Mike Burr - log

[BT®] Escrow

Bob Buyer wants to buy an Amazon account that has a bunch of cool kindle books. Sally Seller wants to sell her Amazon account that has a bunch of cool books that she's already read. Ned Node wants to operate a node for profit. He'll do anything for a buck.

Bob Buyer has identified Sally Seller's Amazon account as something he wants to buy. They have agreed upon a price (assumption that they won't misremember or change their minds unilaterally). Bob opens the escrow session by sending the purchase price plus a deposit plus a node tip into a contract, the other piece of data supplied is some unique ID for Sally Seller's desired Amazon account. We will call it "sale_id".

Sally Seller sees this offer. If she cares to, she can see that the address that corresponds to Buyer Bob is the one who made the deposit and she knows that this is for the sale of her Amazon account.

Sally Seller, or some software to which she has delegated the task, identifies Ned Node as the escrow node she would like to use.

Ned Node has an "on chain reputation" as an escrow node operator. This one number is the only objective metric by which users (buyers and sellers) can select a node. It's a one-dimensional meritocracy. Both Bob Buyer and Sally Seller will be supplying mandatory success/failure votes when the escrow is closed. (Totally missing: What incentive do Bob and Sally have to be honest. What incentive do they have to be dishonest? What penalty do they face for acting in bad faith?)

Sally updates the contract to indicate she has chosen Ned Node as the escrow node of choice. Bob Buyer, or some software of his, confirms that Ned Node's reputation value of "N" is sufficient and so Bob Buyer updates the contract to concur with Sally Seller's choice. (A mechanism for node-choosing needs to exist. Since it's a 1-D scale, from each of Sally and Bob we have: "too low", "ok" -- only two possibilities. Each side can bid-up the node reputation value until there is either agreement or one party unilaterally "closes" the escrow. Right?)

Ned Node and Sally Seller establish a private communication channel.

Sally Seller communicates the current username/password for her Amazon account. At this point Ned Node could sacrifice his reputation and run away with the account, but we will assume he does not do this. (Much discussion follows.) Instead, Ned Node /the person/ confirms that the user/pass credentials work. As a high-reputation node operator, he is confident that both he and Sally Seller currently have control of the account.

Ned Node and Bob Buyer establish a private communication channel.

Via their secret channel, Ned Node communicates Sally Seller's Amazon account user/pass to Bob Buyer. Bob does not want to lose his deposit, so he immediately logs in to the Amazon account. He pokes around and is satisfied that he now has control.

Importantly, the user/pass was communicated via the contract (via the private channel. The private channel is a kind of log, where each [tiny] piece of data is encrypted and sent via the contract. much more description. the point is...) Since the contract was used to communicate user/pass, it knows to "lock" Bob Buyer's funds /at the same time/ that the user/pass is communicated to bob. Said another way: Bob's funds are first locked by the contract, then the contract communicates the encrypted user/pass to Bob Buyer. Recall that it is /encrypted/ using the keys for Ned Node and Bob Buyer's private communication channel. Only Bob can see the new (oops ned changed it) password.

Bob Buyer's funds are now locked, and presumably only he and Ned Node have access to the Amazon account at this point.

At this point Bob Buyer can /optionally/ change the password. He doesn't /have/ to but it would be the reasonable thing to do.

Bob Buyer's funds are locked in the contract. No one yet has access to the funds. Bob Buyer now has control of the Amazon account.

Let's see how our players are doing.

  • Bob Buyer has his Amazon account, but he does not yet have his deposit back.
  • Ned Node probably does not have control of the Amazon account. He has literally nothing. Yet.
  • Sally Seller also has literally nothing. She's lost control of her Amazon account and all funds are locked.

[I guess assume Bob's deposit is huge...?]

[Reputation should take into account the "value" of the sale. Counterintuitively, surprisingly, this may require an oracle. If Ned is doing business in both currency X and currency Y, how do we objectively calculate the "value" of any of those currencies when assigning a "weight" for reputation points? If he only accepts currency X, then there is no problem: X is the only currency in the world as far as the contract is concerned. But even without involving another chain, Bob might also accept "token Z" issued on currency X's chain (e.g. ether vs erc20)]

[Does "private communication channel" also mean that these humans can just "chat" outside of the blockchain. It seems nearly mandatory.]

Now Bob Buyer signals that he has control of the account buy posting a signed message somewhere within the account that is viewable by the public. We'll assume that Amazon has a "User Profile Page" and that Bob Buyer posted this encrypted and signed message (which key) in a place where Ned Node can see it. Bob Buyer has cryptographically declared that he has control of the account. (Do we need some machine readable data here?)

Seeing this, and wanting his tip, Ned Node updates the contract to indicate that Bob Buyer now has (Exclusive? again, Bob, this is up to you bro.) control of the Amazon account.

Bob Buyer updates the contract with "success". Sally Seller updates the contract with "success".

[Yes, yes. Lots of glossing over here.]


  • Bob Buyer gets his deposit back.
  • Sally Seller gets her sale proceeds for her Amazon account.
  • Ned Node gets his tip plus one more successful escrow to bolster his reputation.

All via the contract (...)

  • Bob Buyer <-> Ned Node negotiate tip. Ned Node judges the effort, reward. Sally Seller could pay some tip, but she could also just lower her price. For simplicity, we declare that only the buyer pays the tip. Discuss...
  • Bob Buyer <-> Sally Seller negotiate the price.
  • Sally Seller + Ned Node <-> Bob Buyer negotiate the deposit. Sally is interested because she doesn't want Bob to run away with her account by voluntarily throwing away the deposit. Ned is interested because if Bob does throw away the deposit, Ned might have: wasted his time, dinged his reputation, have a forever-open escrow on the books (which maybe should be part of his reputation).


  • Could Sally just "NFT" her account somehow? Maybe the NFT has some ...snark... to prove the account is unlocked. It's an "unlocked amazon account NFT" which can be sold, bought, and "burnt" (by changing the account's password). The mechanics of all this? -- WFK
  • Not a question! What do we think about using /only/ some calculated "total transactions successfully escrowed" (a number, say "dollars" but not dollars) as the ONLY metric used to rank escrowsers? That doesn't encapsulate bad-acting. It may be only 1% but we want to know if this person has ripped anyone off. The bigger point: "money transacted" is a replacement for "some calculated ranking number"... or at least close. No need to introduce a number. The escrow node has (for example) three metrics. If you have an algorithm that turns those three numbers into one number, GREAT! (such an algorithm should be published.)

- 1 toast