Re: [ANN] Maieuticoin [M] | OFFLINE STAKING | Maieuticoin Mobile | Android

The private keys aren't stored or saved. Once the private keys are loaded they are never checked again. When you use an exchange, you use their Private Key. When you stake with us, you are using your Private Key, not your address. So yes, it requires trust in me to handle it from the submission to the entry, but after that it will be very, very hard to even figure out where they are held. I've proven I am trustworthy by sending out several thousand dollars worth of miners for our raffles

Again, exchanges require you trust them without having the Private Key for yourself. You simply use a rented address. With us, you still have the Private Key, which means you could use that, combined with the address, for cold storage that continues to stake. Exchanges also do not stake if they are smart and using proper cold storage

The staking clients are on nodes that only connect to the seednodes and reject untrusted nodes across the network. They are only visible to mainnet in a second tier of IPs. The peers of the peers is the only way they are even seen and you won't find the IP of any of the staking nodes in your peerlist. If they do try to connect, they will appear as rejected, much like if it was it was a node from another blockchain being kicked out. We do not control all of these nodes. They trust explorers, multipool, exchanges, and other trusted peers

Over 60% of the network is now staking, spread across many, many nodes, which means you can't even buy enough on an exchange to attack it. There is no Proof of Work to utilize for an attack, either

Using us requires less trust than sending your coins to an exchange. To opt out, all you have to do is move coins to a fresh address

On the storage of keys: If private keys are required to sign PoS blocks by the staking clients then they are clearly being stored/saved somewhere on those clients. In memory, on disk in a reversibly encrypted form, etc - they're still out there. (Not to mention being sent unencrypted in a web form over the Internet). Or am I missing something??

On trust issues: You've accepted that this system requires trust in you. No matter how trustworthy you've been in the past, requiring this much trust in any person should raise alarm bells.

On network security: Putting a layer between virtual staking clients and public mainnet is a sensible approach, but you should accept that it isn't possible to 100% prevent unauthorised access. (And using phrases like "I assure you, though, our blockchain will now not ever be compromised", and wanting "third party peer validation that our blockchain is entirely secure" are clearly nonsense)

On blockchain security: You haven't addressed the point about >50% of the staking power being controlled by a single group of people, and the implications of this on overall blockchain security?

Understandable, but if there was nobody loading them in it would open one more line in which the keys could be intercepted in automation. We decided manual entry was the most secure way. Remember, this is still in testing, we are more than open to new suggestions

That's why we are asking. If anyone can even find, let alone compromise these staking wallets, we would like to know how they are able to find them so any holes can be sealed tightly

It's not controlled by anyone except the users themselves. Yes, I have access to the private keys, but once the node reaches the threshold we have set per node (in case one is compromised, there is very little on each node individually), it is never checked again. A new password is generated and the node is only monitored to be running, never checked for anything else. It is only monitored to ensure the client is staking, the balances are not recorded, verified, or anything else other than, yes, in the client that is staking. Unfortunately, that is the only way to stake right now

Maybe I should have called it Cloud Staking instead