NXT :: descendant of Bitcoin - Updated Information - page 912.

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: BloodyRookie on February 13, 2014, 02:41:03 AM

Quote from: Eadeqa on February 13, 2014, 01:07:02 AM

Quote from: Eadeqa on February 13, 2014, 01:05:36 AM

Quote from: Come-from-Beyond on February 13, 2014, 12:55:13 AM

Quote from: bitcoinpaul on February 12, 2014, 05:25:03 PM

Quote from: msin on February 12, 2014, 05:21:37 PM

Quote from: bitcoinpaul on February 12, 2014, 04:56:50 PM

Quote from: msin on February 12, 2014, 04:55:00 PM

If someone wants to write up an overview of what exactly we need for the crypto auditing, I can send it to a few Crypto experts I've been in contact with. Just PM me.

Please, CfB, help with that.

Edit: what kind of 'experts'?

I've been in contact with several people, including Matt Green (zerocoin). I was originally referred to Matt by Susan Waters (http://cs.jhu.edu/~susan/) who was his professor, and Susan also recommended Lisa Yin in the same email. I've had contact with Lisa and she sounds open to an audit. Lisa has a PHD from MIT in Crypto. I have contact with a few other academics as well.

Right, Lisa. I remember (https://bitcointalksearch.org/topic/m.4989534). Well, what do you think, CfB?

Just do it. We need someone to check that Curve25519 and Crypto have no bugs.

You should email him (or her directly) the source for 0.73

Her email is listed at http://people.csail.mit.edu/yiqun/

She already wrote in that email:

Quote

I am wondering what you are looking for in the code review. If it is mainly the correctness of the implementation, then I would take a pass. I feel that what would be most helpful for Nxt is to review how the above crypto algorithms are utilized within the Nxt currency system to achieve the intended security goals. "

If I understand it correctly, that means she is not willing to check any code. Checking the principal algorithm is not enough. Usually the problems come with the implementation of the algorithm.

I agree. She should be sent the full source code of 0.73

LiQio

legendary

Activity: 1181

Merit: 1002

Quote from: Come-from-Beyond on February 13, 2014, 02:03:35 AM

Quote from: bitcoinpaul on February 13, 2014, 02:01:01 AM

What about signing? Is crypto = using the curve function? Please specify.

Yes, Crypto class uses Curve25519 class to do key agreement and message signing.

@community
Did anyone try to contact Tanja Lange for the crypto/curve25519 review already?

BloodyRookie

hero member

Activity: 687

Merit: 500

Quote from: Eadeqa on February 13, 2014, 01:07:02 AM

Quote from: Eadeqa on February 13, 2014, 01:05:36 AM

Quote from: Come-from-Beyond on February 13, 2014, 12:55:13 AM

Quote from: bitcoinpaul on February 12, 2014, 05:25:03 PM

Quote from: msin on February 12, 2014, 05:21:37 PM

Quote from: bitcoinpaul on February 12, 2014, 04:56:50 PM

Quote from: msin on February 12, 2014, 04:55:00 PM

If someone wants to write up an overview of what exactly we need for the crypto auditing, I can send it to a few Crypto experts I've been in contact with. Just PM me.

Please, CfB, help with that.

Edit: what kind of 'experts'?

I've been in contact with several people, including Matt Green (zerocoin). I was originally referred to Matt by Susan Waters (http://cs.jhu.edu/~susan/) who was his professor, and Susan also recommended Lisa Yin in the same email. I've had contact with Lisa and she sounds open to an audit. Lisa has a PHD from MIT in Crypto. I have contact with a few other academics as well.

Right, Lisa. I remember (https://bitcointalksearch.org/topic/m.4989534). Well, what do you think, CfB?

Just do it. We need someone to check that Curve25519 and Crypto have no bugs.

You should email him (or her directly) the source for 0.73

Her email is listed at http://people.csail.mit.edu/yiqun/

She already wrote in that email:

Quote

I am wondering what you are looking for in the code review. If it is mainly the correctness of the implementation, then I would take a pass. I feel that what would be most helpful for Nxt is to review how the above crypto algorithms are utilized within the Nxt currency system to achieve the intended security goals. "

If I understand it correctly, that means she is not willing to check any code. Checking the principal algorithm is not enough. Usually the problems come with the implementation of the algorithm.

mezzovide

member

Activity: 101

Merit: 10

Quote from: MyZhre on February 13, 2014, 02:31:48 AM

Need some textNxt, someone please send me a few: 11655792499041825006

10k sent.

