Author Topic: MirrorChain--to solve the security threat during the new DACs distribution  (Read 9047 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster

Maybe we can use some ellyptic curve magic to solve the issue ... much like what TITAN does?

The problem is that without the actual public key of the account holder you cannot do any operation other than signature verification and that requires the private key. 

If we had the public key for every address in the snapshot then it would be possible to separate out the tool that imports the private keys for each chain from the chain itself. 

I think the way we can get around this is to have a separate 'trusted' process that can sign arbitrary data for a new chain.  This process would report to the new DAC all of the addresses it can sign for.

This way the new DAC never sees your private key, but can still use it for signing transactions *FOR THAT DAC ONLY*. 

 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
I am a bit skeptical that the more profitable DACs would release their source and allow their whole business to be instantly cloned. 

I see you are not familiar with Stan's classic "10 laws" post:

Quote
So here is our list of the rather obvious Ten Natural Laws of the Crypto-Asset Universe.  All wise developers should be aware of these unspoken rules of competition and plot their private business strategies accordingly:

1.   All software must be open source to be trusted.
2.   It is ethically acceptable to clone alt-coins from anybody else’s open source.
3.   If you demonstrate a good idea, others will clone it – without market objection.
4.   They will clone it if just to give it a better name.
5.   They will clone it to slightly modify one of its parameters.
6.   They will clone it to better appeal to another group of stakeholders.
7.   They will clone it to make it more profitable (and therefore more appealing).
8.   These clones will compete in the free market.
9.   The clone that appeals to the biggest and most influential crowd wins.
10.   The clone that achieves the Network Effect first may ultimately get to ignore the first 9 rules.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Maybe we can use some ellyptic curve magic to solve the issue ... much like what TITAN does?

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile


I am a bit skeptical that the more profitable DACs would release their source and allow their whole business to be instantly cloned. 

Really the only solution will be a hot/cold wallet as far as I can see.
I speak for myself and only myself.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Oh .. i am afraid my capabilities in reading and securing code are somewhat limited

Offline Overthetop

To me that sounds like a business opportunity, checking DAC sources :-)
Yeah ,sure.

You deserve it ,and maybe one day we can have a deal.

 :P
个人微博账号: Overthetop_万里晴空
“块链创新与创业”交流群: 330378613

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
To me that sounds like a business opportunity, checking DAC sources :-)

Offline Overthetop

I don't think everyone would wish to release the source to their DACs.
Those probably wont make me to post my angelshare private key into. Not gonna happen!

Even with source code, I do not think it is safe enough .

Because more and more Dacs are coming out and they  become more and more complex .

So it is not easy to review each of them clean or not  .
« Last Edit: June 03, 2014, 06:12:19 am by Overthetop »
个人微博账号: Overthetop_万里晴空
“块链创新与创业”交流群: 330378613

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I don't think everyone would wish to release the source to their DACs.
Those probably wont make me to post my angelshare private key into. Not gonna happen!

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
So, I suggest to setup one Mirrorchain by 3i offically to maintain the PTS,AGS etc data.
[...]
How about this ?
Decentralized!

You can always diff the official bitshares_toolkit against the new DAC and see for you self what changes they did. If you cannot read code, let others do the work for you!

We might need a trusted compile platform for the binaries

I don't think everyone would wish to release the source to their DACs.
I speak for myself and only myself.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
So, I suggest to setup one Mirrorchain by 3i offically to maintain the PTS,AGS etc data.
[...]
How about this ?
Decentralized!

You can always diff the official bitshares_toolkit against the new DAC and see for you self what changes they did. If you cannot read code, let others do the work for you!

We might need a trusted compile platform for the binaries

Offline Overthetop

At present,more and more new DACs will come out and use Free distribution promotion strategy.

However ,there are always security threat during the process of importing the private keys of PTS/AGS/BTX ...  to new DACs.

So, I suggest to setup one Mirrorchain by 3i offically to maintain the PTS,AGS etc data.

The mirrorchain has no business function only performs as a data-provider for new DACs.

With the "MirrorChain", we get a firewall between our assets and strange new DACs.

The mirrochain can refresh the data frequently to keep up the new data ,and will always be ready for new DACs distribution.

How about this ?

 :)
« Last Edit: May 27, 2014, 05:38:36 am by Overthetop »
个人微博账号: Overthetop_万里晴空
“块链创新与创业”交流群: 330378613