A few technical questions to requirements of an idea I am working on.

[dabura667]

Hello all,

I have only recently started coding, and this was thanks to Bitcoin and all of the open source code I have to learn from.
I am currently working together with some professional devs in my country to create a bitcoin exchange that would remove all risk of us potentially running away with or getting stolen our customer's bitcoins.

The questions are as follows: (I apologize if I can't articulate well)

1. What are the logistics of using on-chain transactions only for a bitcoin exchange? I think scaling would be horrible, but if the methodology only involved sending bitcoin in a way that can be verified with no-confirms (psuedo-internal transaction) and is ok to wait the 10-minutes, I am not sure scalability would be an issue. What are the possible technical ramifications for if, let's say, bitstamp's bitcoin transactions were all on-chain? (aka should this be an area we should work on: keeping our volume off-chain)

2. If I wanted to create a 3rd private key unbeknownst to me or the customer and store the private key into a place that would automatically be released to the customer if we disappeared etc. are there any types of software or methodology of implementing such a system? This is one of the problems a lot of our resources are going to go into if we can not find an open source solution that does not involve trust. If there are services that involve trust in some company etc. please link just so I can evaluate as an option.

I am really excited about some of the talks we are having with investors, and if we can get funding we also have secondary services we're looking to piggy back on to our exchange.

I haven't looked at the price in the last three weeks or so, but from the posts I see I guess some people are enjoying the rollercoaster?

Any info or help with these 2 issues would be a big help. I greatly appreciate it in advanced.

[dabura667]

Well it would take about 10 mins before those coins could be used for a trade. You would have to pay the miner fee from your cut which I am guessing will be percentage and that would getter bigger the more the users traded the same coins. You probably want a minimum amount and max number of trades with the same coins otherwise those miner fees will pile up.

Yes, This is what I am afraid of... at first, I tried to tell myself "maybe people will be OK with exchanging having to pay miner fee for every successful sell in exchange for not having to trust the exchange."
But the more I think about it the more it is plain to see that off-chain is the only way to do things...
It should not be difficult to do a glass-locker multi-sig address and look at that to determine the off-chain balance of BTC for that customer.

You want a deadman switch, maybe if you don't enter a password in one week the the keys are sent to the users? But every other week you enter it doesn't. SOmething like that would work best, or send an email to a certain email account every week but you could just automated so you probably want the body or subject to be a changing thing that a computer can't guess but can make sure it is correct.

Thanks for the ideas! I will look into it.


I am still looking for more ideas on #2, and may possibly post follow up questions at a later date for #1.

[fbueller]

Javascript to generate a bip39 seed (its encoded as words) and have them write this down when they create their account - they'll never have to touch it until your company closes. You get the public key sent during submission. All addresses in for this user will be 2-of-3, where its [sites_key, users_key, backup_key].

Otherwise, you could instead use a deterministic chain, such as BIP32, and this is used to create the users backup_key. Give the user a copy of the extended public key, and then if your company closes, give the seed to this chain. Everyone can import the key, but only sign transactions relating to their address.

[dabura667]

Javascript to generate a bip39 seed (its encoded as words) and have them write this down when they create their account - they'll never have to touch it until your company closes. You get the public key sent during submission. All addresses in for this user will be 2-of-3, where its [sites_key, users_key, backup_key].

Otherwise, you could instead use a deterministic chain, such as BIP32, and this is used to create the users backup_key. Give the user a copy of the extended public key, and then if your company closes, give the seed to this chain. Everyone can import the key, but only sign transactions relating to their address.

Exactly what I was thinking except for 2 major differences:

1. The business model of no-trust has to work both ways. If the user places a bid into one of the multi-sig addys, I want to know he's not going to try and time a send away from the addy before we can collect it and he wants to know that I can't just take his bitcoin and do whatever I want with it. But at the same time, if we crash and burn permanently, I want the third seed to go to him so that he can generate his 2nd addresses and receive any funds in any of his multi-sig addys with us.

2. In order to do this, it is required that #1 we don't know the seed, #2 customer doesn't know the seed. So I was thinking of creating an autonomous, open-source deadman switch that anyone can verify should work properly. This software would create a seed, then derive a master public key, send the master public key to our service for us to hold for them and make their public keys to use for multi-sig addy creation. This software would also encrypt the seed along with an Win / Mac / Linux executable that would streamline the process of retrieving funds for the "what's a multi-sig?" crowd of investors who might not be to keen on the tech. In the event of a failure on our end, the deadman switch initiates, and each user will receive an e-mail with their encrypted seed and they use our script/executable (which would probably just use AES or something openly available anyways) with a password to decrypt and retrieve funds. Of course we also have a method of releasing the deadman switch to the user in case they lose their seed... but this will unlock the deadman's switch using their password, and automatically create a new 3 seed pair and automatically send all funds to the 1st multi sig addy on that.

Because of this, I think using a BIP32 chain wouldn't be viable, as we would need 3 separate seeds, 2 that we don't know, 2 that they don't know, and 1 that we both don't know. If we just derived different chains of the same seed, someone would know more than one.