Sharing the post from their forums: /forums/topics/KmUYpJ56UI81kCNUgcVElP1kDwlz1KFz
This is the best real multisig available, offering the most features and ease of use. No money is ever held on the market.
Multisignature (Multisig) Escrow
Multisignature escrow is an type of escrow that takes advantages of new features being added to Bitcoin. Opting to use multisignature escrow provides a more secure and less centralized method to escrow funds.
Funds held in multisignature addresses are not directly held by the market but rather are held on the blockchain and are secured by the keys of the participants. In the event the server is compromised the multisignature escrow funds are not affected, and by utilizing the timelock feature explained below escrow can be easily completed without the market.
Vocabulary
Multisignature Address - An address that is created from 2 or more Bitcoin public keys and requires n number of those keys to transfer the funds. Our escrow system uses a 2-of-3 multisignature escrow, which means it requries two of the three participants to release the funds held on the multisignature address.
Redeem Script - A redeem script is a cryptographic hash that provides information about a multisignature address, specifically which regular Bitcoin addresses are included in a given multisignature address.
Timelock Transaction - A timelock transaction is a transaction created and signed by the market but with the timelock variable set to some time in the future. It can be signed and broadcasted by any participant of the multisignature escrow transaction but the signed transaction is not valid until the timelock date. Merchants receive a timelock transaction 31 days from the order creation and customers receive a timelock transaction 45 days from the creation of the order. These can be used to release funds from the multisignature escrow if the market is not accessible.
Bitcoin Public Key - Each Bitcoin address has an associated keypair, or public key and private key. The private key is used send money and the public key is used generate Bitcoin addresses to receive money.
Introduction
In a basic multisignature escrow, a keypair is generated by the market and used along with the Bitcoin public key of both the merchant and the customer to create a multisignature address.
After placing an order, this multisignature address is automatically generated and given to the customer along with a redeem script and a timelock transaction. A redeem script is a cryptographic hash that can be used to verify the multisignature address, it will list all Bitcoin addresses included in the multisignature address. A customer can verify that their address has been included, and if the merchant signed a PGP message of their address, the customer can also verify the merchant has been included.
After verifying the multisignature address with the redeem script the customer now directly deposits into the multisignature address. Once the first confirmation is received the order is marked as paid.
Next the merchant decides if they would like to accept the order, they are given the redeem script so they can verify their address was included before shipping the product. Optionally if the customer created a PGP signed message with their address they can verify the customer was included in the creation of the multisignature address. Once they verify they can mark accept and ship their product.
If the process is cancelled the customer is given a transaction signed by the market, all they are required to do is sign the transaction and broadcast it to receive their refund. In this case, the 2-of-3 of the required keys to complete the transfer are the customer and the market.
Once the product is marked as received, the customer needs to do nothing else. The merchant will receive a signed transaction by the market and all they are required to do is sign the transaction and broadcast it to receive their payment. In this case, the 2-of-3 of the required signatures to make the transfer are the merchant and the market.
In the event of a dispute where there is a partial refund a signed transaction is generated and given to both parties. It only takes either the customer or the merchant to sign the transaction to release the funds.
How to get started
Both customers and merchants are required to supply a Bitcoin public key to get started, optionally they can also provide a signed message containing a Bitcoin address associated with the Bitcoin public key.
Electrum 1. Right click a Bitcoin address in "Addresses" and select "Public Key" 2. Save the public key in the appropriate place in your profile.
Bitcoin-QT 1. Copy one of your Bitcoin addresses 2. Go to the Help menu, select debug console. Type "validateaddress " and paste in the address, the end result being "validateaddress <address>". Hit enter and it will reveal the Bitcoin public key for that address. 3. Save the public key in the appropriate place in your profile.
(Optional) For added security you can also use your PGP key to sign the Bitcoin address associated with the public key you save in your settings. Doing this allows the other party to verify that your public key was used in the generation of the multisignature address when they check the redeem script.
After saving the public key to your account you have everything you need set up to start using multisignature escrow.
Customer
After setting up your public key, select a product offering multisig. Initiate your purchase and on the payment page you will find the redeem script and the multisignature address for the transaction. After checking the validity of the redeem script, deposit directly to the multisignature address.
When the product arrives, mark the order as received. If everything goes well that is all you are required to do to make a purchase.
If the order is rejected by the merchant, you will receive a transaction signed by the market. Sign this transaction using either Electrum, Bitcoin-QT or an offline/self-hosted version of Coinbin and broadcast it to the Bitcoin network. In the case of a dispute where the merchant grants a full refund, this is also how you would receive your refund.
In the case of a dispute with a partial refund, you and the merchant will receive a transaction signed by the market. Either you or the merchant can sign and broadcast the transaction for it to be valid.
Merchant
After setting up your public key, you can add the option for multisignature escrow to a listing. Once you receive an order, check the validity of the redeem script and accept the order.
When the order is marked as received by the customer you will receive a transaction signed by the market. Sign this transaction using either Electrum, Bitcoin-QT or an offline/self-hosted version of Coinbin and broadcast it to the Bitcoin network.
If a dispute arises, if you agree to a full refund there is nothing you are required to do. If there is a partial refund or no refund you will receive a transaction signed by the market. Sign this transaction using either Electrum, Bitcoin-QT or an offline/self-hosted version of Coinbin and broadcast it to the Bitcoin network.
If I'm understanding this correctly, this means a vendor can release the funds to him or the buyer after 31 days and the buyer can after 45?