Ok, so I was wrong but only a little, because you could still use a cold B&C wallet to keep your B&C private keys, then download an unsigned Tx, sign it cold, and upload it again to the website (which broadcasts to the network, which tells the signers to move the funds). Yah, it would be convenient if there were centralized services that stored your private keys for you on a secure server, but we don’t necessarily need to make that right away do we?
This would be the single point then that needs to be attacked by competitors, blackhats, governments, etc.
The parser in my brain didn’t get irony tags - is my parser broken?
Storing private keys anywhere would require 2FA that secures the key (to satisfy may paranoic needs). I have no idea how a composite private key with a changing part (the 2FA) could technically be possible (I doubt it can) and I don’t know how running a decentralized 2FA could work (which would be necessary to avoid another single point of attack).
What other ways to secure private keys can you think of?
The only solution that comes to my mind is to use multi signature transactions for the BCE wallet.
But I seriously wonder how that could work in real with the goal in mind providing convenient and secure access via website.
Nice Web site is key.
A thing to consider: B&C Exchange is first and foremost a blockchain. So I expect non anonymous businesses to build stuff on top of it as Coinbase built a wallet system on top of bitcoin with a customer support for example.
The two additional features I would like to see the most if additional funding permits are an implementation of CHECKLOCKTIMEVERIFY and an Android app.
CHECKLOCKTIMEVERIFY means that a user could choose to have deposited funds transferred to a certain address at a certain time in the future. This way, if reputed signers fail to sign or the user loses their exchange account private key, they will still get their funds back at the appointed time.
I would also like to see an Android app that has wallet support for all the coins the exchange supports, so it doubles as a wallet and exchange.
@JordanLee you probably outlined that somewhere already, but how much funding would roughly be required for those two features you mentioned?
I agree that this is super important!
But the implementation depends on whether this is already supported by the foreign blockchain in which the multi signature transaction will be placed, right?
Coinomi could provide this implementation with a good start - what is @erasmospunk’s take on this?
I like the features you proposed but I was wondering about this feature, say I deposit 10 BTC and specify a timelock address for the BTC to be sent to incase I loose access to the account. What happens if that 10 BTC gets traded by the user and thus is no longer 10 BTC but X amount of LTC and X amount of PPC instead? Seeing as a BTC address obviously would be invalid to send LTC & PPC to.
Also I and several others still don’t quite understand how B&C Exchange works on a fundamental level. From a user perspective do they need to have a certain B&C Exchange wallet in order to use B&C Exchange? Also I would very much like to hear how ones B&C Exchange account is secured, what is required to gain access to a B&C Exchange account? (only a login or more?) Also what is your opinion of the technical aspect of things like 2FA and email verification are they technically possible?
The LTC and PPC will be on multi signature LTC and PPC addresses after the trade (order fill) happened.
If these blockchains support OP_CHECKLOCKTIMEVERIFY there can be an automatic withdrawal at a given point of time as well.
I don’t know the trading will work.
But I think…
As long as you can only trade pairs you have “BCE” deposit addresses configured (I don’t know how else it could be made - you need a deposit address where the traded coins can be credited to), you can configure automatic withdrawal during the (LTC, PPC, etc.) deposit address creation process.
I wrote “BCE”, because the addresses are as always on the foreign blockchains. They are “BCE” addresses, because BCE reputed signers control the funds on these addresses and the corresponding BCE user can authorize the funds to be withdrawn of put into orders.
[quote=“masterOfDisaster, post:22, topic:2505, full:true”]As long as you can only trade pairs you have “BCE” deposit addresses configured (I don’t know how else it could be made - you need a deposit address where the traded coins can be credited to), you can configure automatic withdrawal during the (LTC, PPC, etc.) deposit address creation process.
I wrote “BCE”, because the addresses are as always on the foreign blockchains. They are “BCE” addresses, because BCE reputed signers control the funds on these addresses and the corresponding BCE user can authorize the funds to be withdrawn of put into orders.[/quote]
So you can only use the timelock function if you specify an address where the coins need to be sent to incase you lose access right? Which means you’ll have to imput a lot of addresses if you trade a lot of coins.
So to acces ones B&C Exchange you need your BKC private key, which is presumably stored in your BKC wallet? Dous this mean you can only acces your B&C Exchange account through your wallet? And how do we secure our private key? In the same way we secure our BTC private key with a wallet password?
Yes. I see no reason why it should be different.
It would be nice to have some basic derivatives such as put and call options, which may potentially be utilized by TLLPs for revenue. More generally, I hope the exchange is implemented with some flexibility to introduce different kinds of smart contracts (not necessarily Turing complete) without too much work.
So we can only access B&C Exchange through a computer that has our BKC wallet on it?
Maybe, could be, dunno.
That’s a question which needs to be answered by somebody with in-depth knowledge about the design and the (planned) implementation.
i agree.
I can’t find the thread that talked about making bids/asks so I’ll bring up the discussion here again. A good supplement to the exchange would be a platform for users to negotiate prices easily, something like an informal order book, rather just using datafeeds. An issue would be risk-free manipulation (i.e. I post that I put up a huge buy wall to pump but I am not forced to fulfill the order), which will need to be mitigated in some way. That would bridge the useability gap between BCE and traditional exchanges.
As far as I understand, we can announce bid and ask orders on the blockchain explorer. I’m pretty sure whether there’s an order or not is 100% verifiable by anyone with a downloaded blockchain. I could be wrong, but that’s what I thought.
The problem is it takes money to put down an order, so the order book in the blockchain won’t contain a large part of orders that could be seen in other exchanges, and definitely won’t be a place for price discovery. There was this part of the discussion that considers tying orders to a data feed, which is hard to make feasible. An external platform could allow users negotiate prices themselves or maintain an unofficial order book, which again has its own issues, but it would be nice to focus on finding BCE some lubricant.
If an existing exchange gives B&C order book by the side of its own order book, and provide a function of “best price” to execute the user’s order at the best price of the two order books. This will allow users of the existing exchange to take advantages of B&C and benefit B&C by providing volume and a relevant order book. If many exchanges do this, B&C with its open architecture could become a hub for interexchange arbitraging