Topic: Sending locked coins (Read 275 times)

You are sending your 10 Bitcoin as proof and then it will return back to you after proving that your own 10 Bitcoins? Isn't that too much to ask? As you already have paid when you have sent your 10BTC in the first place this is really an unnecessary action for a seller to ask and may look like a scam on a buyer's point of view. I can show several proof that I own that much Bitcoin by showing my proof of income or a signed message containing that 10BTC it simple as that.

The "problem" is the same problem you have when selling your house for fiat money. Here you'd use a notary as middle man, to ensure both parties fulfill their end of the deal.
If there's a breach of contract, one party can sue the other party for compensation.

Changing the payment system doesn't change the other requirements. You may need to explain the origin of your funds to the notary though.

Thank you for this very interesting information. After a quick search, I found this interesting article about this smart contract feature implemented by Peter Todd, and the possibility of creating a trustless escrow : https://bitcoinmagazine.com/press-releases/yes-bitcoin-can-do-smart-contracts-and-particl-demonstrates-how

I guess if you're looking for something simple you can look at the current block height and set the locktime field of the transaction to be N+current_height, N being the number of blocks you want the transaction to stay unconfirmed since it won't be included in any block before the N+current_height'th one.

A block takes on average 10 minutes to mine so a better value that would correspond to X hours is X*10*6 blocks: locktime=X*10*6+current_height.

That way there is blockchain proof that the transaction is pending and if whatever deal you have doesn't complete by then you can double-spend it back to yourself with a larger fee.

it is already possible without needing anything new.
the part about locking coins and only releasing them under a certain condition (sale going through) is done using multi-sig with 2 parties (2 of 2). the part about locking the coins for X hours is done using OP_CHECKLOCKTIMEVERIFY and to combine these two each part can be seen as an expression inside OP_IF and OP_ELSE.

Perhaps, technically, this could be introduced into the bitcoin technology, but for sure no one will do this, because there are intermediaries and traits who can vouch for you. Although the idea is very interesting and it would be great to see its implementation in another coin.

Proving that you have control over some amount of bitcoins is generally possible via a variety of methods.

You could set up a 2-of-3 multisig address where the bitcoin provider supplies 2 keys and the bitcoin receiver supplies 1 key. When this address is funded, the bitcoin receiver can see that the bitcoins exist and that the bitcoin supplier has control over the coins.

Probably an easier method though would be for the bitcoin supplier to fund a new regular standard address of his own with the necessary funds, and then use the private key to sign a statement that says something along the lines of: "I, insert name here, am funding this address, insert address here, specifically for the purchase of, insert item being purchased here, from , insert seller name here, on, insert date here"

Since ONLY a person with control of the private key needed to spend those funds could create a valid signature, it would be a strong indication that the buyer has control over the indicated funds. The seller can monitor the address, and simply get up and leave (or stop all communication) the moment the funds leave that address for anywhere other than the seller's own control.

This would give you the same amount of protection as your "lock" system.  In this scenario the buyer could still waste your time and eventually remove the funds from the funded address. However, in your "lock" system, the buyer could still waste your time and then just wait out the lock.


Your lock system doesn't protect against this.  The provider of the bitcoins can still waste as much of your time as he likes, and then just wait out the lock to spend the coins.  



Bitcoin's credo applies ONLY to the electronic transfer of control over the value represented by Bitcoin. Without Bitcoin, if you want to electronically transfer value (money) you need a bank or other trusted third party to make sure that the funds are removed from the sender and supplied to the recipient.  That "credo" does NOT ever apply to the exchange of real physical items in the physical world.  Not cash, not gold, not houses, not cars, not anything.  Anytime anything of significant value is being exchanged in the real world, if you don't use a trusted third-party, then there is the possibility that one side could supply the item, and the other side could refuse to provide whatever they were supposed to exchange and could then leave with control of the item they received. This is commonly referred to as "theft" and is WHY escrow, arbitrators, lawyers, police, and courts exist in the physical world.

You can have Bob provide a specific signed message confirming he has sufficient bitcoin to complete the transaction. This will not prevent Bob from spending said bitcoin.

The problem you describe is common for high value transactions. If you are selling anything on the internet, you should expect to deal with a lot of time wasters. You can keep an item listed for sale as long as you have not received payment for said item, and make it clear the item will remain listed for sale until the item is paid for.

It should be possible to allow for a type of n-lock time transaction whose outputs are only spendable after n-blocks after the transaction confirms. I don't see many use cases for this type of transaction, so I am not sure there would be consensus for this type of change.

The purpose is to give Bob proof that Al has enough coins to complete the transaction, and to be sure that he won't spend them.

I once had an annoying situation with someone who asked me lots of questions about the thing I was selling. He argued with me for days, only to tell me he didn't have enough money to buy.

My idea sounded good on paper, but it is apparently very difficult to implement because of the way Bitcoin works (and is probably not the best solution). I also wished to respect the "without a trusted third party"

credo of Bitcoin. My motivation was to provide proof that the customer is "solvent", especially for a busy person or a professional, rather than to provide better security.



Same as above. This idea was designed to be used in a specific situation, with expensive goods, real estate, etc, most likely by a professional. This system also offered a way for the buyer to show that he has

enough money, without sharing all the info/balance of his wallet with another party. You may say that this is not important because if the buyer does not have enough money, the transaction will simply never

happen, but the advantage is to get this information quickly.



Thanks to everybody for your interesting comments.

Coins are never "IN" a wallet.  They only EVER exist as value referenced by the transaction outputs (either stored in each node's mempool, or in the blockchain).


See my statement above.  Bob can spend the coins if he can meet the conditions of the output script.  Albert can spend the coins if he can meet the conditions of the output script.  Neither can spend the coins if neither can meet the conditions of the output script, and both can spend the coins if both can meet the conditions of the output script.


How is this different than Al just keeping control over the coins until he's ready to send them to Bob?

In both the "locked coins" system (without unlocking) that you are trying to invent AND in the scenario where Al doesn't send the coins, Bob never gets control over the coins at all.

Also in both the "locked coins" system (with eventual unlock) that you are trying to invent AND in the scenario where Al sends the coins eventually, Bob gets control over the coins when Al finally decides to let him have control.

The only difference is that in your scenario, there is a short period of time when NEITHER can spend the coins.  I don't see how having such a period of time provides security to either party, since either could just wait out the time.


Wouldn't you just have the guy send the transaction, and then once it's confirmed give him the keys?

Complicated conditions like these are which depends on certain unpredictable conditions cannot be expressed in a script for P2SH addresses.

You need a mediator with a Multisig transaction which can decide whether or not to release the coins in the event of a dispute.

This is honestly the best solution for your case. There's no need to implement such feature when this kind of activity already exists out there in the open and there isn't a net benefit of implementing such feature (which will require a considerable amount of work I believe). All you have to do is make sure you find someone that is neutral to both sides (but at the same time someone you both trust) and use him/her as a 3rd agent of the trade that will only release whatever he/she is holding if the transaction is made (similar to smart contracts but replace it with a man/woman).

I don't know if you're intending to use bitcointalk as a place to look for escrows but there are many reputable ones in here - check these threads:

• ₿ LIST ₿ Bitcointalk's ESCROW providers: Ranking & Blacklist ☠ Avoid Scam ☠
• Recommended bitcointalk escrow services

2 by 2 is risky for both cosigners especially for a large amount of coins. If anything happens to one cosigner then the funds are locked forever. A 2 by 3 is a better option.

I understood your example clearly. All you need a third-party escrow who has very good knowledge about the industry that you are dealing and can make the right judgement about the deal before releasing or returning the coins back to the buyer.

If the two parties (the seller and the buyer) know about multisig wallet, they can make use of it. It can be 2-of-2 multisig in which the buyer and seller will open such wallet. The buyer will send the bitcoin to the multisig wallet, both of them will need to sign any transaction on the multisig wallet before any payment (only one person will not be able to access or move the fund to another wallet as they are both needed to move the fund to a desired address). Ones the selling is completed, the fund can not be accessed by the buyer, although yet can not be accessed by the seller too, but the buyer will sign the transaction which has been already signed by the seller (or vice versa) to move the bitcoin into sellers bitcoin wallet address. Using an escrow can make it 2-of-3 multisig which is better if the escrow provider is trusted.

Although, custodial service is good but it can be done in a noncustodial way too which is best for privacy, and noncustododial can make it not to require escrow provider, what custodial means can not provide.

This is not possible for now using noncustododial wallet, but very possible using custodial service provider, but I don't know one yet. You can read more about multisig wallet, you will see it as a good alternative which you might even prefer.

In my example, Albert's 10 BTC are already in Bob wallet, but locked for X hours, unspendable by Bob.

If they are not in Albert's wallet, how can Albert spend them again?

I imagine the lock having 2 options: 1 - If nothing happen, the 10 BTC return to Al wallet. 2 - If Al lock is cancelled, Bob can move the coins.

If you are selling your house, you can sit around a table for 10 minutes before giving the guy your keys.

Use a third party escrow who also know the things about property or whatever industry you are trading. You will send them the coins, they will hold the coins for your and the other guy. The escrow guy will monitor the activities from both of you. Once you two agree and satisfy with the deal then he will release the coins to the other guy or he will give you your coins back.

There are no such lock system because who know you could misuse it. After having everything okay you still can sent those coin back to you instead of paying the seller.

Is it already possible, or can it be added to the Bitcoin code, to send blocked coins? Releasable under certain conditions?

A quick example:

You sell your house for 10 BTC. I am interested. You ask me a proof that I have 10 BTC. I send them to you, blocked, with an automatic return within X hours.

Possibility 1: We sign the sale and I send a confirmation of the release.

Possibility 2: The sale does not take place and I automatically get my 10 BTC back after X hours.