Suppose A,B and C, with known btc addresses and pubkeys, are setting up a multisig 2 of 3 transaction. Suppose a fourth party D asks each of the 3 to deliver a signature for a transaction sending from the msig address.
Suppose that 1 or 2 of A,B,C don't want the tx to go through and deliver invalid signatures.

How easy is it for D to check which of the three signatures delivered are valid? Is it that you can deduce the pubkey from the signature, and then check whether that pubkey corresponds correctly to that for A,B,C?

I'd love to see somewhere where people collect evidence of difficulties buying/selling bitcoins via:
different banks
different bank transfer mechanisms
different money transfer systems.

A list of possibilities:
SWIFT, SEPA, ACH, local bank transfer systems, OKPay, WebMoney ...

As a start I offer this thread: http://www.reddit.com/r/BitcoinUK/comments/1u0f45/im_a_local_bitcoins_seller_and_i_just_had_a/
This trade was executed using the UK "Faster Payments" bank transfer, and the reversal of the transaction is in direct contravention of point 5 in http://www.fasterpayments.org.uk/about-us/how-faster-payments-works.

I must have seen 20 or 30 threads on reddit (and some here) over the last several months. If you have other anecdotal examples, please post them here and it might provide useful information to people in the future.

And before anyone says it: yes, I know cash is the best, but it is not without problems either (counterfeiting, security) and is not ideal for larger amounts, nor does it scale well.

[Motivation]

This thread follows on from this post.

But before you read the details, some background.

You're welcome not to read ALL of this Just get a flavour. Then click the link above for instructions on how to get involved.

Motivation The biggest problem with Bitcoin is getting hold of some. Conduits allowing fiat money to flow into Bitcoin have proven themselves unstable, and so many are searching for a decentralized way to allow this to happen.

The problem The problem with most attempts to solve this is the fundamentally different nature of fiat money, controlled by banks, governments and financial institutions is so different from the fundamental nature of Bitcoin. Bitcoin is irreversible, most other forms of money in everyday use are not. Take a look at the scale of money hardness. If you try to trade directly with a counterparty (i.e. not via an exchange), say, credit card money for bitcoins you have an insurmountable problem: the bitcoin buyer can reverse his payment in the future.

Solution 1: the localbitcoins model The site localbitcoins.com has been a tremendous success in allowing people to transfer cash and other 'hard' money for bitcoins. Physical transfers are awkward in various ways, and impractical for those in remote locations. Online payments with mechanisms like bank wires and OK Pay seem like a better solution, although they incur fees; they're faster, location-independent, and in some ways safer. Escrow helps keep the process even safer, but there's a problem: what if the bitcoin seller denies having received the funds? Here's what the localbitcoins site says about disputes:"LocalBitcoins.com support handles disputes based on evidence and reputation supplied by trade participants." What evidence might that be?
We shouldn't forget also how centralized localbitcoins is as a business and as a trusted third party, albeit the model can be replicated.

Solution 2: the Paysty approach With Paysty we are proposing a significant improvement to the above model: a way to prove that you sent a bank transfer. You still have the escrow mechanism, but it's relegated to a trivial checking mechanism: the escrow requests proof of transfer.

So how does it work?
Payments of 'hard' money (see above) made via bank transfer and via OK Pay (and some others) are done over ssl (https) connections on the internet. This network traffic is encrypted, for obvious reasons. There is nothing stopping you recording encrypted traffic; it's just that without the secret key which both you and your bank have, it's not possible to read it.
So here's the trick: pass your internet banking session through a proxy, which records the encrypted traffic. The bank won't know this has happened: they just see the traffic coming from a particular IP address.
But let's go one better: let's host the proxy on a virtual machine in the cloud, and let's set that machine up in a special way so that anyone can verify what software it's running, and no one (including the account owner!) can modify what it does. Let me be clear: any person accessing this machine can only run one program by accessing the machine, and the only extra thing the owner can do is shut it down.
So? You can record the traffic. Big deal, it's encrypted. We can do more. The person making the bank transfer can, if asked, and they agree, provide ONE (or a few) of the ssl encryption keys to a third party. This will allow that third party to decrypt ONE html page. That html page might have this kind of info:


Subject   Acknowledgement - Ref No. BA123
20 Oct 2013

Status: transfer completed
TT Reference No: XXXXXXXXXXXXXXX
Processing Date: 20 OCT 2013

From Account: my-usd-account-number
Payment Amount: USDX,XXX.XX
To Name: recipient-account-name

To Account: beneficiary-acct-number
To Bank: XXXXXXXXXXXXXXXXXX
Bank Address
Amount Debited from Source Account: USDX,XXX.XX
Charges: USDXX.XX
Charge Account: my-usd-acct-number


Notice that you will never, of course, have to display your username, password. That will remain fully encrypted and as safe as it was in just doing a normal banking session.

So, how will it usually work?
Usually, you will
(0) Choose in advance an escrow agent to act as third party for bitcoin payment, and to adjudicate dispute.
(1) agree on a transaction with a counterparty (we are looking at options for how to set up private messaging for that now)
(2) place bitcoins in escrow (if you're the seller)
(3) do your normal internet banking without running Paysty (if you're the buyer)

Note for those aware of such things: there is a possibility that this whole system will be integrated into Open Transactions as a legacy banking interface; this will mean that OT will handle (0),(1) and(2).

And how will it work if there's a dispute?
The most plausible type of dispute is where the seller of bitcoins says "no, I didn't receive those fiat funds".
The buyer of bitcoins (=the sender of fiat funds) will be asked to run Paysty. Inside Firefox, she will browse to her banking website and to the page which shows proof of the transfer, including the account number of the recipient and the amount. Paysty will record this whole banking session in encrypted form on the 'oracle' machine (the one in the cloud, remember?) which is doing the proxying. Then the escrow will request the buyer to send that set of ssl encryption keys that decrypts that one html page, which the buyer has marked as being proof. This is the objective basis on which the escrow can judge.

The best thing is - the more watertight the proof, the less likely anyone will dare to try to defraud you...

So this isn't finished? Why does it need testing? The part of the software that's new (the verification/proof of bank sessions) is basically finished. The other elements are bits of software that already exists so we're not very worried about getting them working.
What it needs right now is a good set of example data of how well it works with bank websites. We already have evidence from about 5 banking websites that it works fine, but we'd like many more.
What does the test actually do?
If you follow all the instructions in the link at the top of this post (here it is again), you should see either a "congratulations" or an error message. Report these findings back to dansmith or I.

For best results, please use a page on the website with a record of an actual transfer of funds, so you can select an account number and sum/amount. If you choose to use some other data on the page, such as a statement balance, or anything else, it will still work, but this will not serve the purpose of the test - we want to know whether it's possible to use this system with your bank.

How can I know this software is safe?
The software is open source and, in this simple testing version, does not transfer your ssl keys off your local machine under any circumstances. Therefore you're in the same situation as with a normal internet banking session - the only thing the 'oracle' machine sees is encrypted data. If you feel like reviewing the code, go to https://github.com/themighty1/ssllog, and in particular review buyeroracle.py to see how ssl keys are handled locally. If you need help understanding something about the code, give us a shout.

Has anyone else thought about this scenario?

Imagine that a few years down the line, decentralized autonomous agents, as described in detail by Mike Hearn and others, have started to become viable and are supporting themselves as economic actors by buying hosting and contract services etc. and earning BTC by producing something people want.

Imagine that some of these agents in particular decide to go into a business they're quite suited for: bitcoin mining. They could design and order the fabrication of chips, pay for hosting services and run miners.

Now imagine this really takes off - a large chunk of mining is done in this way, and moreover using evolutionary principles we see that the best ones profit the most, random variation and mutation leads to some types of such agents prospering much more than others and coming up with innovative solutions to how to run a miner in the most profitable way.

Here's the mind-blowing part, to me: eventually the entire bitcoin network becomes independent of human beings. Such agents could even contribute to the bitcoin open source code - and not only with a github type collaborative model, they could also make various minor alterations to the source code that their node is running, without breaking it, perhaps for example optimising its speed or memory usage. Perhaps they would collaborate, who knows.

At this point there is no longer any need to worry about the politics of bitcoin. As Satoshi said in the whitepaper:

If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.

The only flaw in that argument is if a node, currently a human actor, acts on motivations other than economic - as governments well might, for example. But if autonomous agents are the ones running the nodes, they will be guaranteed to have only economic motives, since only those with properly aligned economic motives would survive the evolutionary process.

If anyone would like to help me test the multisig (escrow of bitcoins) part of the application being released here, please PM me.

Details:
You don't need to spend any bitcoins we'll just escrow and then redeem 1mbtc from me.
git clone or download the zip from: https://github.com/AdamISZ/multisig_lspnr
If you have python 2.7, you can run it immediately to see the instructions: python multisig.py (no arguments)
(or just read the readme on github).
This test needs two people at least acting at once, so I'm available from around 12GMT to around 9PM GMT tomorrow and most days.

Edit: just in case it needs to be said, do not attempt to use this application independently yet; it needs more testing.

I know a lot of effort went into making a useable interface for Bitcoin's internal key manipulations from the beginning - e.g. base 58 encoding to create strings that wouldn't upset client software or users.

But how about the escrow type transactions with multisig? I'm trying to implement this right now, and I realise that I don't know of a way to avoid users having to share their raw public keys.

What would be the most sensible way to implement this sharing, while keeping it as safe and non-technical as possible for users? Very long hex strings seem like a bad option, but are there any others? Anything better than just putting it in a file?

