greBit



Offline



Activity: 714

Merit: 500







Hero MemberActivity: 714Merit: 500 Re: [ANNOUNCE] Zero Reserve - A distributed Bitcoin Exchange September 17, 2013, 02:56:14 PM

Last edit: September 17, 2013, 03:11:50 PM by greBit #4 Quote from: anu on September 17, 2013, 12:13:01 PM RetroShare (retroshare.sourceforge.net) is a prerequisite.. If you are not a user of RetroShare yet, recent NSA revelations suggest that you start now.



I just wanted to point out that if you are genuinely worried about the NSA snooping your communications, do not use Retroshare. It should really be marketed at users who want an alternative to Facebook, i.e. where the adversary is a corporation looking to sell your data to advertisers.



With the NSA - a global passive (mostly) adversary, this firstly will offer zero protection for your metadata. i.e:

The entire history of every single connection you make to your 'friends' would likely appear in the NSA's dataset.



IPs, duration, geo-location etc

Metadata is great as it is compact, easy to store and amazing for data mining when you collect A LOT of it

So once your metadata is available for data mining, perhaps you are automatically flagged up as a person of interest, as you once made a connection, perhaps outside of retroshare, to another machine which was within 3 hops of a suspected terrorist.



Cue the analyst who examines your internet life and sees you are a user of encryption software.



Cue the zero-day exploits on your endpoint or perhaps one of the 300 or so of your 'trusted' friends. Private keys are exposed, along with all of the communications you have ever made.



I quote a developer, Cyril on 1st September (

Quote Youre right. Forward security; were working on it. We will probably have a solution soon.



We should probably rationally assume that the SSL implementation is not forward secure. So the moment any one of your 'friends' has their endpoint compromised, this will also allow the NSA to decrypt the entire history of your SSL communications with them.



Not that im paranoid or anything



But this does motivate the need for anonymity software that works (metadata protection) and perfect-forward-secrecy to design for the inevitable compromise of crypto keys.



Not that this detracts at all from your project which looks very promising I just wanted to point out that if you are genuinely worried about the NSA snooping your communications,. It should really be marketed at users who want an alternative to Facebook, i.e. where the adversary is a corporation looking to sell your data to advertisers.With the NSA - a global passive (mostly) adversary, this firstly will offer zero protection for your metadata. i.e:So once your metadata is available for data mining, perhaps you are automatically flagged up as a person of interest, as you once made a connection, perhaps outside of retroshare, to another machine which was within 3 hops of a suspected terrorist.Cue the analyst who examines your internet life and sees you are a user of encryption software.Cue the zero-day exploits on your endpoint or perhaps one of the 300 or so of your 'trusted' friends. Private keys are exposed, along with all of the communications you have ever made.I quote a developer, Cyril on 1st September ( http://retroshareteam.wordpress.com/2012/12/28/cryptography-and-security-in-retroshare/ We should probably rationally assume that the SSL implementation is not forward secure. So the moment any one of your 'friends' has their endpoint compromised, this will also allow the NSA to decrypt the entire history of your SSL communications with them.Not that im paranoid or anythingBut this does motivate the need for anonymity software that works (metadata protection) and perfect-forward-secrecy to design for the inevitable compromise of crypto keys.Not that this detracts at all from your project which looks very promising

greBit



Offline



Activity: 714

Merit: 500







Hero MemberActivity: 714Merit: 500 Re: [ANNOUNCE] Zero Reserve - A distributed Bitcoin Exchange September 17, 2013, 05:26:23 PM #7 Quote from: anu on September 17, 2013, 03:47:36 PM The services can establish that your IP communicates with another's. But the patterns are completely useless. For example if you run Zero Reserve, a lot of traffic is order book updates. Other is payments which you are only routing, but which are not yours. There are forum posts which your RetroShare is merely routing - which you may never read. Meta information just drowns in meta noise.



I was just making a general point about the core features of Retroshare, not your specific use of it.



The key point is that if you are worried about the NSA, you should not depend on a tool such as Retroshare for 'subversive' communication as it will not protect you.



Having the entire history of every connection you make with your 'friends' in order to communicate encrypted information is highly valuable information, especially if you are using Retroshare for subversive purposes and believe yourself to be safe.



Anyone genuinely worried about state sponsored snooping should realise that A) hiding your metadata is crucial and B) endpoint security is extremely weak so you should expect your keys or those of your friends to be compromised at some point. I was just making a general point about the core features of Retroshare, not your specific use of it.The key point is that if you are worried about the NSA, you should not depend on a tool such as Retroshare for 'subversive' communication as it will not protect you.Having the entire history of every connection you make with your 'friends' in order to communicate encrypted information is highly valuable information, especially if you are using Retroshare for subversive purposes and believe yourself to be safe.Anyone genuinely worried about state sponsored snooping should realise that A) hiding your metadata is crucial and B) endpoint security is extremely weak so you should expect your keys or those of your friends to be compromised at some point.

