gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 07, 2014, 06:55:07 AM Last edit: February 07, 2014, 07:06:32 AM by gimre |
|
I received this response from a Crypto expert after reviewing code, here was the response, need some clarification from CFB or devs:
"Thanks very much for sending me the code. I took a quick look and understood that it is an implementation of two well known crypto algorithms -- elliptic curve based key agreement scheme (ecdh) and digital signature scheme (ec-kcdsa). The code itself was ported from C to Java back in 2008, and so it has been around for quite a while.
I am wondering what you are looking for in the code review. If it is mainly the correctness of the implementation, then I would take a pass. I feel that what would be most helpful for Nxt is to review how the above crypto algorithms are utilized within the Nxt currency system to achieve the intended security goals. "
If anyone has an appropriate response, let me know.
It seems to me that his two categorizations are really the same thing and are what we are looking for Okay, is there something else I can send, perhaps more clarification to exactly what we are looking for? Also, it's a she, Lisa Yin, PHD in Cryptography from MIT. In the code, there are comments regarding sign and verify. Could you kindly ask her to verify math behind it*? (that is math behind sign + verify) Also, you can provide her with links, to two interesting (old) threads on sci.crypt: http://sci.crypt.narkive.com/mukCBREz/curve25519-ecdh-portable-c-implementationhttps://groups.google.com/d/msg/sci.crypt/MFp1DB7ypp4/mA1NaYYEVm4Jinteresting quote from second one: Note that there isn't actually such a thing as positive or negative in a finite field, but you should just pick some definition. My favorite is to define elements with the least significant bit set (when fully reduced) to be negative, and non-zero elements with the least significant bit clear (when fully reduced) to be positive.
(PS, there was already done analysis by BloodyRookie: https://bitcointalk.org/index.php?topic=397183.msg4645132#msg4645132)
|
|
|
|
bitcoinpaul
|
|
February 07, 2014, 07:31:20 AM |
|
I received this response from a Crypto expert after reviewing code, here was the response, need some clarification from CFB or devs:
"Thanks very much for sending me the code. I took a quick look and understood that it is an implementation of two well known crypto algorithms -- elliptic curve based key agreement scheme (ecdh) and digital signature scheme (ec-kcdsa). The code itself was ported from C to Java back in 2008, and so it has been around for quite a while.
I am wondering what you are looking for in the code review. If it is mainly the correctness of the implementation, then I would take a pass. I feel that what would be most helpful for Nxt is to review how the above crypto algorithms are utilized within the Nxt currency system to achieve the intended security goals. "
If anyone has an appropriate response, let me know.
U'll see a perfect example of how audit should be done in several hours when I disclose the critical bug description. It is not about how but about what. Sometimes, you talk about the implementation of Curve+Signature (especially 64bit), sometimes you talk about the implementation and use of the two. We don't have the original source (in quasm code, 32bit) of Mr. Bernstein's curve, only the ported one, so I think you mean the curve in general AND the implementation of the two. But one day, I think you talked about how we use the algo also. Blahblahblah... Does anyone have a clue, what CfB wants?
|
|
|
|
bitcoinpaul
|
|
February 07, 2014, 07:33:01 AM |
|
I think that we could run Scripting on a parallel chain. Main chain won't be hurt if something goes wrong.
Very interested to see how this "parallel chain" stuff is going to work - and yes I guess it could be the safest way to do the "smart contracts". Am guessing that if we approach it that way then the 100+ TPS should not be affected by this or other ideas that could also be put into "parallel chains". Maybe this is the "real ace" that Nxt has up its sleeve? I said this a long time ago I think I mentioned this hundreds of pages ago, but why do we assume transactions and DACs have to be on the same blockchain? The beauty of multiple chains is that people can choose which chains to point their devices at. Smartphone users would be happy to point their smart phones at the main chain only, while those with powerful desktops can point their machine at both the main chain and the DAC chain. Both chains can be run at 1 minute between blocks, to maintain consistency. Also, I wonder if coins can be transferred between chains? If not, I'm 99% sure the AE can take care of that.
Also, can anyone answer this: how does etherium handle a situation where one computer is faster than the other? Does the network just work at a predefined speed (# of OPs per minute) and anyone who can't reach that quota is kicked off the network? Or do they have some method of comparing output from multiple nodes to make sure the same inputs produce the same outputs (unlimited OPs per minute, depending on size of network and # of matching answers needed)?
+1 Who tackles parallel blockchains? JL? CfB? BCNext? bitcoinpaul?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 07, 2014, 07:34:34 AM |
|
It is not about how but about what.
