Bitcoin Forum>Economy>Marketplace>Lending
Author

Topic: Proposal for (cumbersome) loan protocol that allows secure credit ratings (Read 1330 times)

brendio
hero member
Activity: 518
Merit: 500
Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 29, 2012, 06:26:24 PM
#11
Generally good proposal (I think you mixed up lender and borrower a few times in your OP).

I think having at least one GPG signed message from each side would go about 95% of the way to linking identities, without the added hassle of signing every message.

Also, I think your issue with keeping addresses private could be resolved if you made it a requirement to have a unique address for each loan. If the lender claims Joe paid in to the same address, it is their loss for not using a unique address, and the dispute would be resolved in favour of the borrower in that case.
imsaguy
vip
Activity: 574
Merit: 500
Don't send me a pm unless you gpg encrypt it.
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 29, 2012, 01:51:37 AM
#10
Quote from: PatrickHarnett on January 28, 2012, 03:45:46 PM
A few observations:
 - I don't use IRC or #bitcoin-otc
 - I don't use linux or the gpg command line command (but I think that's what it is)
 - I don't really want to understand SHA cryptology, but for some people it helps them feel safe.

Going back to read the other stuff now.

We just saw a rash of account hackings where people asked for loans.  How do we know that you are you without some sort of verification?  Using GPG (which isn't linux only, many of us use Windows) allows reputation to be protected by a private key vs just a simple password.  Much more secure.
PatrickHarnett
hero member
Activity: 518
Merit: 500
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 04:36:14 PM
#9
Quote from: JusticeForYou on January 28, 2012, 04:31:37 PM
Patrick, 

The WoT is at otc-bitcoin.com  http://bitcoin-otc.com/viewratings.php

Not necessarily a solution for your purposes, but it could be used as another step in your precautions. I.E. Another, you trust, could verify the KeyID and .


Thanks - I have looked it up occasionally.
JusticeForYou
vip
Activity: 490
Merit: 271
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 04:31:37 PM
#8
Quote from: PatrickHarnett on January 28, 2012, 03:45:46 PM
A few observations:
 - I don't use IRC or #bitcoin-otc
 - I don't use linux or the gpg command line command (but I think that's what it is)
 - I don't really want to understand SHA cryptology, but for some people it helps them feel safe.

Going back to read the other stuff now.


Patrick,  

The WoT is at otc-bitcoin.com  http://bitcoin-otc.com/viewratings.php

Not necessarily a solution for your purposes, but it could be used as another step in your precautions. I.E. Another, you trust, could verify the KeyID and .


As for example: Recently Theymos failed to identify me cause of an obfuscation method employed. Nanotube acted as a trusted third party to verify my nick.
copumpkin
donator
Activity: 266
Merit: 252
I'm actually a pineapple
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 04:12:03 PM
#7
Quote from: PatrickHarnett on January 28, 2012, 03:45:46 PM
A few observations:
 - I don't use IRC or #bitcoin-otc
 - I don't use linux or the gpg command line command (but I think that's what it is)
 - I don't really want to understand SHA cryptology, but for some people it helps them feel safe.

Going back to read the other stuff now.

On that note, could you (or others) elaborate on what you think of the state of things around here? Do you think the current state of affairs is fine? The crypto-nerd in me wants a nice decentralized system for loans like bitcoin itself, but realistically I think that even if such a system were possible, it would probably be too cumbersome for most people. In the real world, loans are often accompanied by lots of paperwork, and I think that not having (as much of) that is considered a plus in bitcoin. My proposal puts all that back and also requires the parties to be very tech-savvy, which is probably silly.

Would you be more interested in a dedicated website for loans with profiles and easy tracking of open loans and histories? It'd introduce a trusted third party in every transaction (the website admin) but we already have that here and it doesn't stop people.

I'm just looking for ideas, honestly Smiley I just don't want people to get scammed and I want lenders to have low (or easily measurable, at least) risk and borrowers to pay low interest!
copumpkin
donator
Activity: 266
Merit: 252
I'm actually a pineapple
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 03:59:37 PM
#6
Quote from: PatrickHarnett on January 28, 2012, 03:45:46 PM
A few observations:
 - I don't use IRC or #bitcoin-otc
 - I don't use linux or the gpg command line command (but I think that's what it is)
 - I don't really want to understand SHA cryptology, but for some people it helps them feel safe.

