Author Topic: MirrorChain--to solve the security threat during the new DACs distribution  (Read 3629 times)

0 Members and 1 Guest are viewing this topic.

Offline Overthetop

Maybe we can use some ellyptic curve magic to solve the issue ... much like what TITAN does?


I think the way we can get around this is to have a separate 'trusted' process that can sign arbitrary data for a new chain.  This process would report to the new DAC all of the addresses it can sign for.

This way the new DAC never sees your private key, but can still use it for signing transactions *FOR THAT DAC ONLY*. 

 

Yes , I think  that way makes sense.  :)

It  is called a "Firewall" .

个人微博账号: Overthetop_万里晴空
“块链创新与创业”交流群: 330378613

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12912
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Steps:
1: Enter public key into new DAC client
2: New DAC client creates unsigned transaction
3: PTS/Trusted client signs transaction
4: Signed transaction posted into new DAC client
That sounds VERY nice! Also PTS wallet should already be installed by most investors!

+5% for this approach!!!
So basically to make things easy for the user we should go like

1.) PTS-wallet: store Pubkeys in a file
2.) DAC-wallet: import Pubkeys from file
3.) DAC-wallet: create transaction(s) to redeem genesis transaction(s) (who exactly? send everything to a single new address or go for a splitting into pieces?)
3.) DAC-wallet: write raw transaction(s) into file
4.) PTS-wallet: Load the file and sign the tx(s)
5.) PTS-wallet: store signed tx(s) into file (third file for those who didn't count :-) )
6.) DAC-wallet: load signed tx(s) from file
7.) DAC-wallet: broadcast tx(s)

Only thing that hurdles me is that the user needs to create 3 files. Much like signing offline txs with bitcoin using Armory :-)
But ... secure!
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline FreeTrade

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 700
    • View Profile
Only thing that hurdles me is that the user needs to create 3 files. Much like signing offline txs with bitcoin using Armory :-)
But ... secure!

Yes, very similar.

Also the process could alternately be handled on a webpage similar to brainwallet so that no software need be installed -

Steps:

1. Enter public key(s) / upload file of public keys to web form
2. Generate unsigned transaction
3. copy/paste unsigned transaction into trusted client (eg PTS client)
4. copy/paste signed transaction back into web form

“People should be more sophisticated? How are you gonna get that done?” - Jerry Seinfeld reply to Bill Maher

Offline Overthetop

Only thing that hurdles me is that the user needs to create 3 files. Much like signing offline txs with bitcoin using Armory :-)
But ... secure!

Yes, very similar.

Also the process could alternately be handled on a webpage similar to brainwallet so that no software need be installed -

Steps:

1. Enter public key(s) / upload file of public keys to web form
2. Generate unsigned transaction
3. copy/paste unsigned transaction into trusted client (eg PTS client)
4. copy/paste signed transaction back into web form

It is great!
 +5%
个人微博账号: Overthetop_万里晴空
“块链创新与创业”交流群: 330378613

Offline Troglodactyl

  • Hero Member
  • *****
  • Posts: 960
    • View Profile
Only thing that hurdles me is that the user needs to create 3 files. Much like signing offline txs with bitcoin using Armory :-)
But ... secure!

Yes, very similar.

Also the process could alternately be handled on a webpage similar to brainwallet so that no software need be installed -

Steps:

1. Enter public key(s) / upload file of public keys to web form
2. Generate unsigned transaction
3. copy/paste unsigned transaction into trusted client (eg PTS client)
4. copy/paste signed transaction back into web form

I think this is a good problem to solve with the toolkit.  The toolkit could have an associated standalone trusted tool that reads a new DAC's genesis block and the wallet generated for that DAC, then imports all snapshot wallets and creates signed transactions to move your stake to your new wallet.

Offline crazybit

Quote
Inspired by logxing's proposal, i come up with an idea which may completely solve this potential security issue.  if we could use the signature which sign on the specified text(e.g the donation address) with private key, to claim the corresponding shares in different DACs,then we would not worry about private key stolen,as we do NOT need to expose our private key and use different signature to claim the shares in different DAC. e.g signature to claim the XTS shares =sign(“XTS”+Pts/BTC donation address, PrivateKey), signature to claim the DNS shares =sign(“DNS”+Pts/BTC donation address, PrivateKey)

my idea, please discuss if it is feasible.

https://bitsharestalk.org/index.php?topic=4732.msg62135#msg62135

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12912
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
@crazybit: thats the whole idea of freetrades proposal a few post earlierer
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
Only thing that hurdles me is that the user needs to create 3 files. Much like signing offline txs with bitcoin using Armory :-)
But ... secure!

Yes, very similar.

Also the process could alternately be handled on a webpage similar to brainwallet so that no software need be installed -

Steps:

1. Enter public key(s) / upload file of public keys to web form
2. Generate unsigned transaction
3. copy/paste unsigned transaction into trusted client (eg PTS client)
4. copy/paste signed transaction back into web form



+5% | interesting discussion
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline sfinder

  • Hero Member
  • *****
  • Posts: 1205
  • 4 Cores CPU+100GB SSD+anti-DDoS Pro
    • View Profile
Might be possible to have the PTS client sign the first transaction to release funds from the genesis block.

Steps:
1: Enter public key into new DAC client
2: New DAC client creates unsigned transaction
3: PTS/Trusted client signs transaction
4: Signed transaction posted into new DAC client

Can I apply the same steps to btc wallet which been used for AGS donation? 
微博:星在飘我在找|BTS X 受托人delegate ID:baidu
中国教育书店合作将20%收入捐献给贫困山区学生。
Cooperating with China Education Bookstore and will donate 20% of delegate income to the poor students

Offline Overthetop

It seems DPOS really works, maybe it is time to think about security issues.

 :)
个人微博账号: Overthetop_万里晴空
“块链创新与创业”交流群: 330378613

Offline Gentso1

  • Hero Member
  • *****
  • Posts: 931
    • View Profile
  • BitShares: gentso
Re: MirrorChain--to solve the security threat during the new DACs distribution
« Reply #25 on: October 11, 2014, 08:25:09 pm »
Any way to implement these directly into the toolkit? Any thoughts on when this ideas might be able to be looked at?

Offline monsterer

Re: MirrorChain--to solve the security threat during the new DACs distribution
« Reply #26 on: October 13, 2014, 06:10:09 pm »
I don't think everyone would wish to release the source to their DACs.

They might as well, since the DAC will run on anyone's machine it will just get disassembled anyway if there's no source.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads