Bitcoin Forum
May 29, 2017, 07:46:00 AM *
News: If the forum does not load normally for you, please send me a traceroute.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
Author Topic: [coinb.in] Open Source, Multi Signature, HD Wallet and more!  (Read 43522 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
Abdussamad
Legendary
*
Offline Offline

Activity: 1386



View Profile WWW
February 19, 2014, 08:32:50 PM
 #61

How does your mediation service work? Specifically:

- Does your 1% fee apply to every transaction or only those transactions involving disputes?

- bitrated has a field where you can enter a transaction agreement or contract that specifies, among other things, what the modes of payment will be and what proof of payment must be provided in the event of a dispute. There is no such field on coinb.in. So how would you decide what to do in the event of a dispute?

Hey,

As it stands, the 1% fee would only be applied to those transactions involving disputes.

Most users here seem to make an agreement and sign it with their PGP key in the event a dispute arises, a few other users will get in touch first. Saying that, I suppose a possible solution could be to have users create a message/agreement and sign it (in the browser) with their corresponding private key and then that could be used by the mediator if their is a dispute.

Do you have suggestions or preferences yourself? (or anybody else?)

Easiest solution would be that the buyer and seller come to an agreement and email it to you. You verify receipt by replying with a quote.

Multisig is hard enough as it is. I think if you asked people to sign messages with private keys they would just blank out Smiley

1496043960
Hero Member
*
Offline Offline

Posts: 1496043960

View Profile Personal Message (Offline)

Ignore
1496043960
Reply with quote  #2

1496043960
Report to moderator
1496043960
Hero Member
*
Offline Offline

Posts: 1496043960

View Profile Personal Message (Offline)

Ignore
1496043960
Reply with quote  #2

1496043960
Report to moderator
1496043960
Hero Member
*
Offline Offline

Posts: 1496043960

View Profile Personal Message (Offline)

Ignore
1496043960
Reply with quote  #2

1496043960
Report to moderator
POLONIEX TRADING SIGNALS
+50% Profit and more via TELEGRAM
ALTCOINTRADER.CO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1496043960
Hero Member
*
Offline Offline

Posts: 1496043960

View Profile Personal Message (Offline)

Ignore
1496043960
Reply with quote  #2

1496043960
Report to moderator
OutCast3k
Hero Member
*****
Offline Offline

Activity: 685


View Profile WWW
February 20, 2014, 10:10:42 AM
 #62

- snip -

Easiest solution would be that the buyer and seller come to an agreement and email it to you. You verify receipt by replying with a quote.

Multisig is hard enough as it is. I think if you asked people to sign messages with private keys they would just blank out Smiley

I tend to agree, I think I'll just drop a little message explaining they should contact the mediator first.

Thanks for the feedback Smiley

coinb.in - Open Source, Multi Signature, HD Wallet and more! | Donate: 1CWHWkTWaq1K5hevimJia3cyinQsrgXUvg
OutCast3k
Hero Member
*****
Offline Offline

Activity: 685


View Profile WWW
February 20, 2014, 02:19:07 PM
 #63

OutCast3K, thank you, the code is neat!

I wish you the best, along with a tip Smiley

Good to hear you find the project useful!

Many thanks for the tip Smiley

coinb.in - Open Source, Multi Signature, HD Wallet and more! | Donate: 1CWHWkTWaq1K5hevimJia3cyinQsrgXUvg
jcrubino
Member
**
Offline Offline

Activity: 84


View Profile
February 22, 2014, 05:13:26 AM
 #64

Does the multisig address function accept mixed compressed and uncompressed pubkeys?
unick
Sr. Member
****
Offline Offline

Activity: 378


View Profile
February 24, 2014, 04:47:12 AM
 #65

this is great! keep up the good work.

* I think it would great to explain the process and concepts in more detail on the site. What is a redeem script?

* say I want to implement the following: pay 0.01 BTC to address #A12 if the year in the timestamp of the last block is equal to 2014. what would it take to make this work?

* btw, the link on the site to your profile is broken. I think you want this: https://bitcointalk.org/index.php?action=profile;u=34834  

Thanks for the feedback Smiley

You're right, I will defiantly add more information to the site about the process shortly.

A "redeem script" contains 2 pieces of information, the public keys and the minimum number of signatures required to use it as a spendable input. It is also used to generate the multi signature address itself. There should be some information on the bitcoin wiki about this, but I will also add it to the site shortly.

I believe its possible to manipulate the timestamp of the transaction in the way you've requested, although I will need to do a little bit of testing first.

Thanks for pointing out the broken link, I've since fixed it.

What if I lose the redeemScript? is there a way to retrieve it or regenerate it?  If I don't have the RedeemScript, is it still possible to spend the coins given you have the required keys to "unlock" the transaction?

