Howdy,
In wake of recent events, time was taken to make some changes to BlackBank. After running through tests, I have recently deployed new updates and features to BlackBank.
New features and updates:
- Multi-Sig Escrow: http://u5z75duioy7kpwun.onion/wiki/index.php/Multi-Sig_Escrow
- 2-Factor Authentication
- Switched from Mt. Gox to Bitcoinaverage for currency exchange as it is a weighted average of all markets
2-Factor Authentication: uses your PGP public key to encode a randomly generated code and requires you to decode it during authentication. This prevents phishing attacks; if a hacker retrieves your password, they will still not be able to access the account if they can not decrypt the generated code. The code changes every time it is entered incorrectly, which also prevents brute hacking (although there is also a captcha after 5 unsuccessful log in attempts, but more security is always better).
Multi-Sig Escrow: when funds are in Escrow, they are no longer kept in BlackBank Market. After a purchase is accepted by a vendor, a Multi-Signature Address is created using the public keys provided by the Buyer, the Vendor, and BlackBank Market. Each public key is paired with a private key. In order to access the funds, two of the three private keys must be provided. This prevents access to the funds without authorization from at least two members.
A lot of time was taken to come to a compromise on how to create an easy to use Multi-Sig experience. When using Multi-Sig Escrow, all that is required is a public key, a private key, and a withdrawal address. There is no need for special commands or technical knowledge.
A Manual Finalize Early code is also provided that can be used on the official Bitcoin-QT client in the event BlackBank was to become unavailable. The entire manual FE requires only two commands and the private keys of both parties.
If there are any questions, comments, or feedback, always feel free to contact me.
Cheers,
MDParity
Edit: added step-by-step
Howdy,
The Wiki I created has a step-by-step. It looks long, but it's because it's mostly pictures. I tried to make it as simple as possible. Get a public key and private key. Public key 'locks' your funds, and Private key 'unlocks' funds; 2 of 3 keys required.
Buyer Steps for Multi-Sig Escrow:
- Deposit BTC and you can purchase after 6 confirmations
- Create a private/public key (you can use brainwallet.org)
- Purchase your item, enter public key + a refund address (just in case)
- Get your item
- Enter your private key and finalize
Vendor Steps for Multi-Sig Escrow:
- Accept a purchase with public key and a payment address
- Send item
A Manual FE code is provided so you can easily FE outside of BlackBank if the market was unavailable (LE, hackers, DDOS, etc):
- copy the Manual FE Code (you should copy it after accepting a purchase)
- replace PRIVATE_KEY_A and PRIVATE_KEY_B with private keys from buyer and vendor
- run the code in Bitcoin-QT to get your {hex} transaction code
- run sendrawtransaction {hex}
This provides more security from scammers, hackers and LE.
FAQ
how does BlackBank Multi-Sig Escrow work? When a purchase is accepted by a vendor, a Multi-Sig Bitcoin Address is created using public keys from the vendor, buyer, and the market. This Multi-Sig address requires 2 of the 3 private key pairs to spend the funds.
what are the benefits of Multi-Sig Escrow?
Can be finalized without the market (if the market was hacked, DDOS, or abducted by aliens)
* LE can not confiscate the funds (the funds are not kept in the wallet; it is a future spend transaction address in the Bitcoin blockchain)
* More secure from hackers (can only be accessed with 2 private keys - hacker will need to compromise a combination of 2 of the 3 private key holders)
Is it safe to use the private key?
It is highly suggested you don't use your private key from your wallet. Use a randomly generated one or create a new one yourself. The private key and public key has nothing to do with the spend transaction; it is merely being used to create the Multi-Sig address (lock the funds) and spend the funds (unlock the funds).
why not just deposit directly to Multi-Sig?
- complicated for buyer; every purchase will require 6 confirmations (ex. purchase 3 items require 3 x 6 confirmations)
- complicated for vendor
- every vendor has to create multiple public addresses beforehand to accept a buyer's purchase (ex. 5 pre-made public addresses to handle 5 buyers)
Are coins beeing stored on your website? Like in useraccounts or so.
Yes and no. There was a compromise to make it easier for the buyer to use multisig escrow. The buyer deposits once into BlackBank and the funds are in the account between deposit and purchase. The buyer can withdraw the funds at anytime if not in multi-sig escrow.
- A buyer purchases an item and enters public key a refund address (in case of disputes)
- Buyer can cancel the purchase and withdraw at any time still
- Vendor accepts purchase by entering a public key and payment address; multi-sig address created and funds sent
- Funds now in 2 of 3 multi-sig and not in BlackBank
- Buyer finalizes with private key; funds released to Vendor's payment address
Most funds are stolen during escrow and that's why vendors demand FE. This mitigates risk.
Benefits of BlackBank Multi-Sig
- buyer can always withdraw the funds at anytime if not in multi-sig
- buyer can buy multiple items at a time without waiting for multiple confirmations
- vendor only needs to create a public/private key when accepting a purchase
- the time funds are in BlackBank minimized, mitigating hacker, LE confiscation, and scam risks
- funds can be finalized outside of BlackBank using Bitcoin-QT client with an easy to use code
Character Limit on PGP Key?
c'mon