Author

Topic: [ANN] Aquila: A Privacy-Conscious Distributed Market Managed By Shareholder Vote (Read 557 times)

newbie
Activity: 5
Merit: 0
I've now also released the server, and improved the client's resistance to DoS by a rogue server. So far, I've received one incorrect report of a security vulnerability, not too impressive.

And bump, any comments appreciated -- too dull, too confusing, too scary?
newbie
Activity: 5
Merit: 0
I announce here Aquila, a decentralized market for trading real-world goods and services. This market uses the Bitcoin blockchain for both payment and certain other purposes. Its goals are to:
  • Protect buyer and seller privacy, both in the blockchain and within the market. For example, stealth multisig is implemented, and the protocol is Tor-friendly.
  • Distribute control of the market over many people. To that end, authority to release escrow, moderate listings, and otherwise manage the market is determined by a vote of the market's owners, with ownership tracked by colored coins in the Bitcoin blockchain. Buyers and sellers run a client that tracks this ownership, evaluates proposals voted on by the owners, and trusts the admins chosen by a plurality of voters. Since the owners have authority to allow or ban sellers, they can require sellers to pay commission to the owners. That commission is like a dividend, and ownership can be traded like shares in a corporation
    • To be absolutely clear, this is different from existing software that just tracks ownership of securities in the blockchain. The point here isn't that ownership is recorded.  The point is that a lightweight computer program operated by the market's buyers and sellers looks at the record, and automatically grants authority to the people who control those coins.
    • This is also different from decentralized markets where anyone can play the role of escrow agent, but it's still a single person (or organization of people that trust each other due to real-life relationships).

The market consists of multiple servers operated by its owners and admins, and a browser-based client that connects to multiple servers, and keeps as little state as possible while still providing reasonable security properties. The client may be run without installation, with the usual in-browser crypto security problems, or may (preferably) be installed locally. Firefox is recommended, but Chrome seems to work too. I'm running a couple servers for a market that uses testnet Bitcoin, as Tor hidden services. You can try it at:

      https://dev942.github.io/

The client is freely available now. The server isn't yet. In our security model, the server is mostly untrusted, just a bulletin board where the clients can post messages. The client is therefore the principal security risk, since by definition, security holes in the server can't cause leakage of secret information or loss of funds. (Of course, the server does actually look at messages before storing and forwarding them, for denial of service and other reasons. This adds another barrier to attacks by anyone who doesn't run a server. Servers should be operated by owners, with incentives against misbehavior as set out in the linked documentation.)

Buyer accounts are created automatically. If you want a seller account, create a buyer account and just message me through the market and I'll upgrade you. If you want to try something abusive, please use only aqla5tj5a4zjnhun.onion, to avoid taking my test setup down entirely. These are tiny VPSs, so please don't DoS.  

Once I'm relatively confident that the software is stable and secure, I plan to organize a livenet market, with 10-100 owners. I plan to give the colored coins that determine ownership to people that I believe will govern the market effectively. After that first market becomes established, I will release the server.

We're not selling shares. This is:
  • To emphasize that I don't intend there to be only one set of owners.  I hope that many markets using this software will be operated, with different policies and goals, and that users will be able to transfer pseudonymous identity and reputation across them.
  • To put control of the first market in the hands of people with the technical ability to manage it. These shares will never be a passive investment.
  • To make it clear that this isn't another stupid pump-and-dump.

I appreciate your feedback. I am especially interested in:
  • Comments on the encryption scheme used. This is implemented at ecMath.js:154. The protocol is very similar to ECIES as used in Bitmessage, but support is added for multiple recipients, to permit senders of encrypted messages to cc themselves or the admins.  Nonstandard is bad, but the benefit of multiparty seemed too great here to pass up.
  • Security, generally. I hope to distribute at least half of initial ownership to people who have reported security issues in the client, and maybe more. This is an early, rough release, so I am certain that if you look, someone will find.
    • Please understand our security model before reporting. If a buyer or seller can do almost anything bad, that's a bug. If a server operator can steal funds or learn secret information, that's a bug. If a server operator can do other bad things, then that's not necessarily a bug. DoS vulnerabilities count only if you can fix them.
  • The ownership and shareholder voting scheme. In the present implementation, all buyers and sellers must be aware of every coloured coin transaction, since they can't evaluate votes on a proposal for control without a complete cap table for the market. This means that every trade (of ownership--this has nothing to do with buying or selling goods on the market) imposes a cost on every market user forever.
    • We currently impose a punitive "stamp duty" on every transfer of colored coins, intended to limit transaction volume to a reasonable total. With a few straightforward improvements, I believe the current ownership scheme will support hundreds of owners, if we accept delays of a few minutes when the client is first run, and occasional delays of tens of seconds thereafter.
    • More significant new work--perhaps using threshold signature concepts, or observing that you can often judge the winning proposal without full ownership transaction history--is necessary before the market can scale to thousands of owners (again, owners; there's no practical limit on buyer or seller count) or more.
    • A blockchain whose miners could themselves judge the election winner would remove the need for buyers and sellers to track ownership of shares. So in concept, the market could, for example, move all voting into Ethereum (or something like Ethereum that quickly generated proof that's expensive to forge and easy for the client to check; that's not obvious with proof-of-stake). For now, Bitcoin's simplicity and the extraordinary resources spent mining it made it more attractive. Payment currency is of course independent of ownership currency.

To state the obvious, I don't yet recommend this software for use in trading real value. It's pretty small (about 10K lines of code excluding server), so I hope that with review that can change very soon.

Thanks.
Jump to: