Is it time for transparent and probvably-not-fractional-reserve exchange?

[CryptoPanda]

Recent news indicate that the major exchanges are into internal audits now or audit each other. They want to show they are not like mtgox.
That's great start. That's what conventional companies would do. But isn't bitcoin all about transparency and no need of trust?
In the bitcoin world if a gambling site isn't provably fair and transparent it doesn't stand much a chance.
Why it isn't the same in the exchange business?
 
Making an exchange transparent and probvably-not-fractional-reserve, will be somewhat harder, but I believe technically doable.
The idea of this thread is to brainstorm how this could be achieved and show the exchanges that the first to do it, will be greatly rewarded by the community. (hence the poll)

I suppose many people will try to drift the conversation about decentralized exchanges. Yes, that would be even better, but a bit more far ahead. So, lets focus on making the current ones transparent and provably-not-fractional-reserve.

[1715413744]

1715413744

[1715413744]

1715413744

[1715413744]

1715413744

[SnakeEater]

http://blog.cryptsy.com/

Cryptsy is over full reserve exchange.

[CryptoPanda]

http://blog.cryptsy.com/

Cryptsy is over full reserve exchange.

they all (supposedly) are, the question is how do they prove it so everyone can see for himself at any time

[CryptoPanda]

bump for that

[DannyHamilton]

http://blog.cryptsy.com/

Cryptsy is over full reserve exchange.

they all (supposedly) are, the question is how do they prove it so everyone can see for himself at any time

Give every user a unique set of funding addresses (all cold storage) where their bitcoins are stored.  Then each user can see for themselves at the start of the day that their bitcoins are still at the address specified.  Do not co-mingle users deposits in any shared address.  On a regular basis (once per day?) reconcile bitcoin address balances converting the cold storage addresses to hot wallets and transferring the bitcoin balances to new cold storage addresses for each user.  "Withdrawals" are handled at reconcile time, sending you your withdrawal directly from your cold wallet funding address (now a hot wallet), and any "change" back to the new cold wallet funding address.

Users pre-register a set of addresses they will withdraw to when they set up the account.  Any change to any of these addresses requires manual communication with the account holder and waiting period (30 days?) before you can withdraw to the new updated address.

Your "account balance" page shows the current bitcoins associated with your account.  Any pending debits and credits (as determined by trades placed, withdrawals requested, etc), and a "pending balance" indicating what the balance will be after reconciliation.

[justusranvier]

Three problems:

1) Exchange operators, including operators and employees, might steal your bitcoins.
2) Exchange operators might lose the private keys to your bitcoins.
3) External attackers might compromise the security of the site and steal your bitcoins.

Since 2010, by far the largest problems are 1 and 3.

2 is something hypothetical that aren't even sure even happened.

Why is everybody talking about solutions to 2, especially solutions that do absolutely nothing to stop 1 and 3 (the ones we know happen all the time?)

[DannyHamilton]

Three problems:

1) Exchange operators, including operators and employees, might steal your bitcoins.
2) Exchange operators might lose the private keys to your bitcoins.
3) External attackers might compromise the security of the site and steal your bitcoins.

Since 2010, by far the largest problems are 1 and 3.

2 is something hypothetical that aren't even sure even happened.

Why is everybody talking about solutions to 2, especially solutions that do absolutely nothing to stop 1 and 3 (the ones we know happen all the time?)

Certainly.  My suggested solution does very little to prevent theft and fraud.  That is another matter entirely.

What my suggested solution does do is make it much easier for users to determine if the exchange is engaging in fractional reserve of the user's bitcoin deposits, and limits a single user's ability to use social engineering to convince an exchange to send them someone else's bitcoins.

[justusranvier]

My suggested solution does very little to prevent theft and fraud.  That is another matter entirely.

They don't have to be though. That's why I like FellowTraveler's voting pool approach.

I didn't really get it until he was able to explain it in person, but he's taking on the entire problem space. When voting pools launch it won't be possible for an exchange using them to fail to deliver the coins they owe their customers.

[riekinho]

That's why I like FellowTraveler's voting pool approach.

Could you elaborate some more on what this is?

[justusranvier]

Sure, I'll post the link again: http://bitcoinism.blogspot.com/2013/12/voting-pools-how-to-stop-plague-of.html

There are more low level details to it than that, but that should explain what's going on at a high level.

[pening]

http://blog.cryptsy.com/

Cryptsy is over full reserve exchange.

they all (supposedly) are, the question is how do they prove it so everyone can see for himself at any time

By using some sort of open, transparent system to see where the coins are.  Like a public ledger...

