Multi-signature bitcoin transactions are a way to simultaneously eliminate vendor and market scams.
With the advent of some good multi-sig implementations on several markets, vendors/scammers no longer have any excuse to demand FE.
This guide is intended to help vendors get started with multi-sig on Outlaw Market, and learn a little about how it works in Bitcoin Core. Unlike other guides, this one is focused on the vendor side of things and highlights everything a vendor needs to know.
Remember, vendors: if your escrowed bitcoins are held with true multi-sig, the market will never be able to steal them.
WHAT YOU WILL NEED:
Vendor account on Outlaw
Bitcoin Core (the "standard" bitcoin wallet program. Open-source software maintained by the Core developers of Bitcoin. Get it at bitcoin.org)
EXPLANATION OF MULTI-SIG
Outlaw's multi-sig is 2-of-2, the way this works is that both vendor and market have to sign off, or agree on, the vendor getting escrowed coins. Thus, the market can never steal coins because the market does not know the vendor's private key.
This is unlike 2-of-3 multi-sig where buyer, market, and vendor each have a key and 2 of 3 keys are needed to "unlock" the funds. With Outlaw however, the market shares their key with the buyer so the customer also knows 1 of the 2 keys needed.
This actually makes the multi-sig process dead simple for the customer. All customers have to do is click a button and let the market generate the shared public/private key, and copy it in a text file somewhere, to be sent to the vendor in case of market outage.
EXPLANATION OF NORMAL ESCROW RELEASE
For non-emergency situations, when the market is up and running, you simply copy-paste your private key into Outlaw's console in order to release your coins. Very simple!
EXPLANATION OF EMERGENCY ESCROW RELEASE
These are the steps necessary to release funds from Outlaw's multi-sig escrow off-market. Meaning, this is how you as a vendor will retrieve your coins if Outlaw's servers blow up and Outlaw disappears forever.
SOURCE WHERE I GOT THIS INFO: https://gist.github.com/gavinandresen/3966071
Download Bitcoin Core at bitcoin.org, and let it synchronize (this takes a couple of days, and around 40GB of storage)
When the buyer makes an order on Outlaw, the site will give you a "createmultisig" command. This is the command used to create the multi-sig address on the blockchain. You'll want to a) check that your public key which you entered into Outlaw (under Settings) is one of the two keys used and b) run the createmultisig command on the debug window in Bitcoin Core, and see that it gives the same multi-sig address that Outlaw gives you. Make sure that the redeemScript is correct as well.
createmultisig 2 '["03d9692812675ae69cc2dd85bd05e2a18ef44d56ee29591d3fcc003be466172d94", "025e4bf818b8cafd4f775eb1f0a8568b79979c2686453b2fdc33c3f29303dc9c53"]'
Now that we know the multi-sig address is correct, there are two very important multi-sig parameters to note: the scriptPubKey, and the redeemScript. These two parameters are needed to spend from the multi-sig address. Outlaw now gives you both, so copy and save them. The rest of this step is unnecessary.
Outlaw already gives you the redeemScript (which we have confirmed ourselves above), and below we will find the scriptPubKey.a) First, copy the txid that funded the multi-sig address. Outlaw gives it to you, to double check you can enter the multi-sig address into blockchain.info, and copy the txid there.b) Enter into Bitcoin Core console:getrawtransactionf7146cb37bbabbc602f2baef73032f84b4aad36bf58abe29ac7fb6ffda00629d <- replace with your txidc) Enter into console:decoderawtransaction010000000161fa924dc53f6dc72b0dced4f24b44a3bd5d33b58184c96b0018b7ea63cdcba7000000006b483045022100e7844b7dc405479a3e77a1a423fbbd7661d3f9d85e1c68b070fe40cadeebd56d0220221b8a488cc41c594c9ca8e3063133769b591ee4ee374966f1d08fe6d59815ec0121038eaa31bbb1eb02b677496d37b62db0a7d19e593b03f5cba59290958e49951412ffffffff0200ad43000000000017a9148a365eea21d2e8fb4dd063b5c977395e26d8d40587b0c61a00000000001976a914e19857e84435ba7f7481a2f4d192dc165b352e6688ac00000000 <- replace with your value in b)d) Congratulations, now it will show you the scriptPubKey hex value, copy and save it.Now, there are four steps needed to actually get your coins.
A) Create the spend-from-multisig transaction
B) Sign the transaction (with buyer/market private key)
C) Sign the transaction again (with vendor private key)
D) Send the transaction over the Bitcoin network
A) First we will create the spend-from-multisig transaction. Replace the command below with the fund-the-multisig txid, scriptPubKey, and redeemScript above. Replace the bitcoin address at the end with your own personal address, this is where the coins will go. Be sure to enter a lower amount of BTC than what is currently in the multi-sig address, as the remainder will become the miner's fee which nowadays needs to be higher than .0001)
createrawtransaction
'[{"txid":"f7146cb37bbabbc602f2baef73032f84b4aad36bf58abe29ac7fb6ffda00629d",
"vout":0,"scriptPubKey":"a9148a365eea21d2e8fb4dd063b5c977395e26d8d40587",
"redeemScript":"522103d9692812675ae69cc2dd85bd05e2a18ef44d56ee29591d3fcc003
be466172d9421025e4bf818b8cafd4f775eb1f0a8568b79979c2686453b2fdc33c3f29303dc
9c5352ae"}]' '{"[ADDRESS REMOVED]":0.04405200}'
B) Sign the transaction with the buyer/market private key. Outlaw shares this key with the buyer, so in event of market shutdown, you will need to contact the buyer through some other means like email/Bitmessage, to get the private key that they saved.
