A full Multi-Signature tutorial for AlphaBay. Buyers: You now have no excuses, this is as easy as it gets. Lets all play by the new rules and force out traditional escrow! Only WE can stop the market scams from occuring!

Darknet Customers,

In less than 5 minutes you can generate a new key, add the public key to your profile, and order a multisig listing. The first 3 steps only need to be done once, and then from then on you NEVER have to put your funds on the market again! Give this tutorial to all the vendors you work with and ask them to enable multisig on their profile and listings! Only WE can stop these market scams and really its so very easy! You do it once, and then you just click 'multisig' instead of 'buy' when you want to make a purchase and send the funds from your regular non-market wallet!

I am going to slowly require all my customers to do multisig only transactions on multisig markets. I plan on eliminating ALL traditional escrow purchases within a few weeks. If you cannot follow this simple tutorial, then you are contributing to the problem. The more of you that deposit your money in these markets the more money will be stolen.

Please dont be scared, this is not a overly technical tutorial. Its very simple and every single one of you can do it! Lets all support multisig so that markets stop running away with our money!

This tutorial may appear to be lengthy, but thats only because I have a habit of being as detailed as possible. The actual steps to do this is about 4 steps and will take less than 5 minutes to accomplish. Read on!

Step 1:

Go to https://coinb.in/#newAddress and Click +New, and select New Address. If you prefer to connect through TOR, here is their onion URL:http://4zpinp6gdkjfplhk.onion/
Save all 3 fields in a .txt file on your computer, be sure to notate which line is the Address, Public and Private key in your documentation.

DO NOT FAIL TO SAVE THIS INFORMATION. In the event of needing a refund you will need to use that private key to retrieve your funds! If the market goes down you will need to contact the vendor and send him your key so that he can get his funds released. A multi-sig transaction requires 2 of 3 signing keys to be released, so yours + the vendors = money released. You can import that key into electrum or a blockchain.info wallet by simply choosing 'import' and pasting the key into the box. Only needed if you get a refund and need to move the funds! I strongly suggest giving the vendor a DNM email so that he can save it in the event of a market going dark so that he can contact you to get the key to release the funds! Also, do NOT deposit any money to this address you have created. If you receive a refund to this address, move the funds out immediately! That way if you need to give a vendor the private key that you are not compromising any of your money. Only give a vendor the key if alphabay goes dark, there's no other reason to do so!

Alternatively you can download the offline version of coinb and run it in 'offline' mode, but its safe to use the site because its all offline scripting. No information about your keys is shared with their website. Download if you want to run offline:
https://github.com/OutCast3k/coinbin/archive/master.zip
Tails users need to run the html from Tor Browser (persistent) for it to work.
Example:
http://i.imgur.com/BdWExjZ.png
mirror:
http://b64i.imgup.net/coinbgenerc9b7.png

Step 2: Ensure you have enough btc in your AlphaBay wallet, AlphaBay charges 4%, so if you buy a $100 listing you need to be sure to put at least $4 of btc in your AlphaBay account to cover the fee. Always better to put a little bit more than expected to cover fluctuating BTC prices. Remember you need to wait a few confirmations before the money will show up in your AlphaBay account. This could be 1 minute or 45 minutes, depending on the luck of miners who are trying to get the block reward. Check blockchain.info or btc.blockr.io to see the latest mined blocks and how much time has lapsed between recent blocks.

If you are sending from LocalBitcoins, no tumbling is neccessary, but if you are transferring directly from a exchange if you do not tumble/mix your coins before sending it to your AlphaBay account or the Multisig Address created for your order, your account will be suspended. All regulated exchanges hire blockchain analysis companies who will trace transactions, some even years past, and if any of the inputs/outputs are associated with known market addresses then they will shut your account down. The best way to prevent this is by using mixers like bitblender or grams, or if you want a cheap, easy and 'good enough' solution then use blockchain.info's shared send service.
Blockchain.info TOR url:
https://blockchainbdgpzk.onion/
Bitblender TOR url:
URL: bitblendervrfkzr.onion/
Grams TOR url:
grams7enufi7jmdl.onion/

Shared send does not offer a 100% severing of taint, so while it cannot completely erase assocition between addresses it is good enough for preventing discovery on 'automated' blockchain analysis. If a educated blockchain analyst wants to discover where your coins have gone, most of the time they will be able to do so, but understand this would take time and resources. So for purchasing on a exchange and getting it off, its good enough. Vendors would not want to use this service to hide their tracks because it does not severe the connection between inputs and outputs completely.

