Author

Topic: Multi-Sig ESCROW NETWORKs. 2-of-3/4/5 Network. (A Proposal) (Read 1167 times)

legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
And yes, it is possible that multiple escrow accounts are the same person, in fact I would be surprised if there are not at least two high trust escrows that are the same person.

Quite possible when seeing the signature farmers who post with multiple accounts. They would only need to buy an old and established account.

Though i think it will take alot more time to get that investment back than simply posting with that account in a signature campaign.

On the other hand, they simply could do both and maximizing profit on the way... :|
legendary
Activity: 1246
Merit: 1029
What I am saying is that, if we were to have a 3-of-5 multi-sig escrow address, then you would need the public key of 5 escrows, and set it up so that any 3 of them can spend funds in such address. In order to send funds to such an address, the user will need to know how to combine such public keys and setup the escrow address so that any 3 of the public keys can spend funds. If the user does not know how to calculate such escrow address, then the person who gives the user the multi-sig address to send btc to could lie and give him an incorrect address, and such incorrect address could be one that the person who gives the address could spend funds from alone.

And yes, it is possible that multiple escrow accounts are the same person, in fact I would be surprised if there are not at least two high trust escrows that are the same person.

I agree with you. I created a tutorial on how to create such wallets in electrum above. All the multi sig addresses start with 3, also, the addresses would be confirmed by any of the three people to the seller/buyer so that no scam takes place.

And the number of trusted people should be high is also something I already mentioned above. Without them, this whole thing will be a total joke.
copper member
Activity: 2996
Merit: 2374
What I am saying is that, if we were to have a 3-of-5 multi-sig escrow address, then you would need the public key of 5 escrows, and set it up so that any 3 of them can spend funds in such address. In order to send funds to such an address, the user will need to know how to combine such public keys and setup the escrow address so that any 3 of the public keys can spend funds. If the user does not know how to calculate such escrow address, then the person who gives the user the multi-sig address to send btc to could lie and give him an incorrect address, and such incorrect address could be one that the person who gives the address could spend funds from alone.

And yes, it is possible that multiple escrow accounts are the same person, in fact I would be surprised if there are not at least two high trust escrows that are the same person.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
A number of things would need to happen for this to be a viable solution.

First and foremost, the people who are using the escrow service need to fully understand how to validate that a multisig address is correct. If the users (aka the people who are trading) don't have a way of ensuring that the address provided is correct, then the person who provided the escrow address might as well have the private keys to all of the n that makeup the escrow address, or at least m number of the private keys (for a m of n setup).

Secondly, when dealing with this many people, a new address should be used for every transaction, which means that the escrow needs to either use a new key for each transaction, or the two parties of a trade should provide their own key for the specific transaction. If it is the later then once the goods are received, both parties can simply sign a transaction sending the BTC to the seller and the escrow is never involved. If it is the former, then there each of the escrows will need to keep track of, and back up a large number of keys, which increases costs and the required amount of time involved. In both cases, there is a lot of room for error on multiple fronts.

There is also the issue of ensuring that all parties involved (eg, all the escrows, and both parties to the trade) full agree to and understand the terms of the trade. If one of the escrows does not understand the terms of the trade, then they are not going to want to sign a transaction releasing the escrow, especially if there is some kind of dispute.

It also needs to be understood that this is not a risk-free setup as a number of things can happen that would result in the loss of funds, among other things, there can be collusion between parties that hold sufficient keys to sign a transaction. Having this many people involved also increases the risk that someone will make a mistake.

There is also the issue of time. Getting this kind of escrow setup is going to increase the amount of time it takes for an escrow address to be provided. This is a problem because people who are trading are often impatient. I cannot even count how many times I was trading with someone who ended up deciding they wanted to send first to me because escrow took "too long" to respond to their request.

There is also the issue of liability that needs to be addressed. Escrows are not going to want to check behind others to make sure they did not make a mistake. It is also possible that multiple escrows make a mistake that might not have been made if they were acting alone, and none of the mistakes individually caused the loss of funds, but the collection of mistakes caused such loss of funds.

See, I really tried to setup a virtual 3 membered escrow network in my PC. Electrum gives n private keys for n people involved for the same public key. So, there's no possibility for a single person to have n keys with him, also, its a multi sig thing, how can one single person spend the funds?

Second, yes, this setup is tiresome but only for once. Once setup, it would be good and going. The m-of-n network provides great security too. There are nearly zero flaws. The only flaw I can see is that if 3-of-4 is setup, then at any point of time, 3 of them have to be present anyhow, which can be a problem. Dividing things into 50:50 is always a better idea (atleast in a 4 people network). If its 5 people involved, then 3 signatures are fine.

Also, all the addresses will be same on all the n wallets of the n people involved. There's no way to generate a address on your wish in electrum. It only generates new address if you used up all the addresses it generated. And also, it is a deterministic wallet, so all you need is your seed and for a multi sig wallet, you need the master public keys of the n people involved to restore your wallet.

This is all you need to take care of and everything's good. But since this being a tiresome thing, the charges will be higher. It can be static or dynamic fee structure depending on the type of trade or it can be decided by the escrow providers.

I think Quickseller means that one of the escrows could create another wallet and provide an address that only is controlled by him. The traders would need to be able to find that the given address really is one that belongs to all the escrows in the network.

In a 2 of 4 network there might be a higher chance that 2 of the escrows are actually the same person. It looks harder with three.

staff
Activity: 3458
Merit: 6793
Just writing some code
See, I really tried to setup a virtual 3 membered escrow network in my PC. Electrum gives n private keys for n people involved for the same public key. So, there's no possibility for a single person to have n keys with him, also, its a multi sig thing, how can one single person spend the funds?
I think he is saying that whoever creates the address needs to share the redeemscript with everyone so that they can verify that script is for the provided address. Otherwise that person could create a redeemscript which could allow that person to spend all of the funds himself.
legendary
Activity: 1246
Merit: 1029
A number of things would need to happen for this to be a viable solution.

First and foremost, the people who are using the escrow service need to fully understand how to validate that a multisig address is correct. If the users (aka the people who are trading) don't have a way of ensuring that the address provided is correct, then the person who provided the escrow address might as well have the private keys to all of the n that makeup the escrow address, or at least m number of the private keys (for a m of n setup).

Secondly, when dealing with this many people, a new address should be used for every transaction, which means that the escrow needs to either use a new key for each transaction, or the two parties of a trade should provide their own key for the specific transaction. If it is the later then once the goods are received, both parties can simply sign a transaction sending the BTC to the seller and the escrow is never involved. If it is the former, then there each of the escrows will need to keep track of, and back up a large number of keys, which increases costs and the required amount of time involved. In both cases, there is a lot of room for error on multiple fronts.

There is also the issue of ensuring that all parties involved (eg, all the escrows, and both parties to the trade) full agree to and understand the terms of the trade. If one of the escrows does not understand the terms of the trade, then they are not going to want to sign a transaction releasing the escrow, especially if there is some kind of dispute.

It also needs to be understood that this is not a risk-free setup as a number of things can happen that would result in the loss of funds, among other things, there can be collusion between parties that hold sufficient keys to sign a transaction. Having this many people involved also increases the risk that someone will make a mistake.

There is also the issue of time. Getting this kind of escrow setup is going to increase the amount of time it takes for an escrow address to be provided. This is a problem because people who are trading are often impatient. I cannot even count how many times I was trading with someone who ended up deciding they wanted to send first to me because escrow took "too long" to respond to their request.

There is also the issue of liability that needs to be addressed. Escrows are not going to want to check behind others to make sure they did not make a mistake. It is also possible that multiple escrows make a mistake that might not have been made if they were acting alone, and none of the mistakes individually caused the loss of funds, but the collection of mistakes caused such loss of funds.

See, I really tried to setup a virtual 3 membered escrow network in my PC. Electrum gives n private keys for n people involved for the same public key. So, there's no possibility for a single person to have n keys with him, also, its a multi sig thing, how can one single person spend the funds?

Second, yes, this setup is tiresome but only for once. Once setup, it would be good and going. The m-of-n network provides great security too. There are nearly zero flaws. The only flaw I can see is that if 3-of-4 is setup, then at any point of time, 3 of them have to be present anyhow, which can be a problem. Dividing things into 50:50 is always a better idea (atleast in a 4 people network). If its 5 people involved, then 3 signatures are fine.

Also, all the addresses will be same on all the n wallets of the n people involved. There's no way to generate a address on your wish in electrum. It only generates new address if you used up all the addresses it generated. And also, it is a deterministic wallet, so all you need is your seed and for a multi sig wallet, you need the master public keys of the n people involved to restore your wallet.

This is all you need to take care of and everything's good. But since this being a tiresome thing, the charges will be higher. It can be static or dynamic fee structure depending on the type of trade or it can be decided by the escrow providers.
copper member
Activity: 2996
Merit: 2374
A number of things would need to happen for this to be a viable solution.

First and foremost, the people who are using the escrow service need to fully understand how to validate that a multisig address is correct. If the users (aka the people who are trading) don't have a way of ensuring that the address provided is correct, then the person who provided the escrow address might as well have the private keys to all of the n that makeup the escrow address, or at least m number of the private keys (for a m of n setup).

Secondly, when dealing with this many people, a new address should be used for every transaction, which means that the escrow needs to either use a new key for each transaction, or the two parties of a trade should provide their own key for the specific transaction. If it is the later then once the goods are received, both parties can simply sign a transaction sending the BTC to the seller and the escrow is never involved. If it is the former, then there each of the escrows will need to keep track of, and back up a large number of keys, which increases costs and the required amount of time involved. In both cases, there is a lot of room for error on multiple fronts.

There is also the issue of ensuring that all parties involved (eg, all the escrows, and both parties to the trade) full agree to and understand the terms of the trade. If one of the escrows does not understand the terms of the trade, then they are not going to want to sign a transaction releasing the escrow, especially if there is some kind of dispute.

It also needs to be understood that this is not a risk-free setup as a number of things can happen that would result in the loss of funds, among other things, there can be collusion between parties that hold sufficient keys to sign a transaction. Having this many people involved also increases the risk that someone will make a mistake.

There is also the issue of time. Getting this kind of escrow setup is going to increase the amount of time it takes for an escrow address to be provided. This is a problem because people who are trading are often impatient. I cannot even count how many times I was trading with someone who ended up deciding they wanted to send first to me because escrow took "too long" to respond to their request.

There is also the issue of liability that needs to be addressed. Escrows are not going to want to check behind others to make sure they did not make a mistake. It is also possible that multiple escrows make a mistake that might not have been made if they were acting alone, and none of the mistakes individually caused the loss of funds, but the collection of mistakes caused such loss of funds.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
You might ask the escrows in this list... one by one. Up to the 4 escrows needed. https://bitcointalk.org/index.php?topic=855778.new#new

I think it's the best list momentarely.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
I would take part, though we would need to define certain rules about how security of wallets has to be handled. That begins from storing of mnemonic code till backups and everything. Because every escrow would put his trust into the network too.

Liabilities need to be defined too. And traders would have to agree to these liabilities before starting escrow. Like "Only send coins when you agree with the terms.".

I suggest Muhammed Zakir since i learned to see him as a helpful person even when he would not gain from it. For example he suggested and helped me set up my service thread. I had none for a long time.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
Another thought: It might make sense to set up rules for such an escrow network. Regarding how the wallet has to be backed up, internet access, encryption and whatsoever. The risk sounds not so high but it sounds possible that all 4 escrows could be targetted by a hacker. Then you would want to have a good security plan in place.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
I think 2 of 4 sounds too risky. It should be 3 of 4 at least. That way it would be a better protection against the risk of 2 false escrows being in the group. Which slowly is imaginable with the recent happenings. 3 escrows taking part that are really trusted make the risk nearly zero.

Besides that this system would even be a protection against one escrow dying. Funds could be moved then to protect against a second escrow vanishing too. One of the four escrows could go to vacation or lie around in hospital some times too.

Though a valid concern came up that you really have to put your reputation into the pool by trusting the other escrows a lot. So 3 of 4 sounds way better to me when i know the escrows and trust them personally too.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
I think escrows should start charging fees for normal escrow (where you send bitcoin to an address controlled by the escrow) and have no fees for a multisig escrow. That would (hopefully) encourage the use of multisig escrow since it is cheaper.

I see where you are coming from but you would need to see that being an escrow is already a nearly altruistic job. The payment for the time you involve is not so that you would say it's a good hourly wage. Then if many escrows are involved the work is even more. Offering free escrow works fine for me but i wonder if tips will be even way lower then, because shared through escrows taking part and work even higher than single person escrows.
staff
Activity: 3458
Merit: 6793
Just writing some code
I like this idea.

I think its a good idea for high value deals. Would this be possible over different wallet implementations, e.g. armory & electrum?

The above thing is about how to do it in electrum. I don't know if Armory supports it or not. It would be better if people tried to do find it and help me expand this to other wallets too.
Armory can do multisig but not how you are showing with Electrum. Electrum can do it with the master public keys and generate a whole wallet of multisig addresses. Armory can only do one multisig address at a time.

Are you suggesting that the escrow address should be this type of multisig or should the address also include the buyer and seller public keys? I think it should include the buyer and seller public keys as well so that the addresses are trade specific. In that case then the whole wallet of multisig addresses is not necessary and Armory would work for this purpose as well.

I think escrows should start charging fees for normal escrow (where you send bitcoin to an address controlled by the escrow) and have no fees for a multisig escrow. That would (hopefully) encourage the use of multisig escrow since it is cheaper.

I'm thinking of starting my own escrow service in the new year now that some escrows are no longer escrowing (e.g. Blazed). I would be willing to be a part of this multisig escrow network and would also charge more for a normal escrow than I would for a multisig.
legendary
Activity: 1246
Merit: 1029
I think its a good idea for high value deals. Would this be possible over different wallet implementations, e.g. armory & electrum?

The above thing is about how to do it in electrum. I don't know if Armory supports it or not. It would be better if people tried to do find it and help me expand this to other wallets too.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
I think its a good idea for high value deals. Would this be possible over different wallet implementations, e.g. armory & electrum?
legendary
Activity: 1246
Merit: 1029
It sounds like an interesting suggestion. Though i wonder about some things. For creating an escrow would all 4 escrows be needed right? It would surely take some more time until all escrows were online since most escrows that are more established can't be online all day on bitcointalk. So the traders would need to deal with the fact that it would take some more time.

I expected this as I was also thinking about it. Yes, initially while setting up this thing, it needs all the four to be online at the same time to create a wallet. But since the addresses on all the wallets would be similar, it needs only two people (or more) people to sign and broadcast the transaction.

Though when the deal is for, let's say, more than 10k USD then this definitely would be a way traders would consider. An escrow network would have a big advantage against an automated multisig network where no escrow decisions will take place. And the involvement of 4 escrows would make it pretty safe.

For smaller transactions, if someone still wants to use multisig, it might be an idea to lower the amount of escrows to 2 and the other 2 might be buyer and seller. Though i did not yet go deeper into the mechanisms since it practically never happens that someone asks for multisig escrow. This might change with the current events around master-P.

I agree with what you say in the italic text. But with bolded text, there's a problem. Once setup, the number of signatures required will be fixed. I guess you cannot change the number of people required to sign a transaction (I am not sure about this). I checked electrum and no, you cannot change the number of signatures needed to sign a transaction once the multi-sig wallet has been setup. Irrespective of the size of transaction, there should be atleast 2 (or more or all) people signing the transaction because lowering it to 1 will again cause the same problem. Single guy will sign and vanish away.

So i think it is a nice idea.

So 3 small points remains... since many escrows would take part it would mean a tip would be have to shared. The trade would take more time and electrum takes an additional fee for multisig transactions. Didn't check how high it is.

The advantage would be a high security. Which definitely would be great for bigger, risky transactions.

Thanks for the underlined compliment. Yes, tip should be shared or people can do it for free too. Because of increased security, people will be okay to pay a better fee for this. This will also justify the trust system of the forum.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
It sounds like an interesting suggestion. Though i wonder about some things. For creating an escrow would all 4 escrows be needed right? It would surely take some more time until all escrows were online since most escrows that are more established can't be online all day on bitcointalk. So the traders would need to deal with the fact that it would take some more time.

Though when the deal is for, let's say, more than 10k USD then this definitely would be a way traders would consider. An escrow network would have a big advantage against an automated multisig network where no escrow decisions will take place. And the involvement of 4 escrows would make it pretty safe.

For smaller transactions, if someone still wants to use multisig, it might be an idea to lower the amount of escrows to 2 and the other 2 might be buyer and seller. Though i did not yet go deeper into the mechanisms since it practically never happens that someone asks for multisig escrow. This might change with the current events around master-P.

So i think it is a nice idea.

So 3 small points remains... since many escrows would take part it would mean a tip would be have to shared. The trade would take more time and electrum takes an additional fee for multisig transactions. Didn't check how high it is.

The advantage would be a high security. Which definitely would be great for bigger, risky transactions.
legendary
Activity: 1246
Merit: 1029
Alright, I was a victim of the master-P scam. I was scammed 3 BTC from it. Many others were scammed. The amount was around 25 BTC. So, instead of using a single guy, I would propose a better way of escrow. With this, a need for Multi-Sig escrow service was felt. So, I foudn a way of implementing this using Electrum as the wallet. I do not use other wallets, so, I couldn't get hold of them. Any other suggestions would surely be added here.

This can be called as "Multi-Sig Escrow Network". Multi-Sig because this uses multiple users to sign the transaction. Escrow because escrow scams need to be stopped. Network because multiple people would be involved in this.

Now, let's assume a case where Me (grtthegreat), OgNasty, SebastianJu, monbux offer an escrow network. And say, I turn out to be a scammer, and SebastianJu is on vacation, then the other two can sign the transaction.

I am using Electrum and I found that in Version 2.5.4, there's a provision to create a Multi-Sig wallet with as many cosigners as possible. Here, we are four. So, any of the two (or more) signatures are always required to sign the transaction. In this case, I (none of us alone) can use the funds. This way, this prevents escrows from being scammers.

Each network should contain three or four or five members at max, and atleast two of them should be highly trustworthy.

This guide I created below shows how we can create a Multi-Sig escrow network in Electrum and cosign four (or more) members and allow two (or more) to sign the transaction. This also fastens the transaction speed because if four members come online at different times, there's high probability that any two coming online first, can sign and allow transaction.

NOTE: This guide below uses Electrum 2.5.4. Please upgrade to the latest Electrum.









   
   



Jump to: