Since most of you are familiar with the current Bazaar setup, here are some of the changes you’d notice:
Tor Bazaar Market details: Tor Bazaar
Multisig usage guide taken from the sites forums: http://22iwhc2luicynjqy.onion/index.php?topic=247.msg1348
** Will add pictures once available
– No more ‘Bitcoin’ link on the navigation panel.
– Instead of topping up to a wallet address to pay for funds, which leaves the scope for hacks and theft by shady admins, multisignature transactions are now standard, for up-front payment or escrow.(***)
– Vendors can chose enter a list of public keys (**) in advance for accepting orders, or will be prompted to enter keys if they have none available when accepting an order.
– Buyers must enter public keys on a per-order basis (**).
– In the new system once funds leave a multisig address, they pay directly to the users key that was used to create the address.
– Users will then need to sign multisignature transactions. As explain in detail below.
* We recommend electrum as a bitcoin client, as it’s the only deterministic key derivation algorithm that sees mainstream use. (**)
** – Forcing users to enter a list of keys, or individually, or solely from an MPK, sucks. However, this is an acceptable solution until clients adopt BIP32 library, which will be the case for the next version of electrum, and eventually all the others as well. So it’s a start.
*** – Since vendors/buyers/admins can go missing during an order, 2 of 3 multisignature addresses are used for escrow and up-front payments, so funds are recoverable.
So, whats multisig?
Multisignature addresses are bitcoin addresses controlled by more than one person. They are created with a set of requirements, that dictate how the funds in the address can be moved between parties.
2-of-3 signature addresses are jointly controlled by 3 people, the market, the buyer and the seller, but funds can only be moved if two people authorize and sign a transaction.
Users will be expected to sign transactions for themselves. While current client’s leave much to be desired regarding support for multisignature transactions, we believe the best way is by increasing the adoption in it into day-to-day life, and watch the situation improve from there.
Currently, the only unmodified client which supports signing multisignature transactions is Bitcoin Core.Otherwise, users can use an offline copy of https://coinb.in/multisig to sign in their browser.
It kinda sucks that Bitcoin Core is the only client that lets us do this as of now, but we’re very much looking forward to a lighter client that supports it out of the box in the days to come.
Training users to use multisig
Multisig can seem complicated, but we’ve tried to make the process as smooth as practicality can be done and with the neccessary security measures in place. And can only improve from here.
Completing an order doesn’t require many complicated steps at once, but rather it is a gradual process where users are guided doing the transaction. If users have any experience with an electrum offline wallet, the process is very similar – Take unsigned transaction, sign, broadcast. Here’s a more detailed explanation.
Step 0: Buyer choses their items, as normal. When they’re ready, they enter a public key, and their address, and confirm their order.
Step 1: Vendor receives the new order, then must decide to proceed either vis escrow, or up-front payment (FE), based on ratings etc. If the vendor has pre-entered public keys in advance with their listings they can skip to step below, but if not.. They will be prompted to do so here.
Step 2: Awaiting Payment: Once the order is accepted by the vendor, and the terms are selected (up-front or escrow), the multisig address will be created, and available to all users. A redeemScript is then given, allowing users to verify that the address is one they have control over (which contains their public key). The buyer then needs to pay to the address to continue.
Once the market has seen enough incoming transactions to this address to cover for the order, it will progress the order to the next step, which is of signing it. First, both users need to import the address to their wallet. A copy/paste command will be shown to help them with that.
Step 3: Up-front order’s only – await buyer signature. If the order is up-front, then the buyer signs the unsigned transaction. They paste the partially signed transaction onto the order page and submit, where it will be verified, and the order progressed to step 4.
If the order is escrow, then the process skips this step, and the vendor signs/dispatches first.
Step 4: Waiting for Vendor to deliver goods. The vendor signs to indicate they have dispatched.
If the order is up-front, then the vendor will now sign, and broadcast the transaction. Once the market see’s this transaction in blockchain, then the order is moved to step 5.
If the order is escrow, the vendor will add the first signature to the transaction, and paste the partially signed transaction onto the order page.
Step 5: Order has been dispatched. Await buyer to sign & broadcast (Escrow), or click Received (Up-front).
If it’s up-front, the buyer simply clicks the ‘Received’ button, and the order is completed (step 7). Otherwise, the buyer can raise a dispute.
If it’s escrow, when the goods arrive the buyer signs & broadcasts the transaction paying the vendor, the order is marked as completed (step 7). Otherwise, the buyer or the vendor can raise a dispute.
Step 6: Disputed Order
If a dispute is raised, and the order was escrow, the market administrator will be able to craft a new raw transaction, which pays the buyer/vendor an appropriate amount at their discretion. Ideally, both users should be satisfied with the outcome, but the admin can sign, and wait for the second signature, and the transaction to be broadcast, before the dispute is automatically closed, and the order marked complete.
Step 7: Completed Order
At this point, the buyer and seller will be asked to leave feedback for the other.
A buyer will leave feedback for the vendor, and then the items.
A vendor will leave feedback for the buyer.
If the order was disputed, this will mark each review on the page as Disputed, allowing users to read what happened.
Vendors can rate buyers on qualities like Cooperation and Communication, from 1-5.
Buyers can rate vendors on qualities like Shipping, and Communication, from 1-5. They also rate the items on an order, on item quality, and if it matches description as on the listing.
When buyers leave feedback for an order with more than one item, they can choose to rate all the items with the same score, and comments, or else fill in ratings/comments individually.
All users can leave comments about the vendor/buyer/item. These can be from a list of prepared statements (to mask people’s writing styles), or else a bespoke comment can be written. Also, feedback takes on average 12 hours to show up And are updated in bulk to keep them anonymous- All feedback will have a timestamp of 12pm the following day, so they appear in a batch.
How to get started using 2/3 Multi-Sig Transactions on the Beta Bazaar
Vendors can now set up their accounts by adding one or more pubkeys through their account tab. Which would then enable them to accept multisig escrow payments from clients in addition to requesting for an FE. Or can chose to add pubkeys for each other as and when received.
Buyers will be requested to generate their share of pubkeys and add them to the orders while confirming to purchase items. This can be done through Bitcoin Core or through https://coinb.in/multisig/ where transactions can also be verified and/or signed for release of funds.
The Bazaar is set to automatically generate its own share of the public keys to create a 2/3 Mult-isig address. Buyers would then need to send funds to this address and once the transaction is confirmed by the Bazaar the vendor updated accordingly and requested to update order status to dispatched etc.
All parties can also track multisig transactions on btclook.com
Create your Public and Private Key with your Bitcoin client.
*Open your bitcoin client’s debug console and type the following commands:
*Copy the address from output screen and add it to following command:
It will return wallet address details. You’ll find your public under “pubkey” section.
*For Vendors: Once you have the public key(s), upload them to your bazaar account.
*For Buyers: Use it while placing an order.
Then get your private key details and store it somewhere safe.
This key will be used for validating terms of the trade and for signing the release of escrow.
Once an order has been placed, both buyers and vendors will be able to follow.. each step of the order through their ”my orders” page at the bazaar.
* Once Buyers submit their public key to place an order, the vendor is noticed of the new order.
* The vendor can chose for payment upfront or for multi-sig escrow.
* Once vendors have decided on the payment method, buyers will be notified on how to proceed further. Now the ‘My Orders’ page would have a multisig payment address assigned for that specific order, to which buyers need to send the funds to, and as soon as one confirmation has been received, the order will be marked as paid and the vendor notified.
The Vendor will then on their bitcoind debug console, input the following commands.. (instructions for buyers and vendors is available in your orders page to guide you through).
* addmultisigaddress 2 ‘[abcdxxxx]’ (hex string for the order details)
All you need do is copy/paste.
This will show the multisig address in which the funds are being held (as sent in by the buyer). Once the vendor has dispatched the items, they will then punch in:
* This will provide a hex string as your output verifying them having signed the transaction. This ‘hex’ output needs to be copied and posted in the blank box.
* As this point in time the buyer will be notified that the vendor has dispatched the goods.
* Once the goods have been received, the buyer will then need to sign their signature confirming havering received the goods and then releasing the escrow which would pay the vendor directly to their wallet. Same instructions for the buyers with one additional step – releasing funds in escrow.
On your bitcoind debug console:
* addmultisigaddress 2 ‘[abcdxxxx]’ (hex string for the order details)
This second signature will now complete the order.
sendrawtransaction [abcdxxx]’ hex string of raw transaction.
This is send immediately to the blockchain network and on the first confirmation the vendor paid to their wallet.
Create your Public and Private Key online
You will need to use Clearnet site.
Visit Coinb.in -> Click create new multi-sig address -> generate in your browser.
This will then provide you with a wallet address + pubkey + privkey.
Save your newly generated Private and Public key for placing/receiving your order and releasing/receiving your funds.
Login to the Bazaar and upload your bitcoin public key(s) if you’re a vendor -> click My Account tab. And then ‘add bitcoin pub keys’. Or as a buyer use a freshly generated one, while placing an order.
Once both parties (buyer and vendor) have confirmed details on an order, they will be presented with a unique order wallet address + redeem script + public keys of the buyer, vendor and the bazaar for that specific order. Pls note all bazaar multi-sig wallets begin with the number 3.
The buyer can then verify the redeem script to make sure they have the order details correct and then proceed to make a payment to the multi-sig order address. Once the payment has been received on the wallet, the bazaar will notify the vendor to proceed with shipping/dispatching the purchased items.
Steps for Vendors only!
Visit Coinb.in and click New -> Transaction.
To verify having received payment to the multiSig address. Enter the redeem script as mentioned on your Order page, and wait for the details to load. The screen will then provide you details such as funds available (as sent by the buyer) on the multisig wallet.
Copy the ‘unsigned raw transaction’ from your Bazaar order page and click ‘Sign’ transaction tab on the website. Input the raw transaction you just copied and your ‘private key’ and click submit. Then copy the signed transaction ‘hex’ (bottom of page) onto your Order page on the bazaar, submitting this will let the buyer know that the items have now been dispatched.
Steps for Buyers Only!
On receiving the items, the buyer will need to sign the unsigned raw transaction as mentioned on their Order page on the Bazaar, they can follow the steps above (Sign transaction) and sign with their private key. Which will then provide the ‘hex’ output for the transaction as required (for 2/3 parties txid). This ‘hex’ output will then need to be copied & broadcasted to the blockchain network – to release the escrow funds to the vendor.
Click Broadcast tab and input the final hex output and click submit to release escrow funds to the vendor.