[bdamm]

If I'm understanding correctly, these scripts are very long lived in that days, weeks, or years may go by before segments of the contracts are resolved. This does seem like a powerful mechanism. Unanswered in the paper is a look at the wallet implementations; can I expect wallets to correctly report the balance in a payee's wallet, if they have outstanding contracts?

The escrow mechanism strikes me as particularly powerful; it's like traditional escrow but even better because the buyer doesn't quite give up control, and the seller knows that the escrow company can't just disappear with their funds.

Activation of the escrow agreement can take minutes, rather than days or weeks for traditional escrow (usually involving wire transfers), once the escrow agreement is set up.

It doesn't solve the problem of the escrow company being in cahoots with one of the parties, but I believe the mechanism can be extended to N-way escrow where multiple escrow companies could be arbiters over the transaction. Then the buyer and seller can both have a trusted escrow company in the transaction and know that their interests are indeed being represented, and the escrow companies can determine if the other escrow company is one that they trust as well, before committing to fulfilling a transaction.

[M4v3R]

Escrow contracts in Bitcoin are now more and more used because they add real security without taking much convenience. Shameless plug [0] - I work for a startup that does exactly that, utilizing multi signature Bitcoin addressed for added user security. But you could also build a service for a true escrow very easily and as you say, that wouldn't mean putting all the trust into the escrow party, which is great. These services, in fact, already do exist [1].

Also, at least for P2SH (multi signature/escrow addresses), getting their balance is no different than for normal addresses. Completed transactions to them are perfectly visible on the network so you can sum them up. Uncompleted (partially signed) transactions are not sent to the network though, so you cannot estimate how many "pending" Bitcoins are there for a given address.

[0] https://bitalo.com

[1] http://cosign.co.in

[waps]

What I wonder is what happens to the money locked up in these transactions. I understand that the money is effectively inaccessible to both the sender and the receiver until the transaction is resolved. Is that right ?

I wonder about the implications of that, since it effectively takes money out of circulation, during whatever length of time it takes to finalize the transaction. That presumably includes any conflict resolution process that may exist ?

[M4v3R]

The money is sitting on special multisignature address before transaction is resolved. It's a 2 out of 3 address, which means that two signatures are required to move the funds further. The good thing about it is that you can totally skip the escrow party here if buyer and seller agree - they both just sign the transaction and send it to the network. Escrow is needed only in case of a conflict - he would have then to investigate and sign a transaction with either buyer to refund the Bitcoins or to seller to forward them to him as contract described (in a case that buyer disappears for some reason).

This setup has one downside though - if one party sides with the escrow, they could agree to sign a transaction to scam the other party. That's why it is not 100% bulletproof and you have to carefully select your escrow partner so that both parties trust him to an extent.

[kolinko]

If you're curious about the subject, you might want to watch one of our (Orisi.org) tutorial videos: https://www.youtube.com/watch?v=boPW1FwNu4c . It's a part of a longer tutorial available here: https://github.com/orisi/orisi , and a part of the system described in this whitepaper: https://github.com/orisi/wiki/wiki/Orisi-White-Paper

As for your question - it really depends on the way the contract is structured. In theory you could have a 2 of 3 signature address and a timelocked/nLockTimed transaction sending money to an additional arbiter if the time passes without a resolution.

[nadaviv]

Bitrated [1] [2] is doing exactly that - arbitration using multi-signature transactions and a marketplace for arbitration services. A major new version is about to be released shortly, with an improved UI and many new features (disclosure: I'm the founder).

[1] https://www.bitrated.com/

[2] https://news.ycombinator.com/item?id=6842697