Author

Topic: Good ideas to implement Multi-sig in a a website? (Read 150 times)

brand new
Activity: 0
Merit: 0
I fund a website where you can find all information about the latest news and trends. https://mongersmint.com/
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
many in this forum suggested me 2-3 multi-sig, that is the main reason i am working on it
Say Bob wants to buy a silver bar from Alice, and uses your escrow site. How would you secure the trade to make sure nobody gets scammed?
Can you give a detailed explanation of all steps and decision making involved? I'd like to shoot holes in your setup (if needed). Even better if you do this for two scenarios: both with and without multisig.
copper member
Activity: 81
Merit: 1
Trusted and reliable escrow service for your trade
Quote
i want the client to be in control
Which one of the 2 (or more?) clients will be in control? When using an escrow, I expect the escrow to:
  • Be in full control
  • Have all the information needed to come to a fair decision before I fund anything
I agree with loyce.

Escrow is based in trust. You are using a escrow  because he can be trusted.

So, your website could just add the public bitcoin address of the escrow. The escrow would then hold the funds and make his decision, and then just send the money to the seller (or back to buyer).

There is no need to multisig if you are using a escrow. Everything should be done in the escrow's wallet, which only he has the private keys.

I mean that suits me well, since the platform is already complete and done.
copper member
Activity: 81
Merit: 1
Trusted and reliable escrow service for your trade
The website supports no authentication or registration
How would you contact the user when needed?

For escrow purposes, I don't think multisig is the correct solution.
I can think of a scenario: I was once asked to act as neutral third party by holding the third key for a 2 out of 3 multisig. In that case they'll only need the escrow if they can't resolve it together.


The users will still be required to input their emails, but that doesn't mean it requires any kind of registration.
Basically, if i were to use multi-sig 2-3 the funds will be secured, the community here suggested me multi-sig and i am working on it, i just want to make it as simple as possible for the users nothing all.
The platform is actually ready, but hey people here told me to add multi-sig and that is what i am doing.
Yet great things take time.
If so, i may launch the platform without multi-sig!
copper member
Activity: 81
Merit: 1
Trusted and reliable escrow service for your trade
If you're dead set on multisig, you need to elaborate on what you mean by "ideas". Exactly what kind of trouble are you running into, specifically with the implementation you have in mind?

For escrow purposes, I don't think multisig is the correct solution. Users may lose/mishandle keys. At the end of the day, the site needs to sign the tx anyways. So you could prevent the transaction from ever taking place regardless. This doesn't decrease risk for user, it adds it. Also, many may be deterred by the additional complexity. You need to garner trust through reliable, logic action. This will build your reputation. There can never be a trustless escrow system, IMO. This is because in the event of a dispute there will ALWAYS need to be a decision made one way or the other, and someone will end up unhappy.

As for general security, I can't imagine multisig being a practical solution for regular operation/facilitating transactions. For a cold wallet of unused coin, maybe. As long as you handle site security properly, you needn't worry about a malicious actor compromising funds.




I am thinking of adding it as an optional way, i want to make the escrow as safe and trusted as possible, many in this forum suggested me 2-3 multi-sig, that is the main reason i am working on it, some even suggested smart contracts but that is out of the way, like there's no such way of making it.
Well, bitcoin offered multi-sig as a way to handle trust i believe, i just want to make it much easier for users to do so in the platform.
It took me so long to launch it and i am still working on the smallest security fixes in order to provide a totally secure platform for the community, hopefully it will last with a clean record.
And yes, the disputes can be only solved with the proper amount of communication i believe.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Quote
i want the client to be in control
Which one of the 2 (or more?) clients will be in control? When using an escrow, I expect the escrow to:
  • Be in full control
  • Have all the information needed to come to a fair decision before I fund anything
I agree with loyce.

Escrow is based in trust. You are using a escrow  because he can be trusted.

So, your website could just add the public bitcoin address of the escrow. The escrow would then hold the funds and make his decision, and then just send the money to the seller (or back to buyer).

There is no need to multisig if you are using a escrow. Everything should be done in the escrow's wallet, which only he has the private keys.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
The website supports no authentication or registration
How would you contact the user when needed?

For escrow purposes, I don't think multisig is the correct solution.
I can think of a scenario: I was once asked to act as neutral third party by holding the third key for a 2 out of 3 multisig. In that case they'll only need the escrow if they can't resolve it together.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I guess the service will be called “escrowmycoins”.  Smiley

2 - Buyer submit funds to platform after both parties checking all information submitted by seller.
And why is it necessary for the buyer to deposit the money on a multi-sig address? What is it gained from the procedure if you used multi-sig from the perspective of the seller? The middleman must know that the funds of the buyer are in his possession. The seller trusts the middleman for doing so.

You can protect the buyer from not losing his funds, such as if you signed first the transaction, but not the seller from fraud. The buyer can still get away, he owns his money if you sign first.

There can never be a trustless escrow system, IMO.
Correct. It is defined like that anyway.

An escrow is a contractual arrangement in which a third party (the stakeholder or escrow agent) receives and disburses money or property for the primary transacting parties
copper member
Activity: 5
Merit: 12
If you're dead set on multisig, you need to elaborate on what you mean by "ideas". Exactly what kind of trouble are you running into, specifically with the implementation you have in mind?

For escrow purposes, I don't think multisig is the correct solution. Users may lose/mishandle keys. At the end of the day, the site needs to sign the tx anyways. So you could prevent the transaction from ever taking place regardless. This doesn't decrease risk for user, it adds it. Also, many may be deterred by the additional complexity. You need to garner trust through reliable, logic action. This will build your reputation. There can never be a trustless escrow system, IMO. This is because in the event of a dispute there will ALWAYS need to be a decision made one way or the other, and someone will end up unhappy.

As for general security, I can't imagine multisig being a practical solution for regular operation/facilitating transactions. For a cold wallet of unused coin, maybe. As long as you handle site security properly, you needn't worry about a malicious actor compromising funds.

copper member
Activity: 81
Merit: 1
Trusted and reliable escrow service for your trade
Hello guys!

So i am almost done working on an escrow service platform, and i want to add the features of multi-sig to it, basically i want the client to be in control so, the User case is:
1 - Seller or Buyer establish the escrow
2 - Buyer submit funds to platform after both parties checking all information submitted by seller.

The website supports no authentication or registration, so basically it is a bit hard for me to handle multi-sig, do you have guys any suggestions on how to easily make users of the platform use multi-sig? like as simple as a click of a button.
Mostly i will also do it for security purposes as well.
Jump to: