I’ve been digging into BIP38 (https://en.bitcoin.it/wiki/BIP_0038) quite a bit lately and using an old abandoned code project as a foundation to build a Trustless Bitcoin Escrow System. BIP38 is all about encrypting private keys (if you don’t want to look it up). 🙂
You can check out the system here – http://bitcoincontract.net/
Right now feel free to test things out. Once I work out all the kinks I’ll move the site over to an SSL cert and tweak a few more things.
How does this all work?
- Two parties agree on a contract. This could be selling a product, performing a service, whatever needs an escrow system.
- The party who will be receiving the money visits http://bitcoincontract.net/ and creates their own passphrase that they keep secret to themselves. The site generates an Escrow Code that they send to the party who will be sending the money.
- The sending party visits http://bitcoincontract.net/ and visits Step #2 and enters the Escrow Code which will allow then to generate three fields. 1) The bitcoin address that will be used for the transaction. 2) A confirmation code that will be sent to the receiving party. 3) An encrypted private key that will only be turned over to the receiving party once the transaction has been completed.
The sending party will then send both the Bitcoin address and the Confirmation key to the receiving party. - The receiving party will take the Confirmation code they are given by the sending party and visits http://bitcoincontract.net/ and uses Step #3. They enter the Confirmation Code and the original passphrase they created in Step #1. When they verify the Confirmation Code it will display a modal window that will show a Bitcoin address. If the Bitcoin address displayed by Step #3 matches the Bitcoin address generated from Step #2 and sent to the receiving party then all is good and the private key for the correct Bitcoin address has been encrypted and validated.
- The receiving party can then contact the sending party to let them know they can send the Bitcoins to the address.
- At this point NEITHER party has access to the unencrypted private key of the Bitcoin escrow address.
- The transaction can be verified by looking up the Bitcoin escrow address on a blockchain. When the transaction is confirmed the receiving party will then finish whatever service or send whatever product is needed to complete the transaction.
- The sending party will verify the service or product had been received and then can send the encrypted private key to the receiving party.
- The receiving party then visits http://bitcoincontract.net/ at Step #4 and is able to use the passphrase used in Step #1 to unencrypt the private key of the Bitcoin escrow address. One the receiving party has the unencrypted private key they can transfer the funds out of the Bitcoin escrow address to wherever they want.
Let me know what you think.