BlackBank Market small updates: Multi-Sig Escrow

Howdy,

In wake of recent events, time was taken to make some changes to BlackBank. After running through tests, I have recently deployed new updates and features to BlackBank.

New features and updates:

2-Factor Authentication: uses your PGP public key to encode a randomly generated code and requires you to decode it during authentication. This prevents phishing attacks; if a hacker retrieves your password, they will still not be able to access the account if they can not decrypt the generated code. The code changes every time it is entered incorrectly, which also prevents brute hacking (although there is also a captcha after 5 unsuccessful log in attempts, but more security is always better).

Multi-Sig Escrow: when funds are in Escrow, they are no longer kept in BlackBank Market. After a purchase is accepted by a vendor, a Multi-Signature Address is created using the public keys provided by the Buyer, the Vendor, and BlackBank Market. Each public key is paired with a private key. In order to access the funds, two of the three private keys must be provided. This prevents access to the funds without authorization from at least two members.

A lot of time was taken to come to a compromise on how to create an easy to use Multi-Sig experience. When using Multi-Sig Escrow, all that is required is a public key, a private key, and a withdrawal address. There is no need for special commands or technical knowledge.

A Manual Finalize Early code is also provided that can be used on the official Bitcoin-QT client in the event BlackBank was to become unavailable. The entire manual FE requires only two commands and the private keys of both parties.

If there are any questions, comments, or feedback, always feel free to contact me.

Cheers,
MDParity

Edit: added step-by-step

Howdy,
The Wiki I created has a step-by-step. It looks long, but it's because it's mostly pictures. I tried to make it as simple as possible. Get a public key and private key. Public key 'locks' your funds, and Private key 'unlocks' funds; 2 of 3 keys required.

Buyer Steps for Multi-Sig Escrow:

  1. Deposit BTC and you can purchase after 6 confirmations
  2. Create a private/public key (you can use brainwallet.org)
  3. Purchase your item, enter public key + a refund address (just in case)
  4. Get your item
  5. Enter your private key and finalize

Vendor Steps for Multi-Sig Escrow:

  1. Accept a purchase with public key and a payment address
  2. Send item

A Manual FE code is provided so you can easily FE outside of BlackBank if the market was unavailable (LE, hackers, DDOS, etc):

  1. copy the Manual FE Code (you should copy it after accepting a purchase)
  2. replace PRIVATE_KEY_A and PRIVATE_KEY_B with private keys from buyer and vendor
  3. run the code in Bitcoin-QT to get your {hex} transaction code
  4. run sendrawtransaction {hex}

This provides more security from scammers, hackers and LE.

FAQ

how does BlackBank Multi-Sig Escrow work? When a purchase is accepted by a vendor, a Multi-Sig Bitcoin Address is created using public keys from the vendor, buyer, and the market. This Multi-Sig address requires 2 of the 3 private key pairs to spend the funds.

what are the benefits of Multi-Sig Escrow?
Can be finalized without the market (if the market was hacked, DDOS, or abducted by aliens)
* LE can not confiscate the funds (the funds are not kept in the wallet; it is a future spend transaction address in the Bitcoin blockchain)
* More secure from hackers (can only be accessed with 2 private keys - hacker will need to compromise a combination of 2 of the 3 private key holders)

Is it safe to use the private key?
It is highly suggested you don't use your private key from your wallet. Use a randomly generated one or create a new one yourself. The private key and public key has nothing to do with the spend transaction; it is merely being used to create the Multi-Sig address (lock the funds) and spend the funds (unlock the funds).

why not just deposit directly to Multi-Sig?

Are coins beeing stored on your website? Like in useraccounts or so.
Yes and no. There was a compromise to make it easier for the buyer to use multisig escrow. The buyer deposits once into BlackBank and the funds are in the account between deposit and purchase. The buyer can withdraw the funds at anytime if not in multi-sig escrow.

  1. A buyer purchases an item and enters public key a refund address (in case of disputes)
  2. Buyer can cancel the purchase and withdraw at any time still
  3. Vendor accepts purchase by entering a public key and payment address; multi-sig address created and funds sent
  4. Funds now in 2 of 3 multi-sig and not in BlackBank
  5. Buyer finalizes with private key; funds released to Vendor's payment address

Most funds are stolen during escrow and that's why vendors demand FE. This mitigates risk.

Benefits of BlackBank Multi-Sig


Comments


[2 Points] TrevorWormsley:

Character Limit on PGP Key?

c'mon


[2 Points] None:

[deleted]


[2 Points] lucyskyhigher:

Sounds great, man!

Also, I wanted to make sure that we still have the correct URL for BlackBank on the sidebar. I don't have my Tails USB on me, so I can't check myself at the moment. Is "omo6o7akcampiryq.onion" still correct?

I'm really excited to see you making these changes as quickly as you are. Just another thing that shows how incompetent SR2 really was... I'm hoping more vendors take note of your market. As soon as I get to my laptop, I am definitely signing up as a buyer. High five. :)


[1 Points] tomhuck:

Amazing you could do it in no time yet no one else can implement this? Also with multisig escrow how does anyone know that your code is not malicious and the whole multisig thing works until a site admin just by passes it? Really its a question for any one technically adept.


[1 Points] smokeweedtaglich:

Site already down?


[1 Points] shitstormy:

In what ways does your multisig differ from TMP's? Is it easier?