Going back to read the other stuff now.

Fair enough Smiley
PatrickHarnett
hero member
Activity: 518
Merit: 500
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 03:45:46 PM
#5
A few observations:
 - I don't use IRC or #bitcoin-otc
 - I don't use linux or the gpg command line command (but I think that's what it is)
 - I don't really want to understand SHA cryptology, but for some people it helps them feel safe.

Going back to read the other stuff now.
BurtW
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 03:43:15 PM
#4
Fair enough.  Off to think some more on this.
copumpkin
donator
Activity: 266
Merit: 252
I'm actually a pineapple
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 02:40:31 PM
#3
Quote from: BurtW on January 28, 2012, 02:20:29 PM
Thinking this over...

Assuming everything is properly signed can you explain to me the fraud vectors that necessitate keeping the public addresses of either the borrower of lender or both private?

Sure. It boils down to the example I gave in the original proposal: if an address is public, there is nothing connecting someone sending to the address to the identity you're corresponding with. Take it to the extreme: I use one address for everything, including my loan requests. The address is in my signature and I include it on all my websites. Now when I make a loan request, two undesirable things could happen:

  • Two lenders simultaneously claim to have sent money to the address.
  • The borrower claims that he never received the money from the lender, because a third party was also scheduled to make him a payment of the same amount at around the same time, to the same address.

A similar situation can happen for repayment to a public address:

  • A predatory lender has a shill borrower who claims to have made payments to the same address, so the lender can claim he never received payment from the real borrower.
  • A predatory lender can claim a third party also had the address and made a payment to it of the same amount at the same time as the scheduled repayment.

In all these cases, we can use the blockchain and verify that coins were indeed received at the specified address, but we don't know who sent them.

There are systems for proving you own a source address using bitcoin, but they're cumbersome and there's no easy way to access them from the standard GUI, as far as I know. The added conflict and time spent resolving issues like these make loans more risky for all parties, and should be avoided if possible.

The reason I actively specify that addresses must be kept secret is that it prevents people from claiming that their buddy was also sending a scheduled payment to the same address. In the above system, if a payment reaches an address, it must be assumed to come from the counterparty. If you publicize the address you want to be receiving at, you give up the right to claim that any coins you might have received to that address were not from the counterparty you supposedly generated it for. If you insist on giving it out and then claim your counterparty didn't pay you (but your buddy Joe did), you are knowingly undermining the system and would receive negative ratings for doing so.

So basically, I think that keeping addresses private not only avoids a class of misunderstandings but also aligns the parties' incentives with what is best for everyone. I might be wrong though Smiley
BurtW
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 02:20:29 PM
#2
Thinking this over...

Assuming everything is properly signed can you explain to me the fraud vectors that necessitate keeping the public addresses of either the borrower of lender or both private?
copumpkin
donator
Activity: 266
Merit: 252
I'm actually a pineapple
Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings
January 28, 2012, 01:46:05 PM
#1
Overview

The goal of this protocol is to:

  • Allow lenders to safely associate a WOT reputation with a loan request
  • Allow both parties involved in a loan to give a cryptographically verifiable positive or negative rating to each other

The key guiding principles I follow in the protocol are:

  • All communication must be signed.
  • All communication must include all prior communication to acknowledge what is said by the other party.
  • All communication including bitcoin addresses must be private.

To Borrow

1) The borrower prepares a roughly standardized (in the sense that it includes all relevant details; the format itself need not be standardized) document outlining sought loan terms, signed with their #bitcoin-otc WOT public key:

For example:

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I want 40 btc for 1 month. I will pay the lender 2 btc interest per week during the loan period and will then repay the principal in full at the end of the one-month period. Assuming I receive the loan today, here is a sample payment schedule:

2  btc on Feb 4
2  btc on Feb 11
2  btc on Feb 18
2  btc on Feb 25
40 btc on Mar 3

The overall interest rate for the month is thus 20%, or a little more if you factor in the time value of money :)

I am a reputable trader and my #bitcoin-otc WOT rating of 80 (http://bitcoin-otc.com/viewratingdetail.php?nick=copumpkin) should speak for itself.

