Cointoolkit FLOT guide and changelog

ttutdxh 2015-11-25 13:12:30 UTC #8

Added:

Creation of your keys section

ttutdxh 2015-11-25 13:22:25 UTC #9

In the page it says “Address, WIF key or Multisig Redeem Script:”

Example: You have a multisig address with a friend, with the two of you required to sign, so a 2 of 2. Imagine that you enter a dispute and the other person does not cooperate, funds are locked.
Imagine you added a mediator, now it is 2 of 3. The mediator only have one signature, so can’t steal the funds.
Now if a dispute arises and your friend refuses to sign, you can contact the mediator, the mediator will mediate between you two, and decide who is right. Then his signature and the one of the winner of the dispute can control the funds, effectively unlocking them and resolving the dispute.

mhps 2015-11-25 13:33:30 UTC #10

Thanks.

… but when you put in an address (happens to be a multisig) it may not work.

ttutdxh 2015-11-25 13:41:03 UTC #11

Added message if entered incorrectly:

This is a multisig address. You must use the redeem script, not the multisig address!

Dhume 2015-11-25 15:44:22 UTC #12

Honestly great work on this tool @ttutdxh even a simpleton like me can use it!

masterOfDisaster 2015-11-27 17:03:28 UTC #13

I’m not wowed easily, but the cointoolkit provided by @ttutdxh does that!
I can’t imagine how the FLOT would be able to deal with multisig addresses and transactions in a timely manner without it. I’m not yet sure about the “timely” aspect, but I know that cointoolkit speeds things up - without it, all would definitely last longer!
The improvement compared to coinbin (from which it was forked) is tremendous.

I want to point this out:

It is useful for the FLOT members. Each member (including me!) can consider how much efforts are saved thanks to it (and @ttutdxh’s amazing work).
And the NSR holders should ask themselves whether they find tools that make the FLOT more efficient, valuable.

I don’t know if there’s a fund for things like that:
I want to propose cointoolkit for a reward - and I’m not speaking of a formal praise

Are there others who feel the same about cointoolkit?

FLOT Operations Thread

ttutdxh 2015-11-29 02:18:37 UTC #14

@masterOfDisaster tanks for the encouragement. Glad it helped you.

Today I am adding support for combining signatures in a multi signature transaction.
To understand why this first tool ever to automate this is useful, please consider this scenario first.

A group of people that controls a multi signature address have to sign transaction 00a0fff…(example of real, hex serialized transaction) from a 3 of 5 multi signature address.

Member 1 sign the transaction and results in 11a0fff…
Member 2 take 11a0fff… and sign it. He gets 22a0fff…
At the same time member 3 take the same tx signed by member 1, 11a0fff… and sign it himself. He gets 33a0ff…
Member 2 and member 3 publish their correspondent transactions, 22a0fff, 33a0ff.
Now we have 3 diferent versions of that tx:
- 11a0fff… With signature of member 1. (total 1 of 5)
- 22a0fff… With signature of member 1 and 2. (total 2 of 5)
- 33a0ff… With signature of member 1 and 3. (total 2 of 5)

They don’t have any transaction with the minimum 3 of 5, and they should since 3 of 5 members signed.
Members already did their corresponding signing and left. What can you do if you need the transaction ASAP?

Go to http://ttutdxh-nubits.github.io/cointoolkit/#verify and select the network mode in the top right.
Go to the Verify tab, paste the first transaction and click verify.
A list of inputs will show up, click on the number of signatures of one of the inputs.
The list of required signers will appear, and at the bottom you can paste another version of the transaction.
Click “Combine transaction” and a new one will be generated with all the signatures from the different transactions.

Problem solved, deadline met.

ttutdxh 2015-12-01 02:50:00 UTC #15

@masterOfDisaster made me think:

I though, Cointoolkit should do that.
So after the last update you can now check everything you need from the verify tab, amounts and fee inclusive.

It currently works with BTC, NSR and NBT.

masterOfDisaster 2015-12-01 05:05:05 UTC #16

Stunning!
Don’t need much more words to explain how I perceive your cointoolkit

dysconnect 2015-12-06 15:59:13 UTC #17

I have updated git-multisig to save unspent outputs in JSON format. This can help Cointoolkit retreive unspent outputs in case blockexplorer fails.

@masterOfDisaster and @jooize please update your flot-operations folder and repositories, by forking from mine : https://github.com/dc-tcs/flot-operations, as well as the newest git-multisig. The rest of FLOT (NBT group) may also download the newest version of git-multisig.

jooize 2015-12-06 16:13:50 UTC #18

Cool. Updated.

git clone git@github.com:jooize/flot-operations.git
cd flot-operations
git remote add upstream https://github.com/dc-tcs/flot-operations
git fetch upstream
git checkout master
git merge upstream/master

vi BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js/unspent

Is there a way to resolve conflicts without an editor?

git add BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js/unspent
git commit -m "Update to upstream"
git push origin master

dysconnect 2015-12-06 16:21:47 UTC #19

Removing the entire folder is an option. The script will automatically git clone. Perhaps I should deal with that, though I dared not put something that does “rm -r” in the scripts as it could lead to some pretty bad accidents…

huafei 2015-12-07 09:11:46 UTC #20

can we seen which FLOT member signed or not？

ttutdxh 2015-12-08 00:20:11 UTC #21

@huafei yes, just click the signature count when verifying a transaction.

@dysconnect great news, that will avoid blockexplorer.nu availability problems.

ttutdxh 2015-12-13 20:51:24 UTC #22

Added @dysconnect, @masterOfDisaster and @jooize flot-operations repositories to Cointoolkit.

You can configure Cointoolkit to use these providers under “Unspent outputs” configuration in the Settings tab

Please note dysconect’s git-multisig currently only support FLOT NBT addresses, so right now these three providers only store data for FLOT NBT address BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js. It is still a great backup for urgent FLOT transaction crafting.

Also added script debugging:
http://imgur.com/H3LihCt

and signature position data:
http://imgur.com/1KaDNXU

while verifying transactions. Hope that helps with future troubles.

mhps 2015-12-19 15:42:35 UTC #23

Feature request: a “current signings” page that lists multisig signings that are not completed (and maybe a history of recent completed ones.) With this FLOT member don’t have to go to nubits.com to click on links to sign incomplete signings. With each signing a remark can be made by the signer to put reason and e.g. URLs to posts.

ttutdxh 2015-12-19 15:58:31 UTC #24

I think that may be counter-productive. There is risk someone signs that listed signings only because they are there. Any signing requires from FLOT to manually check and verify what and why they are signing it.

Maybe a better approach for that is using a wiki like in the voting hotlist so we can add and remove links to the signing requests on demand, state the reasons why it should be signed with link to the sources, the motions requiring us to do so…

mhps 2015-12-20 00:54:31 UTC #25

If all required number of FLOT members do this there is little hope they will do their due deligence from a forum post or an email/bitmessage

How about allowing other allowed signers to add remarks even if they don’t sign

ttutdxh 2015-12-20 11:40:45 UTC #26

That adds a storage layer, identification layer, moderation, etc. That kind of changes would add the risk of attacks such as code injection, and that is a huge trade off.

Cointoolkit is designed so you don’t have to trust me or anyone else. Known identities are the exception because they are hardcoded and easy to audit and crosscheck.

Honestly I don’t see the advantages over a forum wiki with links.

mhps 2015-12-20 12:14:40 UTC #27

I agree it would not be easy to make a secure off-line page. I was thinking of a convenience tool for online signing.

nubits.com could be taken down by ddos or maybe other ways.