I think the problem being asked here is valid but highlights a core problem with Bitcoin exchanges.  They aren't.  They are deposit accounts with exchange attached.  Really you shouldn't be holding any coin on the exchange, you put up your bid/ask, make a trade then complete the transaction within a time limit, possibly off the exchange.  Maybe a clearing house to track and followup on trades can back this up. 

[CryptoPanda]

http://blog.cryptsy.com/

Cryptsy is over full reserve exchange.

they all (supposedly) are, the question is how do they prove it so everyone can see for himself at any time

Give every user a unique set of funding addresses (all cold storage) where their bitcoins are stored.  Then each user can see for themselves at the start of the day that their bitcoins are still at the address specified.  Do not co-mingle users deposits in any shared address.  On a regular basis (once per day?) reconcile bitcoin address balances converting the cold storage addresses to hot wallets and transferring the bitcoin balances to new cold storage addresses for each user.  "Withdrawals" are handled at reconcile time, sending you your withdrawal directly from your cold wallet funding address (now a hot wallet), and any "change" back to the new cold wallet funding address.

Users pre-register a set of addresses they will withdraw to when they set up the account.  Any change to any of these addresses requires manual communication with the account holder and waiting period (30 days?) before you can withdraw to the new updated address.

Your "account balance" page shows the current bitcoins associated with your account.  Any pending debits and credits (as determined by trades placed, withdrawals requested, etc), and a "pending balance" indicating what the balance will be after reconciliation.

I was thinking along those lines but what do we do with the trades fiat<>btc that users often do several times per day. Many BTC will change hands number of times through the day.

[runam0k]

I remember reading somewhere about the possibility of constructing Bitcoin transactions that are triggered by (i.e. pay upon the occurrence of) specified events.

Is fully contingent funding possible, with regular "settlements"?

Something like this:

1. Trader commits funds by broadcasting an irrevocable contingent “funding” transaction (which will be triggered by the broadcast of a corresponding “settlement” transaction by the exchange, perhaps within a specified period of time (or else the transaction times out))

2. Trading period (i.e. off blockchain transactions)
 
3. Settlement*:
o Trader's various trades during the trading period are netted to determine the settlement amount due
o The exchange broadcasts an irrevocable contingent “settlement” transaction for the settlement amount (which itself will be triggered by the actual receipt of bitcoins under the corresponding irrevocable contingent “funding” transaction in 1 above)
o The irrevocable contingent “funding” transaction is triggered (by the broadcast of the irrevocable contingent “settlement” transaction) - the exchange receives the funding amount
o The irrevocable contingent “settlement” transaction is triggered (by the receipt of funds) - the trader receives the settlement amount

*These steps assume a trading loss - steps can be dispensed with if the trading account balance increases or does not change.

Settlements at fixed times during the day might mean brief trading downtime but if the "funding" and "settlement" transactions fail, for whatever reason, the effected traders only lose a few hours of trading, not their bitcoins (and the exchange misses out on the trading fees).

Traders could set up auto funding rules depending on how often settlements take place.

I suppose an attacker could adjust settlement amounts to zero and then steal bitcoins from the exchange, but that would presumably be on an account by account basis and with a very limited window of opportunity.

Thoughts? Any of this possible?

[CryptoPanda]

I've read something about open and contract based transactions. It's all theoretically possible but none has been implemented yet.
I guess we are just in the beginning of an exciting technology. Very in the beginning.

[Ekaros]

Three problems:

1) Exchange operators, including operators and employees, might steal your bitcoins.
2) Exchange operators might lose the private keys to your bitcoins.
3) External attackers might compromise the security of the site and steal your bitcoins.

Since 2010, by far the largest problems are 1 and 3.

2 is something hypothetical that aren't even sure even happened.

Why is everybody talking about solutions to 2, especially solutions that do absolutely nothing to stop 1 and 3 (the ones we know happen all the time?)

On 2. weren't there some idiots who run a service on amazon cloud and didn't write their private keys to disk and when session went down all of the keys were lost...

I don't think it was exchange, but online wallet anyway...

[Bitalo_Maciej]

I've read something about open and contract based transactions. It's all theoretically possible but none has been implemented yet.
I guess we are just in the beginning of an exciting technology. Very in the beginning.

Well, an exchange like this already exists: https://bitalo.com/why_bitalo/

Three problems:

1) Exchange operators, including operators and employees, might steal your bitcoins.
2) Exchange operators might lose the private keys to your bitcoins.
3) External attackers might compromise the security of the site and steal your bitcoins.

