MAD escrow -and how it should/could be



In the chats there was a question raised what happens if a seller does not deliver for any reason.

curiouscosmos: What happens if buyer pays say 100k to seller to buy something. 100k is held in escrow? Seller dies before shipping the item, private keys lost. Who gets 100k?

Definition of MAD escrow from Whitepaper


The ’Mutually Assured Destruction (MAD) Escrow’ consists of a multi-signature transaction combined with OP CHECKLOCKTIMEVERIFY in such a way that it will destroy access to all funds within the transaction after a certain interval. The script signature of the outputs from the MAD escrow transaction will drop all the public keys beyond a certain blockheight. Both merchant and buyer lose access to their funds, motivating both to find equilibrium before doomsday.

A. Ultimatum Game

In the Ultimatum Game, first studied by Werner Gth, Rolf Schmittberger, and Bernd Schwarze (1982), the proposer proposes how to split a pie between herself and a responder. Then the responder decides whether to accept or reject this proposal. If the responder accepts, then the proposal is implemented; otherwise, both players receive nothing. [10]

B. Ultimatum Game Differences

Unlike traditional Ultimatum Games, there is room for repetition of offers creating a more complex interaction and negotiation procedure. Another difference is that in this model the money is sourced by the players, this adds extra psychological factors to the decision making. People are likely more emotionally attached to money that they have worked for, and will value it more than money they get by being lucky and for free. They will thus react differently than in the traditional game. You’d react different about losing $100 from your wallet than someone coming to you and saying ”I was going to give you $100, but I did not”. Under the assumption that the players approach the problem in a purely rational sense then they do not make a distinction between a loss of their own money and a loss of potential gains. The net result is that we’ve lost that value, whether it was previously in our wallet or expected to be given to us.

C. Insurance deposits

Both merchant and buyer deposit an insurance amount into the multi signature escrow address. The insurance deposit is a percentage of the sale price, throughout this paper we will assume that this ratio is 1 (100%). This concept is

more easily explained by an example: a painting is listed for

$100, the insurance ratio is 80%. The merchant would make an insurance deposit of $80, the buyer would deposit $100 (payment) and $80 (insurance). If both actors are honest and the sale went through, then both will agree to each return the insurance deposit ($80) and the merchant receives $100 as payment. The insurance put up by the merchant introduces a risk to being dishonest.

This concept was first used by BitMarkets, this paper however proposes a small modification. Splitting the payment and the insurance deposit into two outputs, only time locking the output for insurances. A fraudulent merchant who has not shipped an item has leverage over the buyer, since the merchant has less money in the escrow and thus has more to lose. The segregation of payment and insurance allows the buyer to punish the merchant, both losing the insurance deposit. Any of the actors can punish the other party without making any decision about the payment output just yet. This has the potential benefit that an actor has more incentive to punish the other if they act fraudulent since the stakes seem smaller. More specifically the amount the buyer loses at that moment is smaller (in comparison to also losing the payment output) and thus may promote faster punishment.

This leads to the following questions

  • Can the transaction get rolled back instead of burning both party funds?
  • How is it avoidable to punish the buyer if something fails?
  • Shall funds get burned or shall they go to the stakers?
  • Shall funds go to the stakers or to the foundation for development and maintenance of the Particl Platform?