Step 3: Add a publickey to your alphabay profile. In the example provided above, the public key was "0201a748e9b5b70b7b144585a747b34f7145fae0a87ae98654d3abb826fb94cdb6". Copy the freshly generated public key (NOT THIS EXAMPLE!), then go to your profile by clicking your username in the upper right hand corner and paste the copied key into the top box where it says "Public Key" half way down in the "Multisig Information" section. Hit save changes.

Step 4:
Choose the listing you wish to purchase and click on the MultiSig button next to Buy. If you can click buy, this means the vendor has allowed regular escrow. If you can only click MultSig, then the vendor only allows multisig on this transaction.

Step 5:
Then it will give you a warning screen with technical information regarding multisig.

Step 6:
Put your address in the notes and be sure to checkmark 'encrypt the notes using sellers PGP' if you have not already encrypted your address with the vendors PGP key directly. By encrypting your address with your PGP software you are not trusting the market with your information. This is a better practice because if the markets server is compromised by LE, then they will have your address cached with every order. By encrypting first, you are preventing anyone but the vendor from reading your address. Click confirm purchase after inputting your address for the order.

Step 7:
You will be redirected to a screen that says "Generating, refresh in 2 minutes...". Wait a few minutes while the market creates a unique multisignature address for this transaction. It is creating the transaction with the pubkey pulled from the vendor and your profile.

Step 8:
After refreshing and getting the generated MultiSig address send the EXACT amount of the btc from the page to the Multi Signature address that is displayed. In the example it is 0.0877 BTC. The payment to this address can be from any wallet, meaning localbitcoins, blockchain.info, your DNM mixing service, or any other wallet not described here. Please heed the advice above about mixing your coins if you are purchasing bitcoin from a exchange linked to your Identity.

Thats it! Please remember to finalize the order the moment you receive it and leave feedback!

=======================VENDOR SECTION OR FOR BUYERS NEEDING A REFUND AFTER WINNING A DISPUTE

Vendors:

Follow step 1 instruction above to generate a key, and then paste it into your profile and save.

Create listing and enable multisig escrow.

When buyer buys, view order details for the multisig address and then check it with a block explorer to verify the customer has deposited the correct amount listed in the order. A few block explorer examples: https://blockchainbdgpzk.onion/address/multisignature-address-here https://btc.blockr.io/address/info/multisignature-address-here

Once you've verified the funds sent and confirmed (watch out for double spends, make sure there's a confirmation!) mark it shipped and wait for customer to finalize the order on his end once he receives. Once the buyer finalizes on his end the market will release their private key to you in the order details so that you can sign and broadcast the transaction. Vendors: Save the 3 keys and the MS deposit address when the order is created in your order notes so that you can retrieve your funds in the event of alphabay going dark! If you dont save this info you cannot generate the script correctly and get your money.

To redeem as a vendor or as a buyer after winning a dispute:

Step A
AlphaBay will give you the market private key upon finalization (vendor) or winning a dispute (buyer), its located in the order page under the public keys.

Step B
Go to http://ms-brainwallet.org/#generator and manually enter in all three public keys. Pro Tip: Save this page and use it offline! No reason to visit the site to use it!
After entering the 3 keys, change the Key Order until it displays the correct deposit address that was used for the transaction.
Copy the Redemption Script

Step C
Go to http://ms-brainwallet.org/#tx and paste the redemption script, your private key, and the market private key AlphaBay gave you. After entering the script it will prompt you if you want to download info from a api. Choose yes, it will fill in a lot of the info for you.
Choose a destination address (BE SURE TO USE YOUR ADDRESS HERE! IF NOT YOU WILL SEND THE MONEY TO SOMEONE ELSE!), amount, and fee, and hit re-sign.