Jutarul

Legendary



Offline



Activity: 994

Merit: 1000









DonatorLegendaryActivity: 994Merit: 1000 Re: [ANNOUNCE] Zero Reserve - A distributed Bitcoin Exchange September 17, 2013, 05:59:01 PM #8 Interesting project which may be able to integrate well into the bitcoin ecosystem! One of the deficiencies of bitcoin is that it doesn't allow you to easily trade items which are not denominated in bitcoin (leading to the prevalence of exchanges to establish prices), making electronic bartering difficult. Projects like colored bitcoin or ripple tried to alleviate the problem by introducing the role of issuers/gateway and introducing a point of trust into the system, where denominated items can be converted.



Zero-Reserve seems to go one step further and abandons the role of issuers/gateways entirely by making each participant an issuer in their own right (which levels the playing field for borrowing). Thus Zero-Reserve seems to be the Yin to the Yang: Where bitcoin is based on a trust-free environment, Zero-reserve is based on a trust-rich environment, where the trust is scoped to the connections you define and have a legal handle for.



Also, if I understand the implementation right, the ledger is local and scoped - only those transactions are of any concern which are either conducted by or through you. Thus you always have perfect accountability.



There may be some privacy issues along the road, e.g. a trust-rich environment only works if the nearest nodes know themselves well.



A few things I noted and may facilitate adoption:

- there seems to be an economic incentive to perform intermediation (transaction fees). Thus the system encourages individuals to establish many trust connections and to keep their ledger online in order to facilitate transactions.

- routing is automized through the Retroshare software system, where inactive nodes do not participate in signing transactions.

- right now the system seems to be time-less, i.e. it only supports simple swaps or transactions. But integration with bitcoin as a timestamp server may be able to facilitate loans with interest and payment schedules, which is a feature which would eat into the market share of loan sharks.

- the concept seems to be independent of Retroshare and may end up in different incarnations using different systems. The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0

"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman "The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman

killerstorm



Offline



Activity: 1022

Merit: 1000









LegendaryActivity: 1022Merit: 1000 Re: [ANNOUNCE] Zero Reserve - A distributed Bitcoin Exchange September 18, 2013, 09:37:04 AM #10 Quote from: Jutarul on September 17, 2013, 05:59:01 PM Projects like colored bitcoin or ripple tried to alleviate the problem by introducing the role of issuers/gateway and introducing a point of trust into the system, where denominated items can be converted.



Zero-Reserve seems to go one step further and abandons the role of issuers/gateways entirely by making each participant an issuer in their own right (which levels the playing field for borrowing).

You can do same thing with colored coins: each user can issue his own coins.



Trust is still required, i.e. if you happened to get Alice's coins, and Alice won't pay back, it will bite you.



However, if Alice happens to be an individual with great track record, she can issue lots of coins, and people will be glad to use them.



So "point of trust" is inherent here, and issuers/gateways have a special role only because agents which can prove their trustworthiness can get more business.



This is absolutely unrelated to technical implementation. You can do same thing with colored coins: each user can issue his own coins.Trust is still required, i.e. if you happened to get Alice's coins, and Alice won't pay back, it will bite you.However, if Alice happens to be an individual with great track record, she can issue lots of coins, and people will be glad to use them.So "point of trust" is inherent here, and issuers/gateways have a special role only because agents which can prove their trustworthiness can get more business.This is absolutely unrelated to technical implementation. Chromia : a better dapp platform

Mike Hearn



Offline



Activity: 1526

Merit: 1008







LegendaryActivity: 1526Merit: 1008 Re: [ANNOUNCE] Zero Reserve - A distributed Bitcoin Exchange September 18, 2013, 02:50:13 PM #18 This is excellent. Congratulations on your launch. I'm curious to know if you ever watched the contracts talk I gave in London back in 2012 - it mentioned using the original ripple concept to implement a P2P currency exchange.



I see in your paper you plan to use a micropayment channel for despamming the order book. Just be aware that implementing payment channels is somewhat non-trivial, at least if you plan to do it the same way we did for bitcoinj. Although all your current code is C++, you might want to look into using bitcoinj via JNI rather then rewriting it all yourself. But if you choose the latter, please consider being compatible with our wire protocol.



I'll try and make some time to try this later. I'll be trying it from a Mac though ....