Introducing The Grail: The 1776 Equal Trust Multisig System
Posted by: DeepDotWeb
May 12, 2014
1776 now supports two unique forms of escrowed commerce: Equal Trust Escrow, and what I’ll call “Noob Escrow.”
This guest post was Provided by “Tom” the founder and admin of 1776 market – Published as it is.
1776 Marketplace
The chances are quite high that if you’re reading this, you aren’t going to want or need Noob Escrow. Noob Escrow provides the very simplest buying experience of any Tor market, making 1776 a great site for first-time buyers who don’t yet understand Bitcoin or Tor marketplaces very well, while still putting all escrowed funds into a multi-signature wallet between the site and the vendor, making it impossible for the vendor to be robbed. Buyers can still withhold finalization until they are satisfied, or dispute orders. I will save a discussion of Noob Escrow for the vendors further on in this article.
At the original launch of 1776 a few weeks ago, a commenter at Deep Dot Web’s Reddit article complained that there was no multi-sig escrow system that didn’t require the buyer to trust the site. I thought that was a great point, and that there should be one. Now there is.
Equal Trust Escrow automatically creates a three-way multi-signature address between you, the site, and the vendor. It provides you with a very simple way to verify the legitimacy of that address, and you can check with the vendor yourself to ensure the public key provided is theirs, if you wish.
Let’s go through the very simple (and quick, quicker than any other marketplace) order process.
The layout of the site is a copy of the original Silk Road. The main reason for doing this was to easily support all the same (almost 250) categories of goods, with a layout that many if not most buyers already know. So let’s click on “Cannabis,” and choose an item: 5g of Chocolate Fondue.
Once we click through to the item, we have the usual description of the item, and we can select a quantity and shipping type if we plan to order. We will select the quantity and shipping and click the “Order with 3-Way Multisig Escrow” button.
The system asks you to enter your address in to address fields rather than into a box, and encrypts your address automatically. The reason for breaking it out into fields is to be able to provide useful features for the vendors that I will mention later. If you want to encrypt the message yourself, just make a note in one of the fields that you will send the address by private message.
After clicking confirm, you’re taken to your orders page. This is where the unique Equal Trust Escrow functionality comes in.
The system brings together a public key from the site, the vendor, and you on the spot to create a multi-sig wallet for the order. On the orders page, you are shown that address (they always start with a 3 instead of a 1) and the amount to pay. You simply go to your favorite wallet software and send the bitcoins to the address. Any wallet software will give you the transaction ID of a transfer of bitcoins. In Multi-Bit, you highlight the transaction and select the “Transaction Details” button at the bottom of the screen, then click a button to see the transaction at blockchain.info or blockexplorer.com. In most other wallets, you just right-click transactions and select “copy transaction ID.”
Here we are at our unpaid order. Click on the “Input TXID” button, and you’re taken to a form in which you can enter the ID:
Paste in the transaction ID, click “Submit,” and within a couple of seconds the system will verify the transaction and mark the order “Paid.”
You’ve just made an order in a small fraction of the time it usually takes, because you don’t have to wait for the funds to show up in a site escrow to make the payment, and you’re also completely assured against theft by hackers or the site administrators: they never control your bitcoins at any point along the order cycle. This is the Grail of Darknet shopping, and it only takes about five minutes, one time, to set up. After that, every order you make is totally secure, and lightening fast to boot.
All you need to do is download and install Bitcoin Core. It is available for Windows, Mac, and Linux. When you fire it up, it will start downloading the blockchain, which takes a long time. However, you don’t need to let it download at all, unless you have a dispute that requires you to sign a transaction. For now, we just need to get a “public key” from the wallet of the Bitcoin Core software. To do that, you simply go to the Help menu, then Debug Window. That brings up a window with three tabs- you select the “Console tab” and enter two commands:
Enter “getnewaddress” to generate a new wallet address. Then type in “validateaddress” and paste in the address you just created. Notice the list of properties that are output. The one we want is “pubkey.” Just copy that out and on the site, go to your “Account Settings” page and click on “Set Up Multisig Escrow.” You’ll be taken to a page that has a more extended form of these directions.
Paste it in and save it– and that’s it. You have the security of three-way escrow on every order you ever make on 1776 without doing anything more. Just make sure you back up that Bitcoin Core wallet.
The site, if possible, is going to ask the vendor to sign the refund transaction in the case of a dispute, saving you the trouble. But if the vendor simply disappears, or refuses to cooperate, the process of getting your money back is really simple. For this, you will need the blockchain downloaded. You can speed that up a lot if you now how to use Bittorrent, you can download most of it very fast that way.
What the site does is automatically create a hexidecimal transaction that sends the money to the “refund wallet” that every buyer has to specify in his Account Settings before he places his first order. It then signs it with the site’s private key, providing one of the two signatures necessary to make the transaction viable.
