Hacker News new | comments | show | ask | jobs | submit login
Show HN: Bitrated – Bitcoin m-of-n arbitrated transactions (bitrated.com)
155 points by nadaviv on Dec 3, 2013 | hide | past | web | favorite | 72 comments

Hey, I'm the creator. I'd love to hear any feedback/questions/suggestions you have, but specifically on the security model [1] I implemented, design/ux (my design skills are terrible, thank god for Bootstrap for making it look half decent :) and the marketing/texts (I'm not a native English speaker, so any corrections are much appreciated).

If you don't know what multisig/m-of-n means, check out the FAQ: https://www.bitrated.com/faq.html

If you want to play with it, there's also a testnet [2] version: https://testnet.bitrated.com/

When it asks you to share the URL with the other party, you can just open that in a new tab.

If you don't want to go through all the process, you can see how the transaction page looks here: https://www.bitrated.com/tx.html#DO-NOT-SHARE&alice=ApLwQcKS...

[1] https://www.bitrated.com/security.html

[2] https://en.bitcoin.it/wiki/Testnet, you can get some testnet coins sent to the multisig from a faucet: http://testnet.mojocoin.com/

Looks nice, but does this do anything I can't do with my Citibank n-of-m financial transaction arbitration service?

(kidding- thanks for another innovation that makes traditional banks look like fossils)

upvote! you had me for a second. i thought "mhhmm.. really? citibank? wow! innovative!" but when i reached the question mark my disbelief became stronger than my gullibility :-)

I've been thinking about the arbitration problem, what do you think of the following possible implementation of a "3rd party free" arbitration?

Alice desires to buy asset of V value from Bob with bitcoins. Alice sets up a k1xV value address and requires Bob to set up a k2xV one, and they give up control on those addresses for at most time T. Also, Alice and Bob set up a conditional transfer of this value V to a charity (or destroy it) if both don't agree on retrieving the wallets before time T. That way, if the merchant believes he will be punished (e.g. k2 = 2) he shouldn't engage in fraud. Also the merchant should hold the same faith in customers (by setting e.g. k1 = 1 for new customers, k1 = .5 for old ones).


Note: As a bonus, the merchant could make his transaction history transparent to try to prove he punishes every fraud, and customers can likewise demonstrate some "proof of transaction" showing either they conducted transactions without issue or punished fraudsters.

Huh! I actually started working on a system that does something very similar, which ended up being morphed into Bitrated after a few people convinced me that it wouldn't work.

This idea has been brought up in the Bitcoin community from time to time [1] [2], usually referred to as mutual assured destruction, risk deposit or nash equilibrium.

I personally really like this idea and think that it could work well with rational players.

The problem is that there is room for abuse - one party could tell the other party "okay, I'm not going to finish that deal with you. we can both either lose everything, or you pay me 70% of the risk deposit and get to keep 30% of it".

In the long run, rational players should always refuse to such offers. If scammers would know that everyone always refuses, they'll quickly get into a loss and stop doing that. The problem is that I'm not sure how people would react in such situations - why not take the 30%?

As to your idea of publishing history - that could work, if that system could somehow know who's a fraudster and who isn't. Its kinda hard to tell by just looking at the blockchain and seeing what happens with the coins, there could be multiple reasons for the funds getting split.

[1] http://nashx.com/HowItWorks (requires trust in the website operator, as he holds the funds. at least it was like that last time I saw it)

[2] https://gist.github.com/etotheipi/2305966

Interesting, let me add that you should let people convince you it won't work without proof, especially for something as reliant on behavior!

I think a reputation system could be built using some kind of peer-to-peer trust system. For example, I'm aware you can prove a certain transaction is yours. Simply by collecting a series of transactions conducted with the merchant and with a series of merchant's trusted peers, the merchant could perhaps decide on the (k1,k2) he might propose; and similarly users may assemble a database of verifiable cases where the transaction backfired (since each user can prove the transaction and the merchant address).

It just bugs me -- one of the great promises of crypto currencies is the elimination of need of trusted 3rd parties -- only to be unable to perform useful real world transactions without them.

The key to enabling this would be devising a system for voluntary transparency, I believe.

>In the long run, rational players should always refuse to such offers. If scammers would know that everyone always refuses, they'll quickly get into a loss and stop doing that. The problem is that I'm not sure how people would react in such situations - why not take the 30%?

People have a very strong fairness instinct, and will probably refuse such blackmail.

There's a famous experiment where some amount of money is given to one person, and he decides how to split it with a partner (50-50, 100-0, etc.). The partner decides whether to accept the deal or refuse it, in which case the money is lost.

If I remember correctly most people refused offers under 20%, and that's without the anger that someone trying to blackmail you would cause.

How do they give up control on those addresses for at most time T? Does that require trust in a service, or is there a way to do it with script?

You can [1] create a transaction that destroys those coins (spends them on fees, sends them to a charity or really takes them out of circulation) at some time in the future (using nLockTime [2]) in such a way that it could be replaced with another transaction before that time (using a low sequence [3]).

[1] In the future, its not all active yet

[2] https://en.bitcoin.it/wiki/NLockTime https://en.bitcoin.it/wiki/Protocol_specification#tx

[3] http://bitcoin.stackexchange.com/a/2032

Libertarian legal scholar, design nerd and native English speaker here. There's a few basic errors I notice right away like:

>Give your customers a peace of mind.

There should be no 'a' and just be 'give your customers peace of mind'.

The homepage really isn't that great in presentation but the secondary pages are very "squashed":https://www.bitrated.com/faq.html#is-this-an-escrow-

You need to add some spacing/padding around these list items and titles otherwise it looks pretty crappy.

Thanks. I fixed the typo, and I'll be working on some CSS for better typography in the content-heavy pages - they do look somewhat squashed.

Looks like you're using bootstrap. Might want to check out https://wrapbootstrap.com/

I'm glad someone finally made this.

What do you think about potentially offering more complicated schemes in the future? For example, supporting say three arbitrators, requiring two to agree?

You could do this as follows:

Seller: Keys S1 and S2

Buyer: Keys B1 and B2

Arbitrators: Keys A1, A2, A3 (one per arbitrator)

You then do a 4-of-7 multisig transaction.

This generalizes to buyer, seller and N-of-M arbitrators:

Seller gets N keys

Buyer gets N keys

Arbitrators each get one key

Actual transaction is 2N of M + 2N.

This could be a cool idea, but Bitcoin currently artificially limits the total number of public keys to 3, but that limitation will probably be lifted at some point.

Also, in the future, you won't really need hacks like that to make something like that work - Bitcoin has a scripting language that allows you to specify much more complex conditions than m-of-n. You could specify something like `2 of (buyer, seller, (2 of (arb1, arb2, arb3)))`. But currently, the scripting language is limited to a specific white-list of allowed script templates, and doesn't allow doing stuff like that.

Bitcoin does not artificially limit the total number of keys. Transactions with up to 3 keys are considered "standard" by bitcoind, meaning they will be propagated and mined by default. But non-standard 5-of-8 transactions are also valid. If someone relays them and mines them, they will be valid for every node. In practical terms, non-standard transactions mean longer confirmation time, that's it.

It's a bit more complicated than "longer confirmation times" since normal nodes will not relay them. Realistically, production use of non-standard transactions is unwise, but we'll make anything standard that people have a usecaes for and tests for.

... though in this case, you'd really want to use a script like I described instead of inefficiently using multiple keys per player.

Thats a really inefficient way of encoding it.

It would result in a much smaller scriptPubKey to encode something like this instead:


Or something like that— only the 5 pubkeys involved instead of adding extra ones.

I'm aware it's inefficient, I was trying to suggest something that would currently be accepted as a standard transaction. I wasn't aware of the three key limit that's mentioned elsewhere in the thread, though, so my suggestion wouldn't be standard anyway.

I'm a bit confused about the part of the FAQ which says "he's requested to enter his public/private key (which is automatically generated) and accept the terms"

This stuff left me confused about all the wallets and keypairs and things going around (not to mention the very idea of private keys other people have access to).

You could make a nice diagram with some arrows showing all the different things and how they're exchanged.

Yeah, you're right. I made some changes to the UI to remove some mentions of public/private keys (made that public/private field hidden by default and only shown after clicking "Display advanced options", hidden some stuff behind the "Advanced mode" in the transaction page, etc) but didn't update the FAQ to reflect that.

I'll change the FAQ to be a bit more easy to digest, and yes, some infographic explaining how that works, or possibly even a video, would be a great way to explain that. I'll try and see if I can come up with something.

Weird, I was thinking about this kind of application for the last few days (unfortunately many good domains are squatted, e.g cointract)

I imagined being able to set the arbiter via an email address however, making it a little easier to use, but that obviously has some security implications.

Great execution, very excited to see this part of Bitcoin develop.

btw the about page 404's

> unfortunately many good domains are squatted

This might be partially my fault - I also got bitrator.com and bitrater.com before settling on bitrated :)

I like bitrated. Because it's a bitcoin service where transactions are... arrrrBitrated, matey. Shiver-me-ASICs.

The service is so valuable you could call it a... (•_•) ( •_•)>⌐■-■ (⌐■_■) treasure.

