Designing a P2P marketplace, question for vendors

Hello,

Title says it all, I'm making a P2P marketplace is for learning purposes. I'll get straight to the point. When a person becomes a vendor they submit the information needed (bitcoin address, etc), encrypted with the owners PGP key, into a database that is distributed to all the peers on the marketplace. The current design has the vendor submit their bitcoin address when they register. Then when a transaction takes place the owner's client automatically decrypts the vendors and buyers bitcoin address, and takes the owners bitcoin address, and creates a 2-of-3 multisignature address. The buyer transfers funds into this address, then if everything works out the buyer will hit complete order which will send a signal to the owners client. The client will sign the transaction, along with the vendors, releasing the funds.

The problem is that the vendor has to use the same bitcoin address for every transaction. (The market doesn't though)

Will this be a problem? It seems with tumbler services it shouldn't be a problem. Anyone welcome to comment on this.

Again, this is for learning purposes.


Comments


[1 Points] AutoModerator:

Because you are using a brand new account, your submission has been automatically hidden from public view and is awaiting moderator approval. If this message disappears, you will know your post has been approved. If it doesn't disappear and you are not given a reason for your submission's removal within 6 hours, you can try reposting your thread. Accounts must be at least 6 hours old to post unrestricted on /r/DarkNetMarkets. Please see this modpost for more information and make sure to read the rules of our subreddit. If you are new to this community, please check out /r/DarkNetMarketsNoobs to get started on your journey.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.


[1 Points] crakbenz:

P2P means that when a trade is opened, the client will need to connect to the sellers IP address to communicate to them, this doesn't need explaining and is a huge security hole, meaning users and vendors will have to use a VPN or they can be easily tracked down, and a VPN is only passing through one private network, is it going to be onion based? if not then you are also losing out on the extra layer of protection that passing through tor nodes provides.

As well as that, what kind of system will be in place to authenticate transactions? what system would be stopping a user to spoof requests by finding out what type of parameters are passed through their network activity when they make a transaction, they could then make a script to automate this process of spoofing transactions.

the buyer will hit complete order which will send a signal to the owners client. The client will sign the transaction, along with the vendors So yeah, what do you mean by sign? and what would you do to authenticate the transaction is legitimate?

If this market will not be web based and instead software based, what language will it be written in?

also how will the user be able to decrypt the sellers bitcoin address? wouldn't that require the address being sent over in plain text if its decrypted on a server or being decrypted on the clients side?