Bitcoin Forum
September 26, 2016, 05:19:05 PM *
News: Latest stable version of Bitcoin Core: 0.13.0 (New!) [Torrent]. Make sure you verify it.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Two step transfers, for greater trust  (Read 944 times)
Hal
VIP
Sr. Member
*
Offline Offline

Activity: 314



View Profile
December 07, 2010, 04:33:20 AM
 #1

There exists a cryptographic technique called split keys which could be used on top of Bitcoin to solve some problems in needing to trust people to make Bitcoin transfers. The idea is for the payor and payee to jointly generate a Bitcoin address that will receive the payment. Bitcoin addresses are essentially public keys, and knowledge of the corresponding private keys are what let you spend the coins. In this case, though, a public key is jointly generated between the payor and payee, such that each only ends up with, in effect, half the private key. Neither party will be able to spend coins sent to the address corresponding to this split key.

The payor then makes a payment of the agreed amount to this special address. Once this is done, the payor has lost the Bitcoins. He can't spend them anymore; they belong to this new address which is split between the two of them. The payee can't spend the coins either, at this point.

To complete the transfer, the second step is for the payor to reveal his part of the private key to the payee. Then the payee knows the full private key, which gives him control of the address that received the payment. They are now his Bitcoins to spend as he likes.

The advantage of splitting up the payment into two steps like this is that the first step, where the payor makes a payment to the split key, represents a very strong commitment on his part to see the deal through. After that step, typically the payee must hold up his end of the bargain and perform some action he is being paid for. Once that is completed, the second step of the transfer occurs and the payee receives his payment.

Throughout, no one has any financial incentive to cheat. The first step does not benefit the payee, and the only way he gets paid is to perform. And the second step does not harm the payor; he is out the coins already and gains no benefit from failing to follow through.

It is analogous to tearing a $100 bill in half and giving half to someone, with a promise to deliver the other half if he cooperates. This is a credible commitment and a strong inducement. You have no financial incentive to cheat him if he holds up his end.

Hal Finney
1474910345
Hero Member
*
Offline Offline

Posts: 1474910345

View Profile Personal Message (Offline)

Ignore
1474910345
Reply with quote  #2

1474910345
Report to moderator
1474910345
Hero Member
*
Offline Offline

Posts: 1474910345

View Profile Personal Message (Offline)

Ignore
1474910345
Reply with quote  #2

1474910345
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1474910345
Hero Member
*
Offline Offline

Posts: 1474910345

View Profile Personal Message (Offline)

Ignore
1474910345
Reply with quote  #2

1474910345
Report to moderator
1474910345
Hero Member
*
Offline Offline

Posts: 1474910345

View Profile Personal Message (Offline)

Ignore
1474910345
Reply with quote  #2

1474910345
Report to moderator
theymos
Administrator
Legendary
*
Online Online

Activity: 2422


View Profile
December 07, 2010, 04:44:33 AM
 #2

Bitcoin already supports this (no UI for it yet), though it's done through the transaction scripting system rather than by splitting keys.
http://bitcointalk.org/index.php?topic=750.0

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
bober182
Full Member
***
Offline Offline

Activity: 196

127.0.0.1


View Profile
December 07, 2010, 08:24:49 AM
 #3

What about attacks using this system with the normal system trust is needed here you have a false trust that will lock up bitcoins forever.

13NuAQaChtoTgvX8J68Zjy4AUR6hhugpXM Donations for anything and everything.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If society abolishes adventure the only adventure left is to abolish society.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
December 07, 2010, 08:38:16 AM
 #4

What about attacks using this system with the normal system trust is needed here you have a false trust that will lock up bitcoins forever.

Throwing your own money away doesn't hurt bitcoin in a broad sense. We'd be fine with 20M coins or 1M or even 11. If you have access to coins and throw them away it is your loss, and in the case of shared coins, your partners loss too.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
December 07, 2010, 11:00:38 AM
 #5

What's really needed here is a transaction that allows the payor to pay the bitcoins to two addresses: the payee, and an arbitrator. The payee can't claim the coins until the payor approves. If the payor doesn't approve within some timespan (e.g. 30 days) the coins go to the arbitrator instead.

This protects the payee against e.g. death or the payor. The bitcoin address of the arbitrator would be designated by the payor, but obviously there's no point designating an arbitrator who would not be acceptable to the payee.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!