Step D.
Copy the Raw transaction from the last step and go to https://coinb.in/#broadcast, or if you are using the offline version open the html, click broadcast.
Paste it in the field and hit submit.

If you followed the instructions correctly it will give you a tx id and your money should be sent to the address you specified within a minute or two. It will be spendable after a confirmation.

Important notes:

You must save all of the public keys used in a Multisig order. Do this on every order so that in the event of AlphaBay going dark you have the info you need to create the script. I advise vendors to get a form of contact from every customer so that in the event of AlphaBay going dark you can contact the customer and get the private key used in the tx so that you can sign and broadcast the release of your funds. If alphabay goes down, then there is no real concern with the customer handing over the private key. They should never store any funds in this address, so the key can only be used to sign a 2 of 3 MultiSig transaction. Without the market key or the customers key, your funds will be held in limbo FOREVER! So be sure to get that contact information just in case!

You can at anytime import the private key you generated with coinb into electrum by clicking 'import' and pasting the private key. You can do the same thing with blockchain.info's wallet and most of the other web or OS based wallets on the market! Its THAT easy!

The private key generated as the example in this tutorial was just a example key, it will not be used. It goes without saying that you should not use that key since it is exposed to the public.


Comments


[1 Points] transamerican:

Hi GM,

+1 for the work you've done for us!! If you don't mind I have 2 things to add/mention:

1st: you wrote: "Vendors: Save the 3 keys and the MS deposit address when the order is created in your order notes so that you can retrieve your funds in the event of alphabay going dark!"

But the same is mandatory for Buyers too: they also need these 3 keys IF they win a dispute and want to retrieve the fund. Or am I wrong?

2nd: If the vendor gets the markets private key for retrieving funds after finalization, can't he use this private key for all the transactions in the future (without waiting for finalization)? Or does the market generates everytime a new key-pair?

Same goes, if the market goes dark and the vendor gets the Buyer's private-key. In this case it's a must too, that the buyer generates a new Key-Pair for next transactions, because his private key is in the air (and not private anymore).

What do you think about?

Best regards, transamerican


[1 Points] justmyanonaccount:

To the original repliers to this thread, I've noticed that there were two comments from (a) shadowbanned user(s) before /u/transamerican posted.


[1 Points] None:

Here is another useful guide from East India Company:

Multisignature (Multisig) Escrow

Multisignature escrow is an type of escrow that takes advantages of new features being added to Bitcoin. Opting to use multisignature escrow provides a more secure and less centralized method to escrow funds.

Funds held in multisignature addresses are not directly held by the market but rather are held on the blockchain and are secured by the keys of the participants. In the event the server is compromised the multisignature escrow funds are not affected, and by utilizing the timelock feature explained below escrow can be easily completed without the market.

Vocabulary

Multisignature Address - An address that is created from 2 or more Bitcoin public keys and requires n number of those keys to transfer the funds. Our escrow system uses a 2-of-3 multisignature escrow, which means it requries two of the three participants to release the funds held on the multisignature address.

Redeem Script - A redeem script is a cryptographic hash that provides information about a multisignature address, specifically which regular Bitcoin addresses are included in a given multisignature address.

Timelock Transaction - A timelock transaction is a transaction created and signed by the market but with the timelock variable set to some time in the future. It can be signed and broadcasted by any participant of the multisignature escrow transaction but the signed transaction is not valid until the timelock date. Merchants receive a timelock transaction 31 days from the order creation and customers receive a timelock transaction 45 days from the creation of the order. These can be used to release funds from the multisignature escrow if the market is not accessible.

Bitcoin Public Key - Each Bitcoin address has an associated keypair, or public key and private key. The private key is used send money and the public key is used generate Bitcoin addresses to receive money.

Introduction

In a basic multisignature escrow, a keypair is generated by the market and used along with the Bitcoin public key of both the merchant and the customer to create a multisignature address.