Replace the first parameter with your result in A), txid/scriptPubKey/redeemScript same as always, and the buyer's private key.
signrawtransaction
'01000000019d6200daffb67fac29be8af56bd3aab4842f0373efbaf202c6bbba7bb36c14f7
0000000000ffffffff01d0374300000000001976a914b5d906afc958260e952115c19fbd0c1
9fbd50e1888ac00000000' '[{"txid":"f7146cb37bbabbc602f2baef73032f84b4aad36bf58abe29ac7fb6ffda00629d",
"vout":0,"scriptPubKey":"a9148a365eea21d2e8fb4dd063b5c977395e26d8d40587",
"redeemScript":"522103d9692812675ae69cc2dd85bd05e2a18ef44d56ee29591d3fcc003
be466172d9421025e4bf818b8cafd4f775eb1f0a8568b79979c2686453b2fdc33c3f29303dc
9c5352ae"}]' '["L2Q4BscNHPiNQL642qTdEsvh2vAYhxtXrRz2mi7euuRRw2UJU5zG"]'
C) Sign the transaction again, this time with your own (vendor) private key. Note that you can do B) and C) in reverse order as well (with the vendor's private key first then the buyer's).
Replace the raw value with your result in B), txid/scriptPubKey/redeemScript same as always, and the vendor's private key. Note that the transaction is now longer as it contains the buyer's signature.
signrawtransaction
'01000000019d6200daffb67fac29be8af56bd3aab4842f0373efbaf202c6bbba7bb36c14f7
000000009200483045022100adbe3f85bba1e17076384baa30b990b3a0579bd0bdcd2bd26a1
bcbf1cfe96f6902206cbe8790037370454cb200999bef7f963e3551d708687feed378bd37f6
f4c1e80147522103d9692812675ae69cc2dd85bd05e2a18ef44d56ee29591d3fcc003be4661
72d9421025e4bf818b8cafd4f775eb1f0a8568b79979c2686453b2fdc33c3f29303dc9c5352
aeffffffff01d0374300000000001976a914b5d906afc958260e952115c19fbd0c19fbd50e1
888ac00000000' '[{"txid":"f7146cb37bbabbc602f2baef73032f84b4aad36bf58abe29ac7fb6ffda00629d",
"vout":0,"scriptPubKey":"a9148a365eea21d2e8fb4dd063b5c977395e26d8d40587",
"redeemScript":"522103d9692812675ae69cc2dd85bd05e2a18ef44d56ee29591d3fcc003
be466172d9421025e4bf818b8cafd4f775eb1f0a8568b79979c2686453b2fdc33c3f29303dc
9c5352ae"}]' '["L4a8UG6MLGtQ81uzVnc3AkupkT9Braj3xH2wdpfifPcbxHQfMWL8"]'
D) Lastly, send the transaction over the network (with the hex value given in C). Congratulations, you are done! The console will give you a txid which you can look up on blockchain.info
sendrawtransaction
01000000019d6200daffb67fac29be8af56bd3aab4842f0373efbaf202c6bbba7bb36c14f70
0000000db00483045022100dece624d65eb4c0747bc214d6ccf7ef945c99774b9bd368caefb
3cfea17b604d0220505b6ae64f8621ee7e4bdbb20d57ab00d12928ba0f1168c4939f5842866
01b8001483045022100adbe3f85bba1e17076384baa30b990b3a0579bd0bdcd2bd26a1bcbf1
cfe96f6902206cbe8790037370454cb200999bef7f963e3551d708687feed378bd37f6f4c1e
80147522103d9692812675ae69cc2dd85bd05e2a18ef44d56ee29591d3fcc003be466172d94
21025e4bf818b8cafd4f775eb1f0a8568b79979c2686453b2fdc33c3f29303dc9c5352aefff
fffff01d0374300000000001976a914b5d906afc958260e952115c19fbd0c19fbd50e1888ac
00000000
QUESTIONS:
Q. Do I have to use Bitcoin Core? Can I use Electrum or another wallet program? What if I don't have a spare 40GB on my computer to store the blockchain?
A. Yes. It's probably possible to use Electrum/another wallet but I haven't tried so I don't know. If you don't have a spare 40GB on your computer, you should get it. A 40GB thumb drive is probably what $20? Small price to pay for markets never being able to scam you again.
Q. But doesn't this mean that I have to get the email/Bitmessage of all my customers, so that I have an off-market way to contact them for their private key in case the market goes down?
A. Yes.
Q. But under normal escrow release, I have to give up my private key! Does this mean I need to use a new public/private key for every multi-sig order?
A. Yes, you should.
Q. Since the customer also knows the multi-sig address, should I tumble/mix my coins after I get them, to avoid blockchain analysis?
A. Yes.
Since I have been asked about this, here is my personal opinion on the state of multi-sig on other markets:
East India (2-of-3): Seems alright, but no US vendors allowed?! Have fun not making any money ;)
Mr. Lee (2-of-3): Looks promising and the market has great support, but their implementation is a bit obscure. It's hard to do what we just did above with their implementation. I like them, but I do not have the time to look through the thousands of lines of code that make up their offline multi-sig tool, to determine whether it has the potential of breaking or not.
TheRealDeal (2-of-3): Their implementation is flat-out incorrect, their createmultisig command was not using the public keys they were supposed to be using. I contacted them about this but never got a response.
Oxygen (2-of-3): Haven't tested this one yet
Alphabay (2-of-3): Fuck carders!
I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:
If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. (Info / Contact)