Block.io ‘Foolproof’ API adds Multisig and Green Addresses
Back in August, Block.io launched a tool to streamline the process of incorporating Bitcoin into applications. The goal was to give low-skilled developers a chance to easily integrate cryptocurrency payments into applications and websites.
The foolproof API is extending its reach. The team unveiled a slew of new features, including multi-signature addresses and instant confirmations powered by green addresses.
It's all in the spirit of saving time. The press release reads:
“We're confident that with this service, we cut down your development time on MultiSig from hours if not days, to a matter minutes.”
The 2-2 multisignature addresses offer additional security because each transaction requires two signatures – the owner's and Block.io's – before it can carry out the transaction. Combinations beyond 2-2 signatures (up to 4-5 signatures to be exact) will be supported soon.
Green addresses mean no more 10-minute, or 60-second waiting periods. “Third-party developers can integrate this functionality directly into their applications without signing up on Block.io,” reads the press release, “money spent in one transaction cannot be spent again.”
The API supports Bitcoin, Dogecoin, and Litecoin, and developers’ libraries cover languages Ruby, NodeJS, PHP, and Python. But the API developers are open to adding more.
Block.io's mission is to simplify the incorporation of blockchain transactions. Founder Atif Nazir told Cointelegraph:
“Our goal is to be the simplest, fastest way for developers to integrate the Blockchain in their applications. We've already cut down development time from weeks or months to a matter of minutes. All else falls into this bucket.”
Atif Nazir went to the reddit under the name of kindoge to address user questions, some of which are presented below:
Could you elaborate a little bit on how this works technically?
“When someone not using Block.io's MultiSig addresses sends you some coins, we cannot guarantee that they won't try to re-spend the coins they just sent you. We have to wait for the Blockchain to tell us that the coins you just received can never be spent again. This is essentially the Bitcoin network 'confirming' a transaction once. We typically want to wait at least 3 confirmations before we know for certain that the coins you received can never be spent again. Once 3 confirmations are reached, you can give the payer their merchandize, or whatever they gave you the coins for.
“With our Green Addresses, we require two signatures: yours, and Block.io's. Since Block.io is unable to successfully push any transaction without your signature, every withdrawal/transaction coming from your MultiSig address is guaranteed to have your approval. Further, it's guaranteed to have our approval aswell, being an address that requires both our signatures (2 of 2). Block.io will only sign transactions if it knows they are not 'double spends,' therefore the recipient, if they trust Block.io, can spend the coins they just received without waiting for network confirmations.”
ELI5: how is Multi-sig different to 2FA in the context of exchange withdrawals?
“Exchanges can use your funds from your wallets without your input because the addresses that hold your funds are controlled by a single Private Key, which is controlled by the exchange themselves. If they get hacked, the hacker can get access to this solitary private key... taking your funds out of that address is then a simple task.
“Two-factor authentication is a band-aid that protects front gate, but not the back door. With our MultiSig, you have 2 signatures for every address. This means every withdrawal requires 2 private keys to execute -- one private key is under your control, and the second is under Block.io's control. No one, not even Block.io, can execute the withdrawal without your consent.”
What if you lose your keys?
“You could lose your key if you lose your Secret PIN. We store an encrypted form of your private key at Block.io (think Blockchain.info, but MultiSig), and we perform hourly on- and off-site backups to ensure we can never lose the encrypted data."
How can an exchange clear a trade if they have to wait for a second signature from me?
"You cannot automate trades unless you have complete access to your funds. However, if you trade manually, they should require authorization from you. The best way of doing this is by requiring your signature on a transaction.
“Keep in mind exchanges tend to do 'off-chain' transactions. When they do off-chain transactions, they're not really executing a Bitcoin transaction -- they're just moving numbers around in their own databases.”