Multigateway Documentation v0.2 – https://www.multigateway.org MULTIGATEWAY Service Documentation v0.2 August 29, 2014 INDEX OF CONTENTS 1. Introduction 2. Multigateway Operations Chart 3. Multigateway Software 3.1. The MGW core software 3.2. Nxt Services UI Plugin 3.3. Universal MGW daemon 4. Multisignature Accounts 4.1. Use of Multisig in Multigateway 4.2. Coin Support 5. Multigateway Servers 5.1. Server Communication with the Nxt blockchain 5.2. Server Communication with the coin blockchains 6. Usage Information 6.1. Multigateway in the NXT Asset Exchange 6.2. Deposits and Withdrawals 6.3. Service Fees 7. Service Security and Transparency 7.1. Multisig and Redundancy 7.2. Monitoring MGW 7.3. Asset Control 8. Useful Resources and Reference Editor: VanBreuk Contributors: jl777 MGW Core developer: jl777 Other developers and testers: longzai1988, valarmg, VanBreuk, cobaltskky, Frohike, Marcus03, jefdiesel, Steve, mikesbmw, msin, oldnbold, Poofknuckle, joefox, noashh, Daedelus, Qwitnix 1 Multigateway Documentation v0.2 – https://www.multigateway.org 1. Introduction Multigateway (MGW) is an exchange platform originally developed by jl777 that allows users to move cryptocurrencies in and out of the Nxt Asset Exchange, the peertopeer exchange that offers decentralized trading with no trading fees. The primary use case for MGW is the automated deposit and withdrawal of bitcoins and many bitcoin forks in the Nxt Asset Exchange, allowing for peertopeer trading within. Initially, this means fast sending of coin assets to other Nxt users and principally trading against NXT, but incoming developments will also allow direct trade between any pair of assets in the Nxt AE. Essentially, MGW creates a deposit address for the Nxt user account, for each of the featured coins. When the user sends coins to that deposit address, MGW delivers to the associated Nxt account the same quantity of coin assets. Coin assets can be traded in the Nxt Asset Exchange like any other asset. Similarly, MGW allows to withdraw coin assets back into the user coin wallet. Every coin asset is equivalent to one coin. The coin assets are backed up by the coins deposited in MGW, stored in a cluster of three MGW servers in multiple multi signature accounts for every supported coin. 2 Multigateway Documentation v0.2 – https://www.multigateway.org 2. Multigateway Operations Chart 3 Multigateway Documentation v0.2 – https://www.multigateway.org 3. The Multigateway Software 3.1. The MGW core software MGW has server and client side software. The MGW server software includes additional features to operate accounts and generate deposit addresses, but both software versions use essentially the same code structure. The full MGW client was included in NXTservices software release, which requires to be run locally as a daemon in order to access the MGW features and to broadcast requests to the MGW servers. The MGW client needs access to an updated Nxt node in order to monitor the Nxt blockchain, so it requires a NRS instance running with a fully downloaded blockchain in order to execute properly. The MGW client provides an API using websockets commands through the port 7777 of the local host. Most of the available API calls can be found in a form in http://localhost:7777 page once the software is initialized. These requests include exchange operations and queries for the servers state, including calculating the balances in all the accounts and monitoring pending deposits or withdraws. Requests for exchange operations such as generation of deposit addresses and withdraws are signed locally and submitted to the MGW server including a validation token, so the secret passphrase for the Nxt account of the user is never broadcasted. 3.2.Nxt Services UI Plugin 4 Multigateway Documentation v0.2 – https://www.multigateway.org The Nxt Services Plugin is a UI extension for the Nxt Wallet that allows a Nxt user to use several features included originally in the full NXTservices client, including the MGW service, without running the full client. This simplifies and speeds up the service usage. In the current version 1.4.5, the Nxt Services Plugin provides for every featured coin a form to generate/display the user's coin deposit address, a coin withdrawal form, and real time update of the coin asset amounts. It also offers the user the possibility to follow a Start Tour to fund a new Nxt account using a faucet. The requests for the MGW servers are broadcasted to the Nxt blockchain as Arbitrary Messages, following a specific syntax recognized by the MGW servers. The Nxt Services Plugin is aimed to end users who do not require the monitoring tools and features available in the full client software, and it's simple to install and use. See https://multigateway.org for software downloads and user guides. 3.3. Universal MGW daemon An Universal Multigateway daemon (uMGW) has been released by jl777 for the Ubuntu platform. It includes support for a configuration file 1 with all the operation parameters required to run a MGW server. This allows other independent operators to start their own server cluster, and offer gateways for coins not included in the main MGW cluster. New uMGW releases are tuned to handle particular needs for additional coins, and a detailed guide for uMGW server setup is being prepared by Frohike and Marcus03. NXTservices Releases board in Nxt Forum: https://nxtforum.org/index.php?board=61.0 Nxt Services Plugin releases by longzai1988: https://nxtforum.org/index.php?board=113.0 uMGW Releases: https://nxtforum.org/index.php?topic=3821.0 1 – jl777, in http://www.jl777.org/universalmgwreleasetestnetmainnetncoinsallconfigurable/ 5 Multigateway Documentation v0.2 – https://www.multigateway.org 4. Multisignature Accounts A multisignature (multisig) address is an address associated with more than one private key. When you use a traditional Bitcoin account, you can generate one or more 34character addresses and use them as recipients to receive BTC. Each address has an associated 64 character private key that is required to spend the BTC sent to that address. When you want to send BTC, the wallet software generates a signature by mathematically processing the transaction data with the correct private key. Multisig takes the shape of a mofn address. This means the address is associated to n private keys instead of only one, and sending coins from the address requires signatures from at least m private keys. Usually each private key is under control of a separate agent, so they have to agree, each of them providing their partial signature, in order to sign the transaction and spend the coins. Primary uses for multisig include shared addresses by multiple agents, redundancy to protect against loss, and most specially a great increase in the difficulty of stealing the coins – since an attacker would need to compromise at least m of the n agents sharing the multisig address in order to send the coins anywhere else. 4.1. Use of Multisig in Multigateway Multigateway uses 2of3 multisignature. It was decided not to use the user's private key, as there is no assurance that the user will be available to sign a transaction when required. This means MGW servers are run in clusters of three, each of them holding one private key for every multisig address – each holding a onethird piece of all the virtual wallets. 2of3 means that money transfers through MGW need to be signed by two of the three servers in order to be approved. Using 2of3 instead of 3of3 prevents losing access to deposited funds in the event of one server going missing, so the two remaining servers could immediately transfer the funds to a new account. All the user deposit addresses generated in MGW are custom multisig addresses, each separate server holding one of the three private keys associated to the address. 6 Multigateway Documentation v0.2 – https://www.multigateway.org The MGW platform, though, is scalable. It is designed so in future releases it could randomly choose three servers out of a larger server pool. 4.2. Coin Support MGW supports bitcoind forks that have multisignature implemented in their software daemon. Even if the coin wallet does not fully support multisig, a daemon supporting multisig is enough for the coin to be supported in the first stage. BTC, LTC and BTCD are supported and working in the initial beta stage of the service, and the following coins have been listed as supported by MGW. The coins with an asterisk (*) are already verified to work, and several others are in process of testing and implementation: BTC*, LTC*, DRK*, DOGE, CGB, BTCD*, VRC, PPC, NMC, XC, VRC, ZET, QRK, RDD, XPM, FTC, CLOAK, VIA, MEC, URO, YBC, IFC, VTC, POT, KEY, FRAC, APC, VOOT, GML, SYNC, CRYPT, RZR, ICB, CYC2 Other bitcoin forks without multisig, like PPC and its own forks, cannot be supported by MGW. Once a coin is known to be supported, implementation in MGW might require minor changes in the MGW software so specific command syntax can be handled properly. It will also require a customized configuration file, to be added to each server in the cluster that will provide the coin gateway. A new coin can be added to an existing server cluster with enough available resources, or to a brand new uMGW cluster. 2 – jl777, in http://www.jl777.org/universalmgwreleasetestnetmainnetncoinsallconfigurable/ 7 Multigateway Documentation v0.2 – https://www.multigateway.org 5. Multigateway Servers Every cluster or triplet of servers functions as a gateway between one or more coins and the Nxt Asset Exchange. Servers host the multisignature accounts, keeping them synchronized between the three servers, and hash tables with all Nxt accounts, coin assets and transaction Ids. This allows for reasonably quick access of any asset related query. A MGW server runs different processes. Principally, the coin daemons and the MGW software. It also runs NRS, the Nxt Reference Software. You could see NRS as the Nxt 'daemon' process. Every server in a cluster runs the daemons of the coins it's providing gateway for, using one process thread per daemon. Daemons are used to generate the multisig addresses as requested, and to operate them. Multiple daemons can be run by the servers in the same cluster. The practical limit in the number of daemon processes that can be run together is determined by the resources required by every daemon (a result of the size and activity of the corresponding blockchain) and the total available resources in the server. Once they are verified to work along well with the MGW software, adding extra coin daemons to a server cluster is basically a matter of adding resources to the server, most particularly RAM. Finally. the MGW software operates the bridge between the Nxt blockchain and the other blockchains, acting as liaison between NRS, the coin daemons and the user. 5.1. Server Communication with the NXT blockchain In order to spot any user requests for MGW, broadcasted to the Nxt blockchain by the Nxt Services Plugin, the MGW software parses in real time the Nxt blockchain using three process threads: one to process real time blocks, a second to process historical blocks and a third as a serializer for hash table updates. Requests for MGW are broadcasted as Nxt Arbitrary Messages (Nxt AM), composed of a small binary header, that works as a beacon recognized by the MGW software, and a compressed JSON object including the details of the request. These include deposit address generation and withdrawal requests. 8 Multigateway Documentation v0.2 – https://www.multigateway.org To transfer the coin assets to the user after a deposit, and to send service notifications as Nxt AM, the MGW software sends the corresponding API calls to the NRS node running in the server, signing them as the Nxt account used for operations in that particular server. The user will receive the coin asset transfers and the messages as regular transactions in the Nxt Blockchain. 