Technical Input Requested

[dwarrilow2002]

My company has been in operation since 1989 and started developing web based applications in 1997. Historically our software has been traditionally around facility management systems for school boards (work orders, custodial supplies orders, preventive maintenance, bus maintenance, and employment training) but we have also developed applications used for quality control and production scheduling in the manufacturing environment.
Our latest version of our software has been to create a SaaS platform using an open design model. Our platform has been developed to allow "designers" with a reasonable knowledge of databases to be able to quickly develop and deploy web based applications.

One of our school boards is wanting to extend our applications to include an Accounts Payable function. While the board will use traditional payment methods ... cheque or credit card they also have a constraint of requiring multiple co-signers. While we can certainly handle this within our own software, I was thinking that this would be a good opportunity to introduce these boards to multisig wallets. The transaction would not require full payment from their bitcoin wallet, but a nominal amount that would signify approval of the transaction. Ultimately the goal is to weave the technology through out our system.

This specific aspect of the project is to de-emphasize the use of bitcoin the currency and to focus on bitcoin the technology. Any suggestions and comments would be appreciated.

[rogerver]

This does sound like it could be a super fun proof of concept.
Two popular multi-sig wallets are
Copay
Bitgo

Please keep us in formed on what you end up doing.

[dwarrilow2002]

A hypothetical example:

In the Accounts Payable module multiple signatures would be required before a payment would be authorized. This mechanism could use a multisig wallet and a nominal price to indicate consensus. At the end of the fiscal period the payments would/could be returned to the wallet (less the transaction charges).

Understanding this process, one of the suggestions in the Bitcoin developers guide is that one should avoid key reuse. Since these payments are more or less in a closed loop, is key reuse a concern? In this case the Bitcoin is not being used to purchase anything, just to signify that a payment process has been approved...

Any comments about this?

[rogerver]

[quote="dwarrilow2002"one of the suggestions in the Bitcoin developers guide is that one should avoid key reuse. Since these payments are more or less in a closed loop, is key reuse a concern? In this case the Bitcoin is not being used to purchase anything, just to signify that a payment process has been approved...

Any comments about this?[/quote]

My understanding is that there are generally two reasons to avoid key re-use.
1. Not reusing addresses increases financial privacy, so is generally a good practice.
2. Reusing the same Bitcoin address makes it slightly more susceptible to attackers deriving the private key. In the vast vast majority of situations this is never a problem.

I'm not an engineer, but from what I understand, I think reusing signing addresses in your case would be just fine.

[btc]

I'd love to talk about bitcoin the technology. Especially when it comes to all the software you mentioned and if you'd be willing to take the mental leap, (it aint a large one, I promise,) IoT hardware running embedded software to help automate things for building managers and preventive maintenance, e.g. pipe leaks, power consumption, controls, etc. I think blockchains can help quantify transactions whether financial or just a process or status report. Let's chat

[dwarrilow2002]

A few years ago, I developed a Kanban system for a manufacturer. If the end-user called up this manufacturer with the serial number it would be possible for that user to find out everything about the production of that unit. Certainly the same information could be readily available if it was stored on the blockchain. If all the products and all the processes were put on the blockchain, would that overburden the system? Could every transaction be handled on the bitcoin blockchain or should setting up appropriate altcoins become the practice. (I can remember waiting for a wallet updating its transactions)

I have felt that perhaps supply management systems could be put in place if there were coins developed per industry. Egg producers would have an eggcoin. Milk producers would have milkcoin. Chicken producers could use the existing feathercoin. Electrical systems could use litecoin ... A major player in the building systems space is Siemens. Does it make sense to have a Siemens coin?

If someone could answer the question about overburdening the system it would be appreciated.

[askmike]

I think it is very cool that when a client is talking co-signing payments you are thinking about multisig! I am a developer and this is how I see it:

Bitcoin's Multisig is an (example of multi-signature crypto which is an) implementation of co-signing in the blockchain, the big advantage is that it is trustless (when compared to a notary). No central party is needed to verify whether a transaction was signed by enough keys (eg. people).

I am assuming your current centralized application uses some form of accounts (people can login using a username and password). If this is the case than there are 2 big reasons why Bitcoin's multisig does not give a lot of advantages:

• - When people are logged in your application, you already know that they are who they say they are.
  - Payments have to go through your centralized application anyway, you will most probably set it up that your application a) watches the blockchain for transactions or b) does the signing and broadcasts the transactions. In both cases your application is needed to do the actual payment anyway.

If you want you could use normal multi-signature crypto without using multisig, this way you don't have to do anything with the blockchain (manage a node, keep it updated, paying for it, etc.). But if you are already using accounts in your system it would be way simpler to simply implement it yourself without any crypto.


EDIT:

Key reuse is very important here I think, I am pretty sure the board does not want any possibility that payment information becomes publicly known (which is easier when studying the blockchain if you re use your keys). If the school has a policy for open data about budgetary or payment information you probably want to setup a website which at some point you can also take down again. Instead of ingraving all payment data in stone with no way of removing it if the policy every changes.

[dwarrilow2002]

Thank you for your comment. Using multisig wallets within our application has both advantages and disadvantages.

The first disadvantage is that the user will need to be assisted and instructed on the use of wallets. I have lived this experience before - trying to convince people of the advantages of email back in the 90's. There are more but the disadvantages are just hurdles not barriers.

The first advantage is that the authorization process does not require the co-signers to have any rights within our system. The system could send an the details of a transaction as well as the payment request. The details would not need to be a part of the blockchain aside from a reference to the transaction id.. The authenticator would verify the transaction details and co-sign the payment request. I believe that this could readily be handled with technologies such as combination of payment gateway and multisig wallet (e.g. Bitpay and Copay).

The second advantage is to help increase security for the clients. Shifting the responsibility of authentication to the blockchain mitigates the potential for someone in the organization harvesting userids and passwords and authenticating payments nefariously.

The third aspect is that it supports the technology. It is difficult to keep track on governments' stances towards Bitcoin. I believe their main concern is on the currency side of things.

Does anyone have an opinion whether logging transactions on the blockchain would merit government scrutiny (and interference) if the purpose is not to transfer funds?