Here’s a recent criticism I got.
'Yeah I’m reading through the white paper now and I’m not getting a warm fuzzy feeling about it…
Seems like Alice is taking all the risk – Bob creating the multisig means he has all the keys – which even assuming he’s a good guy and doesn’t screw Alice (like say the price of bitcoin rises between the time he said he would sell them and the time he gets her money)
He could STILL liquidate the funds even after unless Alice immediately withdraws them.
This does NOT seem like a trustless-escrow model
I’ll consider it after i finish the whitepaper – the overview tells us that Bob creates the multi-sig’
ummm…its 2 of 3 multisig isnt it.
im assuming the bitsquare software (on the other side of the transaction) checks the mutlisig is OK before accepting (just in case someone modified the bitsquare code and recompiled)
the process of how the private keys are created is the main point of contention. If bob does in fact have access to all 3 priv keys, then Bob technically could steal all the multisig funds with some alteration of his client alone.
To create the MultiSig address (P2SH) you need the public keys. The private keys are never used or needed for that. Both traders are exchanging the pubkeys and creating the MS as well as the complete deposit tx and verify the version the other user created. The important part is the signing of the inputs to the desposit tx that is done by each tader for his inputs. The priv. keys are of course never exchanged.
Te overview image cannot cover all the details. if you have suggestions for improving the wording let me know.
But other parts in the paper cover those details though.
So just to eliminate any doubt:
Your private keys (the important one to spend money) are ALWAYS in your control, you never give then away. The public keys are public and there is no security risk to exchange them, and they are needed to create the 2of3 MS.
Hope that clearifies the question.
Makes sense to me. Thanks!