First off: All Bitalo wallets are P2SH 2-of-2 multisignature wallets. One key belongs to the user (we never see it), the other one belongs to Bitalo (user never sees it). Now to tackle the problems above:

1) Bitalo, its employees or even server providers cannot move Bitcoins, because they only have one of two keys required for signing a spending transaction
2) A backup "lock time" transaction is signed after every wallet action, so even if Bitalo loses the keys, after "lock time" expires you can claim your Bitcoins (note that this is a feature that we're testing and not deployed yet, but will do very soon)
3) See no. 1. Attacker can only steal one of two private keys required to sign a transaction. To successfully steal Bitcoin an attacker would need to compromise *both* our servers and user's computer to steal both keys. Even then he can only steal from this one specific user, not all of them.

So what you end up is a wallet which you can inspect personally at any given time to see that you Bitcoins are still intact. You can just fire your favorite blockchain explorer, or even a watch-only desktop client and check it!

Oh, and you don't have to take my word for it. Just go to the site and inspect the code. Or ask someone to do so if you don't have the knowledge. The javascript code that creates and signs transactions is open, uncompressed, ready to be inspected.

And if that doesn't sound any trustworthy, you can actually look-up "Bitalo Aktiengesellschaft" to see that we are a real company registered in Germany as AG (like Inc. in the US) with 75.000 EUR founding capital, so we're definately won't risk doing anything stupid.

[eoJ]

In the bitcoin world if a gambling site isn't provably fair and transparent it doesn't stand much a chance.

Lol, I've yet to see a Bitcoin gambling site that even comes close to the provably fair requirements major gambling sites adhere to.

[CryptoPanda]

In the bitcoin world if a gambling site isn't provably fair and transparent it doesn't stand much a chance.

Lol, I've yet to see a Bitcoin gambling site that even comes close to the provably fair requirements major gambling sites adhere to.

So you are comparing sites where some central authority says you are fair (lobbying, bribery, interests) so you have to TRUST that authority and sites where every visitor can see for himself that it's fair (through the magic of math and hashing)?
I know which one I would choose.

[CryptoPanda]

I've read something about open and contract based transactions. It's all theoretically possible but none has been implemented yet.
I guess we are just in the beginning of an exciting technology. Very in the beginning.

Well, an exchange like this already exists: https://bitalo.com/why_bitalo/

Three problems:

1) Exchange operators, including operators and employees, might steal your bitcoins.
2) Exchange operators might lose the private keys to your bitcoins.
3) External attackers might compromise the security of the site and steal your bitcoins.

First off: All Bitalo wallets are P2SH 2-of-2 multisignature wallets. One key belongs to the user (we never see it), the other one belongs to Bitalo (user never sees it). Now to tackle the problems above:

1) Bitalo, its employees or even server providers cannot move Bitcoins, because they only have one of two keys required for signing a spending transaction
2) A backup "lock time" transaction is signed after every wallet action, so even if Bitalo loses the keys, after "lock time" expires you can claim your Bitcoins (note that this is a feature that we're testing and not deployed yet, but will do very soon)
3) See no. 1. Attacker can only steal one of two private keys required to sign a transaction. To successfully steal Bitcoin an attacker would need to compromise *both* our servers and user's computer to steal both keys. Even then he can only steal from this one specific user, not all of them.

So what you end up is a wallet which you can inspect personally at any given time to see that you Bitcoins are still intact. You can just fire your favorite blockchain explorer, or even a watch-only desktop client and check it!

Oh, and you don't have to take my word for it. Just go to the site and inspect the code. Or ask someone to do so if you don't have the knowledge. The javascript code that creates and signs transactions is open, uncompressed, ready to be inspected.

And if that doesn't sound any trustworthy, you can actually look-up "Bitalo Aktiengesellschaft" to see that we are a real company registered in Germany as AG (like Inc. in the US) with 75.000 EUR founding capital, so we're definately won't risk doing anything stupid.

Great! That looks like very interesting project, i'll look it up closer!

[eoJ]

In the bitcoin world if a gambling site isn't provably fair and transparent it doesn't stand much a chance.

Lol, I've yet to see a Bitcoin gambling site that even comes close to the provably fair requirements major gambling sites adhere to.

So you are comparing sites where some central authority says you are fair (lobbying, bribery, interests) so you have to TRUST that authority and sites where every visitor can see for himself that it's fair (through the magic of math and hashing)?
I know which one I would choose.

No, it's called an independent, qualified auditor. Excluding certain games like Satoshi dice.