Bitcoin Forum
November 21, 2017, 03:55:32 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Benefits of multisig usage?  (Read 1698 times)
szuetam
Sr. Member
****
Offline Offline

Activity: 367



View Profile
September 15, 2012, 05:15:59 PM
 #1

Could someone list benefits of multisig usage?
What exactly we could do?
1511279732
Hero Member
*
Offline Offline

Posts: 1511279732

View Profile Personal Message (Offline)

Ignore
1511279732
Reply with quote  #2

1511279732
Report to moderator
1511279732
Hero Member
*
Offline Offline

Posts: 1511279732

View Profile Personal Message (Offline)

Ignore
1511279732
Reply with quote  #2

1511279732
Report to moderator
1511279732
Hero Member
*
Offline Offline

Posts: 1511279732

View Profile Personal Message (Offline)

Ignore
1511279732
Reply with quote  #2

1511279732
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736

Let's talk governance, lipstick, and pigs.


View Profile
September 15, 2012, 06:42:03 PM
 #2

I think Satoshi Nakamoto and the Bitcoin Devs will earn a Nobel Prize for the development of 2-of-2, 3-of-3, n-of-(2n-1), and m-of-n escrows.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 15, 2012, 07:04:38 PM
 #3

Simply put:  regular bitcoins only need to be signed by one address (private key) in order to be spent.  If coins are encumbered in a multi-signature transaction, it requires multiple signatures -- perhaps multiple, different, geographically separated computers.  Or multiple people.  Perhaps 2 out of 3 owners of a company will need to supply signatures to send the coins.

There's a very rich set of functionality that can be enabled through multi-sig.  Escrows, contracts, I can't even fathom all of them myself.  But the key is that there is no longer a single point of vulnerability for multi-signature-required coins.  An attacker will have to compromise multiple computers/people/nodes/servers in order to steal those coins.

EDIT: there's other features of multi-sig that might actually make it easier to spend [allow any one of multiple people to access them], or produce escrow such that defending against an attacker is not exactly the intent.  But I expect that the most common use-case will be for regular users to split their private keys between two devices (such as primary computer and smartphone), such that both devices need to be compromised for the attacker to get the coins (and the user will have to access both devices to use it).

Unfortunately, all this comes with a lot of extra complexity.  But it's up to application developers (like me), to try to make it useful for non-Bitcoin-experts.  And I look forward to digging into it after Armory becomes beta.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
nedbert9
Sr. Member
****
Offline Offline

Activity: 252

Inactive


View Profile
September 15, 2012, 10:44:30 PM
 #4

Unfortunately, all this comes with a lot of extra complexity.  But it's up to application developers (like me), to try to make it useful for non-Bitcoin-experts.  And I look forward to digging into it after Armory becomes beta.


And I'm sure many appreciate your dedication.
szuetam
Sr. Member
****
Offline Offline

Activity: 367



View Profile
September 15, 2012, 11:37:53 PM
 #5

Simply put:  regular bitcoins only need to be signed by one address (private key) in order to be spent.  If coins are encumbered in a multi-signature transaction, it requires multiple signatures -- perhaps multiple, different, geographically separated computers.  Or multiple people.  Perhaps 2 out of 3 owners of a company will need to supply signatures to send the coins.

There's a very rich set of functionality that can be enabled through multi-sig.  Escrows, contracts, I can't even fathom all of them myself.  But the key is that there is no longer a single point of vulnerability for multi-signature-required coins.  An attacker will have to compromise multiple computers/people/nodes/servers in order to steal those coins.

EDIT: there's other features of multi-sig that might actually make it easier to spend [allow any one of multiple people to access them], or produce escrow such that defending against an attacker is not exactly the intent.  But I expect that the most common use-case will be for regular users to split their private keys between two devices (such as primary computer and smartphone), such that both devices need to be compromised for the attacker to get the coins (and the user will have to access both devices to use it).

Unfortunately, all this comes with a lot of extra complexity.  But it's up to application developers (like me), to try to make it useful for non-Bitcoin-experts.  And I look forward to digging into it after Armory becomes beta.

So, soft is not ready, I know it, but technically it is possible now right?
Is it possible to make transactions like this time or block dependent?
Example transaction:
Person A borrows from me 1000 BTC but as insurance he have persons C, D, E who pays 20 BTC each to ensure me that person A is worth my trust.
Person A have to send me back 1010BTC (with interest) before next Friday (block number), and if he will not, automatically C, D, E will lost their 60BTC and I will get that.
If A will send me BTC back in time C, D, E will get their money back.
Is it technically possible now?

If time relation is not possible, we could engage some third party as time responsible and trustworhy company with some satoshi-s profit.
szuetam
Sr. Member
****
Offline Offline

Activity: 367



View Profile
September 15, 2012, 11:48:07 PM
 #6

And another Q:
In addition to previous scenario, could we obligate C, D, E to keep 500BTC till Friday on their specific addresses, and if they won't do that if one of them will default others will auto-transfer their 500BTC to me.
Do we have to engage additional institutions to track C, D, E wallets value?

This scenario lest me to lend money without takeing risk, makeing my profit shure in given time, and all risk is dived for C, D, E.

What you would say for that auto dept mechanism?

It's off topic. I'm just looking for answ. for tech. questions, if idea is worth discussion - I'll start new thread.
ildubbioso
Sr. Member
****
Offline Offline

Activity: 389



View Profile
September 16, 2012, 12:04:27 AM
 #7


 But I expect that the most common use-case will be for regular users to split their private keys between two devices (such as primary computer and smartphone), such that both devices need to be compromised for the attacker to get the coins (and the user will have to access both devices to use it).


What if one loses his smartphone? Nowadays how does it works with the double authentication in this case?
szuetam
Sr. Member
****
Offline Offline

Activity: 367



View Profile
September 16, 2012, 12:20:11 AM
 #8


 But I expect that the most common use-case will be for regular users to split their private keys between two devices (such as primary computer and smartphone), such that both devices need to be compromised for the attacker to get the coins (and the user will have to access both devices to use it).


What if one loses his smartphone? Nowadays how does it works with the double authentication in this case?

I just want to keep it quite simple, in this case he will just lost others money so they have to trust others, but we can increase number of trust persons CDE to larger one CDEFGHIJ.. and give a rules like two can lost their insurance level etc making it more and more complicated.

Benefit from that is that me could make use of my amount of money without taking risk, or manage risk without additional cost of risk put in banking system (or lower risk replacing banking system with more transparent bitcoin system).

But It's not thread about this it was just example to get some tech question.
I'm still looking for answer over forum.
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 16, 2012, 02:57:08 AM
 #9

There's lots of different things that are possible, including time-locked transactions which are similar to what you asked about.  But the exact mechanics of how these things work in the bitcoin world can be kind of complicated, so I'll simply refer you googling (there's lots of information out there).

What if one loses his smartphone? Nowadays how does it works with the double authentication in this case?

The most straightforward way is that the transactions will be encumbered with an [(A and B) or C] multisig requirement.  A is your primary computer, B is your smartphone, C is in a safety-deposit box that is very inconvenient, but accessible if you need it. 

Actually, the way Armory will do it will just be (A and B), and you will print off paper backups of both and keep those in your safety-deposit box.  You never want to have any coins floating without a secondary backup like that.



Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
nimda
Hero Member
*****
Offline Offline

Activity: 784


0xFB0D8D1534241423


View Profile
September 16, 2012, 03:03:37 AM
 #10

Escrow is a great one:
Alice wants to buy a burger (shipped by priority mail Tongue) from Bob, but they don't trust each other, and neither one wants to send first. They both trust Eugene, though. Alice creates a 1-of-2 transaction which can pay to Bob once signed by either Alice or Eugene. The three scenarios:
1. Alice creates the transaction; Bob sends burger. Alice signs the transaction and Bob gets his money.
2. Alice creates the transaction; Bob doesn't send the burger. Eugene sees that Bob is a scammer and doesn't sign the transaction; no money changes hands.
3. Alice creates the transaction; Bob sends the burger. Alice refuses to pay. Once Eugene is satisfied with Bob's proof that he sent the burger, Eugene signs the transaction. Bob gets paid.

I recommend asking me for a signature from my GPG key before doing a trade. I will NEVER deny such a request.
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 16, 2012, 03:11:29 AM
 #11

Escrow is a great one:
Alice wants to buy a burger (shipped by priority mail Tongue) from Bob, but they don't trust each other, and neither one wants to send first. They both trust Eugene, though. Alice creates a 1-of-2 transaction which can pay to Bob once signed by either Alice or Eugene. The three scenarios:
1. Alice creates the transaction; Bob sends burger. Alice signs the transaction and Bob gets his money.
2. Alice creates the transaction; Bob doesn't send the burger. Eugene sees that Bob is a scammer and doesn't sign the transaction; no money changes hands.
3. Alice creates the transaction; Bob sends the burger. Alice refuses to pay. Once Eugene is satisfied with Bob's proof that he sent the burger, Eugene signs the transaction. Bob gets paid.