Sometimes, you talk about the implementation of Curve+Signature, sometimes you talk about the implementation and use of the two. We don't have the original source (in quasm code) of Mr. Bernstein's curve, only the ported one, so I think you mean the curve in general AND the implementation of the two. But on the other hand, I think one day you talked about who we use the algo also. Blahblahblah...
Does anyone have a clue, what CfB wants?
I confuse "what" and "how", they r interchangable in Russian. We need audit of Crypto and Curve25519 classes. Edit: Wait for critical bug disclosure to get it better. The bug is related to Crypto implementation. An audit would let to avoid the bug.
|
|
|
|
wesleyh
|
|
February 07, 2014, 08:13:30 AM |
|
So what does base target percentage actually mean?
Is there a "good" and a "bad" percentage? If so, what are they? (less than X, greater than Y)?
|
|
|
|
S3MKi
Legendary
Offline
Activity: 1540
Merit: 1016
|
|
February 07, 2014, 08:14:15 AM |
|
|
|
|
|
farl4web
Legendary
Offline
Activity: 1205
Merit: 1000
|
|
February 07, 2014, 08:19:06 AM |
|
LOL!
|
|
|
|
farl4web
Legendary
Offline
Activity: 1205
Merit: 1000
|
|
February 07, 2014, 08:20:51 AM |
|
Tonight I was thinking again about the fees. We should not change the fees already, it's not wise.
In this early fase of Nxt I hear nobody complaining about the high fees, mostly because not a lot of payments are done.
But I DO hear a lot of complaining about the joke of forging. In the early fase of a cryptocoin, the miners/investors are the most important people, they make a coins succesfull (look at Dogecoin). To get a lot of attention, we need to attract the miners and investors first!
Later when it gets more populair you can lower the fees!
Bump
|
|
|
|
wesleyh
|
|
February 07, 2014, 08:21:51 AM |
|
Tonight I was thinking again about the fees. We should not change the fees already, it's not wise.
In this early fase of Nxt I hear nobody complaining about the high fees, mostly because not a lot of payments are done.
But I DO hear a lot of complaining about the joke of forging. In the early fase of a cryptocoin, the miners/investors are the most important people, they make a coins succesfull (look at Dogecoin). To get a lot of attention, we need to attract the miners and investors first!
Later when it gets more populair you can lower the fees!
Bump I change my vote to keep it at 1NXT.
|
|
|
|
farl4web
Legendary
Offline
Activity: 1205
Merit: 1000
|
|
February 07, 2014, 08:23:18 AM |
|
Thanx Wesley.
Btw: Do you have any news about the Mac-client? I stopped forging because the client doesn't update to the new critical versions.
|
|
|
|
iruu
|
|
February 07, 2014, 08:25:18 AM |
|
Tonight I was thinking again about the fees. We should not change the fees already, it's not wise.
In this early fase of Nxt I hear nobody complaining about the high fees, mostly because not a lot of payments are done.
But I DO hear a lot of complaining about the joke of forging. In the early fase of a cryptocoin, the miners/investors are the most important people, they make a coins succesfull (look at Dogecoin). To get a lot of attention, we need to attract the miners and investors first!
Later when it gets more populair you can lower the fees!
Bump you have the casuality in reverse: few payments are done BECAUSE the fees are high.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 07, 2014, 08:30:07 AM |
|
So what does base target percentage actually mean?
Is there a "good" and a "bad" percentage? If so, what are they? (less than X, greater than Y)?
Base target shows how long to wait till next block in average. Also it's one of the traps for copycats. Without knowledge of TF internal mechanisms forging of their copycoin will stop eventually. There is no good or bad percentage.
|
|
|
|
farl4web
Legendary
Offline
Activity: 1205
Merit: 1000
|
|
February 07, 2014, 08:34:09 AM Last edit: February 07, 2014, 08:50:31 AM by farl4web |
|
Tonight I was thinking again about the fees. We should not change the fees already, it's not wise.
In this early fase of Nxt I hear nobody complaining about the high fees, mostly because not a lot of payments are done.
But I DO hear a lot of complaining about the joke of forging. In the early fase of a cryptocoin, the miners/investors are the most important people, they make a coins succesfull (look at Dogecoin). To get a lot of attention, we need to attract the miners and investors first!
Later when it gets more populair you can lower the fees!
Bump you have the casuality in reverse: few payments are done BECAUSE the fees are high. Really? The 1 fee, doesn't bother me at all. And there are very limited places where you can pay with NXT at this moment. I'm forging for 1,5 month 24/7 with a nice account, but when the fees drop, I think I will stop with an unlocked account. It isn't worth it anymore.
|
|
|
|
iruu
|
|
February 07, 2014, 08:39:58 AM |
|
Tonight I was thinking again about the fees. We should not change the fees already, it's not wise.
In this early fase of Nxt I hear nobody complaining about the high fees, mostly because not a lot of payments are done.
But I DO hear a lot of complaining about the joke of forging. In the early fase of a cryptocoin, the miners/investors are the most important people, they make a coins succesfull (look at Dogecoin). To get a lot of attention, we need to attract the miners and investors first!
Later when it gets more populair you can lower the fees!
Bump you have the casuality in reverse: few payments are done BECAUSE the fees are high. Really? The 1 fee, doesn't bother me at all. And there are very limited places where you can buy with NXT at this moment. I'm forging for 1,5 month 24/7 with a nice account, but when the fees drop, I think I will stop with an unlocked account. It isn't worth it anymore. Nxt is completely unusable for micropayments and tips. The fees are so high that using a forging pool right now doesn't make sense if you don't have at least 100k NXT. It's a very serious design error, but the only sensible way forward is to have big and medium holders who forge not because it's profitable, but because it indirectly gives value to their holdings. Maybe someday the transaction volume will rise so much that it's going to become profitable again. Just look around. Nobody uses NXT. So much wasted potential.
|
|
|
|
Hacer88
Member
Offline
Activity: 80
Merit: 10
|
|
February 07, 2014, 08:40:21 AM |
|
Maxcoin killed all the coins
|
NXT - NEM - NAS - NFD
|
|
|
martismartis
Legendary
Offline
Activity: 1162
Merit: 1005
|
|
February 07, 2014, 08:43:47 AM |
|
Tonight I was thinking again about the fees. We should not change the fees already, it's not wise.
In this early fase of Nxt I hear nobody complaining about the high fees, mostly because not a lot of payments are done.
But I DO hear a lot of complaining about the joke of forging. In the early fase of a cryptocoin, the miners/investors are the most important people, they make a coins succesfull (look at Dogecoin). To get a lot of attention, we need to attract the miners and investors first!
Later when it gets more populair you can lower the fees!
Bump you have the casuality in reverse: few payments are done BECAUSE the fees are high. Really? The 1 fee, doesn't bother me at all. And there are very limited places where you can buy with NXT at this moment. I'm forging for 1,5 month 24/7 with a nice account, but when the fees drop, I think I will stop with an unlocked account. It isn't worth it anymore. Nxt is completely unusable for micropayments and tips. The fees are so high that using a forging pool right now doesn't make sense if you don't have at least 100k NXT. It's a very serious design error, but the only sensible way forward is to have big and medium holders who forge not because it's profitable, but because it indirectly gives value to their holdings. Maybe someday the transaction volume will rise so much that it's going to become profitable again. Just look around. Nobody uses NXT. So much wasted potential. Where can you spend NXT today, except exchange? Post any place accepting NXT.
|
|
|
|
LiQio
Legendary
Offline
Activity: 1181
Merit: 1002
|
|
February 07, 2014, 08:45:17 AM |
|
Where can you spend NXT today, except exchange? Post any place accepting NXT.
https://www.solarcom.ch/en/
|
|
|
|
iruu
|
|
February 07, 2014, 08:45:59 AM |
|
Where can you spend NXT today, except exchange? Post any place accepting NXT.
That's the point. Although it's not as bad as zero. Now imagine NXT fees are zero! A fast way to "1000 TPS"
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
February 07, 2014, 08:48:18 AM |
|
The reason why there are so little NXT transactions are because they are way to expensive. If i want to send the lowest amount possible to a friend, so he can send it back and test his setup, it costs mit 2 NXT total. (send 3 to him, 2 come to him and he sends the 2 back) That are 12-15 cents.
Our network wants to tell everyone that we can handle big traffic with little cost, but the way i see it, with the fee staying that high, not many transactions will occur.
Or look at faucets. Many people want to enter a currency for free at start to test it out. Now we can get 3 NXT from a faucet. that is 1 transaction .... Rly?? I think currencies like Doge are so successful because the fee is ridiculous low, its 0.01 Doge, that is like a 10.000th of NXT..
I predict a more than 10 fold in transactions if the fee drops to 0.1 NXT and the fractional NXTs get enabled. Also even if it does not increase by tenfold, then then widespread of the currency makes up for it.
FEE 0.1!!!! NAOWW
|
|
|
|
allwelder
Legendary
Offline
Activity: 1512
Merit: 1004
|
|
February 07, 2014, 08:50:20 AM |
|
with 0.7.0e [2014-02-07 12:57:56.176] DEBUG: Database cache size set to 126720 kB [2014-02-07 12:57:58.927] Database is at level 6 [2014-02-07 12:57:58.928] Updated database is at level 6 [2014-02-07 12:57:59.077] Scanning blockchain...
stick the above for a moment ,then the cmd window disappear. any suggestion? TKS. me too...! may be we should back to 0.6.1
|
|
|
|
|