Topic: **MANDATORY UPGRADE REQUIRED** [ANN] B&C Exchange - All users must upgrade - page 34. (Read 174430 times)

In reading your white paper I think your order book is very well thought out and that it will work well in practice, however I have some serious concerns regarding your proposed exchange mechanism for moving the coins. As I understand it, you're using a distributed oracle approach for moving the coins. This is the very same approach taken by the now defunct Coinsigner, Metalair, NXT Multigateway, and several other projects who proposed to use multi-signature to move coins. The biggest problem with this design is it doesn't actually solve the trust problem. Yes, you now have considerably more points that can fail and in theory it should be harder to do so, but all you're basically doing is moving the problem around instead of actually solving it. For example: how are the signers selected? If the signers are randomly chosen then this is really no different to entrusting your money to a stranger. I mean if anyone can participate and if the system were anonymous or pseudo-anonymous then you don't know how many signers are controlled by one party. You say that reputation is the solution but it is not. Silk Road and other anonymous market places also had reputation systems to curve scamming and it was never 100% effective. Why? Because a signer can still gain reputation and use their influence to strike at an opportune time. They might create relationships with other signers and then plan an exit when their services are being used to protect substantial assets or maybe just create hundreds of signers to gain a majority control (actually, isn't this similar to Stellar?) - so this is a hard trust model to defend.

How do you gain reputation? When the system first launches there will be no signers with a reputation and all initial users would be gambling - i.e. the trust model would effectively be no better than a centralized exchange. You say there are enough signers where collusion and failure aren't a problem but this isn't a mathematically provable property. It's really just an assumption and using multi-signature to add more nodes isn't a magic bullet that will solve that. Consider Mercury Exchange, for instance. Mercury uses hash-locked smart contracts to solve the trust problem. It's an approach that will be entirely trustless when transaction malleability is phased out and best of all: it won't require a third-party to mediate. But your solution on the other hand relies on the assumption that enough oracles won't be corrupted for the multi-sig to hold which isn't a provable assumption; At least with Mercury you can reason exactly about the outcomes.

There's also something you said which is quite concerning: if enough signers go offline then the money can't be moved. That's really bad. So now you have a potentially insecure and unreliable financial system which you can't prove is secure or reliable since its based on elements entirely outside your control.

Improvements to the process.

I can think of improvements to most of these problems although I still think the overall design is bad even if it could work.

• If the owner were to control enough keys in the multi-signature then even if all the oracles were to be hacked the attacker would lack the leverage to steal coins  (Your current design gives 100% of the power to an unknown party when this is strictly unnecessary.)
• It is possible to construct owner keys so some can be lost and recovered from the other keys. This would add more reliability for the user as they could store the keys across multiple devices, use multi-factor authentication, and a fault on one device wouldn't make their funds irrecoverable.
• You can use time-locked encryption to create a scheme which is 100% reliable even if all the oracles were to simultaneously explode, losing all keys. This would solve the reliability problem.
• If you're planning to have open participation for the signers then consider having only a subset of these unknown oracles used to protect the multi-signature deposits. A more typical trust model where you use legitimate companies like Reality Keys to function as the oracles would probably be more secure than having a pseudo-anonymous open system where anyone can join.

My paper covers most of these topics so feel free to borrow ideas, I don't mind.  Relevant sections for your design are the Green Address, Contract Output, and Time-locked encryption sections.

Outro

tl;dr; Reputation systems are a terrible idea for financial systems. Your design will work but it is potentially insecure and I think it can be substantially improved.

More awesome from Jordan Lee and the NuBits dev team!

I will most certainly put my BlockShares to work minting.  Looking forward to acting as a reputed signer as well as to run an exchange node for all my favorite cryptos!

B&C has the potential to quickly be established as the worlds biggest (and fully distributed) crypto exchange.

Great stuff guys.

Dave Carlson, CEO
megabigpower.com

Our commitments in the original post do not allow for any flexibility unfortunately. If 200,000 USD are not bidded, no funds will be collected. It is the amount required for us to be reasonably confident that a working platform can be developed.

say, for example $175,000 are raised instead of the expected $200,000, will you still go on with this project or does it necessarily have to reach the $200,000?

A nice comment from "MasterofDisaster" on the Nu forum: https://discuss.nubits.com/t/passed-motion-to-provide-seed-funding-for-b-c-exchange-a-decentralized-exchange-built-on-the-peershares-platform/2001/261

There are now 8 days left in the auction. This is a reminder that the earliest received bids will receive priority in the event of a tie at the lowest-accepted bid.

Also, it's a blind auction, so we don't know what the value is on that side of the wall.
Also, there there is a minimum buy of $1000, so smaller holders wouldn't be in a position to dump and bid for cheaper shares.  It's actually a pretty elegant way to do it.

Read the OP. The minimum acceptable bid is $0.002/NSR, if that is what you asked. There are only a couple of milliion NSR for sale on the market.

I dont get this.

If it cheaper to bid for nushares than buy them on the open market,

who is holding such large volumes of nushares.

how can we even know the bid price?.....

things tend to be arbitraged out somehow....

I really don't grok something here.....

Is there a min bid?

I noticed that. Hopefully it speeds up. More people knowing about it can only be better for the auction results.

There are now 9 days left in the auction. We are rapidly approaching 10,000 views on this announcement thread!

More promotion could possibly lead to more funds being raised in the auction, so yes we hope NuShareholders choose to promote this auction as widely as possible.

We are especially interested in appealing to the Bitcoin community. B&C Exchange's combination of design features - including safe decentralized Bitcoin trading with a familiar centralized website layout, Bitcoin dividends, and free BlockShares for Bitcoin holders - should be very attractive to them.

How about this question. Would you like to see a lot more promotion? I'm planning on doing this anyway by the way.

Yes, we will not release any information about the progress of the auction until the deadline date has passed. This is done to ensure complete confidentiality for bidders.

I know you're very unlikely to give details until the auction over but I'm going to ask anyway - how is it going?

If the auction meets our funding goal of $200,000, sigmike and erasmospunk have committed to developing B&C Exchange.

sigmike is a Peercoin developer and the principle NuBit developer. He has proved very effective in those roles and having him on the development team makes me very confident B&C Exchange will work as designed. When the community has a question about the inner workings of proof of stake, they ask sigmike for clarification. He is arguably the premier developer of PoS solutions.

erasmospunk has proven himself as a NuBit developer. He has also produced an outstanding Android wallet that supports many different cryptoassets and Shapeshift. Check out the great work he has done:

http://coinomi.com/

The individuals behind an organization really do make or break it. Having myself, sigmike and erasmospunk at the core of the effort to build B&C Exchange should inspire confidence in the outcome of the effort. It certainly makes me confident.

Yes, we intend on firmly sticking to our original commitments. If 200,000 USD is not raised by the close of the auction, no funds will be collected.

Our intention was to set the reserve price (0.0020 USD) well below the historical traded price of NuShares to encourage active bidding. If the B&C Exchange profitability projections we saw posted earlier are realized in the future, the value per NuShare would be much higher than this reserve price.

Plus bidding will help the auction reach its goals.

Just go take a look at where you can buy NSR now, the price, and liquidity. It's much more expensive than bidding.

hi bumping my previous question.

Whats the diff between bidding and buying nushares on the open market?