Great care and planning was taken to make this process as absolutely dead simple as Bitcoin allows it to be. 1776 uses the older, more basic standard for multisigs for the reason that they are simpler to work with, but equally secure. With the 1776 multi-sigs, it can be (and is) reduced to a simple cut-and-paste operation between Bitcoin Core and the site. No other site offers that.
Here’s the page for signing and sending a transaction:
At the top, you can see the command for creating the multi-signature address. This is so that your Bitcoin Core wallet will know what it is supposed to do when it is asked to sign the transaction. The first step is to copy that addmultisigaddress command into the console window. It will return the address of the escrow wallet that was used for this transaction. Then you just copy and paste the block of text starting with “signrawtransaction” into Bitcoin Core.
The software returns a longer hex string (the original, plus the signature with your private key), with a variable “complete” marked “true.” That tells you that you have successfully signed the transaction and it is ready to be broadcast to the Bitcoin network. It is possible for you to do that locally, but it is better for security and accounting reasons for you to let the site do it. Just double-click the hex string (it highlights just right as above when you do that) and copy it. Paste it back into the empty box as shown. If your wallet software is open, you will see the refund hit it within about two seconds after you click “submit.” Pretty easy, huh? And vendors, that’s all the more complex redeeming your finalized transactions ever gets. You could teach your grandmother to do it in five minutes, it’s the same every time, and it takes about ten seconds each transaction. That is one of the things that makes this pure-multisig site the most advanced in the world.
Now I’d like to take a minute to talk to vendors about “Noob Escrow” and how it answers the business problems that multi-sig sites have represented up to now.
I’ve been a vendor. And I’ve been in (other) business for quite a while. I understand the realities of this marketplace. It is all well and good to provide a technically workable multi-sig marketplace, but it isn’t going to do you, the vendor, any real good if you are only going to be able to reach the most sophisticated 10% (a guess) of current Darknet consumers, and next to no customers new to the Darknet. When I started writing this system a few days after Sheep disappeared, I realized that I needed to write a system that was going to address the realities of the marketplace, or it wasn’t going to work.
Most buyers are here on the Darknet for one reason: they learned from a friend that they could get quality prohibited products at a good price, delivered to their door. Their first purchase with bitcoins probably came about a day after hearing the word “bitcoin” for the first time. Which of us would have conceptually understood the idea of multi-signature bitcoin addresses the day after we found out Bitcoin was a thing? It’s just too much to ask. So I invented a form of multisig-secured escrow I call “Noob Escrow” to answer this problem.
Noob Escrow is an escrow held between the site and the vendor. When a new buyer comes to 1776 looking to purchase something, they click the “order” button, put in their shipping information, and are presented with a box a lot like the one for multi-sig orders. It looks like this:
This payment address is a unique payment address created expressly for this order. The buyer may or may not actually pay. If they don’t, you never see the order and it deletes out of the system after a few hours. If they do, they can immediately afterwards click “Check Status” and the system will inform them that their order is paid and awaiting approval. Recognition by the system of a payment takes a maximum of ten seconds. So, the bitcoins are received by the 1776 server, and as soon as they have a confirmation on them, they are sent right back out to the escrow held between the site and you. It is at this point that you are informed you have an order.
The transaction ID highlighted here is a hyperlink to blockchain.info where you can confirm the funds exist in the escrow address as claimed.
Not only was this order process simple for the buyer, it is the simplest one available on any market. They do not have to figure out funding their site account. They don’t have to go through the irritation of waiting an hour or two for those funds to show up in the site account and not really understanding why. They log in to the site, they pick your item, they enter the shipping info, they are shown an amount and an address, and they pay. It can all be done within a minute or two of visiting the site, no matter which type of escrow the buyer is involved with. That is worlds better than anything else on offer.
Do YOU like waiting three hours on an escrow deposit when you know the post offices are going to close in the vendor’s time zone in a couple hours and there’s no way you’ll get what you’re ordering the day you were hoping? All that bullshit is eliminated. So we have a system that the new buyer is going to want to return to– and they can upgrade to three-way multisig any time they like.
You don’t have to wait on your money either. Once an order is finalized you can get it into your possession in about ten seconds flat. You can have the security of multi-sig AND access to the crucial flow of new buyers. That’s key.
I wrote this system because this was the system that was needed, not only to replace what was lost when Dread Pirate Roberts was arrested: a trusted figure overseeing a very large amount of money held in escrow, but to bring the Darknet marketplace past the reliance on that by providing a tool that can actually replace the site escrow concept in the real world. A system that is completely noob-friendly, yet still makes sure that nobody is going to run off with the site escrow.
The rumor is that $40 million was stolen with Sheep Marketplace. Where does that rank in comparison to the biggest bank heists of all time? That is a HUGE amount of fucking money. Think about what a psychopath is going to be willing to do to get his hands on that. The site admin could be as honest as the day is long, if a psycho figures out who he is, what is he going to do if they start cutting pieces off his wife? There simply is no way to keep on the way things have been without the whole scene continuing to putter along with the choke lever pulled all the way out as it has been since the Sheep heist.
