Bitcoin Forum

Please help me to list the best security practices implementation details of my assignment.

Alice and Bob sign an agreement.
Alice borrows Bob $8,000 (assuming that 1 BTC = $8,000) for a period of time T and Bob put up a collateral of 1.5 BTC into a multisig account.
If within time T Bob settles his debt ($8,000 + fees) then Bob can have 1.5 BTC back, else Alice can seize 1.5 BTC collateral and do whatever she wants.

Here's an example by Gavin Andresen that can be used for what's described above:
https://gist.github.com/gavinandresen/3966071 (https://gist.github.com/gavinandresen/3966071)

Here is what I've pointed out so far:

- How to create the three keypairs and give the private keys of the multisig addresses to three different Escrow agents in such a way that the private keys are not revealed to anyone (even the creator)?
- After Bob performs the transaction from his wallet to the multisig address wait for 6 confirmations before lending him $8,000.
- Reveal operation's details (when and where) only to people involved.
- What's best cold storage method with pros and cons? (i.e. HW wallets: if the period T is relatively long, new firmware may be released to patch vulnerabilities. An update process needs to be defined)
- Transfer 1,5 BTC to either Alice or Bob according to agreement outcomes. Is this probably the least risky step in the list?

Something is missing for sure ...

UPDATE:
- send transactions to your fullnode or to verified peers.

The private keys has to be known by the 3 escrow agents. The link stated only serves as an example as to how that specific multisig address was generated. In reality, the multisig address is created by using the public keys of the addresses belonging to the 3 escrow agents.
Hardware wallet may have some difficulty signing raw transactions for multisig transactions depending on the hardware itself. You have to choose a wallet which allows you to sign and broadcast raw transactions.

---

You don't really need to have 3 escrow agents. Multisig works perfectly with one escrow agent and both Alice and Bob hold a key each. For that multisig set up, it would be a 2-of-3 multisig and 2 parties would be needed for the funds to be released (Alice/Bob, Alice/Escrow or Bob/Escrow). It would still be safe since either both parties have to agree to release the funds or the escrow have to agree with one of the parties.

The escrow agent, Alice and Bob would probably have a key each which they can determine on their own.
It's possible to get them to sign a piece of data to prove they own that private key and then reveal the public keys but such a step would be unnecessary.

If neccessary then yes

What? You mean for if there are only two people. I think it would currently impossible to do that unless there's a proof for the blockchain without haviing both parties trust each other. A hostage situation whereby bob doesn't repay but tells alice she can get half her funds back could be odne fairly easily.

Firmware updates will do nothing. Most hardware wallets are open source or are compatible with clients such as electrum.
The nmemonic phrase is also compatible with electrum with a small amount of tweaking.

The bit that's missing is probably the fact that the fiat transfer will likely have to go through the escrow agent.
There would be obvious issues with doing a cash in hand transfer too - unless it's done in well secured public premises.

Good points.
Regarding when and where I meant that if the parties have to meet to sign the agreement and perform the transaction right away, the location and date (especially in case of a high amount) must be kept confidential.