|
Bitventurer
|
 |
February 09, 2014, 09:38:25 PM |
|
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script, But anyway I honestly don't know how this is related.
With MPK you can have one public key that is able to generate other public keys without touching the private keys. Because they are linked from the seed in a certain way, Both chains (Private key chain, public key chain), will generate corresponding keys in a sequence.
A very good example is AcceptBit.com which is a private key free POS system.
The MPK functionality is VERY important to my new exchange, Also I believe it to be a key element in the automation of decentralized markets, At gateway level.
- Lophie
p.s: There is no way to do this in NXT, I am lacking proper knowledge to surpass the dam of different curve functions between Bitcoin and NXT...
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script, Signing in JS has been done, there was bounty for it. I was thinking more about it, and it wouldn't be as straightforward as I thought, mainly because curve25519 is not bijective. (But it would still be partially doable...) But anyway I honestly don't know how this is related.
It is related, since it's easy to do it on actual PRIVATE key, but most APIs in NRS, do not operate on PRIVATE key, but on a password, that is passed to SHA and the output is your actual PRIVATE key. This additional step (sha) makes it currently currently impossible. (well it would be possible, it hash function would be transitive, but transitive hash function, wouldn't have much sense  ) So YOU are able to generate derived public keys and user is able to generate derived private keys, BUT is there a client that accepts actual PRIVATE key and not password? But the whole point is isolation of private keys!. Ok I will just give away my implementation idea here to explain, So basically the exchange market is 100% cold because it doesn't even hold pre-generated address pool to assign to users. It only holds a single master public key. Whenever a user asks for thier deposit address a single invocation of addrGen(MPubK, userid) would always generate instantly the same address (Note that there is no private keys involved here!), On the secure super duper server that does not directly communicate to the exchange the coins can be spent by addrPrivGen(MPrivk, userid) <-(Not that addrPrivGen takes significantly more time since you actually have to generate from 1 up to userid number of private keys, but that private key will be able to spend the coins in that address). The dangers of exposing MPK are only limited to expose all possible public keys in the sequence. Note that this idea is DONE bitcoin side... with oh many new ideas coming this way  you working on sms gateway for nxts? |
SP8DE - The Game of Chance. Changed.
|
|
|
gimre
Legendary
 Offline
Activity: 866
Merit: 1002
|
|
February 09, 2014, 09:40:13 PM |
|
If I got an incorrect signature I would use another ephemeral key.
Edit: About "HOW exactly" - I would use SHA256(privateKey + message + nonce) instead of SHA256(privateKey + message).
And add a loop over nonce? Don't you see a problem in that? It's not the math that is wrong in Curve25519.sign(), it's the implementation that is wrong... and afaik, you wanted to pay 10 BTC to do audit of the code... PS, you know, that thanks to this change, we could most likely get rid of that stupid loop inside Transaction.sign...
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 09, 2014, 09:44:10 PM |
|
If I got an incorrect signature I would use another ephemeral key.
Edit: About "HOW exactly" - I would use SHA256(privateKey + message + nonce) instead of SHA256(privateKey + message).
And add a loop over nonce? Don't you see a problem in that? It's not the math that is wrong in Curve25519.sign(), it's the implementation that is wrong... and afaik, you wanted to pay 10 BTC to do audit of the code... PS, you know, that thanks to this change, we could most likely get rid of that stupid loop inside Transaction.sign...
