Author Topic: Securely claim shares from AGS-PTS  (Read 2580 times)

0 Members and 1 Guest are viewing this topic.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Current Genesis block is aware of your public address and how much stake you have (both for AGS and PTS).
Not true for people that got their stake from holding PTS in an address that was never used .. :(

Offline pariah99

  • Full Member
  • ***
  • Posts: 66
  • I'm so meta even this acronym.
    • View Profile
Based on my rudimentary understanding of Public Key Cryptography, here's the scenario that I envision:

Current Genesis block is aware of your public address and how much stake you have (both for AGS and PTS).

By submitting your private key, it proves that you donated from that public address, so your stake is known to the superDAC.

The superDAC could then output the stake amount and an ID code for the new DAC, and sign it with your private key (proves that it is you) as well as the superDAC's private key (proves that the stake is valid).

The signed message could be verified by the new DAC for people claiming genesis shares.  The only requirement would be that they have your public address as well as the public key for the superDAC.


Okay, after looking at Xeroc's links, those make some sense and wouldn't require a 3rd party.

How is it that the pubkey isn't known in the genesis block?  I thought addresses were pubkeys?

If that's the case, it's easy for the new DAC to generate a passphrase, encrypt it with the pubkey so that you can only decode it with the privkey.
« Last Edit: September 25, 2014, 02:41:44 pm by pariah99 »

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
no need for a trusted party here ..

a DAC creator can simply choose to multiple all public keys of the genesis block with a constant random number (or maybe the blockchain identifier) and stake holders can do the same with their private keys ..

the magic of elliptic curve crypto makes the private keys to still be able to access the genesis funds ..

We just need a standardization and maybe a tool/api/rpccall from the community/devs


shit .. only address are known .. not pubkeys ..
https://bitsharestalk.org/index.php?topic=4732.msg62170#msg62170

possible solution:
https://bitsharestalk.org/index.php?topic=4737.msg61330#msg61330
« Last Edit: September 25, 2014, 02:30:40 pm by xeroc »

Offline pariah99

  • Full Member
  • ***
  • Posts: 66
  • I'm so meta even this acronym.
    • View Profile
This is the one reason that I can think of for I3 to continue to exist outside of a role promoting/upgrading BTSX.  Creating a superDAC to issue specific keys for people to claim genesis shares in new DACs.

I would think that we could have another superDAC that other AGS/PTS-honoring DACs would register under.  Then each stakeholder could submit their private key to the superDAC, and as each new (regular) DAC is created, it would generate a specific key to submit to the new DAC to claim your genesis stake.

This doesn't solve the problem of a single-point security vulnerability if somebody gets ahold of your private key (this is unsolvable, IMO), but it prevents a malicious DAC gaining control of your future genesis stakes.

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
aha... i am getting closer and closer to the light...

thank you both...

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
the backup file you can create as described by liondani is in JSON format .. nothing to important to know .. but you can open it in notepad if you like and take a look

the wallet master private key is the mother of all keys in your wallet .. it is generated randomly and encrypted with your passphrase ..

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani

Lol...apparently after 1 year you guys haven't realized yet that anything you say in IT terms sound Chinese to me..

master private key: Is this my password when I login to the client?

Quote
you create an in-app backup json file

What does that mean? No idea what json file is.. I know there is a json file in the bitshares folder but no idea what this is...For quite some time I thought that I only need to save this file and nothing else in order to do a backup (I thought that this is the wallet.dat file)

So all in all...If I do not lose my password and I copy the entire folder I am ok no matter of new GUI versions?

Thank you Xeroc! :)

the json file that is created when you go

File>Export Wallet

from your gui client....
Don't make the mistake and believe that every .json file is your wallet backup!!!
since for example config.json @ node_config.json ARE NOT your wallet backups.

PS you can create your .json backup file or copy the entire folder "wallets" somewher safe... (make both to be sure)
« Last Edit: September 25, 2014, 01:07:36 pm by liondani »

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile

Lol...apparently after 1 year you guys haven't realized yet that anything you say in IT terms sound Chinese to me..

master private key: Is this my password when I login to the client?

Quote
you create an in-app backup json file

What does that mean? No idea what json file is.. I know there is a json file in the bitshares folder but no idea what this is...For quite some time I thought that I only need to save this file and nothing else in order to do a backup (I thought that this is the wallet.dat file)

So all in all...If I do not lose my password and I copy the entire folder I am ok no matter of new GUI versions?

Thank you Xeroc! :)

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
With bitcoin I can backup a wallet on a usb stick, format my pc and have some basic security.
Can I at least do that with BTSX? If I copy all the BTSX folder on a usb stick and fully format my pc, will I be able to recover my wallet? With GUI versions coming out every day (as they should be) do I risk my backup not to be recovered?
The ONLY thing to recover EVERYTHING is the wallet master private key which part of the backup when you create an in-app backup json file

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
This is one of the most important things that will drive PTS and all the shares prices UP!!

With bitcoin I can backup a wallet on a usb stick, format my pc and have some basic security.
Can I at least do that with BTSX? If I copy all the BTSX folder on a usb stick and fully format my pc, will I be able to recover my wallet? With GUI versions coming out every day (as they should be) do I risk my backup not to be recovered?

Back to basics...again...lol..

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
Very important points.
Hope they have something in mind and give us a solution soon...


Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
It appears that more and more 3rd party developers will start soon honor AGS - PTS.
What are the plans to create something that one can securely claim those shares? For example for some time now I wanted to try play LTS with my free shares but I haven't claimed any yet since I don't want to take the risk importing private keys to 3rd party wallets.

What is the time frame in the horizon to build something like that?
Also what is the time frame for secure offline wallets using something like trezor? Just plug the thing and save shares offline?