Topic: NXT :: descendant of Bitcoin - Updated Information - page 987. (Read 2761632 times)
can anyone please post here the last design with the cells , of NXT ? from Fartih
You are right, that it probably wouldn't require changes in verify, but in such case...
I was thinking about it for a while, and tell me, HOW exactly would you like to alter x value?
a) values passed to Curve25519.sign and Curve25519.verify are in PACKED form
b) x still needs to be valid priv key and Y it's corresponding public key (I call this pair "session key", as it's generated based on message and secret key)
c) you need to make sure that (x-h) will NOT be "negative" in the meaning defined by 'xmath':
I was thinking about it for a while, and tell me, HOW exactly would you like to alter x value?
a) values passed to Curve25519.sign and Curve25519.verify are in PACKED form
b) x still needs to be valid priv key and Y it's corresponding public key (I call this pair "session key", as it's generated based on message and secret key)
c) you need to make sure that (x-h) will NOT be "negative" in the meaning defined by 'xmath':
Quote
Note that there isn't actually such a thing as positive or negative in
a finite field, but you should just pick some definition. My favorite
is to define elements with the least significant bit set (when fully
reduced) to be negative, and non-zero elements with the least
significant bit clear (when fully reduced) to be positive. This makes
sure that if x is positive then -x (= p-x) is negative and vice versa.
- xmath
a finite field, but you should just pick some definition. My favorite
is to define elements with the least significant bit set (when fully
reduced) to be negative, and non-zero elements with the least
significant bit clear (when fully reduced) to be positive. This makes
sure that if x is positive then -x (= p-x) is negative and vice versa.
- xmath
If I got an incorrect signature I would use another ephemeral key.
Edit: About "HOW exactly" - I would use SHA256(privateKey + message + nonce) instead of SHA256(privateKey + message).
Is there any public node or test node running the latest NRS version that allows
api calls?
Is this documentation at http://www.thenxtwiki.org/wiki/Nxt_API#Description
already obsolete as there were already several daily updated from 0.5.11 to 0.7.2?
api calls?
Is this documentation at http://www.thenxtwiki.org/wiki/Nxt_API#Description
already obsolete as there were already several daily updated from 0.5.11 to 0.7.2?
https://wallet.nxtarea.com:7875
That will STILL not solve the underlying problem and errors will occasionally occur. (It's x-h that matters)
(Also it wouldn't be that simple, as most likely also verify would have to be changed...)
(Also it wouldn't be that simple, as most likely also verify would have to be changed...)
I think that it does solve the problem and verify() does not need to be changed.
You are right, that it probably wouldn't require changes in verify, but in such case...
I was thinking about it for a while, and tell me, HOW exactly would you like to alter x value?
a)
b) x still needs to be valid priv key and Y it's corresponding public key (I call this pair "session key", as it's generated based on message and secret key)
c) you need to make sure that (x-h) will NOT be "negative" in the meaning defined by 'xmath':
Quote
Note that there isn't actually such a thing as positive or negative in
a finite field, but you should just pick some definition. My favorite
is to define elements with the least significant bit set (when fully
reduced) to be negative, and non-zero elements with the least
significant bit clear (when fully reduced) to be positive. This makes
sure that if x is positive then -x (= p-x) is negative and vice versa.
- xmath
a finite field, but you should just pick some definition. My favorite
is to define elements with the least significant bit set (when fully
reduced) to be negative, and non-zero elements with the least
significant bit clear (when fully reduced) to be positive. This makes
sure that if x is positive then -x (= p-x) is negative and vice versa.
- xmath
PS, you know, that thanks to this change, we could most likely get rid of that stupid loop inside Transaction.sign...
https://www.youtube.com/watch?feature=player_embedded&v=McNclx2Zck8
well, we still have the chance to come not first, but best ...
cant wait to make the better video when the asset ex will come..
PS: bounties will be needed
well, we still have the chance to come not first, but best ...
cant wait to make the better video when the asset ex will come..
PS: bounties will be needed
The soundtrack from the video scares me. I would use something like http://www.youtube.com/watch?v=vOTURWqJyhU&list=PL4518B1FCFD912E2F
or we can imput the same mix like on olimpicgames : the Game has changed" , from TRON
but your one is sorry : лaжa
we need agrresivity, agrRresive marketing
Hello!
My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth .
How it's works:
ToDo:
How to test:
Bug report:
If you find some bug, send me PM with description and I pay you 100 NXT
P.S. Sorry for my bad english
My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth .
How it's works:
- Click on the image with NXT logo and enter valid NXT token
- If NXT server online and token valid - you log in to site with subscriber account
- On the Wordpress settings page you can change address of NXT server. By default - localhost
ToDo:
- Adding modal jQuery window
- Add User page with additional Info, such as transactions, etc
- Integrate with my AM project - http://nxtdb.info
How to test:
- Go to http://nxtdb.info and click "Authenticate with NXT token" in header
- On the top-right corner click logo and enter valid (or not) NXT token for site: nxtdb.info
- Or you can install this plugin on your Wordpress blog. Find nxtAuth plugin, install and activate it.
Bug report:
If you find some bug, send me PM with description and I pay you 100 NXT
P.S. Sorry for my bad english
this guy needs to get some bounty ...
That will STILL not solve the underlying problem and errors will occasionally occur. (It's x-h that matters)
(Also it wouldn't be that simple, as most likely also verify would have to be changed...)
(Also it wouldn't be that simple, as most likely also verify would have to be changed...)
I think that it does solve the problem and verify() does not need to be changed.
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script, But anyway I honestly don't know how this is related.
With MPK you can have one public key that is able to generate other public keys without touching the private keys. Because they are linked from the seed in a certain way, Both chains (Private key chain, public key chain), will generate corresponding keys in a sequence.
A very good example is AcceptBit.com which is a private key free POS system.
The MPK functionality is VERY important to my new exchange, Also I believe it to be a key element in the automation of decentralized markets, At gateway level.
- Lophie
p.s: There is no way to do this in NXT, I am lacking proper knowledge to surpass the dam of different curve functions between Bitcoin and NXT...
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script,
Signing in JS has been done, there was bounty for it.
I was thinking more about it, and it wouldn't be as straightforward as I thought, mainly because curve25519 is not bijective.
(But it would still be partially doable...)
But anyway I honestly don't know how this is related.
It is related, since it's easy to do it on actual PRIVATE key, but most APIs in NRS, do not operate on PRIVATE key, but on a password, that is passed to SHA and the output is your actual PRIVATE key.
This additional step (sha) makes it currently currently impossible. (well it would be possible, it hash function would be transitive, but transitive hash function, wouldn't have much sense
)So YOU are able to generate derived public keys and user is able to generate derived private keys, BUT
is there a client that accepts actual PRIVATE key and not password?
But the whole point is isolation of private keys!. Ok I will just give away my implementation idea here to explain, So basically the exchange market is 100% cold because it doesn't even hold pre-generated address pool to assign to users. It only holds a single master public key. Whenever a user asks for thier deposit address a single invocation of addrGen(MPubK, userid) would always generate instantly the same address (Note that there is no private keys involved here!), On the secure super duper server that does not directly communicate to the exchange the coins can be spent by addrPrivGen(MPrivk, userid) <-(Not that addrPrivGen takes significantly more time since you actually have to generate from 1 up to userid number of private keys, but that private key will be able to spend the coins in that address).
The dangers of exposing MPK are only limited to expose all possible public keys in the sequence.
Note that this idea is DONE bitcoin side... with oh many new ideas coming this way
https://www.youtube.com/watch?feature=player_embedded&v=McNclx2Zck8
well, we still have the chance to come not first, but best ...
cant wait to make the better video when the asset ex will come..
PS: bounties will be needed
well, we still have the chance to come not first, but best ...
cant wait to make the better video when the asset ex will come..