MyZhre

full member

Activity: 193

Merit: 100

Need some textNxt, someone please send me a few: 11655792499041825006

wesleyh

sr. member

Activity: 308

Merit: 250

Is offspring still using the old nxt API or something (the one that will be removed) - since it shows blacklisted peers and other such things, which I don't think is included in the new, official API. Am I wrong?

^[GS]^

member

Activity: 112

Merit: 10

NXTio now in Russian!!

http://www.nxtio.org/?lang=ru

Thank you very much to Xoralex for his translation!
NXT Donations: 18027583818211494654

Eadeqa

hero member

Activity: 644

Merit: 500

Quote

How does running potentialy malicious software used to directly access your money inside a VM protect the money that you're using the software to access? That's not good logic. Sure it segregates the rest of your system, but it does not protect the money..

Don't put most of your money in VM client account.

Quote

There is a huge difference. The source code can be audited. Then I can compile the open source code and run that. Then I can distribute those binaries to friends and family to use.

No one (at least not 99.999%) compile the source and run it. They just download and run the executable. There is no way to be sure if they are same.

At some point, there has to be trust involved. You trust your operating system (did you compile it yourself?) You trust your browser (did you compile it yourself?) There is no such thing as zero trust. I personslly won't run bter software on my main system as I don't trust them (yet). To each it's own.

fmiboy

full member

Activity: 189

Merit: 100

Quote from: jl777 on February 12, 2014, 06:40:51 PM

Quote from: Damelon on February 12, 2014, 06:28:27 PM

Quote from: jl777 on February 12, 2014, 06:22:24 PM

PROPOSAL FOR AUTOMATED GATEWAY BACKED BY NXT COMMUNITY

If the client devs will also add a custom crypto exchange to the clients, NXT will effectively have this built in for all users. I am pretty sure DOGE can't do this!

James

Edit: Since community is paying for this, there will be no costs charged other than bare minimum protocol requires.

If this is safe and works, I'd be willing to back this with some funds (5000 Nxt)
I can't judge that myself, but if some devs say it is, I'm game.

Community will review the source code to make sure it is safe. I am thinking that we verify cross chain transactions with both the local bitcoind and also blockchain.info to get two sources of transaction confirmation. To minimize any concentration of deposits issue, we can create many deposit wallets that withdrawals are taken from. On each server, only the server admin will know the wallet address for that server, so we compartmentalize the financial risk.

If we wanted to take the insurance concept a bit further, we could have the server operators put up a bond against any deposits disappearing.

The entire trust issue is something that MUST be solved, otherwise AE will not be useful for trading anything with real value.

Directed donations to NXTcommunityfund are alway welcome. Just post here and rickyjames will tally it all up.

James

let's give it a try

allwelder

legendary

Activity: 1512

Merit: 1004

nxt.org news:
the domain name nxt.org have been auctioned with 1,3537 USD recently on Sedo platform .
http://news.domain.cn/html/yumingzixun/2014/0207/31292.html

bougt by Nxt community?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: bitcoinpaul on February 13, 2014, 02:01:01 AM

What about signing? Is crypto = using the curve function? Please specify.

Yes, Crypto class uses Curve25519 class to do key agreement and message signing.

bitcoinpaul

hero member

Activity: 910

Merit: 1000

Quote from: Come-from-Beyond on February 13, 2014, 12:55:13 AM

Quote from: bitcoinpaul on February 12, 2014, 05:25:03 PM

Quote from: msin on February 12, 2014, 05:21:37 PM

Quote from: bitcoinpaul on February 12, 2014, 04:56:50 PM

Quote from: msin on February 12, 2014, 04:55:00 PM

If someone wants to write up an overview of what exactly we need for the crypto auditing, I can send it to a few Crypto experts I've been in contact with. Just PM me.

Please, CfB, help with that.

Edit: what kind of 'experts'?

I've been in contact with several people, including Matt Green (zerocoin). I was originally referred to Matt by Susan Waters (http://cs.jhu.edu/~susan/) who was his professor, and Susan also recommended Lisa Yin in the same email. I've had contact with Lisa and she sounds open to an audit. Lisa has a PHD from MIT in Crypto. I have contact with a few other academics as well.