After placing an order, this multisignature address is automatically generated and given to the customer along with a redeem script and a timelock transaction. A redeem script is a cryptographic hash that can be used to verify the multisignature address, it will list all Bitcoin addresses included in the multisignature address. A customer can verify that their address has been included, and if the merchant signed a PGP message of their address, the customer can also verify the merchant has been included.

After verifying the multisignature address with the redeem script the customer now directly deposits into the multisignature address. Once the first confirmation is received the order is marked as paid.

Next the merchant decides if they would like to accept the order, they are given the redeem script so they can verify their address was included before shipping the product. Optionally if the customer created a PGP signed message with their address they can verify the customer was included in the creation of the multisignature address. Once they verify they can mark accept and ship their product.

If the process is cancelled the customer is given a transaction signed by the market, all they are required to do is sign the transaction and broadcast it to receive their refund. In this case, the 2-of-3 of the required keys to complete the transfer are the customer and the market.

Once the product is marked as received, the customer needs to do nothing else. The merchant will receive a signed transaction by the market and all they are required to do is sign the transaction and broadcast it to receive their payment. In this case, the 2-of-3 of the required signatures to make the transfer are the merchant and the market.

In the event of a dispute where there is a partial refund a signed transaction is generated and given to both parties. It only takes either the customer or the merchant to sign the transaction to release the funds.

How to get started

Both customers and merchants are required to supply a Bitcoin public key to get started, optionally they can also provide a signed message containing a Bitcoin address associated with the Bitcoin public key.

Electrum 1. Right click a Bitcoin address in "Addresses" and select "Public Key" 2. Save the public key in the appropriate place in your profile.

Bitcoin-QT 1. Copy one of your Bitcoin addresses 2. Go to the Help menu, select debug console. Type "validateaddress" and paste in the address, the end result being "validateaddress " . Hit enter and it will reveal the Bitcoin public key for that address. 3. Save the public key in the appropriate place in your profile.

(Optional) For added security you can also use your PGP key to sign the Bitcoin address associated with the public key you save in your settings. Doing this allows the other party to verify that your public key was used in the generation of the multisignature address when they check the redeem script.

After saving the public key to your account you have everything you need set up to start using multisignature escrow.

Customer

After setting up your public key, select a product offering multisig. Initiate your purchase and on the payment page you will find the redeem script and the multisignature address for the transaction. After checking the validity of the redeem script, deposit directly to the multisignature address.

When the product arrives, mark the order as received. If everything goes well that is all you are required to do to make a purchase.

If the order is rejected by the merchant, you will receive a transaction signed by the market. Sign this transaction using either Electrum, Bitcoin-QT or an offline/self-hosted version of Coinbin and broadcast it to the Bitcoin network. In the case of a dispute where the merchant grants a full refund, this is also how you would receive your refund.

In the case of a dispute with a partial refund, you and the merchant will receive a transaction signed by the market. Either you or the merchant can sign and broadcast the transaction for it to be valid.

Merchant

After setting up your public key, you can add the option for multisignature escrow to a listing. Once you receive an order, check the validity of the redeem script and accept the order.

When the order is marked as received by the customer you will receive a transaction signed by the market. Sign this transaction using either Electrum, Bitcoin-QT or an offline/self-hosted version of Coinbin and broadcast it to the Bitcoin network.

If a dispute arises, if you agree to a full refund there is nothing you are required to do. If there is a partial refund or no refund you will receive a transaction signed by the market. Sign this transaction using either Electrum, Bitcoin-QT or an offline/self-hosted version of Coinbin and broadcast it to the Bitcoin network.


[1 Points] NOT__LE:

Do you have a shorter less paragraphy, less forgettable version for bartards? Something in one or two sentences


[1 Points] poddman:

This was indeed a very fast and easy process. It may look like a lot to read and can be confusing to understand when you first see it. However do not be intimidated to set this up. All I did was just follow the step by step process and not so much the extra words and sentences. What's nice about this feature is that you can send your form of payment to a newly generated listing key address and not a marketplace wallet. :)


[1 Points] BaStaRD_JoNes:

Hi

Thanks for the detailed post.

Do I have to use coinbin or is there aternatives ?

Also, is it just the commission that you need to have in your aplhabay account ?

Cheers