Topic: **MANDATORY UPGRADE REQUIRED** [ANN] B&C Exchange - All users must upgrade - page 40. (Read 174430 times)

Reading into this project more and based on what I know from being a NuShare owner and staying up to date, it appears you are starting to and have the tools necessary to build an entire crypto-ecosystem on top of the Peershares platform in a similar fashion to other crypto 2.0 platforms and Nu will act as the central bank of the economy.  Each DAC with it's own customized Peershares implementation.

So I guess my question is, what aren't you telling us?

What is next?

Could you summarize the requirement for the signers? The design doc has some but there are  more scattered in posts. It seems that there are a lot of requirements as what and how the signer should do quickly and everyday. Being a signers is like a full time job. If a signer works 8 hours a day you'd need three to fill one around-the-clock position, which B&C needs ~10. Can B&C find so many dedicated reputable signers?
If they are to be paid to be motivated, B&C would need to pay 30+ person's salary (with fees or whatever)?

In order for the motion authorizing the proposed auction and development of B&C Exchange to pass, it must receive at least 5001 votes in any 10000 consecutive blocks on the Nu network blockchain. There have been 1489 blocks found since voting began. 58.5% of these blocks contain a vote in favor of the development of B&C Exchange. The motion is on course to pass in about 5 days. When and if it does, bids for NuShares (which will entitle holders to an equivalent quantity of B&C Exchange BlockShares) will be accepted for a period of two weeks.

The Peershare motion system is wonderful for proving and disproving shareholder consensus to take any articulated course of action. It helps introduce bold changes while maintaining a sense of fairness among shareholders. New shareholders will be delighted with its utility.

Thanks for the informative answers.

I can't think of any remaining weaknesses.

I'm quite looking forward to seeing it up and running!

The first five methods you have described can be thwarted if a reputed signer is pseudonymous without revealing information about themselves outside the scope of their signing operation, which is exactly what I expect will occur.

The sixth method you describe would work if you presume a static IP, but if static IPs are a problem then signers won't use them. All they need to do is run the Tor browser bundle and configure the proxy settings in their B&C client. My guess is signers will do this.


Thanks for the calculations. The range of values each variable could possess is considerable, so determining a reasonable scenario is difficult. While I suspect the market cap will exceed deposits, I agree that might not be the case at some point in time.

It is still implausible that so many people in a position of trust would collude to perpetuate such blatant fraud. Consider the case of BTC-e.com, a pseudonymous exchange that has been operating for four years without taking users' funds. That is functionally a 1 of 1 in multisig vocabulary. Each additional signer dramatically reduces the chances of this type of fraud. If 1 of 1 can work in at least some cases over a long time period and with the system having the capability to move as high as perhaps 11 of 15 signers if defending against such an outcome were a priority, we can be confident the chances of this type of fraud occurring on B&C Exchange is exceedingly low.


Unlike Ripple, the architecture of B&C Exchange is fundamentally incompatible with permitting anyone to freeze BlockShares, because transaction processing is truly decentralized.

However, funds placed in deposit addresses have different characteristics than assets that are natively held on the B&C Exchange blockchain. While no implementation of the feature is planned, it would be relatively easy for individual signers to maintain a list of addresses they will refuse to sign transfer for. Imagine funds which could be verified to have been stolen from BTER were placed in an exchange deposit address. If the majority of individual signers decided to sign a transaction to return funds to BTER, it would occur. But it would have to be done transparently and if shareholders felt any such action reduced the value of their BlockShares they would downvote the reputed signer and the protocol would no longer permit them to sign new deposit addresses. So there is a degree of flexibility with how deposited funds are handled, but signers will be held accountable in all cases and in all cases the cooperation of most signers will be required. Shareholders will collectively remain in control, because they control who the signers are.


We have a lot of very dedicated shareholders with a tremendous belief in the value of shares. They would not let go of the majority of their shares except at truly exceptional prices. My guess is that if you wanted to acquire a majority of the shares you would need to increase the market cap 100 times or more to do so. If you did that, you would have tremendous stake and would rationally take extraordinary care to maintain and increase the value of your BlockShares. Some imagine a central bank or government may be willing to purchase shares/coins of PoS networks to gain control of them in order to destroy them and prevent them from competing with their monetary systems. I don't think this approach would be an effective method for such entities to oppose PoS networks. They would just make their opponent rich and there are too many PoS networks to do this with. It would only cause the proliferation of PoS networks as a result of the financial success. We can only hope they are foolish enough to attempt this, but I doubt it.

The motion has been introduced to NuShare holders for voting here: https://discuss.nubits.com/t/draft-motion-to-provide-seed-funding-for-b-c-exchange-a-decentralized-exchange-built-on-the-peershares-platform/2001/172

You can follow along with the results of the motion by watching motion hash 20e1ec16c5527c3873699e702c96a980c22faed9 on http://blockexplorer.nu/motions. Once the vote eclipses 50.00% of blocks and 50.00% of share days destroyed (SDD), the motion will be considered successful and the auction will begin. If it does not pass, the auction will not begin in its current form.

It is important to note that this same motion functionality will be present within the BlockShares protocol, as mentioned in a previous question about trading pairs. BlockShares holders will be able to determine development goals for B&C Exchange through blockchain consensus. This feature has already been proven to be an effective method of making development decisions for the Nu network, and we are enthusiastic about its use here.

Thanks; that makes a lot of sense.


You're right; Tor would solve the problem. If someone takes down the exit node you can just switch to another one.

I think more humble organizations than the NSA could discover a signer's static ip, though. Here's a half dozen ways to do it off the top of my head:

1. Go to the signer's house and apply a rubber hose to the signer until the ip address (or even the private key) is volunteered.
2. Various other methods of coercion / blackmail / deception, including court orders, dating the signer, pretending to be the cable guy or whatever.
3. Hire a hacker / private detective to get the information (or hack into his computer yourself).
4. Own the company who leases the signer's VPS. How many will run their nodes on Amazon? If they keep the identity of their VPS providers secret from each other, how will they ever know if they're using the same one?
5. Ask the signer what VPS services he's tried and which ones he thinks are good. Compare the ip address ranges these VPS services provide to the ip addresses of persistent nodes.
6. Connect to 100 nodes. When a message from the target signer arrives, measure the time at which each node publishes the message. Drop the slowest 50 and connect to 50 different random nodes. Repeat. The probability that you're connected to the target signer increases with each iteration.

If you have a powerful ddos ability, you might need only a 20% chance of guessing correctly, and even if you can only narrow it down to a group of nodes, it doesn't do you any harm to take out the whole group.




Well yes and no. Market cap > Revenue only implies Market cap > Deposits if Revenue > Deposits.

But would, say, 8 years of revenue really always exceed the value of the total deposits?

Let's say the total amount deposited on average is D. Let V be the number of times per day that money is traded. I might be wrong, but I think most of the money on the exchanges doesn't trade every day. Most of it stays in balances or in orders that don't get executed, I think. So I think V is less than 1, probably about 0.1. I might be way off.

And let F be the fee that you charge. Let's say it's 0.5%. That might be an overestimate, but maybe I underestimated the velocity of money on the exchange.

Then revenue over 8 years = D * V * F * 8 * 365  = D * 0.1 * 0.005 * 8 * 365 = D * 1.46.

So if the total value of deposited funds ever exceeded 1.46 times the average value of deposited funds, then the shareholders would get more money by stealing the deposits than by accumulating 8 years of revenue.

Let's say I way underestimated V. So suppose it's bigger by a factor of ten. Then the condition for rational (but evil) shareholders to decide to steal the deposits would be if the total amount currently deposited exceeds the average amount on deposit by a factor of 14.6. Could we be confident that that would never happen?


I certainly agree that it's unlikely; I was just asking about their powers.

Presumably they could also do things like freeze or confiscate Jed McCaleb's XRP if they thought there was a good non-fraudulent reason to.

Do we know that no single person will ever accumulate more than half of the shares?

Is there any way to prevent an enterprising gang of thieves from buying a majority of the shares?

I doubt the lower transaction fees for 3 of 5 multisigs will outweigh the security advantages of using 15 signers any time soon. So I wouldn't recommend 3 of 5 multisigs. It is possible we will see that right when the system first becomes operational, but I expect the network will scale up the number of signers quickly.

Shareholders will get to decide the identity and quantity of signers and can change this configuration at will (for new deposit addresses). If they fear the scenario you describe they will configure the network to protect against it.


I suspect most reputed signers will operate within the Tor network, which is very easy to do. Even if they don't use any proxy, determining which node is theirs is a difficult task that only organizations like NSA could hope to have any success at (if they cared to devote resources to it). Therefore, the premise of your scenario, that reputed signer IP addresses will be known, is false.


Shareholders could do any number of things that would destroy their entire investment, but we can be sure they wouldn't be so foolish. When you consider that the market cap is likely to be equal to many years worth of revenue, it is unlikely that deposits will exceed market cap. Even if they did, I don't think it is credible to suggest that the majority of participants would engage in such blatant fraud.

Additional questions from discuss.nubits.com user "Creon", and replies from B&C Exchange Architect Jordan Lee.


Sorry if this point wasn't included in the design doc (I thought it was). In any case, it has been discussed and finalized in my own mind that the Bitcoin blockchain would be examined as of a certain block height, resolving the concern raised here.


It is expected that the security deposit reputed signers put up will not be released until the keys are verified to have been transferred.


The consumption of a signer's public keys available as components of multisig deposit address does not occur until they are a top rated signer. They become top rated not by signing but rather by making a public appeal for upvoting. They have to make a convincing case that they should be trusted first.


The difference between voting in Nu for custodial grants and motions and voting for reputation in B&C is that it is presumed Nu shareholders can vote for all the grants and motions they want to support in every block. In contrast, it assumed that B&C shareholders will wish to upvote and downvote more addresses than can be practically referenced in each block. The mechanism for selecting reputation votes for inclusion is designed to use minimal blockchain space while still including the complete set of information over a series of minted blocks.

There are two issues with creating projections. First, even back-of-envelope calculations would create informal expectations on the part of bidders that may not ever be achieved. We are keen to avoid that, just as we did with the original distribution of NuShares. Bidders should generate their own forecasts and bid (or not bid) accordingly.

The second issue is that there are simply too many dynamic variables that are controlled by shareholders and not the developers. For example, a transaction fee of 1.00 BKC could be set by shareholders per trade, for which projections could be made based on reasonable assumptions of the market share that would be taken from centralized exchanges. However, shareholders could decide to raise it to 3.00 BKC next month if that rate would still be competitive, or drop it to 0.20 BKC next month if strong competitors emerged. There is a tremendous amount of variance in projected revenue. We also don't know yet what transaction fee rates shareholders will conclude is optimal.

We would strongly encourage everyone to generate their own predictions and share them with other NuShare holders to see if others believe those projections to be based on reasonable assumptions. It would be very easy for us to generate an optimistic prediction of how shareholders will vote, but it is unlikely to be very accurate.

This is quite exciting after Mercury because it's a completely different approach.

One way or another, it looks like decentralized exchanges are about to become a reality.

A few questions:


If none of the currently most trusted signers have cheated, I think it's inevitable that they will, as incumbents, be likely to retain their positions as most trusted. So wouldn't you have the three most trusted people permanently capable of colluding and stealing all of the funds on the exchange secured by 3-of-5 multisigs?

Also, no offense intended, but wouldn't the most trusted signers be Jordan and the devs?

So aren't we, in effect, being asked to trust a few known people with our money?

Also, I would guess that the signers, being always online, could easily learn one another's ip addresses if they were so inclined. Suppose the scheme is 8-of-15 and an attacker has control of 4 pseudonymous signers. He would need to successfully ddos any 4 of the remaining 11 signers in order to block withdrawals and extort the depositors.

An attacker would try to ddos them all. Let the probability of successfully ddosing a signer be p.

Then the probability of knocking out 4 of 11 is:

Sum from i = 4 to 11:   B(11, i) * (p ** i) (1-p)**(11-i)

where B is the binomial coefficient.

With a 20% chance of a successful ddos, that's a 16% chance of successfully blocking withdrawals. At a 50% ddos success rate, the probability of crippling the exchange is 88%.

Actually, an attacker with no signers and a 50% ddos success rate has a 50% chance of succeeding at such an attack.


Yikes! If the shareholders feel so inclined, can they pass a motion requiring all the depositors' funds to be distributed among themselves?

We would tentatively expect that Bitcoin, NuBits, BlockShares, and BlockCredits are available on the first iteration of the decentralized exchange.

Your question is an excellent opportunity to educate any new readers on the "Motion" functionality we refer to in the Nu protocol. A brief description and tutorial video is here: https://nubits.com/nushares/voting-mechanics#how-does-a-motion-vote-work

A motion allows NuShare holders (and once the network is operational, BlockShares holders) to make their feelings known on any topic. It is expected that developers strictly adhere to the terms of a motion that has been successfully passed by shareholders.

An example motion that you could raise as soon as you have BlockShares would be: "B&C Exchange should expand its capabilities to include Litecoin, Dogecoin, and Peercoin trading pairs." Or, another example motion could be "B&C Exchange should never offer PayCoin trading pairs." Motions are one of Nu's unique mechanisms that have served as a powerful tool for determining community opinions through blockchain consensus.


Anyone who is interested in trading cryptocurrencies with lower trading fees and with less risk of centralized theft will be the users we target. We think that users are enthusiastic about the idea of decentralized exchanges in general; the Bitcoin community is just waiting for a contender to offer the right mix of technical capabilities, user experience, and ownership incentives. We believe our design accomplishes these goals.


The trading experience as compared to a centralized exchange is a very broad topic. It is almost certain that B&C Exchange will be superior in some regards (such as safety and cost), and weaker in others (such as trading speed, where the confirmations required to execute an order will be shareholder configurable, but 3 is a likely setting, so three minutes to execute orders is likely). There will always be trade-offs between centralized and decentralized services. Our goal is to provide a familiar centralized website user experience, without the risk of that website controlling user funds. From the design document:


The design document also details current limitations of decentralized exchanges and provides expected future development solutions that can resolve many of those concerns:


In regards to front-running, we will research best practices on how orders should be ordered and processed within blocks to ensure fairness for all market participants. There are many different possible solutions that have been previously examined by groups like BitShares that will help inform our design as well.

From Jordan Lee on https://discuss.nubits.com/t/draft-motion-to-provide-seed-funding-for-b-c-exchange-a-decentralized-exchange-built-on-the-peershares-platform/2001/77


From Jordan Lee on https://discuss.nubits.com/t/draft-motion-to-provide-seed-funding-for-b-c-exchange-a-decentralized-exchange-built-on-the-peershares-platform/2001/78

@BonTonPlease thanks but it doesn't answer the qustion. I want to see numbers backed by assumptions and reasoning so not only I can try to get a ball park idea re revenue and ROI, but also see what intermediary parameters of the exchange (e.g. how many BlockCredits consumed for 1 BTC traded) the team may  have in mind.

@mhps

Can we have an estimate of how much dividends B&C Exchange would generate (per month per 10k shares) under certain assumptions? For example what if B&C volume is 1% of total BTC volume ($0.3M, size of bittrex, according to coinmarketcap) 10% (BTC-e)? 30% (Bitfinex)?

Tks for the detailed info.


You mean this in the second post :" and if they are comfortable with the existing online reputations and credibility established by B&C Exchange developers on past projects like Peercoin, NuBits, and NuShares. "

or

 this: " A valid bid will contain four elements: a quantity of NuShares, a price you pledge to pay per NuShare in USD, the asset type you will pay with (BTC, LTC, PPC or NBT), and finally your bitcointalk or discuss.nubits.com username (minimum one week old as of the pre-announcement date)." in the first post

?

In my opinion, satisfying this kind of criterion, such as being aware of the team or having a discuss username is not enough for separating speculators from genuinely interested individuals that want to become shareholders caring about the network.
I would like to see some sort of soft due diligence process, requesting a short description (with arguments and proofs) about why the applicant thinks he or she could contribute to Nu, as early shareholders back in Sept~Nov 2014 underwent at the first round of investment of Nu.

Do you imagine B&C will list the trading pairs with more trading volume or take a more open arms approach with alts seeking to be listed? / Who is your target market as far as customers go?

How do you think the trading experience will compare to that of a centralized exchange?  I have seen the 10 trades a second ceiling in the paper, but that doesn't necessarily mean actions will be completed in 1/10th of a second, does it?  What stops anyone from front running a trade or action before it is 'confirmed' on the blockchain?

Joe asked on discuss.nubits.com:


Theoretically it could be. However, exchange and stable currency are two completely different business models. It would complicate the protocol a great deal to accommodate both business models and increase the risk of an unexpected malfunction in the protocol.

Probably the best reason to separate them has to do with scalability. Creating two blockchains and two networks reduces blockchain size considerably and reduces the number of transactions and messages that need to be processed in each one.

There is a parallel discussion occurring on discuss.nubits.com and I feel it is beneficial to readers to keep the entire discussion in one place (here), rather than fragmenting the information about the project in multiple places. I wouldn't call it clutter