Right, Lisa. I remember (https://bitcointalksearch.org/topic/m.4989534). Well, what do you think, CfB?

Just do it. We need someone to check that Curve25519 and Crypto have no bugs.

What about signing? Is crypto = using the curve function? Please specify.

abctc

legendary

Activity: 1792

Merit: 1038

Quote from: Damelon on February 12, 2014, 06:28:27 PM

Quote from: jl777 on February 12, 2014, 06:22:24 PM

PROPOSAL FOR AUTOMATED GATEWAY BACKED BY NXT COMMUNITY

If the client devs will also add a custom crypto exchange to the clients, NXT will effectively have this built in for all users. I am pretty sure DOGE can't do this!

James

Edit: Since community is paying for this, there will be no costs charged other than bare minimum protocol requires.

If this is safe and works, I'd be willing to back this with some funds (5000 Nxt)
I can't judge that myself, but if some devs say it is, I'm game.

- me too (2000 NXT).
Great idea, James!

dzarmush

legendary

Activity: 1806

Merit: 1001

Quote from: LiQio on February 13, 2014, 12:24:37 AM

Quote from: ?? on ??

Quote from: dzarmush on February 12, 2014, 10:09:16 PM

Quote from: ?? on ??

Quote from: GCInc. on February 12, 2014, 09:48:23 PM

Quote from: ?? on ??

Where is the source code?

Will be made available in a few weeks.

With all respect "in a few weeks" is unacceptable. You shouldn't have made it available if you weren't ready to release the source code. You should also be explicitely stating that its closed source.

I'll do it for you.

The Offspring Nxt client is CLOSED SOURCE. Use at your own risk!

Considering that most people store their money on Dgex or Bter it's not a big deal.

I'm not going to get into the whole dgex debacle, but we can assume that most people with funds on there probably don't want them on there.

Nonetheless, only about 10% of Nxt sits on exchanges. Closed source is a no go.

Seriously why even make this comment? Lets just have everything closed source then. The point is requiring basic standards no matter who is in question. The dgex standards have been... questionable in several ways.

Agree with buybitcoinscanada.
There's no reason for me to mistrust Graviton/GCinc, BUT: closed source client(!) with blockchain included(!) by the owner of an exchange and the biggest NXT forum....
hmmmm, could be dangerous and is not really the way to go!

I understand what are you guys talking about. And agree with you. Open source is a must. Although I see nothing really bad in using close source client for several weeks if it's released by Dgex, Bter, Vircurex etc. At least for someone who keeps his money on these exchanges. If you personally don't trust Dgex then don't use their client until it's open source. If you trust them and store you money on Dgex, then there's no reason for not using their client.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: CoinTropolis_JustaBitTime on February 13, 2014, 01:14:34 AM

So we're confirmed with Vault of Satoshi and CoinMKT will review it. Could I please get a solid list of resources to make it a no-brainer implementation for the exchange.

This could help a lot - http://wiki.nxtcrypto.org/wiki/Nxt_API

swartzfeger

full member

Activity: 350

Merit: 100

Quote from: CoinTropolis_JustaBitTime on February 13, 2014, 01:14:34 AM

So we're confirmed with Vault of Satoshi and CoinMKT will review it. Could I please get a solid list of resources to make it a no-brainer implementation for the exchange.

Ugh, this is great news... I just wish we could get you this list ASAP instead of having to pull teeth.

Since brooklynbtc/msin might be taking over https://nxtchg.com soon, maybe'll they'll be willing to share a list.

CfB, any input here for Justabit?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: allwelder on February 13, 2014, 01:20:19 AM

there is an new member named cfb in our forum http://www.nxts.info/home.php?mod=space&uid=60&do=profile Wink

Another Elvis twin.

allwelder

legendary

Activity: 1512

Merit: 1004

there is an new member named cfb in our forum http://www.nxts.info/home.php?mod=space&uid=60&do=profile Wink

allwelder

legendary

Activity: 1512

Merit: 1004

Quote from: jl777 on February 12, 2014, 06:22:24 PM

PROPOSAL FOR AUTOMATED GATEWAY BACKED BY NXT COMMUNITY

I wanted to get the community's feedback on having a community backed gateway for the popular cryptos, eg. BTC, DOGE, LTC, etc. Long term, I want to have fully automated DAC's, but rather than wait for the NXT VM to be completed, I want to have a way for everyone to be able to trade cryptos in a decentralized way with a minimal amount of trust required.

