Interview With CoSign Coin: Bitcoin Escrow Using Multi-Signature Transactions
CoSign Coin is the newest Bitcoin Escrow Service to launch this year. There are several things that CoSign Coin does differently than other more traditional escrow services, though that are worth highlighting.
CoSign Coin is a Multi-Signature based Escrow service that, through an intuitive and user-friendly design, is seeking to bring multi-sig to the average Joe. When you use CoSign Coin’s escrow service, the bitcoins you send are never under the sole control of CoSign Coin. This is contrasted by the lucrative and international escrow industry that epitomizes the very definition of centralization; ie, Escrow.com.
Multi-Signature escrow works by sending bitcoins to a securely created multi-signature Bitcoin address (Starts with a 3 instead of a 1) that requires two-of-three private keys to send a transaction. In smooth escrow transactions, CoSign Coin won’t get involved at all, as the two parties will be able to use their own private keys to send the funds out of escrow. In the case of a dispute, CoSign Coin would then step in as a second party. Of course, there is still risk that the counterparty and the escrow service could collude; however, that risk is evenly spread on both sides and seldom seen in practice.
CoSign Coin uses the Bitcoin Blockchain as the actual Escrow holder through their implementation of multi-sig. The Blockchain is the next step in all forms of multi-party transactions, not just escrows, and it is refreshing to be alive during changing times.
I was able to get an informative interview with CoSign Coin founder Justin Wray, read it below!
Who is behind Cosign.co.in?
CoSign Coin was created and developed by myself, Justin M. Wray. I have been an Information Security Professional for about 10 years. Some of my prior accomplishments include discovering the Remote LanD Vulnerability, participation in the development of Metasploit, and the winner of many Cyber Security Competitions. Please see my resume for more detailed information on these accolades: http://www.justinwray.com/resume.php
In addition, CoSign Coin has a few silent partners, who have asked to remain anonymous at this point. They are acting as “angel” investors, helping to fund the startup of CoSign Coin. The partners have also provided valuable feedback regarding the design and functionality of the site.
Where are you located, where is Cosign.co.in hosted?
The CoSign Coin founder, partners, and servers are all located in the United States. The site itself utilizes Amazon Web Services for various hosting needs.
Why did you want to create a multi-signature transaction escrow?
Its no secret, that there are many Bitcoin Escrows to chose from; however, they all share one common flaw: Trust. The vast majority of the available escrow services require you to trust them; that is, you must provide your funds to the escrow service. This process works, so long as you can trust the escrow service. Even when you trust the service, things don’t always go so well. Escrow services, like exchanges, are a lucrative target of attack. This is because they have funds to be stolen.
With a multi-signature escrow, you no longer have to trust the escrow, and you no longer have to fear that the escrow might have been compromised and your funds stolen. You could complete your transactions even if the escrow were to close. So long as you trust the underlying cryptography of the Bitcoin protocol itself, you can trust that your funds are safe. The same can’t be said about any standard escrow.
We at CoSign Coin believe in Bitcoin. And in order for Bitcoin to succeed users need to be able to complete transactions with strangers safely; no matter if that stranger is a new eCommerce web-front or a poster on Craigslist. This is an important step in Bitcoin moving forward.
The bottom line is this: Users continue having their money stolen or lost due to malice and fraud, and CoSign Coin is here to stop that.
What steps are necessary before the “average Joe” is using multi-signature escrows?
The largest missing piece to the multi-signature puzzle is wallet integration. This is sadly even seen in Bitcoin Core, the Bitcoin Foundation’s official reference client. The various wallet software just doesn’t handle multi-signature well, or, in most cases, at all.
This too is something CoSign Coin hopes to help correct. Not just by general awareness and adoption, but also an API that wallet developers can integrate, which allows the use of CoSign Coin directly from within the wallet software.
What are your future plans for CoSign Coin?
We have two big goals currently sketched out on our whiteboard: Crowdsourcing Dispute Agents and Wallet API.
Crowdsourcing Dispute Agents: As we discussed, trust is an important issue. Today, if you end up in a dispute while using CoSign Coin, the CoSign Coin staff will arbitrate your case. We will strive to conclude with the fairest resolution possible. But we want to give the users more choice, allowing them to place their trust where they feel most comfortable.
We want to allow anyone to signup as a Dispute Agent, and then when you create your Escrow transaction on CoSign Coin, allow you to select a Dispute Agent of your choosing. This would of course include reviews for the Dispute Agents, and CoSign Coin will share a portion of the fees with the Dispute Agent for that particular transaction.
