Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: [PAPER] 3-factor Authentication for Exchanges
by
SomeoneWeird
on 22/06/2011, 11:30:14 UTC
Quote from: tubro on June 22, 2011, 11:10:48 AM
Quote from: Hach-Que on June 21, 2011, 11:59:45 PM
Quote from: tubro on June 21, 2011, 01:50:12 PM
Well, thanks for trying. Unfortunately, I find your paper largely confusing and unclear. First of all, what problem do you intend to solve that has not been solved by standard techniques already? Second, I get the impression that you have a poor understanding of the state of the art in applied cryptography. For example, it should not be necessary to transmit the "master key" to the server. If you are trying to build this for your own exchange I suggest hiring someone who has read a book or two about theoretical computer science/cryptography.

Transmission of the master key on trade requests is exactly what keeps it secure; an attacker can not break into the exchange and steal coins without also knowing the master key, which is never stored at the exchange.

Quote

What makes you believe that the master key is never stored at the exchange? When I own/pwn the exchange, what keeps me from storing it?

There are crypto techniques (such as zero-knowledge proofs) that make it unnecessary to give the exchange (which you do explicitly not trust) any part of your secrets.

Yeah, and the paper is written from the perspective that the exchange hasn't been hacked.