Bitcoin deposits for deals (Howto)
Bitcoin is a very convenient and reliable as a storage of money. But how can you carry out deals with it? Traditional methods introduce a trusted third party. Bitcoin turned out to be powerful enough to carry out deals safely without involment of third parties. Below is detailed instruction how to carry out a deal with anybody you do not trust without involment of third parties.
Let us review existing methods at first.
Exchange bitcoin to traditional money
Using this method, you rely on existing laws protecting both parties from each other. This violates the principle of third parties exclusion. Moreover, no anonymity. And exchange fees are added. Furthermore, bitcoin economy is growing, when you make transactions in bitcoins directly, not in traditional money.
An escrow is a third party trusted by both parties to the transaction. Buyer gives money to escrow, seller gives the goods to escrow. Then escrow gives money to seller and the goods to buyer. This method has a drawback. Escrow has to accumulate reputation. The more reputation, the more deals mediated by the escrow. Escrow is a system with positive feedback, therefore number of escrows decreases, which results in centralization. We do not like centralization.
How to carry out a deal without third parties
My point is that third parties are not needed for a bitcoin deal. A buyer, a seller and the bitcoin itself are sufficient for a secure deal. Banks, money exchange, lawyers and escrow are parasitizing on deals. Protocol of bitcoin already has all you need to carry out a secure deal.
The algorithm is very simple: both parties deposite some money. If the deal succeeds, the money is returned, otherwise lost.
Start from learning what multisig address is. Debiting the multisig address needs several signatures. Popular multisig address types are 2/2 and 2/3. Debiting 2/2 multisig address needs 2 signatures of 2. Debiting 2/2 multisig address needs 2 signatures of 3.
The buyer and the seller create multisig 2/2 address and move their money to it. None of them can get his money back without approval by other party. After this the deal itself is carried about (let it be a purchase of goods or a provision of services for bitcoin). If the deal succeeds (the buyer gets the goods, the seller gets the money), the parties of the deal take the money back from the deposite. If a conflict occurs or one party just disappears, they both lose the money deposited.
Parties depend on each other. The risk of losing money is stronger argument than the law regular deals based on. Some people accept violation of the law, but no one wants to lose money. In my opinion, the money is the most powerful argument in the economy. It makes no sense to cheat if it obviously leads to losses.
In order for this method to work, deposited money must exceed the price of the goods. Otherwise the party getting the goods or the money first, can pull the plug on the deposite and disappear. In my opinion, each party must deposite the double price of goods.
Another pitfall: after one party deposited the money, other party can disappear (sabotage or joke). This is bad, because one party loses the money and another party doesn't lose anything. Fortunately bitcoin provides the workaround. The money is deposited from both parties by one bitcoin transaction. This means that either both parties deposite the money or none of them deposits.
The final diagram:
Price of the goods is 1 BTC. Each party deposites 2 BTC.
- Alice and Bob create common multisig 2/2 address to be used as deposite storage.
- Alice and Bob sign the transaction, moving 2 BTC from Alice's wallet to the multisig 2/2 address and 2 BTC from Bob's wallet to the multisig 2/2 address.
- The deal itself:
- Alice provides services to Bob.
- Bob pays 1 BTC to Alice.
- Alice and Bob take the money back from the deposite to their personal wallets.
This algorithm is a wrapper for any deal. All the overhead is fees of 2 bitcoin transactions (to and from deposite). If transactions refilling personal wallets are counted as well (see below "Preparation"), then all the fee is 4 transaction fees (0.0004 BTC).
If the deal includes private meeting, then moving the money to and from a deposite can happen before and after the private meeting. Moreover, participants of a private meeting feel better if they are bound by the deposite instead of being just strangers. The method described works well for distant deals as well (e.g., a person from one country sells an intellectual product to a person from other country). Several consequent deals may happen "inside" one deposite.
Graphical tools I use do not provide convenient interface to carry two transactions needed (I use bitcoin-qt and Electrum). Web client coinbin based on BitcoinJS provides. The client doesn't depend on the developer's server and doesn't store keys remotely. Furthermore, coinbin can be downloaded and used locally or uploaded to own server. E-mail and password are used as seed for keys generation. To posses multiple addresses, use several pairs (E-mail, password). Backup your E-mail and password not to lose access to the wallet. KeePassX is a good place for this.
I managed to accomplish the transactions needed for securing a deal. Step-by-step instruction is below.
- Alice and Bob create coinbin wallets (pic).
- See keys, backup private keys, tell each other their public keys and addresses (pic).
- Send the money to be deposited to coinbin addresses (0.01 BTC from each of them) (pic).
- Alice creates multisig 2/2 address
- Bob verifies Redeem Script
- Selects Verify in coinbin menu (pic).
- Enters Redeem Script and compares public keys, address and that Required Signatures = 2 (pic). Clarification: Bob knows his public key and Alice's public key sent to him previously. He gets the address of multisig 2/2 along with Redeem Script. Required Signatures is the number of signatures required for debiting multisig 2/2 address, so it is 2.
Alice creates a transaction moving the money to multisig 2/2 address (that is depositing the money)
- Selects Transaction in coinbin menu (pic).
- Goes to Advanced Options, unchecks Clear existing inputs... (pic).
- Enters first paying address (Alice's) as an Input (pic).
- Enters second paying address (Bob's) as an Input (pic).
- Enters multisig 2/2 address as an Output. Amount of money is sum of inputs minus bitcoin transaction fee (pic).
- Gets Transaction Script and sends it to Bob for verification (pic).
Bob verifies Transaction Script
Alice and Bob sign the Transaction Script one after another
- Alice selects Sign in coinbin menu (pic).
- Alice enters Transaction Script and her private key (pic).
- Alice gets partly signed transaction and sends it to Bob (pic).
- Bob verifies the transaction one more time and makes sure output address (multisig) and amount of money have not changed.
- Bob completes signing the transaction (same actions like for Alice part of signing, but uses party signed Transaction Script instead of original one) (pic).
- Bob verifies the transaction one more time and makes sure column Signed is marked for each row (pic).
- Bob selects Broadcast in coinbin menu (pic).
- Bob enters Transaction Script and presses Submit (pic).
The money has been deposited and they can switch to the deal itself.
Getting deposited money back
If the deal fails, both parties lose deposited money. (This is the whole point, making another party conscientiously fulfill the conditions of the deal under pain of losing money.) If the deal succeeds, parties move the money back from the deposite to their personal wallets. This is possible only if both parties agree.
Alice creates a transaction moving money from the multisig 2/2 address to personal wallets of Alice and Bob.
Bob verifies Transaction Script (finds his personal address and checks amount of money)
Alice signs Transaction Script and sends it to Bob
Bob verifies Transaction Script one moretime (finds his personal address and checks amount of money)
Bob signs Transaction Script and broadcasts the result.
The money has been moved from the deposite back to personal addresses of Alice and Bob. The deal is over.
The algorithm described acts as fraud protection for any deal. It doesn't introduce third parties as traditional methods do. Overhead is almost no. The algorithm is not complicated even if it looks so. I mastered the technique after two "deals" with myself.
Improvements of the algorithm and software implementation are welcome.
- Bitcoin address of coinbin developer: 1CWHWkTWaq1K5hevimJia3cyinQsrgXUvg
- Bitcoin address of the instruction author: 1CsfihQGy5kg3nnTJLzfmNDiPGqiQgdeMz