It's possible to do this with a 2-of-2 transaction between buyer and seller.  Then both parties have to find an agreeable resolution before anyone gets the money.  Thus, neither party has any incentive to try scamming the other.  However, there's a risk that the coins are locked forever if there is no resolution, so I had started a thread to discuss how it might be done without a third-party.  It's complicated, but it works if you include "risk deposits."  I think most of the complexity can be hidden under-the-hood, though. 

In most cases, you should just use a third-party.  It's very cheap for third-parties to operate because they never really "handle" the money themselves.  But one of the beauties of Bitcoin is that you can have the bitcoin network itself act as your "trusted third-party" in cases where privacy is critical, or the two parties can't agree on a trustworthy third-party.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
nimda
Hero Member
*****
Offline Offline

Activity: 784


0xFB0D8D1534241423


View Profile
September 16, 2012, 03:44:01 AM
 #12

Escrow is a great one:
Alice wants to buy a burger (shipped by priority mail Tongue) from Bob, but they don't trust each other, and neither one wants to send first. They both trust Eugene, though. Alice creates a 1-of-2 transaction which can pay to Bob once signed by either Alice or Eugene. The three scenarios:
1. Alice creates the transaction; Bob sends burger. Alice signs the transaction and Bob gets his money.
2. Alice creates the transaction; Bob doesn't send the burger. Eugene sees that Bob is a scammer and doesn't sign the transaction; no money changes hands.
3. Alice creates the transaction; Bob sends the burger. Alice refuses to pay. Once Eugene is satisfied with Bob's proof that he sent the burger, Eugene signs the transaction. Bob gets paid.

It's possible to do this with a 2-of-2 transaction between buyer and seller.  Then both parties have to find an agreeable resolution before anyone gets the money.  Thus, neither party has any incentive to try scamming the other.  However, there's a risk that the coins are locked forever if there is no resolution, so I had started a thread to discuss how it might be done without a third-party.  It's complicated, but it works if you include "risk deposits."  I think most of the complexity can be hidden under-the-hood, though. 

In most cases, you should just use a third-party.  It's very cheap for third-parties to operate because they never really "handle" the money themselves.  But one of the beauties of Bitcoin is that you can have the bitcoin network itself act as your "trusted third-party" in cases where privacy is critical, or the two parties can't agree on a trustworthy third-party.
There is the oft-quoted idea in cryptography that "anything which can be done with a trusted third party can be done without one." We're getting there Smiley

I recommend asking me for a signature from my GPG key before doing a trade. I will NEVER deny such a request.
szuetam
Sr. Member
****
Offline Offline

Activity: 367



View Profile
September 16, 2012, 02:31:53 PM
 #13

Escrow is a great one:
Alice wants to buy a burger (shipped by priority mail Tongue) from Bob, but they don't trust each other, and neither one wants to send first. They both trust Eugene, though. Alice creates a 1-of-2 transaction which can pay to Bob once signed by either Alice or Eugene. The three scenarios:
1. Alice creates the transaction; Bob sends burger. Alice signs the transaction and Bob gets his money.
2. Alice creates the transaction; Bob doesn't send the burger. Eugene sees that Bob is a scammer and doesn't sign the transaction; no money changes hands.
3. Alice creates the transaction; Bob sends the burger. Alice refuses to pay. Once Eugene is satisfied with Bob's proof that he sent the burger, Eugene signs the transaction. Bob gets paid.

It's possible to do this with a 2-of-2 transaction between buyer and seller.  Then both parties have to find an agreeable resolution before anyone gets the money.  Thus, neither party has any incentive to try scamming the other.  However, there's a risk that the coins are locked forever if there is no resolution, so I had started a thread to discuss how it might be done without a third-party.  It's complicated, but it works if you include "risk deposits."  I think most of the complexity can be hidden under-the-hood, though. 

In most cases, you should just use a third-party.  It's very cheap for third-parties to operate because they never really "handle" the money themselves.  But one of the beauties of Bitcoin is that you can have the bitcoin network itself act as your "trusted third-party" in cases where privacy is critical, or the two parties can't agree on a trustworthy third-party.

We can ad time limit to get agreement between them, if not cash will go to charity, ad some cash guarantee deposit of seller.
I have lots of ideas.
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 16, 2012, 03:24:23 PM
 #14

We can ad time limit to get agreement between them, if not cash will go to charity, ad some cash guarantee deposit of seller.
I have lots of ideas.

Just to pre-empt you, since you're asking about this now but the concepts have been discussed for 2 years now, start with what's already been discussed.  First, read through the examples on the Bitcoin Contracts page.  There's lot of examples mixing multi-sig with locktime, etc.  Also, for the specific buyer-seller escrow case, read through the thread that I started with Gavin to discuss exactly that -- create ways for two-party escrow without risk of coins being lost forever.

The buyer-seller problem is complicated because the situation is not symmetric, and dealing with the asymmetries requires some care to not give either party an advantage to being a dick.  I'd appreciate if you read and responded in those threads with your ideas, so that progress can continue ironing them out (but of course, read them first Smiley).



Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
szuetam
Sr. Member
****
Offline Offline

Activity: 367



View Profile
September 16, 2012, 05:23:18 PM
 #15

We can ad time limit to get agreement between them, if not cash will go to charity, ad some cash guarantee deposit of seller.
I have lots of ideas.

Just to pre-empt you, since you're asking about this now but the concepts have been discussed for 2 years now, start with what's already been discussed.  First, read through the examples on the Bitcoin Contracts page.  There's lot of examples mixing multi-sig with locktime, etc.  Also, for the specific buyer-seller escrow case, read through the thread that I started with Gavin to discuss exactly that -- create ways for two-party escrow without risk of coins being lost forever.

The buyer-seller problem is complicated because the situation is not symmetric, and dealing with the asymmetries requires some care to not give either party an advantage to being a dick.  I'd appreciate if you read and responded in those threads with your ideas, so that progress can continue ironing them out (but of course, read them first Smiley).




THX for links, I'll do it at night.
Smiley
Andrew Vorobyov
Hero Member
*****
Offline Offline

Activity: 565



View Profile
September 29, 2012, 09:05:07 PM
 #16

n-of-(2n-1)

What is it good for?

etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 29, 2012, 10:06:51 PM
 #17


Consider the various values of n:

n=1:  1-of-1
n=2:  2-of-3
n=3:  3-of-5
n=4:  4-of-7
n=5:  5-of-9
...

It's any transaction with an odd number of public keys, and any majority subset of those signatures makes the transaction valid.  Democratic money:  perhaps 9 board members on a company all have their public keys in a 5-of-9 "wallet".  Any five signatures is enough to spend it.


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
grazcoin
Sr. Member
****
Offline Offline

Activity: 284



View Profile
September 29, 2012, 10:37:44 PM
 #18


 But I expect that the most common use-case will be for regular users to split their private keys between two devices (such as primary computer and smartphone), such that both devices need to be compromised for the attacker to get the coins (and the user will have to access both devices to use it).


What if one loses his smartphone? Nowadays how does it works with the double authentication in this case?

There is already an open source remote solution implemented for this case in https://bitcointalk.org/index.php?topic=107074.0 [Double signed wallet with a patternlock] where the phone owner can generate a secondary key which is kept on a remote server (and on paper backup). An attacker must have both the device and the remote server secret to get the coins.
If the smartphone is lost, the one that finds the phone cannot spend the coins. The original owner of the phone on the other hand, can take her primary key from the paper backup and using the service (or the secondary key backup) move the funds to a new address.

Grazcoin

HostFat
Staff
Legendary
*
Offline Offline

Activity: 2632


I support freedom of choice


View Profile WWW
September 29, 2012, 11:14:13 PM
 #19

Can it be somehow useful with the mental poker?

Poker and the shared pot at the table in a decentralised network
https://bitcointalk.org/index.php?topic=1487.0

NON DO ASSISTENZA PRIVATA - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
cunicula
Hero Member
*****
Offline Offline

Activity: 784


Stack-overflow Guru


View Profile WWW
September 30, 2012, 02:42:22 AM
 #20

Can multisig be time dependent? Suppose I want rely on multisig so that sending my coins requires signatures from two devices.
However, I'm worried that I might misplace 1 of the 2 devices.

Can multisig require 2 of 2 signatures for the next 6 months and then default back to 1 of 2 signatures after the 6 month period expires?

This would make me feel comfortable using a smartphone as a source of 1 signature. Otherwise, it is just too easy to lose the smartphone.
(This can be resolved with backups, but I feel that backups are quite a nuisance from the user's perspective)

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!