Reserved

Reserved

coinpit.io  

Global Bitcoin Futures Market
coinpit.io futures exchange offers futures contracts denominated in Bitcoin. Currently, we offer inverse USD/BTC contracts. More contracts will be added based on demand.

Bitcoin is the currency
We are a pure Bitcoin in/out exchange and do not deal with any fiat. This makes our exchange robust and avoids exchange rate risk.

Cryptographically guarded funds
coinpit.io aims to be an exchange that mitigates the most severe fiduciary risks on crypto-exchanges. We use multi-sig addresses where the user’s private key is never transmitted to the exchange, assuring that a security breach cannot compromise user’s funds, making this exchange immune to failure from theft from internal or external agents.
The user’s funds are always available for future withdrawal as a raw bitcoin transaction, and in case the exchange shuts down, users can simply publish the transaction to the bitcoin network to recover their coins.
Its an exchange where your money is mathematically proven to not be lost in the event of an exchange failure or shutdown. Your finances are on the blockchain and not a database entry. And yet performs fast enough for high volumes.

Continuous contracts
We to offer electronically settled, continuous contracts. They are settled mark-to-market on a periodic basis.

World-class trading platform
coinpit.io brings world-class trading platform to bitcoin. From a variety of entry orders (Limit, Stop Limit, Stop Market, Market) to automatic target and stop loss orders with OCO, you can focus more on reading the market and less on actively managing the trade.

coinpit.io
Testnet trade site
Issue reporting
http://reddit.com/r/coinpit

My (yet to go public) futures trading startup uses bitcoin private/public keys to do authentication without a CA.

A CA is still needed for https; however no userids are needed or passwords to remember.

None of the ideas are new, I just put the best features of bitid/sqrl/bitauth into something that is automated from the users point of view

Other options to consider:

bitauth: Does not use bitcoin but uses ECDSA, signs every api call, so can be used like HMAC to protect API
Bitid: Uses bitid:// url scheme. Uses bitcoin addresses, Needs a supporting wallet
SQRL: Needs a trusted app, does not use bitcoin
Clef: Very nice, but you need to use their servers, essentially a trusted third party.

The best thing among the four was SQRL. I basically re-implemented SQRL to use bitcoin addresses/keys

So far, this is a vision statement (a good one) but is not clear if it could even be implemented.

I need clarifications for example, how can one distinguish between credit of various types? USD/EUR/Gold. How is credit spending tracked on the blockchain? How is double spending prevented?


This locks the user out and may retard adoption. What is the point in getting bitcoin if you cant use it for whatever you need it for? Note that in the fiat world, you can exchange USD for EUR and you are free to do whatever you want with the currency you currently possess.

It may be better to re-brand the "credit and anti-credit" as "long and short" contract positions, since when you are in a long futures contract, the only thing you can do is to hold it or close it out for profit or loss.

I've been working on a decentralized futures+derivative exchange for a while and this is certainly interesting to me.

EDIT: The real issue is how to create a fair and coherent distributed orderbook. Will it be on a separate website or set of websites? That would still act like a bunch of exchanges. A truly decentralized model would work at the level of individual users.

A second issue is the credit/anti-credit. Where will it be stored? On the blockchain? As dust? On separate websites?

What prevents someone from simply accepting coins for credit and then no longer participating in the system?

Lots of issues here.

LOL

Understandable, and there is no reason the private key itself cannot be stored encrypted with symmetric encryption on the server. The symmetric key can be generated/computed from the password on the client side and used to decrypt the private key after its fetched. This is then used to sign the server challenge. This is convenient, with the risk that encrypted private keys are now on the server.

Another option is to use openid/oauth type schemes where the authentication is not done by the server/business in anyway but relies on well known providers such as myopenid, google, facebook.

A yet third option is to have a browser plugin that fetches your private key off a thumbdrive and makes the entire login process seamless. i.e. when you go to the website, as long as the thumbdrive is in your computer, it will fetch the private key, do the authentication and sign you in automatically. You only see a notification of successful login or failure. It can also sign any transaction request, authenticating your request to the server. I'm sure some of the smart folks here could easily write something like this.

I would add yubikey, but that's tying to a vendor.

That's very well thought out.

Ok, I don't want to tie anything to a particular technology, but authentication does not require a password to be transmitted. Only proof of being the owner of the identity. Such systems are called zero knowledge authentication systems. Its not "combine different ideas together/buzz words". But I appreciate your indignation. It means you do really care about bitcoin's success and I welcome your input.

http://en.wikipedia.org/wiki/Zero-knowledge_password_proof


Many authentication systems exist that never see a user's password due to public/private encryption.

Essentially works like this:
User has a private key.
Server sends a challenge.
user signs the challenge with his private key
server reads the signed challenge and verifies using the clients public key.

Once identity is established, the client can perform all operations until the session expires.

Blockchain.info uses zero knowledge authentication, as do wuala, spideroak, clipperz, etc.

This is great folks. All your contributions help. No one person can think of everything.

I'll attach a list of credits with the names of all contributors to acknowledge your efforts in every version.

Thanks. Fix added.

My guess is that when presented with a BOSS business and a competing business, the BOSS business will attract more customers. Competition ensures most companies will do the right thing and WANT to attract confidence in their business.

If I'm wrong and everyone wants to keep the current state of affairs, then Bitcoin may not be able to compete with the fiat world and will remain a hobby among the few thousand users here.


That's most certainly going to happen, but less frequently than without BOSS. And everytime it happens, we can amend BOSS to mitigate the newly identified risk.

I was thinking more like a GPL type process. A publicly known standard that can be referred to, complied with and audited against.

If any of us want bitcoin to succeed, we need to achieve the following:

Establish security and auditing standards that bitcoin companies and comply with. This can be publicly posted and edited and companies can post a statement of compliance such as: Complies with bitcoin security standard V2.1

The goal of this is to ensure bitcoin can self-regulate instead of running to the government and begging to be saved from the bad guys. I'm not anti-government regulations per se, but calling in the government to regulate a brand new industry will most certainly stifle innovation.

While there seems to be circumstantial evidence to suggest ZT may have either been a naughty boy or just plain stupid, we need to proceed judiciously. Note that accusations are easy, and tomorrow anyone here with any business could be accused of wrong doing should something go wrong.

We need to put in place transparency and self-regulation so that rampant speculation will have no place.

The fiat financial world is heavily regulated because they had to learn all their lessons the hard way. We don't need to. We should simply apply the lessons here and make BTC a far better product.

For example:
V0.1 of Bitcoin Operations & Security Standard (BOSS 0.1)

Goals of BOSS:

1. Set a standard expectation regarding security and operating procedures.
2. Eliminate, reduce and mitigate losses due to theft or corporate wrongdoing
3. Eliminate, reduce and mitigate losses due to customer action or fraud.
4. Ensure the most up to date security mechanisms are in place.

Users:
1. Every account has 2-factor authentication. [This prevents fraudulent claims of password theft etc]
2. All passwords are salted and hashed. Use state of the art password protection as available using zero knowledge encryption. The unencrypted password should not travel beyond the user's device. Example: blockchain.info [Mitigates loss due to/claim of lost password db]
3. All users who store more than 1000BTC or $10000 USD need to provide scanned copy of govt id. [Large amounts attract theft. Disclosing your identity may be the only way to protect yourself. Prevents Govt coming after corporations for money laundering.]
4. Maximum daily withdrawals are set based on corporate policy. 1000BTC and $10000 recommended. Larger amounts may be allowed after a phone call and verification. [This prevents large losses in case of password theft]
4.a. Optional: withdrawals should go to the same wallet deposits were made from. Customer can always withdraw full amount to the originating wallet, change the designated outgoing wallet and replace the funds as necessary for financial privacy and security. [For some businesses such as mixing services, this makes no sense]

Companies:
5. All Corporate funds are strictly separated from Customer funds. [This makes embezzlement easy to detect and prevents accidental losses]
6. Most BTC are stored in cold wallets. [Prevents large losses due to root privilege compromise]
7. The cold wallets containing more than 1000BTC keys are split among at least 2 officers of the company, so that no one person can withdraw from a cold wallet. Steps should be taken to ensure that these keys portions are not shared and not lost if one of the officers dies or exits the company.
8. Other cold wallets have a maximum amount of 1000BTC beyond which it should split into two cold wallets. [This puts an upper limit on loss from actions of an unscrupulous officer of a company.]
9. Companies will take user privacy very seriously and will not air issues in a public forum. As appropriate, resolve issues with the customer or contact law enforcement. [This will build confidence in bitcoin businesses and prevent slander/accusations of slander]
10. Where appropriate, companies should insure against losses of user funds from theft, loss of keys, disruption of operations, etc. This does not apply to trading losses caused by user's own actions. [Builds confidence and permits outside entity, i.e. the insurance company to audit security procedures]

Added per suggestions:
11. All operational data including user data, financial transactions, software state and configs should be encrypted and backed up to at least one geographically separate location. 2 copies in two geographically isolated locations recommended. [Everything is gone! is no longer a valid argument]

The goals of BOSS are:


1. Set a standard expectation regarding security and operating procedures.
2. Eliminate, reduce and mitigate losses due to theft or corporate wrongdoing
3. Eliminate, reduce and mitigate losses due to customer action or fraud.
4. Ensure the most up to date security mechanisms are in place.

The fiat financial world is heavily regulated because they had to learn all their lessons the hard way. We don't need to. We should simply apply the lessons here and make BTC a far better product.

EDIT: Moved to separate thread here https://bitcointalk.org/index.php?topic=96086.0

If any of us want bitcoin to succeed, we need to achieve the following:

Establish security and auditing standards that bitcoin companies and comply with. This can be publicly posted and edited and companies can post a statement of compliance such as: Complies with bitcoin security standard V2.1

The goal of this is to ensure bitcoin can self-regulate instead of running to the government and begging to be saved from the bad guys. I'm not anti-government regulations per se, but calling in the government to regulate a brand new industry will most certainly stifle innovation.

While there seems to be circumstantial evidence to suggest ZT may have either been a naughty boy or just plain stupid, we need to proceed judiciously. Note that accusations are easy, and tomorrow anyone here with any business could be accused of wrong doing should something go wrong.

We need to put in place transparency and self-regulation so that rampant speculation will have no place.

For example:
V0.1 of Bitcoin Operations & Security Standard (BOSS 0.1)

Users:
1. Every account has 2-factor authentication. [This prevents fraudulent claims of password theft etc]
2. All passwords are salted and hashed. [Mitigates loss due to/claim of lost password db]
3. All users who store more than 1000BTC or $10000 USD need to provide scanned copy of govt id. [Large amounts attract theft. Disclosing your identity may be the only way to protect yourself. Prevents Govt coming after corporations for money laundering.]
4. Maximum daily withdrawals are set based on corporate policy. 1000BTC and $10000 recommended. Larger amounts may be allowed after a phone call and verification. [This prevents large losses in case of password theft]
4.a. Optional: withdrawals should go to the same wallet deposits were made from. Customer can always withdraw full amount to the originating wallet, change the designated outgoing wallet and replace the funds as necessary for financial privacy and security. [For some businesses such as mixing services, this makes no sense]

Companies:
5. All Corporate funds are strictly separated from Customer funds. [This makes embezzlement easy to detect and prevents accidental losses]
6. Most BTC are stored in cold wallets. [Prevents large losses due to root privilege compromise]
7. The cold wallets containing more than 1000BTC keys are split among at least 2 officers of the company, so that no one person can withdraw from a cold wallet. Steps should be taken to ensure that these keys portions are not shared and not lost if one of the officers dies or exits the company.
8. Other cold wallets have a maximum amount of 1000BTC beyond which it should split into two cold wallets. [This puts an upper limit on loss from actions of an unscrupulous officer of a company.]
9. Companies will take user privacy very seriously and will not air issues in a public forum. As appropriate, resolve issues with the customer or contact law enforcement. [This will build confidence in bitcoin businesses and prevent slander/accusations of slander]
10. Where appropriate, companies should insure against losses of user funds from theft, loss of keys, disruption of operations, etc. This does not apply to trading losses caused by user's own actions. [Builds confidence and permits outside entity, i.e. the insurance company to audit security procedures]

Openpay is just what Bitcoin needs

SUM(AMOUNT) will quickly slow down your site if you plan to have millions of users. A simpler strategy is to do a small incremental computation with each transaction and record the new total balance with each transaction. That way you just need a simple SELECT to get the balance.

1) Set withdraw trigger instead.
2) great!
3) see prior post
4-7) great!
Nothing. Just keep ads compact in terms of pixels

I would be glad to help with product development with ideas fwiw (such as this). Investors will come looking for you once you get a few more advertisers.