Author Topic: Can Bitshares incorporate an ACTUAL decentralized exchange?  (Read 6636 times)

0 Members and 1 Guest are viewing this topic.

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
https://blog.ethereum.org/2014/12/26/secret-sharing-daos-crypto-2-0/

I think this can be used to implement decentralized bitcoin deposit. It will be complex and slow, but would effectively implement side-chains without asking the BTC blockchain for approval. In other words - the blockchain could generate deposit address, hold funds in it, and then sign transactions for the cash outs, but then it's up to the recipient to publish them on the BTC network.


Offline betax

  • Hero Member
  • *****
  • Posts: 808
    • View Profile
If it is an issue to hide the private key, why not collaborate with Bitcoin. Our delegates can check an account signed with a message to deliver bitBTC and lock those funds. To release those funds miners can check our chain, which for extra security can maybe add more delegates for this type of transaction. Speed should not be an issue here.

Once this is done we can incorporate other chains, litecoin, ethereum...

The key is collaboration (crypto 2.0)
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

julian1

  • Guest

The disadvantage the market may perceive is that bitAssets are backed by volatile BTS tokens rather than real fiat/crypto reserves, although the counterargument is that there is over-collateralisation to compensate for the volatility and the reserves are un-hackable.

I fear that someone will create a stable MPA using feeds, while locking up Bitcoin as the collateral on the ethereum chain. And they'll successfully win over the bitcoin crowd because they'll claim it's bitcoin based.

I was wondering about the possibility of a MPA like BitUSD except collaterialized by an IOU such as GATEBTC (with delegate multisig signing or otherwise). I believe the Bitshares code-base is heavily based around BTS though.
« Last Edit: February 18, 2015, 10:43:21 am by julian1 »

Offline starspirit

  • Hero Member
  • *****
  • Posts: 948
  • Financial markets pro over 20 years
    • View Profile
  • BitShares: starspirit
Just trying to clarify some of the ideas in this and related threads. Is the ultimate model for a decentralised exchange to:

1) have one or more gateways between real fiat/crypto and crypto-derivatives (bitAssets), and
2) trade the crypto-derivatives on a truly decentralised exchange (i.e. BitShares), and
3) expand bitAsset trading to include major cryptos and crypto-pairs to provide similar diversity to centralised exchanges

The benefits of this are:

1) transaction speeds are higher than trading the real cryptos in any sort of decentralised fashion
2) counterparty risk is limited to conversions made at the gateway (and can be reduced through better control processes such as multi-sig)

The disadvantage the market may perceive is that bitAssets are backed by volatile BTS tokens rather than real fiat/crypto reserves, although the counterargument is that there is over-collateralisation to compensate for the volatility and the reserves are un-hackable.

Am I seeing this correctly?

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Arhag, you said that the article toast posted would not be able to satisfy the property that no one knows what is the secret stored in the obfuscated program. How is SMPC different in this regard? How would the system work in the context of a decentralized bitcoin exchange?

Well, first I have to say that my knowledge in this field is limited, so what I say could be inaccurate.

From what I understood, the code obfuscation method requires there to be at least one person who at some point in time knew the obfuscated secret because someone had to make the program in the first place before obfuscating it.

In the case of secure multi-party computation (SMPC), you have N secrets (d_1, d_2, ..., d_N) each of which is only known to a respective participant (p_1, p_2, ..., p_N). There is also some general public function F(d_1, d_2, ..., d_N) that is a function of the N secrets. SMPC allows the N participants to work together to compute F(d_1, d_2, ..., d_N) without needing to reveal their secret with any of the other participants nor revealing any additional information about their secret that isn't naturally leaked by the result of the function.

This could be useful in the context of a decentralized bitcoin gateway in the sense that you could in theory construct a function F that takes the N secrets, combines them together to make the seed that generates a private key, and uses that private key to sign some hash embedded publicly in the function. This is a private key that no one individual knows. However, if the N participants colluded together by sharing their individual secrets, they could derive the private key. Furthermore, even if none of the participants reveal their individual secrets, they can still always collude together to sign any arbitrary hash they want. So the security of the funds protected by the private key depends on these participants not colluding together to do things they are trusted to not do.

Anyway, I don't think the above example is the practical way of even implementing the decentralized bitcoin gateway. I believe threshold signatures (like the example given in my original post) would be much faster. The problem with threshold signatures compatible with ECDSA (and thus compatible with bitcoin) is that there is a limitation on their use. If you require at least t' participants of the total n participants to have to work together to be able to sign transactions, then any t = (t' + 1)/2 participants of the total n participants can collude together to reconstruct the private key to allow them to sign any transaction. Still, that may be good enough security. If we weren't limited to only ECDSA and could use Schnorr signatures instead, then we could use threshold signatures without this annoying limitation. I should mention there was some talk about potentially adding those signatures to Bitcoin, and Gavin is a fan, but who knows if it will ever actually happen.

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
Toast, the article arhag posted first references the article you posted:

Quote
Essentially, one can think of SMPC as offering a set of tools roughly similar to that which it has been theorized would be offered by cryptographically secure code obfuscation, except with one key difference: it actually works on human-practical time scales.

Arhag, you said that the article toast posted would not be able to satisfy the property that no one knows what is the secret stored in the obfuscated program. How is SMPC different in this regard? How would the system work in the context of a decentralized bitcoin exchange?

