How do I ensure that the multisig transaction that's signed by multiple parties is the same?

Question

In multisig 2-3 escrow, what is best approach from below ?

1- Say I want to sign a rawtransaction from a customer and send it to escrow to sign so that 2 of 3 sigs are there to release fund. But how do I ensure that rawtransaction is the same one that I created and not modified or created from customer ?

createrawtransaction '[{"txid":"564876",
"vout":0,"scriptPubKey":"8645231554",
"redeemScript":"2315454"}]' 
'{"d5adf5sdf5s45":0.00015000}'

0df0sd0fsdfsdfs11dfs

signrawtransaction 
'0df0sd0fsdfsdfs11dfs'
'[{"txid":"txid":"564876",
"vout":0,"scriptPubKey":"8645231554",
"redeemScript":"2315454"}]' 
'["erwerw8e888"]'

{
"hex" : "0e0rw1e1rw1er1we1rw",
"complete" : false
}

It's possible the customer created his own rawtransaction and signed it and sent it to me, how do I ensure it is the same raw transaction that I created ?

2-Send sign rawtransaction to customer to sign 2-3 to release fund? But how can I know if a customer made his own sendrawtransaction? Does there exist any bitcoin api rpc to test if customer already released funds?

score 1 · Answer 1 · answered Aug 08 '14 at 20:05

Your server creates the transaction, so it knows what to compare it to. I create a json array of the outputs, hash and store the resut. Later when a user submits a partially signed, or fully signed transaction, I need to check it's valid.

First verify the inputs are the correct txid's, and that a signature was added by that user by doing ECDSA signature verification. This parts tough, look at http://en.bitcoin.it/wiki/OP_CHECKSIG. Then compare the hash of the outputs against what you're expecting, since if an address or amount changes, you'll get a different result.

How do I ensure that the multisig transaction that's signed by multiple parties is the same?

1 Answers1