Discuss BitWasps multi-sig based trading security concept


In the current Bitwasp software, when a user builds up an order, they hit 'Proceed with order' and then are taken to a page where they see the breakdown of the fee's, shipping, total order price, and they enter their address. Right here, the buyer will enter a public key. The vendor will be able to enter multiple public keys in advance, otherwise they'll be asked to enter one when they choose 'finalize early' or 'escrow'.

Once the vendor selects this and has provided a public key, the admins public key will automatically be generated (probably from an MPK, ideally..), and the multisig address, and the details sent to everyone: the address, the amount that needs to be sent, the redeemScript (so they can verify it encodes all the correct details).

Regardless of whether the payment is 'finalize early' or 'escrow', then the site will poll the blockchain for payments to that address. Once the full amount is paid, then the order is marked as paid, and all users messaged a link to a page that shows the generated transaction, paying the vendor the full amount, minus the sites fee (a raw transaction spending all the transactions sent to the multisg address, and sending to the vendor in one output, and to the sites fees address in another).

Everyone will be shown the transaction paying the vendor. If the buyer raises a dispute, then the users will start to discuss the order, and the admin will generate a new transaction paying the appropriate amount to both parties. But if it's all successful, then one of the users will sign the transaction, and paste the partially signed transaction on the site. Then the other user will sign the transaction, broadcast it, where it will be identified by bitwasp when it makes it into the blockchain.

So, to break it down, the vendor and buyer both have to supply public keys (either in advance or when their action is needed, like entering an address, or selecting escrow/FE). They need to add the multisig address to their client if using bitcoinQt using one command, and then sign using another. They can verify the redeemScript or transaction hex so that the details are correct using their client, or else using coinb.in.

Entering keys manually is awkward, and it would be great if we could accept electrum MPK's on registration. All the public keys are generated automatically, very cool.. But, then this would mean I would have to upgrade to BIP32 afterwards, because electrum is upgrading to this wallet structure in version 2.0.

So, for now, I suggest we only allow the admin to enter MPK's, and have the users enter public keys manually or in advance. They can generate them in their browser, using coinb.in/multisig (I'll be suggesting people download an offline copy of this site, because it means once funds are sent to the multisig address, the two users can add the signature to transactions in the browser, without having to use their client. It's really simple.), or brainwallet.org (and then using them in their client, or coinb.in anyway)

Anyway, having users supplying them in the browser is probably the best thing until BIP32 is supported in most clients. Bitcoin-Qt and electrum are definitely going to use BIP32, so excellent. But, that's another milestone, long after multisig goes in.

Here's where I need feedback: 1) I'm thinking about asking for an electrum mpk to receive fee's on. What do you think about this? 2) The admin's key should also be generated from an electrum mpk. There is no reason the key needs to be stored on the site. Has anyone ever looked at multisignature transactions in electrum, where the wallet only has one key? I think there is a way to display transactions fit for electrum to sign, but documentation of the code is scarce.. 3) Right now, as we've seen, bitcoin-QT and bitcoind are fine for multisignature transactions. But I feel electrum would be way better. If anyone has any information on how electrum works with multisig please send them my way. 4) How do sites that implement true multisignature escrow do it?

How does this sound? Does the process sound like something end users would be easily trained to do? I think it becomes pretty straightforward, as you can see using multisig.bitwasp.co, there are only 2-3 actions the users need to do. One less step when we automate key generation. That's the price they pay for absolute security for their bitcoin. No more heists, all transactions occur in the blockchain, and are only considered valid when in the blockchain.

It means no more live wallet, so the possibility for the negative balance hack is removed, and the trust in the site becomes minimal. If the site is run by an attacker, they simply can't run off with the money. Even if there is unexpected downtime, or the admin goes AWOL, buyer and vendor have their public keys, so can try negotiate on another channel to at least sort out their funds themselves.

Feedback on this is critical to Bitwasp's success, so please, fire away.


Any input is appreachiated.


Comments