PS: bounties will be needed
The soundtrack from the video scares me. I would use something like http://www.youtube.com/watch?v=vOTURWqJyhU&list=PL4518B1FCFD912E2F
There is no way you can patch Crypto.sign. (or it would be bloody dumb)
Why do u think so?
Let's say you have leaking tap.
Patching Crypto.sign is like putting bucket under the tap instead of fixing the tap itself...
Public source code contains such comment:
Code:
/* Signature generation primitive, calculates (x-h)s mod q
* v [out] signature value
* h [in] signature hash (of message, signature pub key, and context data)
* x [in] signature private key
* s [in] private key for signing
* returns true on success, false on failure (use different x or h)
*/
* v [out] signature value
* h [in] signature hash (of message, signature pub key, and context data)
* x [in] signature private key
* s [in] private key for signing
* returns true on success, false on failure (use different x or h)
*/
Why don't u want to use different x?
That will STILL not solve the underlying problem and errors will occasionally occur. (It's x-h that matters)
(Also it wouldn't be that simple, as most likely also verify would have to be changed...)
So 2 questions.
1) What is the tecnical term for the assets that will be issued on the asset exchange. Specifically what is the technical term for this type of financial instrument? I know they will be a type of security but they are not futures. When the us treasury issued promissory notes redeemable for gold or silver they called them certificates. Is "certificate" the most accurate term? I, with my silver bullion gateway, would be issuing "silver bullion certificates"?
2) Even if we know what the technical term is than we probably shouldn't call it that. We may solicit unwanted attention from financial regulators. So what are we going to call them?
1) What is the tecnical term for the assets that will be issued on the asset exchange. Specifically what is the technical term for this type of financial instrument? I know they will be a type of security but they are not futures. When the us treasury issued promissory notes redeemable for gold or silver they called them certificates. Is "certificate" the most accurate term? I, with my silver bullion gateway, would be issuing "silver bullion certificates"?
2) Even if we know what the technical term is than we probably shouldn't call it that. We may solicit unwanted attention from financial regulators. So what are we going to call them?
I would call it "token".
Hello!
My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth .
How it's works:
ToDo:
How to test:
Bug report:
If you find some bug, send me PM with description and I pay you 100 NXT
P.S. Sorry for my bad english
My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth .
How it's works:
- Click on the image with NXT logo and enter valid NXT token
- If NXT server online and token valid - you log in to site with subscriber account
- On the Wordpress settings page you can change address of NXT server. By default - localhost
ToDo:
- Adding modal jQuery window
- Add User page with additional Info, such as transactions, etc
- Integrate with my AM project - http://nxtdb.info
How to test:
- Go to http://nxtdb.info and click "Authenticate with NXT token" in header
- On the top-right corner click logo and enter valid (or not) NXT token for site: nxtdb.info
- Or you can install this plugin on your Wordpress blog. Find nxtAuth plugin, install and activate it.
Bug report:
If you find some bug, send me PM with description and I pay you 100 NXT
P.S. Sorry for my bad english
this guy needs to get some bounty ...
There is no way you can patch Crypto.sign. (or it would be bloody dumb)
Why do u think so?
Let's say you have leaking tap.
Patching Crypto.sign is like putting bucket under the tap instead of fixing the tap itself...
Public source code contains such comment:
Code:
/* Signature generation primitive, calculates (x-h)s mod q
* v [out] signature value
* h [in] signature hash (of message, signature pub key, and context data)
* x [in] signature private key
* s [in] private key for signing
* returns true on success, false on failure (use different x or h)
*/
* v [out] signature value
* h [in] signature hash (of message, signature pub key, and context data)
* x [in] signature private key
* s [in] private key for signing
* returns true on success, false on failure (use different x or h)
*/
Why don't u want to use different x?
https://www.youtube.com/watch?feature=player_embedded&v=McNclx2Zck8
well, we still have the chance to come not first, but best ...
cant wait to make the better video when the asset ex will come..