What I am envisioning is the community will create automated gateway code that will be open sourced and it would be run on a hardened community server. If we cant find a volunteer to code the automated gateway, then I would be willing to hire for NXT someone to write the code. I have the design pretty much worked out, even using the existing AE restrictions.

deposit BTC -> gateway -> get BTC Asset

withdraw BTC Asset -> gateway -> get BTC in wallet

The above is a simplified flow and you can replace BTC with DOGE or whatever we end up supporting. While the gateway would still be a single point of failure, it would be backed by the NXT community. Trusted members would manage the hardened server(s) and I think it makes sense to have a bit of NDIC (NXT deposit insurance by community) so in case of a loss caused by failure of gateway server. I am thinking that a 100000 NXT allocation against exploding data center will give additional peace of mind for people using the gateway. No protection if your computer gets hacked, the insurance is against the gateway server failures.

Assuming the community approves and I can get a volunteer to do the coding and a volunteer to get a hardened server (or maybe add this to an existing NXT node?) we can get this in place very quickly. As long as the gateway code runs, the deposits and withdrawals will be processed automatically. Once inside the AE, everybody can trade it knowing it can be automatically withdrawn to the real thing at any time.

This means that within NXT there will be a decentralized exchange for all the cryptos, possibly within weeks!

If the client devs will also add a custom crypto exchange to the clients, NXT will effectively have this built in for all users. I am pretty sure DOGE can't do this!

James

Edit: Since community is paying for this, there will be no costs charged other than bare minimum protocol requires.

good idea

CoinTropolis_JustaBitTime

member

Activity: 98

Merit: 10

Quote from: ?? on ??

Quote from: CoinTropolis_JustaBitTime on February 12, 2014, 11:04:34 PM

Quote from: ?? on ??

Quote from: dzarmush on February 12, 2014, 10:09:16 PM

Quote from: ?? on ??

Quote from: GCInc. on February 12, 2014, 09:48:23 PM

Quote from: ?? on ??

Where is the source code?

Will be made available in a few weeks.

With all respect "in a few weeks" is unacceptable. You shouldn't have made it available if you weren't ready to release the source code. You should also be explicitely stating that its closed source.

I'll do it for you.

The Offspring Nxt client is CLOSED SOURCE. Use at your own risk!

Considering that most people store their money on Dgex or Bter it's not a big deal.

I'm not going to get into the whole dgex debacle, but we can assume that most people with funds on there probably don't want them on there.

Nonetheless, only about 10% of Nxt sits on exchanges. Closed source is a no go.

Seriously why even make this comment? Lets just have everything closed source then. The point is requiring basic standards no matter who is in question. The dgex standards have been... questionable in several ways.

Different strokes for different folks. Don't get me wrong... love open source initiatives. However, as we look to the masses (our future market) open source means crap to them.

Lots of clients in development, support the one that rings your bell.

So stolen accounts for some and audited open source clients for others it is then...

How can people fail to grasp the most basic importance of this. It has nothing to do with "open source initiatives". Its that people MUST know its safe to use based not on a persons guarantee (trust), but on open code that can be audited by anyone, anywhere, any time. This is peoples money and livelihoods were talking about.

Not to mention this:

Quote

Agree with buybitcoinscanada.
There's no reason for me to mistrust Graviton/GCinc, BUT: closed source client(!) with blockchain included(!) by the owner of an exchange and the biggest NXT forum....
hmmmm, could be dangerous and is not really the way to go!

Cool. Free market, I see no reason to disrupt it. Ok, back to business... I just heard back from Travis at CoinMKT:

"John,

Thanks for the intro. I'm replying all - but please, don't everyone email at once

.

We'd be happy to take a look at Nxt. From what I've heard, the implementation is somewhat different than most coins, can you gents provide more info?

I can't promise anything other than we will take a look and review. Thanks."

So we're confirmed with Vault of Satoshi and CoinMKT will review it. Could I please get a solid list of resources to make it a no-brainer implementation for the exchange.

Topic: NXT :: descendant of Bitcoin - Updated Information - page 912. (Read 2761626 times)