But the whole point is isolation of private keys!. Ok I will just give away my implementation idea here to explain, So basically the exchange market is 100% cold because it doesn't even hold pre-generated address pool to assign to users. It only holds a single master public key. Whenever a user asks for thier deposit address a single invocation of addrGen(MPubK, userid) would always generate instantly the same address (Note that there is no private keys involved here!), On the secure super duper server that does not directly communicate to the exchange the coins can be spent by addrPrivGen(MPrivk, userid) <-(Not that addrPrivGen takes significantly more time since you actually have to generate from 1 up to userid number of private keys, but that private key will be able to spend the coins in that address).
The dangers of exposing MPK are only limited to expose all possible public keys in the sequence.
Note that this idea is DONE bitcoin side... with oh many new ideas coming this way
Ahhh, so u want it for cold wallet, now everything is clear. (you should have started, that user won't have access to priv key
)
But As I've written:
I was thinking more about it, and it wouldn't be as straightforward as I thought, mainly because curve25519 is not bijective.
(But it would still be partially doable...)
Funny thing, I was thinking about making escrow for NXT, but haven't thought about MPK
I need to think about it, but I think that on super-duper secure server, you'd have to do check first, as there's chance, that addrGen(MPubK, userid) would generate key, that does NOT have corresponding private key... (
curve25519(priv, basepoint)-> public is not surjective)
Yes I think now we are thinking about the same thing! Of course we will do alot of sampling but in BIP0032 there was math reasoning behind this and G. Maxwell actually to an extend, understood the mathimaticts behind it and why it work. I am way not there but I am learning everyday. Since you guys were discussing the curve I thought you can make this happen. This is the biggest sitback I have finishing up the exchange because I do not want a security breach. Basically even for a far fetched super hacker that would break into the server, There is really nothing to steal and it is damn hard to forge withdraw requests! Sanity tests, consistency test and dead man switches are all over the place. Call me paranoid but this is crypto, I would rather NOT deliver rather than a half baked product.
Also now imagine the decentralized exchanges are done and in the wild. You CANNOT automate and decentralize the
gateway PERIOD, not compatible chains so that wont happen! Don't get me started on if the gateway was for fiat!. MPK functionalities can greatly simplify an implementation for a gateway for deposits and withdrawals. When you make it faster and simpler you make the learning curve, maintaining and running a gateway or an asset exchange easier which will promote usage. Imagine a trusted Joe Nix Coiner opening something as big as havelockinvestments over a SINGLE low end desktop running in his living room! add tor, bitmesssage and other communication tools and you basically create a fully functional decentralized exchange plus gateway code that ANYONE can start and operate.
I know that is a bit far fetched broader picture but from here I see an MPK like feature playing a major rule in a good efficient implementation in many many applications. I am seriously willing to pay and I know you guys will get a kick working on something like this, So it is a win-win, and another win for all of us.