Loop over nonce is how it is supposed to work by design. I agree that loop inside Transaction.sign is stupid but it was necessary to hide the injected fatal flaw. Now we can get rid of the loop in Transaction.sign and use a loop inside Crypto.sign. |
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 09, 2014, 09:52:40 PM |
|
But the whole point is isolation of private keys!. Ok I will just give away my implementation idea here to explain, So basically the exchange market is 100% cold because it doesn't even hold pre-generated address pool to assign to users. It only holds a single master public key. Whenever a user asks for thier deposit address a single invocation of addrGen(MPubK, userid) would always generate instantly the same address (Note that there is no private keys involved here!), On the secure super duper server that does not directly communicate to the exchange the coins can be spent by addrPrivGen(MPrivk, userid) <-(Not that addrPrivGen takes significantly more time since you actually have to generate from 1 up to userid number of private keys, but that private key will be able to spend the coins in that address). The dangers of exposing MPK are only limited to expose all possible public keys in the sequence. Note that this idea is DONE bitcoin side... with oh many new ideas coming this way Ahhh, so u want it for cold wallet, now everything is clear. (you should have started, that user won't have access to priv key ) But As I've written: I was thinking more about it, and it wouldn't be as straightforward as I thought, mainly because curve25519 is not bijective.
(But it would still be partially doable...)
Funny thing, I was thinking about making escrow for NXT, but haven't thought about MPK I need to think about it, but I think that on super-duper secure server, you'd have to do check first, as there's chance, that addrGen(MPubK, userid) would generate key, that does NOT have corresponding private key... ( curve25519(priv, basepoint)-> public is not surjective) |
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 09, 2014, 09:55:01 PM |
|
Loop over nonce is how it is supposed to work by design. I agree that loop inside Transaction.sign is stupid but it was necessary to hide the injected fatal flaw. Now we can get rid of the loop in Transaction.sign and use a loop inside Crypto.sign.
That's what I'm trying to say, patching Curve25519.sign should allow to avoid those loops at all. The fact that Curve25519.sign generates WRONG signature FOR SURE wasn't made by design... |
|
|
|
|
Ola
|
|
February 09, 2014, 09:56:51 PM |
|
or we can imput the same mix like on olimpicgames : the Game has changed" , from TRON but your one is sorry : лaжa we need agrresivity, agrRresive marketing Seems XCP is indirectly competing for the 1 st spot, to be out buy Friday as one of their front end devs posted here: https://bitcointalk.org/index.php?topic=430998.msg5031563#msg5031563First to market: network effect is very important especially in the wake of the mtgox fiasco, but I don't think a week's difference will make xcp come out on top, especially when we have a marketing budget to increase mindshare. The XCP strategy has been basically "we built it they ill come" until recently. They now have a marketing bounty, still nothing compared to NXT'S. |
Nxter,Bitcoiner,Ether highlevel developer working to improve the world.
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 09, 2014, 09:59:05 PM |
|
Loop over nonce is how it is supposed to work by design. I agree that loop inside Transaction.sign is stupid but it was necessary to hide the injected fatal flaw. Now we can get rid of the loop in Transaction.sign and use a loop inside Crypto.sign.
That's what I'm trying to say, patching Curve25519.sign should allow to avoid those loops at all. The fact that Curve25519.sign generates WRONG signature FOR SURE wasn't made by design... I give 99% that fix of Curve25519 is safe, but the rest 1% doesn't let me to use the fix coz this part is the most critical part of Nxt. So without a formal proof I'll stick to loop inside Crypto.sign. |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 09, 2014, 10:04:00 PM |
|
Seems XCP is indirectly competing for the 1 st spot, to be out buy Friday as one of their front end devs posted here: https://bitcointalk.org/index.php?topic=430998.msg5031563#msg5031563First to market: network effect is very important especially in the wake of the mtgox fiasco, but I don't think a week's difference will make xcp come out on top, especially when we have a marketing budget to increase mindshare. The XCP strategy has been basically "we built it they ill come" until recently. They now have a marketing bounty, still nothing compared to NXT'S. We r not competitors, IMO. XCP works with BTC, our AE works with NXT. |
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 09, 2014, 10:10:17 PM |
|
I give 99% that fix of Curve25519 is safe, but the rest 1% doesn't let me to use the fix coz this part is the most critical part of Nxt. So without a formal proof I'll stick to loop inside Crypto.sign.
Last one from me: There's nothing to prove, math stays the same, it's the implementation that's wrong not the math,. All the math is already in the file in the comments, those comments were made by this "xmath" dude from sci.crypt (I assume this is Matthijs van Duin). But ok, I can understand, that you're afraid of such change. |
|
|
|
|
Ola
|
|
February 09, 2014, 10:19:15 PM |
|
Seems XCP is indirectly competing for the 1 st spot, to be out buy Friday as one of their front end devs posted here: https://bitcointalk.org/index.php?topic=430998.msg5031563#msg5031563First to market: network effect is very important especially in the wake of the mtgox fiasco, but I don't think a week's difference will make xcp come out on top, especially when we have a marketing budget to increase mindshare. The XCP strategy has been basically "we built it they ill come" until recently. They now have a marketing bounty, still nothing compared to NXT'S. We r not competitors, IMO. XCP works with BTC, our AE works with NXT. maybe not completely but for popularity and IPO-ing companies we most definitely are...these companies have to decide which platform they want to use to issue tokens which customers can investing in..And they are part of the seed to spur the demand for the platform currency. |
Nxter,Bitcoiner,Ether highlevel developer working to improve the world.
|
|
|
|
Bitventurer
|
|
February 09, 2014, 10:22:27 PM |
|
Seems XCP is indirectly competing for the 1 st spot, to be out buy Friday as one of their front end devs posted here: https://bitcointalk.org/index.php?topic=430998.msg5031563#msg5031563First to market: network effect is very important especially in the wake of the mtgox fiasco, but I don't think a week's difference will make xcp come out on top, especially when we have a marketing budget to increase mindshare. The XCP strategy has been basically "we built it they ill come" until recently. They now have a marketing bounty, still nothing compared to NXT'S. We r not competitors, IMO. XCP works with BTC, our AE works with NXT. AE will rock, faster better , FX will use our AE , can see it already in my visions |
SP8DE - The Game of Chance. Changed.
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 09, 2014, 10:27:45 PM |
|
So 2 questions.
1) What is the tecnical term for the assets that will be issued on the asset exchange. Specifically what is the technical term for this type of financial instrument? I know they will be a type of security but they are not futures. When the us treasury issued promissory notes redeemable for gold or silver they called them certificates. Is "certificate" the most accurate term? I, with my silver bullion gateway, would be issuing "silver bullion certificates"?
Share? 2) Even if we know what the technical term is than we probably shouldn't call it that. We may solicit unwanted attention from financial regulators. So what are we going to call them?
Asset? |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 09, 2014, 10:29:38 PM |
|
So 2 questions.
1) What is the tecnical term for the assets that will be issued on the asset exchange. Specifically what is the technical term for this type of financial instrument? I know they will be a type of security but they are not futures. When the us treasury issued promissory notes redeemable for gold or silver they called them certificates. Is "certificate" the most accurate term? I, with my silver bullion gateway, would be issuing "silver bullion certificates"?
2) Even if we know what the technical term is than we probably shouldn't call it that. We may solicit unwanted attention from financial regulators. So what are we going to call them?
I would call it "token". Token could be a good alternative regarding regulation. But I think in the end the users will decide anyway how to call it. It is always like that. The many decide. |
|
|
|
|
|
Bitventurer
|
|
February 09, 2014, 10:29:58 PM |
|
Seems XCP is indirectly competing for the 1 st spot, to be out buy Friday as one of their front end devs posted here: https://bitcointalk.org/index.php?topic=430998.msg5031563#msg5031563First to market: network effect is very important especially in the wake of the mtgox fiasco, but I don't think a week's difference will make xcp come out on top, especially when we have a marketing budget to increase mindshare. The XCP strategy has been basically "we built it they ill come" until recently. They now have a marketing bounty, still nothing compared to NXT'S. We r not competitors, IMO. XCP works with BTC, our AE works with NXT. maybe not completely but for popularity and IPO-ing companies we most definitely are...these companies have to decide which platform they want to use to issue tokens which customers can investing in..And they are part of the seed to spur the demand for the platform currency. that's the only minus, but comming besser is beter then coming first. |
SP8DE - The Game of Chance. Changed.
|
|
|
|
freigeist
|
|
February 09, 2014, 10:30:30 PM |
|
Thanks  |
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 09, 2014, 10:31:03 PM |
|
That will STILL not solve the underlying problem and errors will occasionally occur. (It's x-h that matters)
(Also it wouldn't be that simple, as most likely also verify would have to be changed...)
I think that it does solve the problem and verify() does not need to be changed. I am not certain I understand all of this because I haven't got into the source and the algo. But what is the problem with the source? Isn't it just a programming error that x-h is negative so it should be fixed upfront? |
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
February 09, 2014, 10:33:25 PM |
|
Seems XCP is indirectly competing for the 1 st spot, to be out buy Friday as one of their front end devs posted here: https://bitcointalk.org/index.php?topic=430998.msg5031563#msg5031563First to market: network effect is very important especially in the wake of the mtgox fiasco, but I don't think a week's difference will make xcp come out on top, especially when we have a marketing budget to increase mindshare. The XCP strategy has been basically "we built it they ill come" until recently. They now have a marketing bounty, still nothing compared to NXT'S. We r not competitors, IMO. XCP works with BTC, our AE works with NXT. maybe not completely but for popularity and IPO-ing companies we most definitely are...these companies have to decide which platform they want to use to issue tokens which customers can investing in..And they are part of the seed to spur the demand for the platform currency. The market potential is huge, but at them same time no platform has any proven history as well as stability. It is too premature to talk about network effect. The network effect will only start when you have the exchange running stable for at least 6 months with at least 10-15 real, tradable assets on it. Someone making the asset exchange right 6 months from now could easily beat both NXT and XCP. So the door is still wide open and it is important for NXT to do it right first not that important to get to the market 1 or 2 weeks first. Between the two, I prefer NXT platform and 1 week to the market first makes no difference. I have some XCP too, but so far I have not even have time to have Bitcoin QT up and running. |
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 09, 2014, 10:37:07 PM |
|
The market potential is huge, but at them same time no platform has any proven history as well as stability. It is too premature to talk about network effect. The network effect will only start when you have the exchange running stable for at least 6 months with at least 10-15 real, tradable assets on it.
Someone making the asset exchange right 6 months from now could easily beat both NXT and XCP. So the door is still wide open and it is important for NXT to do it right first not that important to get to the market 1 or 2 weeks first.
What do you define as 'real' and 'tradable'? The asset exchange can only trade assets bound to the virtual world of NXT. That is, assets that depend upon NXT. The other way round is not possible because NXT cannot control offchain actions. |
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
February 09, 2014, 10:43:10 PM |
|
The market potential is huge, but at them same time no platform has any proven history as well as stability. It is too premature to talk about network effect. The network effect will only start when you have the exchange running stable for at least 6 months with at least 10-15 real, tradable assets on it.
Someone making the asset exchange right 6 months from now could easily beat both NXT and XCP. So the door is still wide open and it is important for NXT to do it right first not that important to get to the market 1 or 2 weeks first.
What do you define as 'real' and 'tradable'? The asset exchange can only trade assets bound to the virtual world of NXT. That is, assets that depend upon NXT. The other way round is not possible because NXT cannot control offchain actions. all financial assets are just that papers backed by some valuable things. "real" here = "relevant", it starts to be something when nxt have 10-15 assets that serious people consider them relevant not some gimmicky labels. |
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 09, 2014, 10:45:24 PM |
|
I am not certain I understand all of this because I haven't got into the source and the algo.
But what is the problem with the source?
Isn't it just a programming error that x-h is negative so it should be fixed upfront?
if you're asking if negative input is legal, yes it is. To simplify it, it's similar to how modulo operates in C. If you do: int x = (1-3) % 5; // -2 % 5
you'll get "-2" as a result, but what you're actually interested in is: int x = (1-3 + group_order) % 5; // (-2 + 5) % 5 = 3 % 5 == 5
== 5, and you'll get 3 as a result... |
|
|
|
|
