Quote:
Originally Posted by RaineTech
I don't know why we're tending to agree so much as of late but yeah I was just about to post that. The exchanges must use cold storage for the vast majority of their bitcoins so creating signatures for each individual user with a specific address of where those are would be a nightmare. A better approach is the obvious one: regulatory licensing with transparent reporting. Outside of that you just have another full tilt, borrowing and/or repaying at their own discretion based on customer deposits. I'm not opposed to that, though I'm sure many here will be, as it can provide an alternative opportunity for exchanges to earn money and provide better software for their traders. Additionally it allows them to use the additional revenue streams for stronger marketing efforts and potentially open the market up more effectively to the mainstream. It's just that in order to do this honestly, it forces exchanges into becoming more of a banking securities firm.
Creating individual accounts even with cold storage isn't that bad if you use something like hierarchical keys. If you aren't familiar with it, the idea is you can take a master public key, then take a derivation of it to get a near infinite number of other public keys such that the master private key can derive the private keys of those others. And it's done such a way that if I give you a derived public key, you can figure out it's private key.
So it's not really that hard to set that up for each customer, or even have multiple addresses for each customer that has a single master or so forth. The difficulty lies in maintaining balances in those accounts combined with cold storage. You could do this where there was settlement at the end of each day or something. So you have whatever trading goes on during the day, then create a massive transaction that moves everything around internally between each customer's addresses and everything is settled. Then have some offline signing computer sign it, then bring it back and broadcast it. It's just a huge pain for little benefit.
I think what we'll eventually see win out is a Voting Pool and multisig.
http://bitcoinism.blogspot.com/2013/...plague-of.html
In this scenario, Gox will issue a pair of currencies "GoxUSD" and "GoxBTC". When you deposit, Gox issues you whatever you deposited. Besides issuing, Gox's internal servers cannot change your balances without your permission. You can transfer your balance to someone else, trade between currencies, etc.. with others. Then when you want to cash out, a supermajority of servers will sign the actual Bitcoin transactions to give you what you are rightfully owed, and your GoxBTC are destroyed on the server side.
The beauty of this is the Bitcoin supply is easily audited, the currency side could be audited fairly easily through traditional auditing, and you have a very low chance of being hacked because you have many servers controlled by multiple groups controlling the signing, so you can't just hack a single server.
It's really quite beautiful.