Why is it impossible to steal the collateral from the multisig-adress?


A basic understanding of private and public keys prevents theft of the crypto-currency funds. Knowing essential principle of keys operations and how the bitcoin-address are connected with the keys helps you to store your assent in safe. We have explained here how the multisignature bitcoin-addresses is used for the safe storage of the collateral.

The private key, public key and bitcoin-address constitute a complex mathematical algorithm. A public key is computed from a private key by a mathematical function known as hashing. Then the public key is converted to a bitcoin-address. To calculate the private or public key back from the bitcoin-address is impossible, because the hash function does not work in the opposite direction.

The private key should be very secretly stored. Think of your bitcoin-address like a bank account. To access the money on the account, you need a password. The private key is the password to the bitcoin-address. If you forget or lose it, you will never be able to use the bitcoins again. To find the corresponding private key to the certain bitcoin-address is impossible - the probability is less than 1/10^77.

In addition to the usual bitcoin-addresses, which require just one private key, there are multisignature bitcoin-addresses. Using a multisig-address, the user must enter at least two private keys to gain access to the bitcoins.The security of bitcoin storage with a multisig-address is vastly improved compared to a simple bitcoin-address. The multisig-address always starts with number “3”, unlike the simple address which begins with 1.

The collaterals of the Biterest users are stored using the multisignature bitcoin-addresses. The multisig-address is generated from three public keys (the borrower’s one, the lender’s one and Biterest’s one). The address requires minimum two private keys to access the bitcoins in collateral. Thus, until the end of the credit period, the bitcoins are "frozen" on the multisig-address, and no-one is able to use them.

You can use the two following methods in order to provide your public key for generating a multisig-address:

  1. Using the Simple option, both keys are created with the open-source java-script library Bitcore. They are generated in the user's browser, and then the code sends only the public key to the Biterest.

You can check this fact in your browser console by pressing “Ctrl + Shift + I”. In the Network tab, in the left column you will see the file "borrower-key" (highlighted with gray). This data is transferred to the Biterest server from the user's browser after clicking by the "Continue" button. You can check that the only public key which starts with “xpub” is sent.

multisig-address biterest

  1. If you want to download a public key by yourself, use the Advanced option. How to upload your public key to Biterest, is described step by step here. Before uploading it, make sure that you have the corresponding private key.

Also remember that the public key must be in BIP32 format. We suggest uploading keys only from the Electrum bitcoin-wallet: 1) Electrum keys are encoded in BIP32 format; 2) The Electrum wallet supports the creation of multisig-addresses. After the end of the credit period, you will use it to get access to your collateral; 3) Electrum is the most popular and most recommended wallet for desktop.

Biterest has no access to the user’s private keys. Each of the Biterest users must keep their private keys in safe till the end date of the loan term. Without having your own private key, you will not be able to get the bitcoin collateral back!

Access to the collateral stored on the multisig-address can be obtained only by the user who has two private keys. The second private key is Biterest’s key. It depends on the situation, which one of the parties will receive it after the end of the credit period:

  1. The borrower repaid the creditor the loan amount and interests before the end of the crediting period. The lender confirmed the money was repaid. The deal was successful, so Biterest transfers its own private key to the borrower. Now the borrower owns two private keys and can use bitcoins on the multisig-address. In a case, when the lender has not confirmed the repayment within 10 days, the deal is going to considered as successfully completed. The borrower will receive the second private key.

  2. The borrower did not return the money before the expired date, or Margin Call occured. In this case, Biterest sends its private key to the lender. Now the lender has all the rights to use bitcoins on multisig-address, as the borrower’s debt is repaid from to the collateral.

You can be sure that your bitcoins will be securely stored on the multisig-address, and no-one will use them. Keep your own private key in safety in order to use your bitcoins upon completion of the credit period. Biterest does not have any access to the users’ private keys and owns only its own key.