Third Party Encrypted Handshake?

[valangre]

I have a crude idea that would need ironing out. But it might allow us to keep a high-ish amount of cryptocurrency in an online wallet and be sure it is secure.

We need a trusted third party. Of course, we trust nobody, but still. What if the leading crypto exchanges added on the role of the trusted third party?

Let's say we want to move an amount of crypto from our online wallet on Binance, and we have set up OKEX as our trusted third party. 1. You ask Binance to move your money. 2. Binance relays the request to OKEX. 3. OKEX contacts you to verify if you really want to transfer x amount of your y crypto? 4. You answer OKEX: yes, that is really me and that is what I want to do. 5. OKEX gives an additional encrypted handshake to Binance and everything is safe and hunky-dory.

[franky1]

issues are you have to pre-arrange the parties involved to put the funds into a 3of3 multisig address in the first place before then having the ability to all 3 then agreeing to move the funds out.

so where you said having funds on binance. thats your stumbling block. binance has control.

you would need to have a you-binance-okex set up multisig address *first*... which you then deposit into.. for then binance to register as you having binance balance and for them to then agree to shift to okex balance.
and if you just want funds out having all 3 in agreement

[valangre]

Whichever way, it is possible. But would it lead to a secure online wallet?

[franky1]

Whichever way, it is possible. But would it lead to a secure online wallet?

in theory yes. in practice .. well depends

it depends on how the individual keys are brought together.
for instance if binance creates 3 keys and hands them out then binance could still keep all 3 keys

another risk is the script could end up being just a 2-3 multisig, not 3-3 which a naive user doesnt realise meaning although each person independantly supplied a key. the script creator fixes it so only 2 of the 3 are needed meaning 2 parties can collude to mess with the third user.

there are things like LN that run on 2of 2 multisigs and there are still ways to mess with a counterparty.
such as refusing to sign unless counterpart agrees that one party gets more out than deserved. forcing people to sign just to get something rather than nothing.

other risks are if an app is involved in the multisig communication. where the app might be tweaked to fake its results or just auto-pilot signing transactions.

in short there are many other risks and strategies to consider. so nothing is truly fool proof

[qwk]

That'd basically be a disaster waiting to happen.

3of3 always is, somehow.
Any of the three is a single point of failure, thus tripling your chances of losing access to your coins.
If anything, you'd want to use a 2of3 or 3of4 scheme.

Then again, exchanges will usually be government-regulated bodies of some kind, rendering you helpless against government interference of any kind.
What's the point of Bitcoin in this scenario then?
Use SWIFT, SEPA, Paypal.

[valangre]

Alright, guys,
It was just an idea. Thank you for your input!
Happy New 2020.
Cheers from Reggie.