How it Works: How 2-of-3 Multi-sig protects your funds from being misused by the project party

TriSig escrow funds are not in TriSig's company account, but in a smart contract on the Base chain. Whether funds can be released is determined by any two of the "three keys". This is 2-of-3 Multi-sig—mechanismically preventing the project party from misusing your money unilaterally.

🏛️ Architecture: The Truth of Fund Flow

Why do traditional OTC platforms have risks like "running away" or "misappropriating funds"? Compare the fund flow below to understand the safety of Non-custodial architecture.

Dimension	Traditional Centralized OTC (Web2)	TriSig.io Protocol (Web3)	Security Gain
Fund Location	Platform Bank/Custodial Account	Base Chain Smart Contract (Verified)	Physical Isolation, platform cannot touch it alone
Flow Path	Buyer -> Platform Account -> Seller	Buyer -> 2/3 Multi-sig Contract -> Seller	Shortens trust chain, 0 Middleman Risk
Control	Platform Admin (Human-led)	2/3 Multi-sig Logic (Code-led)	Two signatures needed, No Single Point of Failure
Transparency	Financial records are opaque	Real-time on-chain audits	100% Audit Transparency

Logic Architecture Diagram

Traditional: Buyer ➔ [ Opaque Platform Account ] ➔ Seller (Platform can freeze/misuse at any time)

TriSig: Buyer ➔ [ ⚖️ Base 2/3 Multi-sig Contract ] ➔ Seller (Only released upon consensus or AI fact verification)

Core Mechanism: Three Keys, Two to Unlock

Think of it as a safe that requires any two of the three keys to turn simultaneously to open:

The First Key: Held by the Buyer—after paying, the buyer signs to say "I agree to release funds to the seller" upon confirming receipt.
The Second Key: Held by the Seller—after delivery, the seller can also participate in signing (or the buyer's unilateral confirmation triggers two signatures).
The Third Key: Held by AI Sentry (TriSig's automated arbiter)—mainly used for dispute arbitration. When the buyer and seller cannot reach an agreement, the AI acts as a neutral party to decide who to release the funds to based on cryptographic evidence.

Normal Situation: Buyer confirms receipt → Buyer signature + contract logic = "Two signatures" met → Funds automatically released from the contract to the seller. Dispute Situation: Buyer and seller disagree → Apply for arbitration → AI Sentry participates as the third signature, deciding fund ownership based on verified evidence.

Therefore, funds are always locked in the on-chain contract, and TriSig cannot unilaterally transfer your assets.

🏛️ AI Sentry: Cold, Automated Execution

When disputes arise, the AI Sentry (Arbitration Agent) exercises its "final vote." Its decision-making process is based entirely on cold data rather than subjective arguments.

1. zk-Proof Fact Verification

The AI node no longer relies on manual screenshot reviews. It validates zk-Proofs (Zero-Knowledge Proofs)—mathematically verified evidence from trusted sources like banking APIs or payment gateway servers.

2. Arbitration Algorithm Logic

The AI Sentry's decision follows a deterministic process, ensuring every verdict is auditable on-chain:

python

# TriSig AI Sentry Arbitration Logic (Sentinel Logic v1.0)
def arbitrate_dispute(trade_id):
    # 1. Fetch On-chain Smart Contract State (2/3 Multi-sig Contract)
    contract_state = get_onchain_escrow_state(trade_id)
    
    # 2. Verify zk-TLS Encrypted Fact (Direct from Bank/Payment Gateway Server)
    # Ensure: Amount matched, valid timestamp, and KYC real-name alignment
    zk_proof = verify_zktls_proof(buyer_submission)
    
    # 3. Core Arbitration logic:
    if (zk_proof.amount >= contract_state.required_amount and
        zk_proof.payer_identity == contract_state.buyer_identity and
        zk_proof.status == "SUCCESS"):
        
        # Encrypted facts match, AI Sentry completes the 2nd signature
        return generate_sentinel_signature(RELEASE_FUNDS)
    
    # 4. If facts don't match, maintain funds locked for seller safety
    return REJECT_AND_HOLD_FUNDS

Security Advantage: Even if TriSig disappears, your money can still be retrieved

Because fund release requires 2-of-3 signatures:

If TriSig goes offline or stops service, as long as the buyer and seller reach an agreement (e.g., buyer confirms receipt, or one party signs and the other cooperates after negotiation), "two signatures" can still be collected, allowing the contract to release funds as agreed.
The contract is deployed on the Base chain, logic is immutable, and it does not depend on whether TriSig's server is online. Your security comes from on-chain rules, not from "trusting the platform not to touch your money."

This is what Non-custodial means: the money is in the contract, protected by code and multi-sig rules, not kept by the project party.

Try it on Telegram

Open @TriSig_io_bot or the Mini App in Telegram to experience the escrow process protected by 2-of-3 multi-sig.

How it Works: How 2-of-3 Multi-sig protects your funds from being misused by the project party ​

🏛️ Architecture: The Truth of Fund Flow ​

Logic Architecture Diagram ​

Core Mechanism: Three Keys, Two to Unlock ​

🏛️ AI Sentry: Cold, Automated Execution ​

1. zk-Proof Fact Verification ​

2. Arbitration Algorithm Logic ​

Security Advantage: Even if TriSig disappears, your money can still be retrieved ​

Try it on Telegram ​