Author Topic: The Future of Crypto Currency Exchanges [BLOG POST]  (Read 6076 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster


I wonder why no one shares my concerns :(

We designed it to use multisig.  So gateways have the option. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I wonder why no one shares my concerns :(

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Issuing new gateway IOUs should require multisig!

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...

furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..

IMHO this is huge and most people don't get it!

Can't a gateways "superamin" powers be stolen?  Someone hacks the gateway's BTS account and sends themself everyone's IOU, then dumps them on the market and runs off with the loot.  Wouldn't it be safter if gateways didn't have superadmin powers, as those powers effecivly mean the IOUs are all held by the issuing gateway which is the same security risk they have today?

The gateway already holds all the real fiat so they already have effective control over the IOU's (they can choose not to honor them at any time). It would be quite easy to have a "failsafe" system in place, so if someone gets control of the issuing key and seizes all funds to their account, then a different server can be ready to freeze the market with another copy of the same key.

The issuing key can't really be used to protect against individual theft though. If someone manages to steal your IOU's you can bet they will dump them on the market for bitassets  the very next block. Unless you react within 10 seconds of the theft your money is permanently gone.

IIRC the plan is to not need the issuer/superadming key(s) (also with multi sig) for operational .. so you can put them in coldstorage

//edit: hmm .. rereading BMs post I am not so sure if I am correct with the assumption that the gateway PROCESSES the orderbook... however I think this should and needs to be the case as the trading GATEUSD for bitUSD will change ownership of GATEUSD and as the GATEWAY has to know their shareholders (of GATEUSD) they need control the execution of the order book ...

to me it is currently unclear how the "order book" of gatewayUSD<->bitUSD will work...
@Bytemaster could you please enlighten us here?

edit2:
it seems I have misunderstood the concept. The orderbook is processed by bitshares and not the gateway .. the gateway has to follow the law KYC/AML when doing gatewayUSD<->USD .. and obviously cannot know the all holders of their IOUs (maybe not required, in contrast to stock).

anyway .. the IOUs are OWNED by the users and their private keys and cannot be stolen by a hacker (at least not from a centralized service) ..
trading to bitUSD can be done in the dec. exchange

the amount of IOUs issued should be equal to the amount of USD deposited by costumers .. and should be destroyed on fiat withdrawals ..
that means that the issuer/admin key is required for operational ...
a hacker thus could gain access to that key ... although the key could practically located ANYWHERE and not on a known server/network ...
once a hacker gained access to the issuer key new IOUs could be issued and traded against bitUSD ... that would effectively equal stealing of funds ... although it could go even worse as the IOUs could potentially be created up to the max supply ... so EVEN more IOUs could be dumped than there should be (hacking bitstamp can give you access to all BTC they OWN .. that is different in bitshares) ..

so what we need is a gateway that has issued some IOUs and stores them in a hotwallet ..  the issuer key should be stored in coldstorage ..
that way a hacker cannot (easily) gain access to the issuer key but could gain access to the hotwallet ..

THOUGH, still the hotwallet could be managed from ANYWHERE .. (imho that is the only big advantage) .. maybe I am wrong somewhere again ..
« Last Edit: January 06, 2015, 07:56:00 pm by xeroc »

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
Also, I think people need to be ready to respond to those attacking the regulatory UIA rules that allow issuers to control all balances. I've already seen people attacking this.

This is happening in that reddit thread. Can we come up with ways to deal with this attack? Perhaps with the slant xeroc has?

http://www.reddit.com/r/Bitcoin/comments/2rhxxi/centralized_exchanges_are_spying_on_us_censoring/

please support Rune, Toast, Matt608 etc. with politely commenting on this very popular thread!
« Last Edit: January 06, 2015, 07:30:05 pm by fluxer555 »

sumantso

  • Guest
Posted at BTCtalk
https://bitcointalk.org/index.php?topic=916323.0

xeroc (or anybody) can put a version of this comment there?

you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...

furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..

IMHO this is huge and most people don't get it!


sumantso

  • Guest
« Last Edit: January 06, 2015, 05:51:16 pm by sumantso »

Offline Akado

  • Hero Member
  • *****
  • Posts: 2752
    • View Profile
  • BitShares: akado
Wouldn't ATMs help decentralize the whole process? I read this in a post:

"For truly decentralized exchanges with FIAT support we first need Bitcoin ATMs worldwide and then having all the operators install a standarized decentralized exchange software.

All ATMs could be part of a decentralized network which allows people to deposit fiat (would not be viable though for people looking to trade amounts over 10k, like those with tens of thousands, hundreds of thousands or million dollar funds)

Otherwise a decentralized exchange would only work for digital goods/currencies only."

and as a reply

"This. A temporary, but exponential growth in ATMs connected to ONE p2p exchange. Rewards to ATM operators should be considered to aid the operation. Eventually, the masses will adopt Bitcoin this way because of familiarity with the technology. Meeting a stranger in person to exchange Bitcoins is not safe. Going to an ATM is generally safe.

EDIT: For large amounts, it is only a matter of time before the powers that be yield on this rule, then such limits will evaporate."

Would a dac of decentralized ATMs network result? Or could this be one BitShares future steps when it gains more adoption worldwide?
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline kisa

  • Sr. Member
  • ****
  • Posts: 240
    • View Profile

Offline valzav

  • Sr. Member
  • ****
  • Posts: 294
    • View Profile


Offline Rune

  • Hero Member
  • *****
  • Posts: 1120
    • View Profile
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...

furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..

IMHO this is huge and most people don't get it!

Can't a gateways "superamin" powers be stolen?  Someone hacks the gateway's BTS account and sends themself everyone's IOU, then dumps them on the market and runs off with the loot.  Wouldn't it be safter if gateways didn't have superadmin powers, as those powers effecivly mean the IOUs are all held by the issuing gateway which is the same security risk they have today?

The gateway already holds all the real fiat so they already have effective control over the IOU's (they can choose not to honor them at any time). It would be quite easy to have a "failsafe" system in place, so if someone gets control of the issuing key and seizes all funds to their account, then a different server can be ready to freeze the market with another copy of the same key.

The issuing key can't really be used to protect against individual theft though. If someone manages to steal your IOU's you can bet they will dump them on the market for bitassets  the very next block. Unless you react within 10 seconds of the theft your money is permanently gone.

Offline matt608

  • Hero Member
  • *****
  • Posts: 878
    • View Profile
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...

furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..

IMHO this is huge and most people don't get it!

Can't a gateways "superamin" powers be stolen?  Someone hacks the gateway's BTS account and sends themself everyone's IOU, then dumps them on the market and runs off with the loot.  Wouldn't it be safter if gateways didn't have superadmin powers, as those powers effecivly mean the IOUs are all held by the issuing gateway which is the same security risk they have today?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...

furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..

IMHO this is huge and most people don't get it!