CoSign Coin will still act as a Dispute Agent if you select us at the time of your Escrow transaction. You’ll just have additional choices. Again, it’s all about trust, and we want to that trust to be built naturally.
Wallet API: The Bitcoin community faces a similar problem that most emerging technologies do- the protocols mature at a far faster rate than their implementations and clients. Multi-Signature has been backed into the protocol for quite some time now, but it’s extremely rare to find a client that supports it. This needs to change. Multi-signature transactions are a very important feature that Bitcoin needs in the process of maturity and mass adoption.
We plan to provide an API that wallet developers can utilize to more rapidly integrate multi-signature into their clients .
How long has CoSign Coin been operating? How many successful escrows have y’all completed?
CoSign Coin is brand new, having opened our doors on April 3rd. We’ve had about a dozen cases go through the process.
Have you had to arbitrate any deals so far? How was that experience?
So far we have not. The good news is that when people agree to use an escrow, they are less likely to dispute a transaction in the first place. Scammers and con artists are in most cases not going to agree to use an escrow.
If a dispute does arise, one of the two parties can flag the escrow as disputed from the Escrow Wallet page. From there, directions are provided to send in a ticket to our dispute team. Within that ticket, the party is told to include as much information as possible. Items such as shipping and delivery confirmation, order confirmation, transaction details, any contracts or agreements, and a signed message from their key, should all be included. At this point, the other party will have 14 days to respond with similar information.
After all of the provided information has been reviewed, and both parties have had a chance to provide their evidence, the dispute team will make a determination and notify both parties. At that point, CoSign Coin will sign a release transaction with the winning party from the dispute.
What features do your escrow service have that set it apart from the competition?
Our biggest differentiation is obviously the multi-signature nature. We offer no standard escrow service; it’s all multi-signature. Almost no other escrow can say that. But we do have a few other perks to offer our user-base. We are always striving to better our service, and based off of community feedback we’ve already updated the site a few times since the launch. For example, we’ve added a Live Chat feature, as well as a Classified Ads section. This allows the users to connect with others interested in buying, selling, and trading goods with Bitcoin. Additionally, just this week we added the ability for our users to connect via a Tor or I2P Hidden Service (.onion & .i2p). We don’t know of a single other multi-signature-only escrow service that has a TOR and I2P deepweb presence.
Where is CoSign Coin’s 1-of-3 private key stored?
We won’t disclose the exact location of the key. Rest assured that it is not on the CoSign Coin server. It is on a secured system elsewhere, benefiting from obscurity as much as security.
Could you briefly explain BIP-0016 multi-signature addresses? Why did CoSign Coin come to this implementation of multi-sig?
Well, CoSign Coin actually uses BIP-0011 and BIP-0016. In simple terms, BIP-0011 is a Bitcoin protocol improvement that provides multi-signature wallets. BIP-0016 provides the necessary addition of the conditions in the blockchain.
In our case, three parties agree to create a Bitcoin Wallet, but two parties must sign to transfer those funds. The three parties are: The Sender, The Recipient, and CoSign Coin. In order to transfer (or release) the funds from the “Escrow Wallet,” two of the three parties must agree to the transaction. This prevents theft of your bitcoins, either by malice or fraud.
Now in a more technical sense, BIP-0011 provides the ability to have numerous keys on a wallet, and only require a specific subset of those keys to sign a valid transaction. BIP-0016 allows the addition of these requirements in the scripthash, and therefore the blockchain.
We chose this multi-signature implementation due to it’s wide-scale acceptance within the protocol. Miners already include these transactions, so no changes are needed by the community; the system works today. It is also a very flexible choice, which allows us to increase our offerings in the future. For example, allowing more than three parties on an escrow, and even the ability to choose how many signatures are required.
There aren’t too many Bitcoin services with simultaneous and identical deepnet and clearweb presence, could you explain the reasoning behind the .onion address?
CoSign Coin does now offer a .onion and .i2p address. We believe many people have legitimate reasons for staying anonymous. It’s not our right or desire to interfere with such wishes. Sadly, many equate anonymous actions with illicit actions, but that just isn’t the case. While we want people to use our services for legitimate and legal transactions, we also understand that they may desire to stay anonymous while doing so.
While CoSign Coin, and any website for that matter is available through the exit nodes (TOR) and out proxies (I2P), offering a Hidden Service further simplifies the process and offers a greater level of security and privacy. It is important, however, for such users to understand the anonymity that Bitcoin provides, and ensure they are protecting their Bitcoin addresses, as well.