multisig without tying up funds

1

Is it possible to enable a 2 of 3 transaction without the escrow component defined as "nobody can run off with the funds but the funds have to exist"

In a scenario where A wants to pay C and requires intermediary B for multisig.

Is it possible for A to authorize a transaction with B and C with one partially signed signature, and then B and C can combine that signature to create a transaction? B and C will have several ways to determine if funds are available from A, but for sake of brevity lets assume A has funds

CQM

Posted 2014-04-08T20:59:34.490

Reputation: 1 472

I don't understand how this is different from just requiring all 3 signatures?Nate Eldredge 2014-04-08T21:34:55.190

@NateEldredge ok? please elaborate on what you are talking about , and how A can authorize a payment at Time0 to be pulled at Time1 from the partial signatures given to B and C. If all 3 signatures were required, then A would have to be present at Time0 and Time1CQM 2014-04-09T03:38:42.140

Answers

2

This certainly is possible---but unless you define the "several ways" to verify that A has the funds, the solution must exclude this key component. Here is one possible solution:

Special Multisignature Bitcoin-Address

Create a 3-of-5 multisignature Bitcoin address to which A transfers the Bitcoin in question. A owns 3 of the 5 participating addresses, whilst B and C contribute one each. Next A prepares a partially signed transaction that is signed with only one of his keys.

To eventually access the funds, B and C must both sign this transaction (or ask A for further signing). But it does not tie up the funds in that A can still access the Bitcoin using only his own keys.

Note that this only protects A from either B or C unilaterally taking possession of the bitcoins involved, but it does not offer any reassurance to B or C that the bitcoins will remain available to them in the future. That may create a particularly perverse incentive for intermediary B and recipient C to conspire into splitting the pot among them rather than adhering to whatever B's responsibilities in this matter were supposed to be.

pyramids

Posted 2014-04-08T20:59:34.490

Reputation: 2 978

Elaborate on why B and C would conspire, as this may reveal what other types of safeguards can be created amongst intermediaries and recipients. Regarding verifying funds are available, B and C could just check the balance of A's address before they (or their script) pull's from it. A contract would detail when payment will be collected. If the blockchain shows a balance too small to cover the payment, then other means of collection will have to be pursued in accordance with the contract (like any other obligation)CQM 2014-04-14T14:28:54.983

The incentive for B and C to conspire would be taking the payment even when the contracts' conditions for it are not met. Given your plan on how to safeguard against A not paying, you probably want to just design the contract to also safeguard against B and C just taking the pot and splitting it among themselves.pyramids 2014-04-14T15:51:32.177

is this somehow unique from any other multisig scenario?CQM 2014-04-14T15:55:46.847

@CQM Indirectly, yes. Since typical multisig transactions function as a full escrow, there is no danger that A may unilaterally withdraw the funds, and hence parties B and C don't risk having to resort to going to a court (in case A does try to withdraw). If your contract and contract-enforcement works without incuring any risk or expense for B and C, this does not matter.pyramids 2014-04-14T16:47:12.077

slightly unrelated question, how do you understand multisig so well? I am trying to synthesize use cases, like this question, but information seems to be so scattered or unavailableCQM 2014-04-14T17:54:27.737

@CQM Well, I suppose this is one of the things that some people just "get," whilst not even understanding why others would find anything about it confusing. As a consequence, it's not been used much, e.g. blockchain.info/wallet removing it because it was a support nightmare. But use cases are really trivial. For example, if a business takes deposits, they may want to give no single person (or wallets) access. 2-of-3, 3-of-4, or 3-of-5, etc., multisig addresses are one of the possible solutions (but modern crypto allows off-blockchain solutions, too).

pyramids 2014-04-14T19:04:43.443

Asked: 2014-04-08T20:59:34.490

Viewed: 196 times

Active: 2014-04-13T18:51:25.153