Everyone is familiar with Murphy’s Law. What many people don’t know is that Murphy was a very talented and respected engineer. He led other engineers in experimental aviation projects for the Department of Defense not long after World War II. Some of the aircraft they designed were test-flown in what was later known as Area 51.
Murphy’s Law sounds on the surface like a cynical comment about life. When Murphy expressed it to his engineers, it was as an engineering truth. In statistical terms, “Whatever can go wrong, will go wrong” is a flat fact. Given enough time, anything that can go wrong, will. The laws of probability guarantee it. When considering the design of anything, especially things where very bad things are going to happen when you don’t do your design job right, you have to consider every possible failure mode and address them, because if you don’t, eventually, some test pilot will end up dead. And plenty of them did.
The flash of inspiration I had a few days after losing my money at Sheep was that it was indeed possible to build a system that, leveraging the crypto basis of Bitcoin and the existence of multi-signature wallets (something almost no one knew at the time, funny how much things can change in six months) it was possible to build a system where the escrow couldn’t go wrong. Mathematics is the one form of truth that transcends not only this universe, but any possible one. Mathematical facts are the the soundest bedrock on which you can build, and that is why Bitcoin has been such a success so far.
Let me challenge you: Imagine there was a large and ever-growing flow of new potential customers, going beyond the tiny (.1%? .01%?) percentage of the population that ever bought something on the Darknet up to now. Imagine that any money you brought in was committed to an escrow that you knew for certain couldn’t be stolen from you, a security that has never existed up to this point. Murphy got DPR, Murphy got Sheep, and given enough time, it is a statistical fact that Murphy will get anyone who can be got. But this escrow, you can count on being there. For sure. Because nobody knows a shortcut to factoring enormous prime numbers. Nobody thinks we will ever have one either.
How big could you grow your operation in a climate like that? How much inventory would you have the confidence to order?
Here’s a great place to mention a coming innovation from 1776: an open-source application that allows you to generate .CSV files that are importable into whatever shipping software you prefer.
The site stores the addresses two ways: one formatted like a mailing label as usual, and one as a “JSON object.” Both are stored encrypted, of course. When the latter version is decrypted, it can be brought together with any number of other orders, and a CSV file created. All it takes is for you to import your PGP private key into the software, allow the app to connect to the site via Tor, log in, and generate the file. The source will be published with the app. Custom versions will be encouraged.
How big could you grow your operation, even if you’re just one man or woman, if the tedious mailing label process were reduced to five minutes, even if there were a hundred orders? Or three hundred?
For what it’s worth, there’s also an app that can connect to your local Bitcoin Core instance and do all the signatures for your transactions automatically. Since only 1776 has the other private key, nobody could modify the program to rob you, so in this case the only person you can’t trust is me. :) Someone else could simply use the source to create a trusted version. If you get busy enough I suppose you’ll evaluate the cost-benefit of it when the time comes. With these two tools, you could have all the shipping and accounting functions of running your operation in just a few minutes a day, no matter how big you got.
So now your operation is running like a raped ape. You can, with total confidence, grow your operation as fast as you can bring in the capital to do it. You can take advantage of the fact that we are still at this point only at the very, very bleeding edge of a completely new world of commerce.
The 1776 system is the key, my friends. This is the 2.0 of Darknet commerce.
1776 Marketplace
So let me talk you into coming over to the site and setting up shop right now.
There’s one more cool feature I didn’t mention: email notifications. They’re available for both vendors and buyers. The system connects (always, always through Tor, for everything) to a hyper-secure mail host. It sends a notification with the subject “Encrypted Message” and a notification that has been encrypted with your public key. The three notifications at present are: new order, finalized order, new message. For buyers, it’s messages, order approved, order shipped.
So not only does it only take five minutes to set up your part of the escrow (no harder than it is for the buyers), you can head over, list your inventory, know for sure that any business you get is safe from theft, and you don’t ever have to babysit the site. When you get a message or an order, the system will email you. If you use an email client like Thunderbird, you can just listen for incoming messages and know when there’s something that needs doing, rather than babysitting the site. All you need to invest is the time to set up Bitcoin Core and list your inventory. All you have to do is monitor your email. You probably do that anyway.
And you know what? I haven’t even told you about the coup de grace. There’s something more kickass than all of this coming, but I haven’t written it yet, and I won’t tell you about it until I have. Suffice it to say, if you run with me, you are going to get stinking fucking rich. See if you don’t. What do you have to lose?
Vendors are automatically activated. Items are screened for obvious scams before they go up. If you have a track record elsewhere, make sure to tell buyers on your page.
The sky is the limit, friends. Hope to see you at 1776 soon!
Regards,
-Tom
Proprietor, 1776
Updated: 2014-05-12