Ok, here are some quick notes on Qora v. Nxt (I've looked at both sets of code a little while this evening.)
Initial ImpressionsI can not rule out, beyond certainty, that this wasn't cloned but I can easily verify that
if this started from a Nxt fork, a TON of work has been put in modifying the code. Qora is organized completely differently than Nxt. From the application entry point, all initialization methods execute completely differently. If Qora took Nxt, he heavily modified it beyond recognition.
Personally, I've suspected that this wasn't a clone and I've never seen any reason not to trust Qora's claims. So far, this seems to be likely true-- this is not a fork and is "new source".
Cryptography AnalysisNxt uses SHA-256 to hash passphrases and then Curve25519 and SHA-256 again to create public/private key. It signs it's data using, EC-KCDSA.
Qora is a bit of a different beast. I'm still digging into this section of code but if my quick-scan of DB, Crypto and Account files has produced an accurate understanding, your wallet seed is a random value, stored to a secure DB. Each time a new account is generated, a nonce is appended to the the seed, and a new address is calculated and stored in the DB.
Specifically, an address account is generated by taking the Nonce+seed+Nonce value and double-SHA-256 hashing it to produce a unique account seed.
Next, a Key pair is generated using Ed25519 key pair creation, from the account seed. To be clear, Ed25519 is slightly different than Curve25519 (which is what Nxt uses.) After the Pub/Privkey pair is generated,the application takes the RIPEMD160 of the SHA-256 hash of the pub-key. NExt, Qora prepends a version byte to this hash and then double, SHA-256 hashes the byte array and finally appends the first four bytes of the new hash, to the former. These last four bytes are used as an account checksum and are used for account ID validation.
This process of a account generation is significantly different than Nxt. Obviously, Qora makes use of a wallet, where Nxt does not. Still, the process of creating a payment address is far more robust than Nxt. In fact, this process is almost-exactly how BTC addresses are created, rather than Nxt. The only variation is that the version byte is likely different (which results in the "Q" at the beginning of the address) and Ed25519 keys are used by Qora where ECDSA keys are used by BTC and it's clones.
ForgingFirst, let me go ahead and say that forging is something that I've never looked into deeply. I understand the very high-level nature of it and I very much understand the big differences between traditional "1.0" coins and these new PoS "2.0" coins. My notes on forging will, therefore, be very basic sense I know so little about the nuts-and-bolts. Regardless, here are my observations.
The code is significantly organized in a different manner. At first glance, I think Nxt and Qora us a completely different approach to come up with similar results. Again, Qora is more succinct than Nxt. I'll have to take a while longer to dig into this but since I can't seem to figure out how to build and debug java code through eclipse (
yeah, pretty basic stuff, I know...) I can't run the code and step through this portion to clarify what's going on. All I can verify is that Nxt vs. Qora looks completely different. Also, Qora makes use of the global "Generating Balance" to determine the block Target. From my scan of the Nxt code, no such value is used. I think there is a bit more randomness to Nxt than their might be of Qora, but I won't stand by that. Qora basically looks at the time since the last block, the forgers personal balance and the total balance of forging accounts. It then uses a fairly straight forward process to test if a block has been forged.
I haven't been able to figure out what Nxt does. This isn't because of poor Nxt coding. It's because I don't have the time to look into it. If a Nxt guru is around, please comment.
Final ThoughtsMy vote is, no, this is not a clone. If Qora was inspired by Nxt, I would make the guess that he read up a lot on it, possibly read through the source and thought "I can do that" and gave it a go at writing his own application. Qora uses mostly different libraries and is structured significantly different.
I also assume that Qora is a professional day-time coder, who works with a team of devs at a software firm or possibly large company. Nxt feels like good, solid code, but it doesn't adhere to strict practices that big-team developers tend to follow since they are use to having to organize and share code with co-workers. I know that open source projects are often shared across devs, but having worked in both environments I can attest that "good" developers, in both areas of software engineering tend to have different coding approaches and styles because requirements differ. Qora feels like it's written by an experienced, professional business coder, while Nxt feels like a large, open source project.
One piece of software isn't necessarily better than the other but they look VERY different. This adds to strong evidence supporting that this is almost certainly NOT a clone.