Awesome Explorers for Awesome Coins | Show some BTC love here: 1AAYAZgaz2me7hyumexUZzcyGRZEYtCx5C
HoboNickels: hbn.blockx.info | BottleCaps: cap.blockx.info | GrowthCoin: grw.blockx.info
RagnarDanneskjold
Full Member
***
Offline Offline

Activity: 149



View Profile
February 24, 2014, 05:59:22 AM
 #66

this is great! keep up the good work.

* I think it would great to explain the process and concepts in more detail on the site. What is a redeem script?

* say I want to implement the following: pay 0.01 BTC to address #A12 if the year in the timestamp of the last block is equal to 2014. what would it take to make this work?

* btw, the link on the site to your profile is broken. I think you want this: https://bitcointalk.org/index.php?action=profile;u=34834  

Thanks for the feedback Smiley

You're right, I will defiantly add more information to the site about the process shortly.

A "redeem script" contains 2 pieces of information, the public keys and the minimum number of signatures required to use it as a spendable input. It is also used to generate the multi signature address itself. There should be some information on the bitcoin wiki about this, but I will also add it to the site shortly.

I believe its possible to manipulate the timestamp of the transaction in the way you've requested, although I will need to do a little bit of testing first.

Thanks for pointing out the broken link, I've since fixed it.

What if I lose the redeemScript? is there a way to retrieve it or regenerate it?  If I don't have the RedeemScript, is it still possible to spend the coins given you have the required keys to "unlock" the transaction?

Yes you can regenerate the redeem script.  You cannot lose your multisig address; you can lose some privkeys - as long as you [or your Agents] saved the total number required to sign.  Best to move & back them up securely [pref using thumbdrive & a browser on a computer that has never connected to the internet ever]

git  |  | ID
'Bitcoin is the progress toward a society of privacy. The savage’s whole existence is public, ruled by the laws of his tribe. Bitcoin is the process of setting man free from men'
RagnarDanneskjold
Full Member
***
Offline Offline

Activity: 149



View Profile
February 24, 2014, 06:34:26 AM
 #67

Does the multisig address function accept mixed compressed and uncompressed pubkeys?
This multisig script does not accept mixed or uncompresed.  [the multisig "function" is not exclusive to this script - you can do multisig txs other ways, but they are not cool]. You can generate new uncompressed keys using this also.  You do not want to sign with a wallet address that's been used or is/was/might ever be holding funds.  You will have to expose your privkey and create unnecessary vulnerabilities to your existing flimsy security efforts.  Better to generate new pubkeys just for controlling your multisig.

git  |  | ID
'Bitcoin is the progress toward a society of privacy. The savage’s whole existence is public, ruled by the laws of his tribe. Bitcoin is the process of setting man free from men'
Peter Todd
Legendary
*
Offline Offline

Activity: 1078


View Profile
February 24, 2014, 09:47:47 AM
 #68

Quote
Enter the uncompressed public keys of all the participants, to create a multi signature address. Maximum of 20 allowed.

This is incorrect actually. While the underlying CHECKMULTISIG opcode can support up to 20 pubkeys, P2SH has an additional limit of 520 bytes for the scriptPubKey. That gives a size-dependent maximum of 15 compressed pubkeys, and just 7 with the larger uncompressed keys.

RagnarDanneskjold
Full Member
***
Offline Offline

Activity: 149



View Profile
February 25, 2014, 01:35:49 AM
 #69

Quote
Enter the uncompressed public keys of all the participants, to create a multi signature address. Maximum of 20 allowed.

This is incorrect actually. While the underlying CHECKMULTISIG opcode can support up to 20 pubkeys, P2SH has an additional limit of 520 bytes for the scriptPubKey. That gives a size-dependent maximum of 15 compressed pubkeys, and just 7 with the larger uncompressed keys.

Perhaps I'm missing something - it seems to work fine for me using 20 uncompressed [dont recall if I've tried having all 20 required signers yet - trying now].  I understand this code somewhat[not enough]; Please elaborate if possible & let me know what lines are P2SH - I thought this was a bit different.  I'm digging through it blindly.

Incidentally, i thought the p2sh git referenced "+22 signatures"
https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki

git  |  | ID
'Bitcoin is the progress toward a society of privacy. The savage’s whole existence is public, ruled by the laws of his tribe. Bitcoin is the process of setting man free from men'
Peter Todd
Legendary
*
Offline Offline

Activity: 1078


View Profile
February 25, 2014, 02:22:24 AM
 #70

Perhaps I'm missing something - it seems to work fine for me using 20 uncompressed [dont recall if I've tried having all 20 required signers yet - trying now].  I understand this code somewhat[not enough]; Please elaborate if possible & let me know what lines are P2SH - I thought this was a bit different.  I'm digging through it blindly.

Incidentally, i thought the p2sh git referenced "+22 signatures"
https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki

That's "signature operations", not signatures. SigOps is just a metric used to restrict the amount of CPU time processing a block takes as an anti-DoS measure - it's got nothing to do with the actual number of signatures.

You'll find you can create that P2SH address with the Bitcoin RPC interface, but you can't actually spend from it succesfully. Kinda misleading really - if you could do up a patch to fix that and make createmultisigaddress raise an error that'd be great.

sullitf
Newbie
*
Offline Offline

Activity: 1


View Profile
March 04, 2014, 04:36:35 AM
 #71

Really great work here OutCast!

I'm working on a project to create a multisig service and need to create keys server-side without exposing them to end users.  My first thought was to refactor your work to run in a node.js server.  Does this seem like a good solution, and if so have you looked into doing anything similar? 

Ultimately I need to be able to create key pairs, validate user public keys, and create/sign multisig addresses.  For signing I am planning to have users partially sign a multisig transaction with their keys and then send that to my server for final signature and broadcasting from the server.  This would likely mean needing to confirm partially signed transactions sent to the server, though I haven't looked into the feasibility of that yet.  Does your code already support partial signing and validation?
waxwing
Sr. Member
****
Offline Offline

Activity: 468


View Profile
March 05, 2014, 04:07:27 PM
 #72

Quote
Enter the uncompressed public keys of all the participants, to create a multi signature address. Maximum of 20 allowed.

This is incorrect actually. While the underlying CHECKMULTISIG opcode can support up to 20 pubkeys, P2SH has an additional limit of 520 bytes for the scriptPubKey. That gives a size-dependent maximum of 15 compressed pubkeys, and just 7 with the larger uncompressed keys.

Peter,
Is there any prospect in the future for these limits to be increased? It seems to me there are quite a lot of applications for larger than 15.
Or if that just leads to unacceptably big transactions even with appropriate fees, is there some way that I haven't quite thought of to combine multisig keys to get bigger consensus mechanisms? Or is it possible to use some kind of Shamir's secret sharing idea? (I only know the idea vaguely, not sure how it would work in practice).

Btw, nice work on the site guys.

PGP fingerprint 4668 9728 A9F6 4B39 1FA8 71B7 B3AE 09F1 E9A3 197A (use email to contact)
Peter Todd
Legendary
*
Offline Offline

Activity: 1078


View Profile
March 07, 2014, 02:07:38 PM
 #73

Peter,
Is there any prospect in the future for these limits to be increased? It seems to me there are quite a lot of applications for larger than 15.
Or if that just leads to unacceptably big transactions even with appropriate fees, is there some way that I haven't quite thought of to combine multisig keys to get bigger consensus mechanisms? Or is it possible to use some kind of Shamir's secret sharing idea? (I only know the idea vaguely, not sure how it would work in practice).

Btw, nice work on the site guys.

I'm at the Financial Crypto conference right now and actually just talked to a guy who claims to know of a researcher who has come up with a n-of-m threshold signature scheme that is compatible with existing Bitcoin signatures. Hopefully this will pan out - if it does you'll be able to do secure multisig without a single-point-of-failure (as Shamir's secret sharing does) with transactions and addresses that look identical to standard ones and are the same size as standard transactions. I didn't ask if there were any limits on how many keys could be combined, but there probably aren't.

waxwing
Sr. Member
****
Offline Offline

Activity: 468


View Profile
March 07, 2014, 02:46:09 PM
 #74

Peter,
Is there any prospect in the future for these limits to be increased? It seems to me there are quite a lot of applications for larger than 15.
Or if that just leads to unacceptably big transactions even with appropriate fees, is there some way that I haven't quite thought of to combine multisig keys to get bigger consensus mechanisms? Or is it possible to use some kind of Shamir's secret sharing idea? (I only know the idea vaguely, not sure how it would work in practice).

Btw, nice work on the site guys.

I'm at the Financial Crypto conference right now and actually just talked to a guy who claims to know of a researcher who has come up with a n-of-m threshold signature scheme that is compatible with existing Bitcoin signatures. Hopefully this will pan out - if it does you'll be able to do secure multisig without a single-point-of-failure (as Shamir's secret sharing does) with transactions and addresses that look identical to standard ones and are the same size as standard transactions. I didn't ask if there were any limits on how many keys could be combined, but there probably aren't.

Thanks. I realised after I wrote that that Shamir shares *secrets* not signatures so that's no good (I guess the clue was in the title Smiley ). Could something be hacked together with CoinSwap?

PGP fingerprint 4668 9728 A9F6 4B39 1FA8 71B7 B3AE 09F1 E9A3 197A (use email to contact)
Peter Todd
Legendary
*
Offline Offline

Activity: 1078


View Profile
March 07, 2014, 03:07:30 PM
 #75

Thanks. I realised after I wrote that that Shamir shares *secrets* not signatures so that's no good (I guess the clue was in the title Smiley ). Could something be hacked together with CoinSwap?

I don't think so.

The threshold sig stuff sounds pretty far along; for now 15/20 isn't such a bad limitation IMO.

waxwing
Sr. Member
****
Offline Offline

Activity: 468


View Profile
March 07, 2014, 04:05:44 PM
 #76

Thanks. I realised after I wrote that that Shamir shares *secrets* not signatures so that's no good (I guess the clue was in the title Smiley ). Could something be hacked together with CoinSwap?

I don't think so.

The threshold sig stuff sounds pretty far along; for now 15/20 isn't such a bad limitation IMO.

I agree. But no one except Eligius is accepting more than 3 right?

PGP fingerprint 4668 9728 A9F6 4B39 1FA8 71B7 B3AE 09F1 E9A3 197A (use email to contact)
Peter Todd
Legendary
*
Offline Offline

Activity: 1078


View Profile
March 07, 2014, 04:23:01 PM
 #77

I agree. But no one except Eligius is accepting more than 3 right?

Actually no! P2SH doesn't have an explicit limitations beyond the 520byte P2SH redeemScript limit, and more importantly the 500-byte scriptSig limit for IsStandard() transactions, so n and m just need to fit within that. Try it!

waxwing
Sr. Member
****
Offline Offline

Activity: 468


View Profile
March 07, 2014, 05:05:45 PM
 #78

I agree. But no one except Eligius is accepting more than 3 right?

Actually no! P2SH doesn't have an explicit limitations beyond the 520byte P2SH redeemScript limit, and more importantly the 500-byte scriptSig limit for IsStandard() transactions, so n and m just need to fit within that. Try it!

Thanks for the tip. Will do Smiley

Edit: actually before I go through all that ... doesn't this mean it won't work?:
Code:
bool IsStandard(const CScript& scriptPubKey, txnouttype& whichType)
{
    vector<valtype> vSolutions;
    if (!Solver(scriptPubKey, whichType, vSolutions))
        return false;

    if (whichType == TX_MULTISIG)
    {
        unsigned char m = vSolutions.front()[0];
        unsigned char n = vSolutions.back()[0];
        // Support up to x-of-3 multisig txns as standard
        if (n < 1 || n > 3)
            return false;
        if (m < 1 || m > n)
            return false;
    }

    return whichType != TX_NONSTANDARD;
}

?

PGP fingerprint 4668 9728 A9F6 4B39 1FA8 71B7 B3AE 09F1 E9A3 197A (use email to contact)
Peter Todd
Legendary
*
Offline Offline

Activity: 1078


View Profile
March 07, 2014, 06:16:42 PM
 #79

I agree. But no one except Eligius is accepting more than 3 right?

Actually no! P2SH doesn't have an explicit limitations beyond the 520byte P2SH redeemScript limit, and more importantly the 500-byte scriptSig limit for IsStandard() transactions, so n and m just need to fit within that. Try it!

Thanks for the tip. Will do Smiley

Edit: actually before I go through all that ... doesn't this mean it won't work?:
Code:
bool IsStandard(const CScript& scriptPubKey, txnouttype& whichType)
{
    vector<valtype> vSolutions;
    if (!Solver(scriptPubKey, whichType, vSolutions))
        return false;

    if (whichType == TX_MULTISIG)
    {
        unsigned char m = vSolutions.front()[0];
        unsigned char n = vSolutions.back()[0];
        // Support up to x-of-3 multisig txns as standard
        if (n < 1 || n > 3)
            return false;
        if (m < 1 || m > n)
            return false;
    }

    return whichType != TX_NONSTANDARD;
}

?

Nope - ask yourself if a P2SH output matches that code. Also ask yourself what the code path is that evaluates scriptSigs for standardness.

waxwing
Sr. Member
****
Offline Offline

Activity: 468


View Profile
March 07, 2014, 08:50:42 PM
 #80

Nope - ask yourself if a P2SH output matches that code. Also ask yourself what the code path is that evaluates scriptSigs for standardness.

Cool I managed to do 3 of 4 via an electrum server.

Many thanks for the edumacation Cheesy

Not quite yet capable of figuring it out from the source; but will try to follow your hints at some point...

PGP fingerprint 4668 9728 A9F6 4B39 1FA8 71B7 B3AE 09F1 E9A3 197A (use email to contact)
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!