PS: bounties will be needed
well, we still have the chance to come not first, but best ...
cant wait to make the better video when the asset ex will come..
PS: bounties will be needed
So 2 questions.
1) What is the tecnical term for the assets that will be issued on the asset exchange. Specifically what is the technical term for this type of financial instrument? I know they will be a type of security but they are not futures. When the us treasury issued promissory notes redeemable for gold or silver they called them certificates. Is "certificate" the most accurate term? I, with my silver bullion gateway, would be issuing "silver bullion certificates"?
2) Even if we know what the technical term is than we probably shouldn't call it that. We may solicit unwanted attention from financial regulators. So what are we going to call them?
1) What is the tecnical term for the assets that will be issued on the asset exchange. Specifically what is the technical term for this type of financial instrument? I know they will be a type of security but they are not futures. When the us treasury issued promissory notes redeemable for gold or silver they called them certificates. Is "certificate" the most accurate term? I, with my silver bullion gateway, would be issuing "silver bullion certificates"?
2) Even if we know what the technical term is than we probably shouldn't call it that. We may solicit unwanted attention from financial regulators. So what are we going to call them?
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script, But anyway I honestly don't know how this is related.
With MPK you can have one public key that is able to generate other public keys without touching the private keys. Because they are linked from the seed in a certain way, Both chains (Private key chain, public key chain), will generate corresponding keys in a sequence.
A very good example is AcceptBit.com which is a private key free POS system.
The MPK functionality is VERY important to my new exchange, Also I believe it to be a key element in the automation of decentralized markets, At gateway level.
- Lophie
p.s: There is no way to do this in NXT, I am lacking proper knowledge to surpass the dam of different curve functions between Bitcoin and NXT...
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script,
Signing in JS has been done, there was bounty for it.
I was thinking more about it, and it wouldn't be as straightforward as I thought, mainly because curve25519 is not bijective.
(But it would still be partially doable...)
But anyway I honestly don't know how this is related.
It is related, since it's easy to do it on actual PRIVATE key, but most APIs in NRS, do not operate on PRIVATE key, but on a password, that is passed to SHA and the output is your actual PRIVATE key.
This additional step (sha) makes it currently currently impossible. (well it would be possible, it hash function would be transitive, but transitive hash function, wouldn't have much sense
)So YOU are able to generate derived public keys and user is able to generate derived private keys, BUT
is there a client that accepts actual PRIVATE key and not password?
For raspi (model B) use settings:
SNl 0:34 /usr/bin/java -Xms128m -Xmx756m -jar start.jar STOP.PORT=7873 S
works fine - a common error I made usually is to set it at 450/450 or so - that limits the heap space to 450MB, which is NOT enough!
Xms128 is the MINIMUM heap size,
Xmx756 is the MAXIMUM, presto!
Hello!
My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth .
How it's works:
ToDo:
How to test:
Bug report:
If you find some bug, send me PM with description and I pay you 100 NXT
P.S. Sorry for my bad english
My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth .
How it's works:
- Click on the image with NXT logo and enter valid NXT token
- If NXT server online and token valid - you log in to site with subscriber account
- On the Wordpress settings page you can change address of NXT server. By default - localhost
ToDo:
- Adding modal jQuery window
- Add User page with additional Info, such as transactions, etc
- Integrate with my AM project - http://nxtdb.info
How to test:
- Go to http://nxtdb.info and click "Authenticate with NXT token" in header
- On the top-right corner click logo and enter valid (or not) NXT token for site: nxtdb.info
- Or you can install this plugin on your Wordpress blog. Find nxtAuth plugin, install and activate it.
Bug report:
If you find some bug, send me PM with description and I pay you 100 NXT
P.S. Sorry for my bad english
There is no way you can patch Crypto.sign. (or it would be bloody dumb)
Why do u think so?
Let's say you have leaking tap.
Patching Crypto.sign is like putting bucket under the tap instead of fixing the tap itself...
Jump to: