Bitcoin Forum
March 28, 2024, 08:07:52 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Lending using BTC as a collateral on a multisig address  (Read 127 times)
x3m (OP)
Newbie
*
Offline Offline

Activity: 23
Merit: 10


View Profile
January 26, 2020, 04:02:32 PM
Last edit: January 26, 2020, 04:13:20 PM by x3m
Merited by d5000 (1), ABCbits (1)
 #1

Please help me to list the best security practices implementation details of my assignment.

Alice and Bob sign an agreement.
Alice borrows Bob $8,000 (assuming that 1 BTC = $8,000) for a period of time T and Bob put up a collateral of 1.5 BTC into a multisig account.
If within time T Bob settles his debt ($8,000 + fees) then Bob can have 1.5 BTC back, else Alice can seize 1.5 BTC collateral and do whatever she wants.

Here's an example by Gavin Andresen that can be used for what's described above:
https://gist.github.com/gavinandresen/3966071

Here is what I've pointed out so far:

- How to create the three keypairs and give the private keys of the multisig addresses to three different Escrow agents in such a way that the private keys are not revealed to anyone (even the creator)?
- After Bob performs the transaction from his wallet to the multisig address wait for 6 confirmations before lending him $8,000.
- Reveal operation's details (when and where) only to people involved.
- What's best cold storage method with pros and cons? (i.e. HW wallets: if the period T is relatively long, new firmware may be released to patch vulnerabilities. An update process needs to be defined)
- Transfer 1,5 BTC to either Alice or Bob according to agreement outcomes. Is this probably the least risky step in the list?

Something is missing for sure ...

UPDATE:
- send transactions to your fullnode or to verified peers.
1711656472
Hero Member
*
Offline Offline

Posts: 1711656472

View Profile Personal Message (Offline)

Ignore
1711656472
Reply with quote  #2

1711656472
Report to moderator
1711656472
Hero Member
*
Offline Offline

Posts: 1711656472

View Profile Personal Message (Offline)

Ignore
1711656472
Reply with quote  #2

1711656472
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711656472
Hero Member
*
Offline Offline

Posts: 1711656472

View Profile Personal Message (Offline)

Ignore
1711656472
Reply with quote  #2

1711656472
Report to moderator
ranochigo
Legendary
*
Offline Offline

Activity: 2940
Merit: 4127



View Profile
January 26, 2020, 04:10:17 PM
 #2

- How to create the three keypairs and give the private keys of the multisig addresses to three different Escrow agents in such a way that the private keys are not revealed to anyone (even the creator)?
The private keys has to be known by the 3 escrow agents. The link stated only serves as an example as to how that specific multisig address was generated. In reality, the multisig address is created by using the public keys of the addresses belonging to the 3 escrow agents.
- What's best cold storage method with pros and cons? (i.e. HW wallets: if the period T is relatively long, new firmware may be released to patch vulnerabilities. An update process needs to be defined)
Hardware wallet may have some difficulty signing raw transactions for multisig transactions depending on the hardware itself. You have to choose a wallet which allows you to sign and broadcast raw transactions.

You don't really need to have 3 escrow agents. Multisig works perfectly with one escrow agent and both Alice and Bob hold a key each. For that multisig set up, it would be a 2-of-3 multisig and 2 parties would be needed for the funds to be released (Alice/Bob, Alice/Escrow or Bob/Escrow). It would still be safe since either both parties have to agree to release the funds or the escrow have to agree with one of the parties.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
January 26, 2020, 04:11:36 PM
 #3

- How to create the three keypairs and give the private keys of the multisig addresses to three different Escrow agents in such a way that the private keys are not revealed to anyone (even the creator)?
The escrow agent, Alice and Bob would probably have a key each which they can determine on their own.
It's possible to get them to sign a piece of data to prove they own that private key and then reveal the public keys but such a step would be unnecessary.

- After Bob performs the transaction from his wallet to the multisig address wait for 6 confirmations before lending him $8,000.
If neccessary then yes

- Reveal operation's details (when and where) only to people involved.
What? You mean for if there are only two people. I think it would currently impossible to do that unless there's a proof for the blockchain without haviing both parties trust each other. A hostage situation whereby bob doesn't repay but tells alice she can get half her funds back could be odne fairly easily.

- What's best cold storage method with pros and cons? (i.e. HW wallets: if the period T is relatively long, new firmware may be released to patch vulnerabilities. An update process needs to be defined)
Firmware updates will do nothing. Most hardware wallets are open source or are compatible with clients such as electrum.
The nmemonic phrase is also compatible with electrum with a small amount of tweaking.

- Transfer 1,5 BTC to either Alice or Bob according to agreement outcomes. Is this probably the least risky step in the list?
The bit that's missing is probably the fact that the fiat transfer will likely have to go through the escrow agent.
There would be obvious issues with doing a cash in hand transfer too - unless it's done in well secured public premises.
x3m (OP)
Newbie
*
Offline Offline

Activity: 23
Merit: 10


View Profile
January 26, 2020, 04:30:26 PM
 #4

...
- Reveal operation's details (when and where) only to people involved.
What? You mean for if there are only two people. I think it would currently impossible to do that unless there's a proof for the blockchain without haviing both parties trust each other. A hostage situation whereby bob doesn't repay but tells alice she can get half her funds back could be odne fairly easily.

...

Good points.
Regarding when and where I meant that if the parties have to meet to sign the agreement and perform the transaction right away, the location and date (especially in case of a high amount) must be kept confidential.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!