Oops - that testnet link shouldn't be using SSL. Instead of serving he testnet version, it goes to the default ssl server which is the regular version...

I can't edit the comment now, but here's the fixed link: http://testnet.bitrated.com/

Awesome, glad someone is doing this.

Are you going to be offering ways for arbitrators to tie in other social identity sites as a way for arbitrators to present credentials?

Right now, I'm advising them [1] to simply publish their public key in other social profiles they own, but for some Bitcoin-related services (like bitcoin-otc) that have public keys attached to profiles, I'm planning on asking them to sign a message along the lines of "I am shesek from bitcoin-otc, my nickname on bitrated is nadav, and my public key on bitrated is ..." with their bitcoin-otc's key, which'll make it possible to automatically identify them.

[1] https://www.bitrated.com/help/arbitrator-terms.html

i think you're bug bounty (bottom of security page) is a little out of date...

We welcome security audits and offer a bounty of 1 BTC for responsibly disclosing security issues or breaches in our client-server model. If you found a bug, please contact us at security@bitrated.com.

At the time of writing, the BTC/USD exchange rate is ~$110. If this drastically changes (to either side) we'll pay the equivalent BTC of that instead.

Fixed, thanks.

humble suggestion: you should go through the arbitrator's list every so often and clear out the test and dummy accounts

The arbitrarors list is a problem. It seems to suggest that they're all trustworthy, so if your seller just says 'ok lets go with this guy' you might just accept. Then it turns out it was a dummy account created by the seller...

To be useful this would really require a separate service with a reputation system, perhaps a check saying if the arbitrators identity was verified, required pgp etc.

I'm working on that! See my other comment, https://news.ycombinator.com/item?id=6843655

Edit: Also, for now, I'm hoping that it'll take place off the website, possibly over Reddit (which have a pretty active Bitcoin community). I opened an r/bitrated subreddit for possible future use, but it seems like r/bitcoin aren't very excited about this project [1] for now...

[1] http://www.reddit.com/r/Bitcoin/comments/1s0myx/bitrated_bit...

Using well-known arbitrators solve this problem also. I signed up and have quite an online identity that can be verified easily, as did the creator of the hexayurt.

Thanks for the tip; I cleaned them up.

Hey! I saw you talk about this on #bitcoin. Congratulations on the launch! I'm excited to see where you take this.

"especially if you're transecting with an unknown merchant."

misspelled transacting

Thanks for the heads up, I fixed that.

That is interesting. I have some doubts about their claim that this escapes regulation of escrow services (it sounds good, but their argument may not hold sway with regulators). But it seems like a very practical and useful system that shows the kind of thing that could ONLY be done with Bitcoin, and NOT with traditional money.

I had a lawyer working with me on that project, and he approved those texts. It is a bit of untested territory, so he might be wrong, be he's pretty confidence that this doesn't fall under an escrow.

The arbitrator is not in control of the funds. He cannot defraud either merchant or customer directly. That is the nature of multisignature transactions. The law's got a lot of catching up to do.

Well, one of the general elements of this approach WRT regulatory regimes is that there really is much less _justification_ for heavy regulation.

With a normal escrow the escrow must be trusted to hold all your money! With this approach they can only release with the consent and cooperation of one of the parties.

The lower trust means such a thing would be fundamentally more difficult to regulate too, since it can come and go, disappearing into the mists because not so much trust is required.

You'll still have to trust that the arbitrator won't just co-sign with whoever offers them the most BTC. So, y'know... don't make just ANYONE your arbitrator.

First off, this seems incredibly useful! Nice work!

Second, on the FAQ page:

> Help, I lost my private key! Can you recover it for me?

> No. The private key only exists in your browser as part of the URL and in-memory while the service is used, and is never uploaded to our servers. If you lost your access to the URL, it cannot be recovered by any means.

If my private key is in the URL, won't that necessarily be sent to your severs as part of the HTTP request?

Also, your bug bounty's USD to BTC rate could use an update ;)


> The arbitration data is stored in the hash portion of the URL, which is not sent to the server during http requests and is only accessible to you and people you choose to share URLs with.

And yeah - its hard to keep up with the USD/BTC rate :) I'll update that in a moment.

The key is in the url fragment (after the #), so per http spec, it's never transmitted to the server

This addresses some of the limitations of Bitcoin compared to classical payment networks— the lack of reversibility, even where you want it.

I found the site super easy to use.

I think this is a weakness of classical payment networks: reversibility, even when you don't want it. Even when a service claims to be non-reversible, eventually exceptions are made[1].

As Satoshi put it[2]:

> Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for non- reversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable.

With bitcoin, you can build services like arbitration on top of the non-reversible payments, and pay for them separately only when you feel that you need them. I think that's awesome.

[1] http://betabeat.com/2012/03/dwolla-was-just-sued-by-bitcoine...

[2] http://bitcoin.org/bitcoin.pdf

To a far greater extent, this addresses the limitations of classical payment networks - the arbiter never has access to the funds!

I see you're implementing an idea from https://en.bitcoin.it/wiki/Contracts ;)

What are your fees currently (as the site operator)? I've only found ...

"Fees: For its services, Bitrated may charge fees, as it sets forth from time to time. Such fees may be deducted in source from any transaction, or be paid separately."

Currently there are no fees at all, but I'm planning on charging fees for verified accounts and verified ratings when I finish building the rating system (its pretty much MVP at this stage). The terms of service you noted are somewhat too broad for my taste, but that's the legal-speak my lawyer required for covering myself.

The functionality that it currently has will always remain free, with no required fees. The verified accounts/ratings would be optional, and act both as the profit model and as a kind of fidelity bond [1] to make scamming less economical. If you could replace accounts every day and send tons of fake ratings for no cost, it'll be easy to cheat. If you're investing some money into your identity, the the users using your services would know that you have something to lose by harming your reputation.

[1] https://en.bitcoin.it/wiki/Fidelity_bonds

It's just a basic feature of the protocol from day one, the website provides a nice interface to it— provides arb introductions, etc.

Arbitration is good not so much because it cures fraud, but because it deters it.. like security guards or parental supervisors.

Arbitration background in real life here. Love what you are doing and want to offer some feedback! Many times in larger transactions, parties will demand a panel where 2/3, 3/5, or in exceptional cases even 5/7 arbitrators agree on a verdict in their case before a decision is rendered. Adding functionality to support multiple parties would be huge!

Additionally, there is an international treaty called the NY convention that allows for arbitrators' decisions to be taken to local courts for enforcement of non-monetary judgments. It would be amazing if you built in an option for public parties (think apple vs samsung) who have decided to use bitcoin as a payment in an typical contract to verify their identities so that the bitcoin portion of the arbitration could be included in enforcement of other elements (sometimes courts require dditional penalties/fees, or physical performance of parts of contracts in addition to the money settlement). Having verified identities here would allow for courts to take into account whatever payment decisions the arbitrators make.

Keep up the great work!

I have been pondering the m-of-n aspect. I think there is scope for a service to hold a single key and to give it out upon request only after notifying the key creator and a set amount of time has passed.

An environment where any 2 of three keys work you could have a paper wallet with one key. The service provider holds one, and the originator of the wallet holds the third.

This would allow a protected paper wallet where anyone can remove the money but you get the chance to veto and take the money out first.

You can do it without trust using nlocktime.


That is a different timer isn't it. That lets you make a delayed transaction, It doesn't stop a wallet holder from making an instant transaction.

The service would be to provide a wallet where the holder could not generate an immediate transaction. Any attempt to access would cause the service to contact the owner.

It's possible that nlocktime could allow it so that the service never reveals their private key, It auto approves time delayed transactions and notifies the owner that it has done so.

You can do a trick where you make a transaction from a private key with a nLockTime set in the future, then not broadcast it until that date, and destroy the original private hey. Then the only option is to wait until the time or block number set.

Thanks, I fixed that.

Firstly, great idea.

I'm assuming there will be some sort of rating system for arbitrators in the future. That list on /u could get unwieldly.

However, what's to stop an arbitrator from gaming this service and faking his reputation?

For example, he could send transactions between himself all day, using himself as the "arbitrator", and build his fake ratings that way.

Check out arbitration by Akimbo Card (https://akimbocard.com) at https://www.bitrated.com/u/AkimboCard. Secure bitcoin transactions + free and instant cash transfers.

I'm getting a 404 on https://www.bitrated.com/tx/new.js and the start transaction page is pretty much blank (probably a result)

Yeah, sorry about that - should be back up now.

Just FYI: The "About" page is 404'ing https://www.bitrated.com/about.html

Oh, oops, I was delaying that for the last moment and completely forgot about it! I'll set it up right now.

Is there any danger that the arbitrator exposes him/herself to by signing up to provide the service?

What ensures that the merchant (or buyer) is not identical to, or controlled by, the arbitrator?

The arbitrator history and reputation should be taken into account by both parties before agreeing to use him.

why not make it easy and call it escrow since that's what it looks like it is?

Because it's not an escrow. Take a look at https://www.bitrated.com/faq.html#is-this-an-escrow-

Bitcoin has no value because deflationary spiral.

Seriously, nice work!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact