Pages:
Author

Topic: [TEASER] Multi-Sig Lockboxes! (Now with Simulfunding!) - page 2. (Read 4498 times)

legendary
Activity: 3430
Merit: 3080
Looking forward to full rollout of this. Multi-sig keychains, where multiple private keys co-sign for a specific BIP32 Child Public Keychain, would be a real achievement (with change sent to a new address in the chain).
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
Introducing Multi-key Lockboxes by Armory Technologies, Inc.

Armory Technologies, Inc. has come a long way since we incorporated 9 months ago.  We now have 5 full-time developers, and for the first time since I started Armory I was able to take my hands off the steering wheel, and focus on innovating, instead of just bug fixes and testing.  This gave me the opportunity to do something I've been wanting to do for a very long time... Multi-signature transactions!.  

I've been busy getting a form of multi-sig implemented before the conference this week (Apr 7-8), but without the new wallet format, yet.  This isn't a waste of time, because this kind of interface should be available for one-time escrow situations where you won't need a full wallet, anyway.  And in the short-term, it can used for low-volume, secure savings (when it's ready in a few weeks).

In the end, it turned out to be more than just a demo: it's actually quite usable!   See screenshots below.  If you can compile from github, you can play with it on the "multihacker" "devel" branch.  More details below.

Keep in mind the multi-key lockbox interface is an advanced tool.  All manual data exchange, multiple steps, multiple wallets, etc.  But just like offline transactions, I think we've taken something that is inherently quite complex, and made it about as simple as it can be without centralization.  We will be providing a server-assisted mode in the future which will make this far easier, but it will always be usable without a 3rd party service.

UPDATE: lockboxes are now being updated on the "devel" branch



Multi-key lockboxes:

WARNING: This is not ready for real money!  I have powered through the design process to get it demo-ready for the conference under time constraints.  Over the next couple weeks, we will be fixing all of it's limitations, reduce bugs, add simulfunding, and test it!  Until then, only use this with testnet!

A "lockbox" is created from a list of public keys (and some meta-data), and then anyone can put money into the lockbox.  To spend from the lockbox, one party initiates a transaction, and then circulates it to collect signatures.  Whoever adds the last signature can then broadcast it.





All data exchanged looks like the following example lockbox (go ahead and import it, see what happens):
Code:
=====LOCKBOX-kYzv3hKH===========================================================
AAAAAAsRCQc45UFTAAAAAMlTQQR0MnqhjDUOtCC9w72FXiWrsSVloX2Iu7uRJwbWxXoUXQtT2MrBd3wf
QwzZfEgkqMmqspb7zpfz9U/bPPFqVkdpQQRoaAc3x22ruAHLIgT1fb5ORXnk9xDNZ9wbQidZLIHptc8C
tayei0yfSb5SUQVram0BHkw39rbRft5rVfqiNRniQQR3uYP11MOuJ5kKfWBiRnEaIbaCDLKJplw5ymLH
e2H3Su4m9fPy3L1gOxKkrv5z7v5+R1PgCW3bFtmXRUhOFdf9U64TU3BvdXNlIEpvaW50IFdhbGxldAAD
AAAAEkRlc2t0b3AgSG90IFdhbGxldBVTYWxseSdzIE1vYmlsZSBXYWxsZXQSQmFja3VwIFNpZ25pbmcg
S2V5
================================================================================



Some great things about the current state of "Multi-key lockboxes":
  • No central points of failure.  Private keys never exposed to any other device, and only used at time of signing much like offline transactions.  Armory lets you collect all public keys from all devices/parties, and creates a multi-signature address to deposit money in the lockbox.  
  • Totally online/offline agnostic!  All circulated transaction data is treated as "offline" transactions, and thus includes data needed for secure offline review and signing!  You can mix any kinds of wallets you want, even do a 5-of-5 spread out between cold laptops kept in bank vaults in 5 different countries! (please don't do this yet, but it technically will be possible soon)
  • Uses ASCII (base64) text blocks for easy exchange inline via email.   Armory used to use BIP 10, but that had some serious limitations.  A new format was created that accommodates all the quirks and security issues of exchanging data and offline signing (especially lots of complexities if P2SH is involved).
  • Change is handled automatically:  It's handled by sending the change back to the exact same lockbox, which all remains transparent to the user, as always.  This is certainly "address reuse", but until we have multi-sig/linked wallets, we have no other choice unless you require the user to spend all or nothing.
  • Completely decentralized:  We will add a server-assisted mode in the future, but we wanted to guarantee that it's theoretically usable if no servers exist.

Some current limitations of what's there:
  • Plain multi-sig only -- limited to 3-of-3 on mainnet:  P2SH is theoretically supported, and I have designed all the data formats, and blockchain code to be able to accomodate P2SH.  But none of it has been tested, and requires a bit more complexity under the hood to make it work.  However, supporting P2SH will be required to go above 3-of-3 on mainnet, so it will be done. Eventually
  • No simulfunding yet:  Certain types of contracts require both/all parties to send coins to the lockbox simultaneously (in the same transaction).  Again, I have designed the data formats to accommodate simulfunding, and even created a "Promissory Note" structure that can be exchanged like LOCKBOX and TXSIGCOLLECT blocks, but it's not complete yet.  Until then, these lockboxes are best suited when either (1) All devices are your own [you can't scam yourself], (2) All other parties are trusted, such as family members, (3)  Only one person is funding the lockbox.
  • Expert tool!  All manual exchange of data: These are building blocks of multi-signature transactions.  Once we have all the mechanics in place, Armory will start hosting servers that will facilitate the exchange of this data (privately, of course!).  Until then, all data must be exchanged via email or shared folders.
  • No signature merging yet:  Right now you must literally circulate the transaction to all parties, in any order.  Each party must sign it before passing it to the next party.  In the future, you will be able to send all parties the proposed transaction, they can each sign it and send it back, and the organizer can merge and broadcast
  • All devices must be upgraded:  None of the data exchange formats are compatible with older versions


Using Lockboxes
You must be in Expert usermode on Testnet to use lockboxes!
  • (1) One party/device is elected to make and organize the lockbox.  All other parties send them their public keys and contact info, etc (there's a new right-click menu in the wallet address table, to copy the hex public key).  If you are setting up a lockbox between multiple devices, you can simply use the addressbook buttons to pull the keys from watching-only wallets.
  • (2) When the organizer is done creating the lockbox, and decorating it with contact info, lockbox description, etc, he will be given a "=====LOCKBOX" block of data to send to all the other parties.
  • (3) Each other party will go into the lockbox manager and import the lockbox.  They will then be able to see its balance and transaction history only within the lockbox manage (from the the multisig menu)  There are no notifications.
  • (4) Any party may send money to the lockbox by selecting it in the manager and clicking "Deposit Funds".  Or you can copy the ID into the regular "Send Bitcoins" window (from a regular wallet) in the following format "Lockbox[ID:z87Qnm42]".
  • (5) To spend funds, one party is elected to create the spending transaction.  They click "Spend Funds" from the lockbox manager, which will open a regular dialog, but will only show UTXOs and balance of the selected lockbox.
  • (6) Armory will open a "Signature Collector" window.   At any time, you can export the tx with all available signatures, to an ASCII block and email it inline to other participants, or put it on USB key or shared folder to get it to the other devices that need to sign
  • (7) Once a sufficient number of signatures are present, the "Broadcast" button will appear.  Simply broadcast it and wait!

Final note:  No compiled versions will be available for a while.  If you can compile from the github repo, you are welcome to play with it and provide feedback, but we don't even want to give any hint that it might be usable for real money.  Check back in a couple weeks for updates!


Simulfunding is Implemented!

The simulfunding options menu.  Create notes, merge into a single tx, then sign and broadcast:


Each user selects a source wallet and destination lockbox to create a promissory note.  Then the organizer merges them into a funding transaction to be signed by all funders (right now no labels are passed through, so you only see how many participants there are and how much they are contributing, but not who is who...)


Once the promissory notes are collected, the parties have to sign.  This works identically to spend-from-lockbox (it's the same dialog).  Note that it only shows you the net value difference for each wallet, even though each "funder" is providing both inputs and change.  Armory figures it out.


As you can see, the final transaction has three different input wallets, and change back to those wallets as well.  
Pages:
Jump to: