. Actually, it needs not be so. When the smart card is initialised, it randomly generates a password, which can be read out once and written down on the inside of the envelope, then it generates a pair of Litecoin public key and private key itself and keep the private key confidential until someone uses the password to retrieve it, upon which the private key gets destroyed as described in Section 2.

Therefore, during this setup process, no one has access to the Litecoin private key including the issuing organization, and thus this solves the Schrodinger’s private key problem.

The organization can still keep the password and thus is able to read out the private key without tampering the envelope. But they need to have physical access to the smart card, which makes the whole process much harder. To make this process even harder, we can use very short range contactless smart cards, so a guy passing by is unlikely to get your private key. As always, you can use your smart phone to check whether it still contains a valid private key or not without opening the envelope or connecting to the Internet within seconds.

In this case, the issuing organization is needed only to make sure the security printing format is standardised and well accepted. It is not convenient to have too many kinds of envelopes.

4. COMPARISON WITH OPENDIME offers a USB based device that has less functionality but much higher cost. Basically, the USB device randomly generates a Bitcoin public/private key pair and the private key is kept secrete until you break the USB device physically. But because it is based on USB, it cannot work with phones conveniently. This is especially inconvenient when you are receiving it but have no computer to verify the Bitcoins inside it.

Please notice that the ideas above shall not be used commercially without a consensus. Thanks.








1 Like

Hello Xinxi,
I think this is a great idea and I have also been pondering on doing this for a few years now. I have gone as far as engineering security features, design and name-brand. The number one reason I have not finished and released my prototypes is because of government restrictions. I live in South America and I have been selling Bitcoins (physical and electronic) on MercadoLibre (Latin version of EBay). Recently MercadoLibre has deleted all accounts selling Bitcoins and virtual currencies. Several Bitcoin exchange start-ups have basically been kicked out or shut down in my region. The last thing I want at this point in time is to attract the attention of the people in control.
The number two reason I have not released my prototypes is because of name-brand trust. Any entity that is anti-Bitcoin can invest a relatively small amount of money to sabotage your credibility by counterfeiting your name-brand and destroying trust with “0” value private keys. My intentions were to create a “smart-phone” app that can use NFT, or IR, or whatever fancy sensing capability to verify “wallets” right on the spot at the point of sale between two parties. However… we all know what the app-stores are doing to cryptocoin apps.
So… I am sort of standing by waiting for a little help in my region with this idea for something new to develop to counter these issues.

I’d love to hear any feedback from the community.


Secure storage envelopes (SSEs) or something similar. Just an idea.
I like where you are going with this.