Edited: the same question may apply to signatures (I think I got that right - parties need to send/share both pubkeys (for address creation) and signatures (for redemption)).

Can anybody show me where in the bitcoin source the construction of multisig addresses occurs? I found the createmultisig method in script.cpp which creates a CScript object, but I can't see exactly where that gets converted to a base58 address. I'm trying to make sure I understand exactly how it's done. I know it's written here, but I'm not getting the correct result here, so I need somehow to audit each step. Thanks for any pointers.

No need for those silly German tax dodgers to do this!
http://www.bloomberg.com/news/2013-09-03/germans-hide-cash-in-diapers-as-swiss-secrecy-crumbles.html

Think localbitcoins but electronic and with P2P overlay.

https://github.com/AdamISZ/P2PBits/blob/master/README.md

First, name is terrible, can't think of a good one yet!
Second, canvassing opinion and ideas about it. The use cases in particular might give some good food for thought about details.

Any opinions on dev. language? I'm tempted to start with C++ as I feel more comfortable with it, but that might not be the best choice here. Still, not a critical issue in the early stage.

I will be very busy moving (home, country, continent..) over the next few weeks but after that will have a lot of free time. If others are not interested, I might just go ahead myself.

Branching off from a discussion starting here: https://bitcointalk.org/index.php?topic=205796.msg2197907#msg2197907

How can I check that restoring from the seed would work, without disrupting my currently existing wallet? Assuming I only have one computer to work with (although of course I have USB drives available).
Sorry if it's a stupid question, but I couldn't find a direct reference to it anywhere.

One of the truly world changing potential outcomes of Bitcoin is remittance of money to 3rd world countries.

Currently people from poor countries working in rich(er) countries face difficulties sending home money, which is usually the main reason for their being overseas in the first place.

The typical scenario is someone working as a maid, construction worker or cleaner or other service job and sending money home on a usually month by month basis. Typically they face very high costs to this transaction.

Here's an example with Western Union, numbers taken from their website, and I choose the UK as the sending country which might be a kind of "typical" case (the US will usually be a bit better than other sending countries, but I'm sure it varies).

Remitter wants to send 100 pounds sterling (GBP).
Current exchange rate on Google is 1GBP = 63.81 PHP (Philippine peso)
Western Union charges a flat fee of 6.90 GBP. So you are actually spending 106.90.
Meanwhile they're using an exchange rate of 62.50 instead of 63.81. So overall you are out of pocket (6821-6249)/6821 or 8.3%.

Of course there are other remittance services and it would be good to hear more information about them. I just looked at www.xoom.com and without doing detailed calculation I can see similar fees - maybe 6% to send a similar amount from the US.

People will of course save money if they send less often, but the nature of being poor is exactly that you have to transact more often.


It would be great to see real world solutions from bitcoin, but right now it seems a long way off. In order to send using bitcoins you need realistically to transact fiat-btc on both ends of the transfer. Certainly in a 3rd world country, for now, there isn't much if any exchange value in btc.

So, do people have any ideas? How can we make it easy for people to receive BTC in, say, the Philippines, and then somehow get that into Pesos for their living needs? Or Africa, India, South America?

I chose the Philippines not just because it's a classic remittance type economy but also because I got involved in some charity work there recently and would love to help out with a project there in some way. I'm going to have a lot of free time over the next year so let me know if you're involved in something and need a hand.

Behaviour observed: intermittently (I can't spot a pattern), when I start up Electrum (double click the exe file) it doesn't open. Two processes are running, both called electrum.exe *32, but sometimes the window just doesn't open.

I tried running as Administrator. Sometimes it works, sometimes it doesn't.

I'm running Windows 7 64 bit.

Any suggestions?

Edit: version is 1.7.3

When I open the application two instances of electrum.exe *32 start running, one about 1MB and the other about 13MB.

However no window or dialog opens.

I am running Windows 7, downloaded Electrum today for the first time from http://electrum.org/download.html , only ran it once.

Any suggestion? Thanks..

Hi,
Sorry for possibly stupid question ...
I received a transaction of 15 BTC (from bitfinex) earlier today, (having already received a similar one a couple of days ago, so all seemed to be working fine), and it showed up in multibit as expected. However after about an hour I was concerned to see there were zero confirmations.

I thought I might need to re-synchronize with the network, so I chose the "reset blockchain and transactions" option. After re-synchronizing, I saw my previous transactions, but this one has now disappeared entirely.

I went to blockexplorer.com and saw the transaction posted there for block 231942 (http://blockexplorer.com/address/1NeAcehhBwFdNyttyZSSaec12Gb4HxKP9B)

so I've no reason to believe there's any problem with the transaction itself. But the BTC still don't appear in my wallet and as I say the transaction doesn't show up in multibit at all now.

Any thoughts as to what's gone wrong in my multibit/wallet?
Thanks.

Edit: sorry, should have mentioned I am running 0.4.23 on Windows 7.