Thank you,
copumpkin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJC1GAAoJEBr5KUaSgPvW+/cQAL7KFQw/ZfYSM0pR5jA8hniE
a4slxSTuiFVmZJZw/MItBb2bNgTKDB2+plrcpnU2g6wiTGGkH0Ruhp3643kZuIZY
4Z8jwwLOAexuq63kluMmqhwJLG/gq6t7ZLWCNS8e2MxWHo2yI/90UvXQrtrObwPy
Y0+eCBpRjDDcn+EGRyemiqTyoI+zgRF4SD1uJKmq/GRKXyIMF1//nrTHdFygK/BH
Y7mUCae2dYVzy1X2tw8U29iOUAGzt0YLAM+juq4IxNrH62tHcynmlbcw/fKWWI/i
PEUjRKITKdfjQlyQ6tRU4frzX/yDkdVXkdZeChzBFDddXKSMEIrYs/8KP/2cgrYk
g7xKcr/FKBUMUZFAFhOuEIOo3RrFlbYojnrWVHoXSBByid+MfFZokSsbtyNwviaL
RhG9d1QTEIDGshyvnAY3/wXARNyBekzxGHIZUa+nRZ9zbyKUJ0eKq5090zECURK6
zP+Rdsc1fbSU4oKEuKATSCgwnk+qyu5mgCYuOUBxcGLOi6jGKRVCAMYd/7MCzPum
YpOm8c+4Ju4ZVThhzLsul8gRwU2vQhOCZxjm6YUaDtLRfTAkCnOZPo+UGgy6+E31
dRvwnHdQ9b45k2cVgJSAiETo4zIRpAf3YAgi7u4EIjXoAVISJdwxTlshWhzrx6Wr
V/Cbq7azlI7gb1ZO9uL3
=VZwT
-----END PGP SIGNATURE-----

I generated this message by saving it to a text file, then running:

Code:
gpg -u 9280FBD6 --clearsign sample-loan-request.txt

where the -u selects the key I want to use (it must match the one used on the WOT for this request to be meaningful).

It is important to note that the message does not include an address to send to, because that opens a hole for disputes later.

To verify the loan request, the lender must feed the complete signed message into gpg:

Code:
gpg --verify sample-loan-request.txt.asc

which should reveal the keyid:

Code:
gpg: Signature made Sat Jan 28 12:15:50 2012 EST using RSA key ID 9280FBD6
gpg: Good signature from "copumpkin "
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C275 212F 15F2 9AB8 FB97  E5F5 1AF9 2946 9280 FBD6

Note that my key (and probably many of the keys used here) will not be certified by system-trusted signatures. This is fine, as we don't care so much about external identity verification as we care about associating the loan request with a known OTC reputation. If the key is also signed by someone you know and trust, all the better, but the important part there is the key ID (9280FBD6). To verify it, you should visit http://bitcoin-otc.com/viewgpg.php?nick=copumpkin (linked from the main user rating page) and check that it matches there. In this cases it does, so you can evaluate the message according to your usual creditworthiness criteria.

If I were evaluating this loan request, I'd be willing to make the loan because it has a high return but also pays small amounts at regular intervals. This should give a lender additional confidence because it means that even if something bad happens to the borrower at the end of the term, the loan isn't a complete loss to the lender. Also, money now is better than money later, if you have a choice Smiley Additionally, the prospective borrower has a good WOT reputation. Less ideally, the borrower doesn't state what the loan is for, but I'm willing to let that slide for someone with a good WOT reputation. Other lenders might have more of a problem with that. Borrowers with less of a WOT reputation should probably state their loan purpose in the original request.


2) The lender has evaluated the request and has decided to make the loan. To proceed, he takes the lender's request and includes it, signature and all, in a new message signed with his own key. He sends this message to the borrower, privately:

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi copumpkin,

These terms sound good, and I am willing to lend you the coins. Please give me an address to send 40 coins to. Your payments should be sent to 18KUm7XVmZDpxchtowsT31Pv82MrBwWs7v.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I want 40 btc for 1 month. I will pay the lender 2 btc interest per week during the loan period and will then repay the principal in full at the end of the one-month period. Assuming I receive the loan today, here is a sample payment schedule:

2  btc on Feb 4
2  btc on Feb 11
2  btc on Feb 18
2  btc on Feb 25
40 btc on Mar 3

The overall interest rate for the month is thus 20%, or a little more if you factor in the time value of money :)

I am a reputable trader and my #bitcoin-otc WOT rating of 80 (http://bitcoin-otc.com/viewratingdetail.php?nick=copumpkin) should speak for itself.

Thank you,
copumpkin
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJC1GAAoJEBr5KUaSgPvW+/cQAL7KFQw/ZfYSM0pR5jA8hniE
a4slxSTuiFVmZJZw/MItBb2bNgTKDB2+plrcpnU2g6wiTGGkH0Ruhp3643kZuIZY
4Z8jwwLOAexuq63kluMmqhwJLG/gq6t7ZLWCNS8e2MxWHo2yI/90UvXQrtrObwPy
Y0+eCBpRjDDcn+EGRyemiqTyoI+zgRF4SD1uJKmq/GRKXyIMF1//nrTHdFygK/BH
Y7mUCae2dYVzy1X2tw8U29iOUAGzt0YLAM+juq4IxNrH62tHcynmlbcw/fKWWI/i
PEUjRKITKdfjQlyQ6tRU4frzX/yDkdVXkdZeChzBFDddXKSMEIrYs/8KP/2cgrYk
g7xKcr/FKBUMUZFAFhOuEIOo3RrFlbYojnrWVHoXSBByid+MfFZokSsbtyNwviaL
RhG9d1QTEIDGshyvnAY3/wXARNyBekzxGHIZUa+nRZ9zbyKUJ0eKq5090zECURK6
zP+Rdsc1fbSU4oKEuKATSCgwnk+qyu5mgCYuOUBxcGLOi6jGKRVCAMYd/7MCzPum
YpOm8c+4Ju4ZVThhzLsul8gRwU2vQhOCZxjm6YUaDtLRfTAkCnOZPo+UGgy6+E31
dRvwnHdQ9b45k2cVgJSAiETo4zIRpAf3YAgi7u4EIjXoAVISJdwxTlshWhzrx6Wr
V/Cbq7azlI7gb1ZO9uL3
=VZwT
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJDYjAAoJEBr5KUaSgPvWKNoQAKuA63N0yIp/l3CK8ZEGJPbG
1pDWBX+sEGNZXrQhysgOdVP/42FBujEJKWmPtfZ+ICO/PrmVTsLqMl09J/KJhFVX
xDZZMSD0Ol3iz9DtbDMrUNWKAntb2Cs6lZ2LMzvN5PABVYFezLH4h1+TesUj8ROw
0rO+c+9HUGuut/+zbJ0qRYLimblEMYEm7jv6t51k6v9JGtQM1tKL5Tpvk1cuDo5d
J0pLGO6lziT7u+1UcxP2QbLtnfqqJ7HC2dhwGOiahcOdmqu0iG9IZ/Hh9aJYGRbM
kXDH0RUFydwr7ARogwu/J8mV1Ifs0MpqW5joudZxQYAVMU5dnk9401NWXn2zpN9u
/vubYDGC78+BjnUQedv4cVpNHvcTvLio8WJVmbBNCEjCIaDVHA7/kNjcM0DXxZeY
pGAqVgm5arHHXNNQpT4Xv76w/bFSAJ+RswNGAmYGs1W+SILqMYba+jQaCychCZJs
r6SMFiuMLPeYsHXkCgb4yJGWmz265AdG5mBMNklIXotnwFao4oxirg6yMJ2OeSQR
EzIeAmdxFWRY92wCs6S8IDURJK3dNy3D0KlUSAtTu91V0F0gDFg3iqtx6+fKuGH4
HWdwUxzwphR+NQN1N48/G7Ns9LLLNyZiVKg2otMh01ydqHdJynIAdKXVyi1XhNNU
9jN6aKabSeYFMjmbBypM
=mVMZ
-----END PGP SIGNATURE-----

The borrower checks the signature and makes sure it matches a WOT identity. The lender doesn't actually need to trust the borrower at all at this stage, but it is important to have a valid identity associated with all communication, in case there are disputes later.

3) The borrower responds, again privately, with:

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks! Please send coins to 16hismWmy1okSezpAab9eqnfkaYSpDVhC5. I will be paying on the schedule I wrote in the original request.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi copumpkin,

These terms sound good, and I am willing to lend you the coins. Please give me an address to send 40 coins to. Your payments should be sent to 18KUm7XVmZDpxchtowsT31Pv82MrBwWs7v.


- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I want 40 btc for 1 month. I will pay the lender 2 btc interest per week during the loan period and will then repay the principal in full at the end of the one-month period. Assuming I receive the loan today, here is a sample payment schedule:

2  btc on Feb 4
2  btc on Feb 11
2  btc on Feb 18
2  btc on Feb 25
40 btc on Mar 3

The overall interest rate for the month is thus 20%, or a little more if you factor in the time value of money :)

I am a reputable trader and my #bitcoin-otc WOT rating of 80 (http://bitcoin-otc.com/viewratingdetail.php?nick=copumpkin) should speak for itself.

Thank you,
copumpkin
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJC1GAAoJEBr5KUaSgPvW+/cQAL7KFQw/ZfYSM0pR5jA8hniE
a4slxSTuiFVmZJZw/MItBb2bNgTKDB2+plrcpnU2g6wiTGGkH0Ruhp3643kZuIZY
4Z8jwwLOAexuq63kluMmqhwJLG/gq6t7ZLWCNS8e2MxWHo2yI/90UvXQrtrObwPy
Y0+eCBpRjDDcn+EGRyemiqTyoI+zgRF4SD1uJKmq/GRKXyIMF1//nrTHdFygK/BH
Y7mUCae2dYVzy1X2tw8U29iOUAGzt0YLAM+juq4IxNrH62tHcynmlbcw/fKWWI/i
PEUjRKITKdfjQlyQ6tRU4frzX/yDkdVXkdZeChzBFDddXKSMEIrYs/8KP/2cgrYk
g7xKcr/FKBUMUZFAFhOuEIOo3RrFlbYojnrWVHoXSBByid+MfFZokSsbtyNwviaL
RhG9d1QTEIDGshyvnAY3/wXARNyBekzxGHIZUa+nRZ9zbyKUJ0eKq5090zECURK6
zP+Rdsc1fbSU4oKEuKATSCgwnk+qyu5mgCYuOUBxcGLOi6jGKRVCAMYd/7MCzPum
YpOm8c+4Ju4ZVThhzLsul8gRwU2vQhOCZxjm6YUaDtLRfTAkCnOZPo+UGgy6+E31
dRvwnHdQ9b45k2cVgJSAiETo4zIRpAf3YAgi7u4EIjXoAVISJdwxTlshWhzrx6Wr
V/Cbq7azlI7gb1ZO9uL3
=VZwT
- - -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJDYjAAoJEBr5KUaSgPvWKNoQAKuA63N0yIp/l3CK8ZEGJPbG
1pDWBX+sEGNZXrQhysgOdVP/42FBujEJKWmPtfZ+ICO/PrmVTsLqMl09J/KJhFVX
xDZZMSD0Ol3iz9DtbDMrUNWKAntb2Cs6lZ2LMzvN5PABVYFezLH4h1+TesUj8ROw
0rO+c+9HUGuut/+zbJ0qRYLimblEMYEm7jv6t51k6v9JGtQM1tKL5Tpvk1cuDo5d
J0pLGO6lziT7u+1UcxP2QbLtnfqqJ7HC2dhwGOiahcOdmqu0iG9IZ/Hh9aJYGRbM
kXDH0RUFydwr7ARogwu/J8mV1Ifs0MpqW5joudZxQYAVMU5dnk9401NWXn2zpN9u
/vubYDGC78+BjnUQedv4cVpNHvcTvLio8WJVmbBNCEjCIaDVHA7/kNjcM0DXxZeY
pGAqVgm5arHHXNNQpT4Xv76w/bFSAJ+RswNGAmYGs1W+SILqMYba+jQaCychCZJs
r6SMFiuMLPeYsHXkCgb4yJGWmz265AdG5mBMNklIXotnwFao4oxirg6yMJ2OeSQR
EzIeAmdxFWRY92wCs6S8IDURJK3dNy3D0KlUSAtTu91V0F0gDFg3iqtx6+fKuGH4
HWdwUxzwphR+NQN1N48/G7Ns9LLLNyZiVKg2otMh01ydqHdJynIAdKXVyi1XhNNU
9jN6aKabSeYFMjmbBypM
=mVMZ
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJDdyAAoJEBr5KUaSgPvW58UP/0McUJQYyyptQ/oI5GTVcbte
4g2PaBq6MA7prbK4uUH2Jtet5AANFKDoOgK48c0/1lWM8uficXmAxbQrWR35H09A
FNxlqeXQnYoQWEHY0ERfzKKK1jaQIbX6hSv9oII8UcTSXp0u1C24txau1xiTeRKX
cjyJxUFoIJEQihN2kE5WZnlCaF7Tguw9RPA4Pe7NYHoHyG88c9mzH6xbsxd18S+G
m/Y7SFK0sV7a5tpc9EW6hQJkBIaJ1pIlSVgbyefDO3R6TNw8gHBlWbALPLX3gKRQ
L2nQ0xLvQT4rpLF71lM5Bpo7rT7k1KXgFiOO/+KeV/fc89m4JTpms6kk2c7u3CO+
D9eCcxR+GIWILnx0glM+n+b3Pfm05T9Mkou9eyoeymESNiVcTt3JHOXYXHfdEHuN
72DrRicH6BWTXTJaLNCrdgXRPI31hYDjQOz/AcN7OTwfc9oHK9jqYDm1gDx/u6RK
1VFpgIZxpG+1aI6PjwlAOKypac/TjwvyeFx8CDZZ+lo9oRJOZQg9BHInQ+hNdYdh
z9IsoQmJzQHCTji0BYTh2DWgYpSruWO8VMuWt6wDk7t2DpkYSP8N9iDGc+xYfkF0
OsaZuzbaxWsjskuDHwI6BvuIFTMZwDG5yoFEO4DzF7Eh20BwF23WqSSJsz9OBpdf
nWv5BwvGHQMddrlz4+KE
=MmV3
-----END PGP SIGNATURE-----

4) The lender responds with:

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have sent 40 coins to 16hismWmy1okSezpAab9eqnfkaYSpDVhC5, with transaction id . Don't spend them all on candy! :)

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks! Please send coins to 16hismWmy1okSezpAab9eqnfkaYSpDVhC5. I will be paying on the schedule I wrote in the original request.

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi copumpkin,

These terms sound good, and I am willing to lend you the coins. Please give me an address to send 40 coins to. Your payments should be sent to 18KUm7XVmZDpxchtowsT31Pv82MrBwWs7v.


- - - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I want 40 btc for 1 month. I will pay the lender 2 btc interest per week during the loan period and will then repay the principal in full at the end of the one-month period. Assuming I receive the loan today, here is a sample payment schedule:

2  btc on Feb 4
2  btc on Feb 11
2  btc on Feb 18
2  btc on Feb 25
40 btc on Mar 3

The overall interest rate for the month is thus 20%, or a little more if you factor in the time value of money :)

I am a reputable trader and my #bitcoin-otc WOT rating of 80 (http://bitcoin-otc.com/viewratingdetail.php?nick=copumpkin) should speak for itself.

Thank you,
copumpkin
- - - -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJC1GAAoJEBr5KUaSgPvW+/cQAL7KFQw/ZfYSM0pR5jA8hniE
a4slxSTuiFVmZJZw/MItBb2bNgTKDB2+plrcpnU2g6wiTGGkH0Ruhp3643kZuIZY
4Z8jwwLOAexuq63kluMmqhwJLG/gq6t7ZLWCNS8e2MxWHo2yI/90UvXQrtrObwPy
Y0+eCBpRjDDcn+EGRyemiqTyoI+zgRF4SD1uJKmq/GRKXyIMF1//nrTHdFygK/BH
Y7mUCae2dYVzy1X2tw8U29iOUAGzt0YLAM+juq4IxNrH62tHcynmlbcw/fKWWI/i
PEUjRKITKdfjQlyQ6tRU4frzX/yDkdVXkdZeChzBFDddXKSMEIrYs/8KP/2cgrYk
g7xKcr/FKBUMUZFAFhOuEIOo3RrFlbYojnrWVHoXSBByid+MfFZokSsbtyNwviaL
RhG9d1QTEIDGshyvnAY3/wXARNyBekzxGHIZUa+nRZ9zbyKUJ0eKq5090zECURK6
zP+Rdsc1fbSU4oKEuKATSCgwnk+qyu5mgCYuOUBxcGLOi6jGKRVCAMYd/7MCzPum
YpOm8c+4Ju4ZVThhzLsul8gRwU2vQhOCZxjm6YUaDtLRfTAkCnOZPo+UGgy6+E31
dRvwnHdQ9b45k2cVgJSAiETo4zIRpAf3YAgi7u4EIjXoAVISJdwxTlshWhzrx6Wr
V/Cbq7azlI7gb1ZO9uL3
=VZwT
- - - -----END PGP SIGNATURE-----
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJDYjAAoJEBr5KUaSgPvWKNoQAKuA63N0yIp/l3CK8ZEGJPbG
1pDWBX+sEGNZXrQhysgOdVP/42FBujEJKWmPtfZ+ICO/PrmVTsLqMl09J/KJhFVX
xDZZMSD0Ol3iz9DtbDMrUNWKAntb2Cs6lZ2LMzvN5PABVYFezLH4h1+TesUj8ROw
0rO+c+9HUGuut/+zbJ0qRYLimblEMYEm7jv6t51k6v9JGtQM1tKL5Tpvk1cuDo5d
J0pLGO6lziT7u+1UcxP2QbLtnfqqJ7HC2dhwGOiahcOdmqu0iG9IZ/Hh9aJYGRbM
kXDH0RUFydwr7ARogwu/J8mV1Ifs0MpqW5joudZxQYAVMU5dnk9401NWXn2zpN9u
/vubYDGC78+BjnUQedv4cVpNHvcTvLio8WJVmbBNCEjCIaDVHA7/kNjcM0DXxZeY
pGAqVgm5arHHXNNQpT4Xv76w/bFSAJ+RswNGAmYGs1W+SILqMYba+jQaCychCZJs
r6SMFiuMLPeYsHXkCgb4yJGWmz265AdG5mBMNklIXotnwFao4oxirg6yMJ2OeSQR
EzIeAmdxFWRY92wCs6S8IDURJK3dNy3D0KlUSAtTu91V0F0gDFg3iqtx6+fKuGH4
HWdwUxzwphR+NQN1N48/G7Ns9LLLNyZiVKg2otMh01ydqHdJynIAdKXVyi1XhNNU
9jN6aKabSeYFMjmbBypM
=mVMZ
- - -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJDdyAAoJEBr5KUaSgPvW58UP/0McUJQYyyptQ/oI5GTVcbte
4g2PaBq6MA7prbK4uUH2Jtet5AANFKDoOgK48c0/1lWM8uficXmAxbQrWR35H09A
FNxlqeXQnYoQWEHY0ERfzKKK1jaQIbX6hSv9oII8UcTSXp0u1C24txau1xiTeRKX
cjyJxUFoIJEQihN2kE5WZnlCaF7Tguw9RPA4Pe7NYHoHyG88c9mzH6xbsxd18S+G
m/Y7SFK0sV7a5tpc9EW6hQJkBIaJ1pIlSVgbyefDO3R6TNw8gHBlWbALPLX3gKRQ
L2nQ0xLvQT4rpLF71lM5Bpo7rT7k1KXgFiOO/+KeV/fc89m4JTpms6kk2c7u3CO+
D9eCcxR+GIWILnx0glM+n+b3Pfm05T9Mkou9eyoeymESNiVcTt3JHOXYXHfdEHuN
72DrRicH6BWTXTJaLNCrdgXRPI31hYDjQOz/AcN7OTwfc9oHK9jqYDm1gDx/u6RK
1VFpgIZxpG+1aI6PjwlAOKypac/TjwvyeFx8CDZZ+lo9oRJOZQg9BHInQ+hNdYdh
z9IsoQmJzQHCTji0BYTh2DWgYpSruWO8VMuWt6wDk7t2DpkYSP8N9iDGc+xYfkF0
OsaZuzbaxWsjskuDHwI6BvuIFTMZwDG5yoFEO4DzF7Eh20BwF23WqSSJsz9OBpdf
nWv5BwvGHQMddrlz4+KE
=MmV3
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPJDijAAoJEBr5KUaSgPvWyIEP/AkxVrAEmvvH+7jzhXPjocx3
KV3GjB3RJDbjkCjpNokMNJNiRMEsQqG+6GWxzQekPTrwwwC7OqOEeArQICLudWrs
fRoDvoceg0U28u2/hjA0unc+OJevwW/23rLTfjq2l49pUMtr/GthhnYPfhNlNhyF
P6RRBNMvudIsue60p2es3p4KTgw40krG62Ifo82o1zZOSETfuf0xT+CdVsuOieEq
36nRlN9OPJQKGtjbHzkwMffYB8E8eF5aiTZWVTrwbk0JzB2NwAPqvwWt3gQ5FteW
xxHQEC3p5IObn7D8kWhBIRCiefob1azQvanucN4z1bWEM64A/DmWHhVXkPczCuts
gGFHeYcpIHiCGQiIvjUh3FRMJuHr9CdJrvoybcRrLTUpjJWrnMF3IOksAunGpCjv
UHttBkFjvDtBpf2KnU9kS+oZlTRKOeVtcOl9JAQ8FflfH+REFGDuz11JYMu7Z0x7
RQQsBuEKUFy7ikr3YHre5NOhL/xp2JC+iLdfDMR08cBai2yKiW0wSebpZBmRGzBT
xniZ2HYwx2wHKxvio0cbPJfPL7Kb6rCHlsaTGJ2ZHTcvlphYHKvNTBREvVCFiT36
MfwVTzLb4EXmoaU/FECQDU1JFJAzF1OFz+YOe8ngQBESOF65ZrykhpUW0J4eC9EB
L5t0If9XJC7A9RZAKqay
=SYMk
-----END PGP SIGNATURE-----

And the borrower now has some coins. There is no need to post any confirmation to the forum as both parties have proof of what the terms were, if something goes wrong.

For example, if the borrower never receives the coins, he can post a transcript of the correspondence, third parties can check the signatures and also check the bitcoin network for transactions to the address (or the txid) and see that no coins were received at that address.


To repay

There is no need for any GPG communication here if everything goes smoothly. The original loan agreement has all the information needed in it to verify that the repayment terms are being respected by checking the blockchain. Because the repayment address is private, only the borrower or a delegate of the borrower can send coins to that address. Because the protocol specifies that the repayment address must be private, the lender can't claim that his buddy Joe also uses that address and that the 2 btc payments we see in the blockchain were from Joe, not from the borrower, so the borrower is protected from predatory lenders.


To renegotiate terms

At any point during the loan period, both the lender and the borrower can attempt to renegotiate terms, again following the convention of keeping all correspondence signed. The counterparty is free to reject an attempt at renegotiation, of course.

For example, let's say that the borrower's having cashflow problems and will be unable to make his third 2 btc payment on time. He sends a signed email to the lender explaining that his dwolla transfer into mtgox will arrive in three business days and the payment will thus be three days late. The borrower responds, again including all past signed correspondence, and tells the lender that he would like an extra bitcoin of principal repayment (41 at the end) in that case. The lender reluctantly accepts in a third signed email.


If shit hits the fan

copumpkin the borrower warned his lender that his 3rd payment would be late, and also paid his 4th 2 btc payment late without notice and is currently 2 days late on his principal repayment. He sends copumpkin a signed email giving him a final chance to redeem himself before he gets a negative rating on the WOT and the correspondence is posted publicly. copumpkin responds and says that he is very sorry for the lateness and he was having computer and cashflow trouble. A day later, copumpkin repays his lender 42 btc.

The lender might then post publicly (or privately to designated credit report collectors if we don't want public credit reporting) the full correspondence acknowledging that he has received the full amount back from copumpkin, with a discussion of lateness. It would include addresses for people to verify all payment claims, including the lender's claims that payments were late.


Discussion

This document is a lot longer than it needs to be, and is just an implementation of the basic guiding principles I outlined at the beginning, but I do hope it gives an idea of how something like this might work. The simplest approach to making this happen would be to use signed email, since the annoying parts involving signing and verifying messages (and including earlier messages) are taken care of for us. The original signed loan request could be posted publicly on the forum, then a PM could be sent over the forum to exchange email addresses, and then all further correspondence could happen over signed emails. Some people would understandably be uncomfortable exchanging emails (if unpleasantness happens, a party could get signed up for spam against their will), so in that case manually signed messages could still be exchanged through forum PMs.

I can't think of any gaping holes in this system if everyone follows it correctly, but would be interested to see if anyone can think of ways in which one party could get away with screwing the other without the other party being able to prove innocence using the blockchain or signed correspondence.

The system is admittedly pretty cumbersome, and might only be worthwhile for larger loans, especially considering that many forum-based lenders might not even have GPG set up or a WOT reputation.

I welcome any constructive feedback Smiley I would like to extend this into a discussion of how we would like credit ratings to work, too. Swaps/insurance can come later.
Bitcoin Forum>Economy>Marketplace>Lending
Jump to: