NXT :: descendant of Bitcoin - Updated Information - page 1409.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: BloodyRookie on January 23, 2014, 09:10:43 AM

About the security review:

Putting:
s is the public key for signing
Z is the context data (signer public key or certificate, etc)

Original:
m = hash(Z, message)
x = hash(m, s)
keygen25519(Y, NULL, x);
h = m XOR hash(Y);
sign25519(v, h, x, s);
output (v,r) as the signature

Nxt:
Z is omitted
m = hash(message);
x = hash(m, s);
keygen25519(Y, null, x);
h = hash(m, Y);
Curve25519.sign(v, h, x, s);
output (v,h) as the signature

Is the question whether the change from h = m XOR hash(Y) to h = hash(m, Y) is risking the security?
Or what is the real question?

The question: Is NRS crypto algo strong enough?

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: gimre on January 23, 2014, 08:53:07 AM

we could also set up a reward of 20 BTC for anyone who finds a flaw in the code and provides mathematical proof.

My 5 BTC contribution pledge was strictly conditional so please don't start treating it as "our" funds.

In answer to those questioning the paying for such a review understand that:

i) a person with a "name" in crypto is not going to risk losing that name over 20BTC.

ii) a person with the relevant skills and expertise would be likely being paid a lot so in order for them to be able to dedicate their time a decent financial incentive (not in NXT) needs to be offered.

Also some maths that some anonymous forum members have come up with is not what at least my 5 BTC is for.

Bitcoin's security was much heralded after Kaspersky's review - we need someone of the same caliber to do the same for Nxt.

BloodyRookie

hero member

Activity: 687

Merit: 500

About the security review:

Putting:
s is the public key for signing
Z is the context data (signer public key or certificate, etc)

Original:
m = hash(Z, message)
x = hash(m, s)
keygen25519(Y, NULL, x);
h = m XOR hash(Y);
sign25519(v, h, x, s);
output (v,r) as the signature

Nxt:
Z is omitted
m = hash(message);
x = hash(m, s);
keygen25519(Y, null, x);
h = hash(m, Y);
Curve25519.sign(v, h, x, s);
output (v,h) as the signature

Is the question whether the change from h = m XOR hash(Y) to h = hash(m, Y) is risking the security?
Or what is the real question?

S3MKi

legendary

Activity: 1540

Merit: 1016

nexern, i'm waiting your client Grin

gimre

legendary

Activity: 866

Merit: 1002

Quote from: Agent86 on January 23, 2014, 07:58:34 AM

Thanks CfB, I think this is important. In fact, my opinion is that "Pay-to-256bit-address" should be required to send to address for the first time. There is a lot of NXT out there at the moment with only 64bit protection just sitting there waiting for someone to work on trying to get it. I also think it is critical and a high priority that we put in protection against typos ASAP so people don't risk sending their NXT to nowhere. (this: http://wiki.nxtcrypto.org/wiki/New_Address_Format)

Even with only 64bits it's not that easy.

if one would like to force it, he needs:

1. generate random pass
2. generate public key + secret/priv key pair
3. SHA256 public key, get 8 bytes
4. matches something interesting? nope? goto step 1

PS (reversing the process is highly improbable)

TIP: Why no one has "hacked" account number 100000 yet?
http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=100000

nexern

hero member

Activity: 597

Merit: 500

Quote from: rnr on January 23, 2014, 05:18:40 AM

Would it be possible that you implement some "Basic" indicators and charting (drawing) functions? Build in charting software. Like Meta Trader.

marcus03, great job! here is a very nice c++ TA lib for solaris.
it's open source and works very well. should fit fine with your code.

http://ta-lib.org/

ps: some candlestick patterns needs a review (have to check with my code which ones)
but all other indicators are proved and giving correct results.

gimre

legendary

Activity: 866

Merit: 1002

Quote from: kunibopl on January 23, 2014, 07:23:21 AM

Quote from: NxtChg on January 23, 2014, 07:11:27 AM

Quote from: abctc on January 23, 2014, 07:02:33 AM

- it also may mean: "I might respond within a few months, but for $16000 I might respond within a few days" :-)

Doesn't it bother you, guys, that paying a large sum of money for a crypto review is... well... kinda smells bad?

we could also set up a reward of 20 BTC for anyone who finds a flaw in the code and provides mathematical proof.

actually BloodyRookie did nice analysis of probable bug in Curve.sign() : https://bitcointalksearch.org/topic/m.4645132

allwelder

legendary

Activity: 1512

Merit: 1004

Quote from: Coinonaer on January 23, 2014, 08:11:06 AM

Quote from: kunibopl on January 23, 2014, 07:48:20 AM

allwelder could you tell us what exactly now is regulated in China regarding BTC?

allwelder: That would be great. I have some fear that my BTC and Ntx are going somehow under the ground at Bter.com, after Chinese New Year (so next month) because the chinese government shut downs Bter. Do you know something more?

China deny BTC as currency,but just an special virtual commodity.
And China forbid financial institutions provide service related BTC.
But people can take part in the exchange with undertaking the risk by themselves.

http://www.pbc.gov.cn/publish/goutongjiaoliu/524/2013/20131205153156832222251/20131205153156832222251_.html

China always prohibit illegal exchange platform.
Many legal platforms,such as BTCchina, OKcoin,and so on ,are still running normally.
Bter is also a legal company as far as I know,and I also trade on it.

NxtChg

hero member

Activity: 840

Merit: 1002

Simcoin Developer

Quote from: Come-from-Beyond on January 23, 2014, 07:55:59 AM

Yes, it does.

You know how you look with your money?

"Hey, doc, me and the guys heard yours is a big shot food critic, huh?
So how 'bout yours takeses dis nice wad of cash and writeses us a little review 'bout our new Italian restaurant?
Huh? Whatdya say, doc?"

At least that's the picture that comes to my mind...

Coinonaer

full member

Activity: 168

Merit: 100

Quote from: allwelder on January 23, 2014, 08:33:54 AM

Quote from: kunibopl on January 23, 2014, 07:48:20 AM

allwelder could you tell us what exactly now is regulated in China regarding BTC?

China deny BTC as currency,but just an special virtual commodity.
And China forbid financial institutions provide service related BTC.
But people can take part in the exchange with undertaking the risk by themselves.

http://www.pbc.gov.cn/publish/goutongjiaoliu/524/2013/20131205153156832222251/20131205153156832222251_.html

Thank you Sir!

landomata

legendary

Activity: 2184

Merit: 1000

Quote from: allwelder on January 23, 2014, 08:33:54 AM

Quote from: kunibopl on January 23, 2014, 07:48:20 AM

allwelder could you tell us what exactly now is regulated in China regarding BTC?

China deny BTC as currency,but just an special virtual commodity.
And China forbid financial institutions provide service related BTC.
But people can take part in the exchange with undertaking the risk by themselves.

http://www.pbc.gov.cn/publish/goutongjiaoliu/524/2013/20131205153156832222251/20131205153156832222251_.html

Well that's good for Nxt Asset Exchange....it removes some of the competition

allwelder

legendary

Activity: 1512

Merit: 1004

Quote from: kunibopl on January 23, 2014, 07:48:20 AM

allwelder could you tell us what exactly now is regulated in China regarding BTC?

China deny BTC as currency,but just an special virtual commodity.
And China forbid financial institutions provide service related BTC.
But people can take part in the exchange with undertaking the risk by themselves.

http://www.pbc.gov.cn/publish/goutongjiaoliu/524/2013/20131205153156832222251/20131205153156832222251_.html

BitcoinForumator

legendary

Activity: 1120

Merit: 1000

Quote from: ?? on ??

Quote from: Pericles on January 23, 2014, 08:20:56 AM

Quote from: ?? on ??

Quote from: Pericles on January 23, 2014, 08:06:02 AM

...I have recently launched called Bypass - https://bitcointalksearch.org/topic/project-bypass-decentralised-direct-democracy-423585 - and I think Nxt and Bypass could co-exist and help each other.

Why, Oh Why... did you have to use "friction-less" in your launch text?!?!? Undecided

I do not understand what you mean? What is wrong with "friction-less"? I thought it implied a non-existent barrier to entry for the Bypass system.

Edit: Is that all that you have to say about the proposal?

Sorry... it was an inside Nxt joke... it has to do with the member ~~FrictionlessCoin~~ FrictionlessCON... you will have to read up on all that though... even mentioning him gets me upset! Lips sealed

FTFY

bitcoinpaul

hero member

Activity: 910

Merit: 1000

Quote from: gimre on January 23, 2014, 08:25:13 AM

Quote from: bitcoinpaul on January 23, 2014, 07:49:29 AM

The person gets money for smashing (part of?) the code and seeking out every little pimple he/she finds on his/her way.

Where is the problem?

Wait I assumed we were talking about review of math behind Curve + Crypto (and most importantly sign+verify)
and NOT the code itself...

Code is different matter and I'd really avoid mixing those two things...

"part of". I'm not sure what exactly gets reviewed.

Mistafreeze

sr. member

Activity: 897

Merit: 284

Quote from: Pericles on January 23, 2014, 08:20:56 AM

Quote from: ?? on ??

Quote from: Pericles on January 23, 2014, 08:06:02 AM

...I have recently launched called Bypass - https://bitcointalksearch.org/topic/project-bypass-decentralised-direct-democracy-423585 - and I think Nxt and Bypass could co-exist and help each other.

Why, Oh Why... did you have to use "friction-less" in your launch text?!?!? Undecided

I do not understand what you mean? What is wrong with "friction-less"? I thought it implied a non-existent barrier to entry for the Bypass system.

Edit: Is that all that you have to say about the proposal?

Nxt has been being trolled relentlessly by a user named Frictionless-Coin

gimre

legendary

Activity: 866

Merit: 1002

Quote from: bitcoinpaul on January 23, 2014, 07:49:29 AM

The person gets money for smashing (part of?) the code and seeking out every little pimple he/she finds on his/her way.

Where is the problem?

Wait I assumed we were talking about review of math behind Curve + Crypto (and most importantly sign+verify)
and NOT the code itself...

Code is different matter and I'd really avoid mixing those two things...

Pericles

newbie

Activity: 12

Merit: 0

Quote from: ?? on ??

Quote from: Pericles on January 23, 2014, 08:06:02 AM

...I have recently launched called Bypass - https://bitcointalksearch.org/topic/project-bypass-decentralised-direct-democracy-423585 - and I think Nxt and Bypass could co-exist and help each other.

Why, Oh Why... did you have to use "friction-less" in your launch text?!?!? Undecided

I do not understand what you mean? What is wrong with "friction-less"? I thought it implied a non-existent barrier to entry for the Bypass system.

Edit: Is that all that you have to say about the proposal?

bitoktlk

newbie

Activity: 21

Merit: 0

Quote from: BaiMangal on January 23, 2014, 08:07:03 AM

Quote from: bitoktlk on January 23, 2014, 07:57:28 AM

Yesterday - 155 visitors, more than 550 views.
They could go and on your website. Wink

http://millionnxthomepage.com/

14 questions in the letters with updates.
Establish new forms of interaction.

Page updated.

the word top (TOП) is spelled in russian
http://millionnxthomepage.com/pixel_list.html

thanks will correct

Coinonaer

full member

Activity: 168

Merit: 100

Quote from: kunibopl on January 23, 2014, 07:48:20 AM

allwelder could you tell us what exactly now is regulated in China regarding BTC?

allwelder: That would be great. I have some fear that my BTC and Ntx are going somehow under the ground at Bter.com, after Chinese New Year (so next month) because the chinese government shut downs Bter. Do you know something more?

BaiMangal

member

Activity: 111

Merit: 10

Quote from: bitoktlk on January 23, 2014, 07:57:28 AM

Yesterday - 155 visitors, more than 550 views.
They could go and on your website. Wink

http://millionnxthomepage.com/

14 questions in the letters with updates.
Establish new forms of interaction.

Page updated.

the word top (TOП) is spelled in russian
http://millionnxthomepage.com/pixel_list.html

Topic: NXT :: descendant of Bitcoin - Updated Information - page 1409. (Read 2761645 times)