Author Topic: [BTS2.0] Concern about account id on blockchain instead of address  (Read 6019 times)

0 Members and 1 Guest are viewing this topic.

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
OP is a bad example because the server could spoof a name->address map just as easily. The real problem has to do with chain reorganization and replay attacks. Seems the solution is that DPOS achieves consensus too quickly for that or something
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline zhangweis

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
I don't see why it's different, why can't the server replace the address in the same way as the id? It's simply a unique identifier, in this case it will be an easier one to verify visually as well since you won't need to double-check a huge bitcoin-style address.
I think the difference is that there's one more step to get account id from a name from a trusted server. In bitcoin, you only need address (which is somewhat equivalent to id).
Weibo:http://weibo.com/zhangweis

Offline zhangweis

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
If IDs cannot be trusted then the whole protocol breaks down. 

Users should share the ID as the primary identifier.  The name is a check. 

In some sense names are less necessary and should not be used on their own. 


Sent from my iPhone using Tapatalk

Well, in my case, I always use account name and don't even care what the account id is. Actually I fear typo a lot and always copy the name instead of typing. In this sense, it's not different than an address and address has even additional hash check for typo.
Weibo:http://weibo.com/zhangweis

Offline sittingduck

  • Sr. Member
  • ****
  • Posts: 246
    • View Profile
If IDs cannot be trusted then the whole protocol breaks down. 

Users should share the ID as the primary identifier.  The name is a check. 

In some sense names are less necessary and should not be used on their own. 


Sent from my iPhone using Tapatalk

Offline alt

  • Hero Member
  • *****
  • Posts: 2821
    • View Profile
  • BitShares: baozi
I am also thinking about this .. in particular for offline devices .. this will be an extra barrier .. but as @svk said .. it's the same thing whether you check an address or an id ...
how about build transaction with both receiver's id and name?
chain server can't cheat wallet client with wrong id. witness will verify it.

Offline sittingduck

  • Sr. Member
  • ****
  • Posts: 246
    • View Profile
An id is far easier on all fronts.  It makes hardware wallets much easier. It is short like a phone number so easy to say or enter by hand. 



Sent from my iPhone using Tapatalk

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I am also thinking about this .. in particular for offline devices .. this will be an extra barrier .. but as @svk said .. it's the same thing whether you check an address or an id ...

Offline svk

I don't see why it's different, why can't the server replace the address in the same way as the id? It's simply a unique identifier, in this case it will be an easier one to verify visually as well since you won't need to double-check a huge bitcoin-style address.
Worker: dev.bitsharesblocks

Offline alt

  • Hero Member
  • *****
  • Posts: 2821
    • View Profile
  • BitShares: baozi
to withdraw a balance, only check account ID
to deposit a balance, need to check both account name and account ID, even address.
I think this is the best way, and can avoid to sent to a wrong receiver even if he have update the public key.
sever can't cheap client with a wrong ID, or wrong address.

Offline zhangweis

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
I remember it's mentioned somewhere that account id is used in transaction on blockchain instead of address. Suppose you're using a lightweight wallet and you want to transfer money to someone account. If the server cheats you by giving wrong account id, your money can go to somewhere else. In bitcoin (or BTS1.0), if I'm using address as transfer target, the worst the server can cheat is not broadcasting and I'm relatively safe.
I think it's better to use address on blockchain and for perfomance reason hash the address to an id for memory and code to use. This way it's still safe and with high performance.
I know if you're using account name, we need to trust the server for getting the account id or public key and it's similar with BTS 1.0. And account id as target has the benefit that changing active/owner key will not impact account's balance. But at least we should have an option to specify address as target in a transaction on blockchain.
Weibo:http://weibo.com/zhangweis