Mixer is essentially this
1) You send bitcoins to an address(from the bitcoin mixer service)
2) After the payment is recieved in the address, the service sends you your btc to your 2nd address through a completely random address.
This is how a centralized mixer works. The way coin shuffling will work in Nxt is a bit different: You announce that you want to shuffle for example 10,000 NXT, or join an existing shuffle that somebody else started. You enter in your wallet the recipient address, known only to you, where those 10,000 NXT should be sent. Those are deducted from your account. Each shuffle participant does the same (shuffling exactly the same amount), and each shuffle when created is set to require a certain number of participants (say 20) and the amount being shuffled. When the shuffle completes, each participant finds that amount in the recipient account he specified, yet none of the other participants, and no external observer, can find out which recipient account belongs to which participant. Shuffling will be possible not only for the NXT coin itself, but for any asset on the NXT Asset Exchange too. The jumblr service that James is working on is for BTC and similar coins, but the idea is the same. |
|
|
|
Actually, I don't think we use AES in authenticated mode, here is how it is called, using the BouncyCastle library: public static byte[] aesEncrypt(byte[] plaintext, byte[] key) {
try {
byte[] iv = new byte[16];
secureRandom.get().nextBytes(iv);
PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
new AESEngine()));
CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
aes.init(true, ivAndKey);
byte[] output = new byte[aes.getOutputSize(plaintext.length)];
int ciphertextLength = aes.processBytes(plaintext, 0, plaintext.length, output, 0);
ciphertextLength += aes.doFinal(output, ciphertextLength);
byte[] result = new byte[iv.length + ciphertextLength];
System.arraycopy(iv, 0, result, 0, iv.length);
System.arraycopy(output, 0, result, iv.length, ciphertextLength);
return result;
} catch (InvalidCipherTextException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
where the shared key is obtained as: public static byte[] getSharedKey(byte[] myPrivateKey, byte[] theirPublicKey) {
return sha256().digest(getSharedSecret(myPrivateKey, theirPublicKey));
}
private static byte[] getSharedSecret(byte[] myPrivateKey, byte[] theirPublicKey) {
try {
byte[] sharedSecret = new byte[32];
Curve25519.curve(sharedSecret, myPrivateKey, theirPublicKey);
return sharedSecret;
} catch (RuntimeException e) {
Logger.logMessage("Error getting shared secret", e);
throw e;
}
}
However, after encryption, the full list of ciphertexts that each participant sends to the next becomes a part of the transaction bytes that are signed by this participant (using his regular private key, as derived from the secret phrase without additional nonces, as done for all Nxt transactions). So modifying anything inside the encrypted payload will invalidate the transaction and it will no longer be acceptable in the blockchain. And the transaction that the next participant submits, includes the hash of this previous transaction, so is only valid as a response for this specific encrypted payload. Note that we use the same method for encrypting messages between Nxt accounts, with the difference that the shared key is derived adding a random nonce for each message, and the regular secret phrase, same for every transaction of this account, is used: public static byte[] getSharedKey(byte[] myPrivateKey, byte[] theirPublicKey, byte[] nonce) {
byte[] dhSharedSecret = getSharedSecret(myPrivateKey, theirPublicKey);
for (int i = 0; i < 32; i++) {
dhSharedSecret[i] ^= nonce[i];
}
return sha256().digest(dhSharedSecret);
}
and after the AES encryption step, same as above, the encrypted text becomes part of the transaction bytes that are signed by the sender. |
|
|
|
Thanks for the explanation, now I added a check for duplicate data at each processing step. For the encryption, for each sender we generate a new public/private key pair using curve25519, unique for each sender/shuffle/recipient combination, and then use this plus the recipient public key to generate a DH shared key, then use AES for the actual encryption. If you take a look at the current way public keys are generated based on secret phrase: https://bitbucket.org/JeanLucPicard/nxt/src/369546f91ba32142562c18d224369ea64a3f0720/src/java/nxt/crypto/Crypto.java?at=master#Crypto.java-63 , for shuffling I have added generation of one-time keys based on secretPhrase plus known nonces: public static byte[] getKeySeed(String secretPhrase, byte[]... nonces) {
MessageDigest digest = Crypto.sha256();
digest.update(Convert.toBytes(secretPhrase));
for (byte[] nonce : nonces) {
digest.update(nonce);
}
return digest.digest();
}
public static byte[] getPublicKey(byte[] keySeed) {
byte[] publicKey = new byte[32];
Curve25519.keygen(publicKey, null, Arrays.copyOf(keySeed, keySeed.length));
return publicKey;
}
public static byte[] getPublicKey(String secretPhrase) {
byte[] publicKey = new byte[32];
Curve25519.keygen(publicKey, null, Crypto.sha256().digest(Convert.toBytes(secretPhrase)));
return publicKey;
}
public static byte[] getPrivateKey(byte[] keySeed) {
byte[] s = Arrays.copyOf(keySeed, keySeed.length);
Curve25519.clamp(s);
return s;
}
public static byte[] getPrivateKey(String secretPhrase) {
byte[] s = Crypto.sha256().digest(Convert.toBytes(secretPhrase));
Curve25519.clamp(s);
return s;
}
and for the one-time keys used in the shuffle, shuffleId and recipientId are used as nonces. Then the one-time sender public key is added to the encrypted data, to allow its decryption by the recipient, yet it is not possible for the recipient (or anyone else) to tell who the sender of each encrypted data is. If the blame phase needs to be entered, each participant discloses the array of sha256 digests ("keySeeds") used to generate each public/private key pair he used to encrypt to each of the next participants, which allows anyone to decrypt the content ot the data. |
|
|
|
Each peer must check that there are no duplicate plaintexts after decrypting. Otherwise attacks on unlinkability are possible.
Is that the same as checking that no two recipient addresses are the same, once the shuffle reaches the last participant, or is there more to it? Multiple participants submitting the same recipient account would be a trivial attack to counteract, however there is no way to protect against a real sybil attack in which multiple participants, each submitting a different recipient address, are actually controlled by the same entity. Independently of James' work, we are also working on implementing coin shuffling using your algorithm in the upcoming version of Nxt. The blame phase is really the complicated part to get right, and here we are taking the approach to disclose the one-time keys used by each participant, to find and penalize the rogue participant. When ready, we would certainly welcome you to have a look at our implementation too. |
|
|
|
|
The development of HZ consists of plagiarizing the work of the Nxt developers, even including the changelogs and readme files that I write. With about 6-12 months delay.
|
|
|
|
If you want to go into details about each team, fine, I just wanted to explain why anonymity should not be taken as a negative point. Actually, of the currently active Nxt developers I am the only one that is anonymous, see AUTHORS.txt for the full list: https://bitbucket.org/JeanLucPicard/nxt/src/369546f91ba32142562c18d224369ea64a3f0720/AUTHORS.txt?at=master And if we start comparing developers' credentials, I did get my PhD from one of the top universities in my field (which is not computer science though), more than 15 years ago. |
|
|
|
Maybe a category for public developer?
In the current political and legal environment, being public puts both the developer, and the project, at risk. A financially independent, anonymous developer, can afford to do what he believes is right. There is less risk that he may be put under duress, have his kids or wife kidnapped, be forced to do something against his will by a totalitarian government (and put under a gag order about it), or receive a friendly visit from the local mobsters. Or be subject to a targeted access operation by a three-letter agency. Being open source (and in the case of Nxt, even GPL), the project will survive and someone else will take over, even if the anonymous developer decides to leave at some point. We are talking about established cryptocurrency projects here, not assets where indeed an anonymous asset issuer can decide to disappear with the shareholders' funds. Being public or anonymous does not make it more or less likely that a developer would leave the project, Nxt has seen a few public developers leave, and then new ones join (and even though anonymous, I am still around). A public developer, funded by VC investments, must ultimately do what the VC's tell him. Being very profit oriented, some VCs will just run a company to the ground for the short term profit, and they couldn't care less about the cryptocurrency movement goals of decentralization, financial independence, being in control of your own money and investments, not having to trust third parties, etc. A public developer may need to do what is politically correct, rather than what is morally correct, or risk jeopardizing his future career. Back on topic, I think we should limit this to an objective comparison of the technical characteristics of the 2.0 platforms, existing or being currently worked on. |
|
|
|
Applications such as Nxt FreeMarket http://nxtfreemarket.com/ , the Multigateway http://multigateway.org/ , and the FreeBird decentralized twitter I previously mentioned run on top of the Nxt blockchain, using its API to store and retrieve data. The MGW does use a few servers run by operators, the others are fully decentralized, as far as I know. |
|
|
|
To focus on features already implemented and in production: Voting System: Nxt has that since 1.5, http://wiki.nxtcrypto.org/wiki/Voting_System , and it is being used to make decisions with voting weighted by NXT balance such as this one: https://nxtportal.org/polls/2751730409036026521 , or by asset balance: https://nxtportal.org/polls/14305781929821355952 . Several other voting models (by account, by MS currency, with or without minimum balance restriction) are supported. Qora also has a voting system, but as far as I know votes can only be counted based on Qora account balance, the Nxt one is more flexible. Prunable messages and data: Nxt allows publishing up to 42 kbytes of data on the blockchain, as either a message, or tagged data (i.e. with additional searchable metadata fields). It deals with the problem of blockchain bloat by making those data prunable: http://wiki.nxtcrypto.org/wiki/The_Nxt_API#Prunable_Data , http://wiki.nxtcrypto.org/wiki/The_Nxt_API#Tagged_Data_Operations . Qora also has the feature to allow publishing arbitrary data on the blockchain, and can present this data as webpage. However I don't know if Qora supports pruning of such data, if their design is that every node needs to store every piece of data published forever, they will have a scalability problem. Unlike Qora, Nxt does not currently provide a way to view such data as a webpage in the default client, however third party applications such as FreeBird are being developed which use the prunable data feature to store tweets or blogs in a decentralized manner: https://nxtforum.org/freebird/ . |
|
|
|
The purpose of this milestones code is "an optimization to speed up finding out what is the last common block you share with a peer." (c) JeanLucPicard
But requesting milestones from peers only checks back 1440 blocks for 10 "jumps", so if the closest common milestone is further than that, then it would just be unable to find a common block. Wrong. This happens in a while(true) loop. It will just request the next 10 milestone blocks, and keep going back until Genesis if no common block is found. At which point, as far as I can tell, the client needs to start over with a node that is passed to him from the NxT domains.
If it cannot download the blockchain from the current peer, it will switch to another peer. Peers exchange their known peers lists with each other all the time, there is no mechanism that will lock your node to only download from certain peers, let alone from hardcoded Nxt domains. |
|
|
|
I use the nxt solaris client.
When I go to Nemstake, price, quantity, total, and account either show 0.00 or are empty. Why is this?
Is nxt solaris completely compatible with the asset exchange?
Do not use Nxt Solaris! It is no longer maintained and will not work not only for asset exchange, but even for simple payment transactions. If you use it, you will be on a fork, and your transactions will not be accepted on the main blockchain. The Nxt Solaris maintainer never updated his client to allow use of fractional NXT, which was a hard fork. Use either NRS 1.1.4 from https://bitbucket.org/JeanLucPicard/nxt/downloads , or one of the windows/mac specific packages that are based on it, from http://nxtra.org/nxt-wallet/ . |
|
|
|
|
It is up to the asset issuer how many digits after decimals point to allow (max 8). Internally, all amounts and prices are of course handled as integers (java longs), in the smallest possible unit. That "decimals" parameter is for convenience only when displaying assets like US dollar and Bitcoin in the UI, so that USD can be defined with decimals=2, and BTC with decimals=8. But internally, those will be handled in cents and satoshis.
So if you want to express quantities down to one millionth of a stake, it is certainly possible, just define the asset with decimals=6. Or, you can indeed define one asset unit equal to one NEM, then everybody who has 1 stake gets to have 1,000,000 asset units.
The only limitation is, the cost of a bid order (the amount you can trade in one transaction) needs to fit in a java long. But as the total available amount of NXT, expressed in NQT (our equivalent of satoshi), fits, unless NEM gets really really expensive, this should not be a problem.
Try it on our testnet first if you find all that fractional amounts definitions confusing.
|
|
|
|
3. Conversion of NEMstake tokens to NEM: Owners of NEMstake tokens need to send the total amount of tokens he owns back to the issuer with a message (use the message function within Nxt asset exchange) in the form: (Quantity of the tokens) space (NEM receiving address) in order to receive the corresponding amount of NEM in the receiving address.
This can be simplified even more. Our Asset Transfer transaction also has a "comment" field where you can put arbitrary text (1000 chars limit). So the token owners can put only their NEM address in the asset transfer comment, no need for separate message. Then, after you (the issuer) send them the actual NEM, you can destroy the token by transferring it to the Genesis account, and in the comment of that asset transfer put the NEM transaction id, as a record that the NEM has been issued and sent. |
|
|
|
|
In my capacity of lead Nxt developer, I can assure you that no core Nxt developer is supporting the scamcoin called NAS.
NAS is a pump and dump coin. It has nothing new to offer. Even calling it a clone or fork would be a compliment they don't deserve, because it is not, it is a quick and dirty copy and paste job. And believe me, it is dirty - I actually took the time to look at the source, out of curiosity what they did with my code.
NAS have taken a test version of the new Nxt UI, developed by Wesley, which was not yet ready for production use - but they don't care, it is a get rich quick scheme, nevermind that it is other people's money this software is supposed to handle. They have also based their release on a Nxt version with a known critical vulnerability, which was fixed in Nxt long ago.
The NAS marketing guys are aggressively trying to bribe various people in the Nxt community with "giveaways". This is a thinly veiled attempt to make their "software" appear sanctioned by the Nxt community. They have also approached me with a similar offer of a generous donation, but I am ignoring it, because I do not want my name to be associated with this blatant scam.
Never confuse copy and paste jobs like NAS with legitimate Nxt alternatives. NEM and NXTL are trying to innovate and improve on the ideas brought by Nxt, they are apparently re-writing and re-designing everything from the ground up, and will be a healthy competition to Nxt. So they have my respect. But NAS... I hope I made myself clear.
|
|
|
|
|
Show Posts