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1335
    • View Profile
I've heard a lot of talk about how Bitshares is a decentralized exchange, which it is in one form, but this made me wonder. Could it be made to work like a real exchange where you can send your actual cryptocurrency, not an IOU, and exchange it for another? You could have IOU's working within the client and backed by Bitshares somehow, but from a user experience point of view it would just be like using BTER or Cryptsy or whatever.

Yes, I realize this is probably technically very difficult. But, if you did this obviously that would bring HUGE adoption. Nobody likes trusting the current centralized exchanges.

I suppose the most difficult part would be getting around the need for the user's client to have multiple blockchains. Maybe this could be solved in the same way the BTS lightweight client is? Curious here to here devs thoughts.
U can transfer btc yes then exchange for whatever.. I think you can import btc priv keys
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
http://bitcoinmagazine.com/10055/cryptographic-code-obfuscation-decentralized-autonomous-organizations-huge-leap-forward/

That was interesting. But as far as I understood, that wouldn't actually satisfy the property that no one knows what is the secret stored in the obfuscated program. In order to create the obfuscated program that can sign arbitrary Bitcoin transactions (which the blockchain could use to implement decentralized gateways for example), someone would have to first construct the non-obfuscated program then obfuscate it. The entity trusted to construct the non-obfuscated program would also have to be trusted to generate the random private key. So this same entity could, for example, steal all the reserves held at that address at any time.

Let's say this program was instead supposed to generate the private key itself. Well it would need sources of entropy to do this. The person who constructed the program would know how the program uses the entropy given to it to construct the private key, so if they had access to the entropy input (which they should since it is all on a public transparent blockchain) they can reconstruct the private key.

Am I misunderstanding?

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
No, a different article

Sent from my SCH-I535 using Tapatalk

Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
That article is way over my head. How difficult would it be to implement this in BitShares? It seems that with out delegate structure, we're in a perfect position to do address these nothing-at-stake issues. This is huge!

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Actually I think there is some "moon math" crypto where you can obfuscate arbitrary circuits which lets you generate public secret private keys. Vitalik wrote about this I think.

I guess you are talking about this https://blog.ethereum.org/2014/12/26/secret-sharing-daos-crypto-2-0/ ?

It's a good read. Not sure how practical it will all be.

Edit:
Also huge caveat on this (from the blog post):
Quote
If 51% of the maintainers of a secret sharing DAO at some particular time decide to collude, then they can uncover any of the data that is under their supervision. Furthermore, this power has no statute of limitations: if a set of entities who formed over half of the maintaining set of a secret sharing DAO at some point many years ago collude, then even then the group would be able to unearth the information from that point in time.

Basically, Nothing-at-Stake actually becomes an issue here because you cannot guarantee the economic incentives will last to prevent past maintainers from uncovering your "public secrets". This is not a problem as long as these secrets expire in a reasonable amount of time. Meaning you can expect that private key to be discovered but it doesn't matter because the BTC balances would have long since been moved to another address. On the other hand if that secret is the decryption key for some encrypted data stored in the cloud that stores some reputation-ruining information about you... not sure if I would trust this thing with that.
« Last Edit: January 10, 2015, 05:07:00 am by arhag »

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Actually I think there is some "moon math" crypto where you can obfuscate arbitrary circuits which lets you generate public secret private keys. Vitalik wrote about this I think.

Pretty much all other decentralized fiat exchanges look the same and use basic escrow + risk management (reputation or bonded escrow)

Sent from my SCH-I535 using Tapatalk

Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Although I have to say, the idea of using the 101 delegates and threshold signatures to implement a BitShares standard gateway for ECDSA-compatible cryptocoins (basically Bitcoin and probably all other altcoins) is a compelling idea. Since it is placing trust in the same entities that are already trusted (via economic incentives) to behave, it gives that gateway a little more legitimacy than any other.

Arhag, I feel that you outlined an outstanding way we could actually trade real bitcoin with much, much less centralization than a traditional exchange, and then immediately said it was not doable. I think the BitShares Standard Gateway is brilliant, and we should look into this further.

Okay, I edited it to say "not doable in a truly trust-free way". We are still trusting that 46 of the 101 delegates don't collude to steal ALL of the reserves, but perhaps this is low enough trust that it is fair to call it "decentralized". Also, the economic incentives to behave are probably stronger than any other cryptogateway because they would also lose their well-paid delegate job.

It is an idea worth considering. Not sure if it is worth actually implementing or not. But even if it was done, this would still be a way to have a decentralized crypto gateway. The actually decentralized trading should be between the BitAssets in my opinion. The less time you have the GATEBTC held in order books (to just quickly move between BitBTC and GATEBTC), the less BTC reserves will accumulate that can be compromised by 46 of the active delegates.

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
Although I have to say, the idea of using the 101 delegates and threshold signatures to implement a BitShares standard gateway for ECDSA-compatible cryptocoins (basically Bitcoin and probably all other altcoins) is a compelling idea. Since it is placing trust in the same entities that are already trusted (via economic incentives) to behave, it gives that gateway a little more legitimacy than any other.

Arhag, I feel that you outlined an outstanding way we could actually trade real bitcoin with much, much less centralization than a traditional exchange, and then immediately said it was not doable. I think the BitShares Standard Gateway is brilliant, and we should look into this further.