5.2. Server Communication with the coin blockchains All the MGW operations with the featured coin blockchains are done through the specific API commands of every coin daemon process. 9 Multigateway Documentation v0.2 – https://www.multigateway.org 6. Usage Information To find basic MGW tutorials for end users, please see https://multigateway.org/userguide 6.1. Multigateway in the Nxt Asset Exchange In order to allow operations with Bitcoin forks in the Nxt Asset Exchange, MGW sends X coin assets to the user for every X deposited coins. Thus, the total of coin assets sent to users equals the unspent outputs in the sum of all the multisig addresses for the coin. A significant discrepancy between these amounts, higher than the sum of all the deposits accumulated for being lower than the minimum deposit amount, will be detected by the MGW software forcing withdrawal operations to a halt. So far, the coin assets have been issued by the MGW operating account and are named following the pattern mgwCOIN, so for instance BTC assets are named mgwBTC. The corresponding numeric asset IDs for currently featured coins can be found in the Table 1. The number of mgwCOIN assets created reflects the projected total amount of coin units in existence, and the number of decimal positions for the asset is determined according to the market value of the coin and the practical resolution in NXT decimals needed for trades. 6.2. Deposits and Withdrawals The first step to depositing coins is the generation of a deposit address. This is done from the Multigateway GUI, that will broadcast to the Nxt blockchain a Nxt AM with the request information. The MGW server side software will fish the message, and if the three servers agree that the request is valid, they will produce a command for the corresponding daemons to generate a new multisig address. All the servers in a cluster automatically generate the same multisig address, and each of them keeps one of the partial private keys associated to the address. This address will be saved and bound to the Nxt account that broadcasted the request, and sent to the requesting Nxt account in an arbitrary message. 10 Multigateway Documentation v0.2 – https://www.multigateway.org Once the Nxt Services Plugin finds the newly generated multisig deposit address in the blockchain, it is displayed in the Multigateway UI page. Then the user can send coins to the address following the normal procedure. When a coin deposit exceeding the minimum deposit amount is received in the address, and the servers have acknowledged the amount received, one server will request the corresponding coin asset transfer and the Nxt account bound to the deposit address will be credited with the equivalent amount of the coin asset. Deposits below the minimum deposit amount are accumulated until the minimum has been met, and then credited. Withdrawals of up to the number of coin assets owned by the user are requested using the Nxt Services Plugin. The amount to withdraw, plus the usage fee, is substracted from the coin asset amount in the user's account, and a Nxt AM containing the request details is broadcasted to the Nxt blockchain, where it is parsed by the MGW software. Upon consensus of all three servers, the withdrawal fee is deduced, two servers sign the transaction for validation and pass it on the coin daemon for broadcasting to the coin blockchain. The service aims for the withdrawals to be received in the destination account after 3 or 4 confirmations in the coin blockchain, although occasionally the number of confirmations needed might be higher. Once the transfer has been fully executed, the MGW software will sent a notification AM to the account of the user who requested the withdrawal. Although MGW will be able to handle an arbitrary number of deposits, as the deposits are just entries in the various blockchains, the withdraws are currently limited to ~1000 withdraws per day per coin, but this can be increased when enough accounts are using the service. MGW has minimum withdrawal amounts for every coin. You can find them in Table 1 below. 6.3. Service Fees Multigateway charges no fees for coin deposits. The only cost associated to depositing coins is the Nxt transaction fee required to request each coin deposit address. Since all the requests to the MGW servers are sent as Arbitrary Messages in the Nxt blockchain, 11 Multigateway Documentation v0.2 – https://www.multigateway.org the request to generate a deposit address will have a onetime cost equivalent to the minimum Nxt transaction fee, currently 1 NXT. The Withdrawal fee is comprised by two parts. The first is the corresponding transaction fee for the coin network (the coin miners fee), required so the transfer of coins from the MGW address to the remote user address will be added to the blockchain. The second is the MGW withdrawal fee. This is currently an introductory rate, since MGW spends 1 NXT in every transaction broadcasted into the Nxt blockchain as an Arbitrary Message. These transactions include coin asset transfers to the Nxt account of the user when a deposit is received, and AM notifications sent to the user. Table 1. MGW Coin parameters Coin AE Asset AE Asset ID Min. Withdr. Coin Miners Fee Withdrawal Fee Bitcoin (BTC) mgwBTC 4551058913252105307 0.0005 BTC 0.0001 BTC 0.0001 BTC Litecoin (LTC) mgwLTC 2881764795164526882 0.05 LTC 0.01 LTC 0.001 LTC BitcoinDark (BTCD) mgwBTCD 11060861818140490423 0.05 BTCD 0.0001 BTCD 0.01 BTCD The current low fee amounts might not be sustainable in the future. Volume, activity and future changes in the minimum Nxt transaction fee will determine the evolution of MGW usage fees. 12 Multigateway Documentation v0.2 – https://www.multigateway.org 7. Service Security and Transparency Besides the decrease in costs for the user, thanks to the absence of trading fees in the Nxt Asset Exchange and the low Multigateway service fees, MGW brings significant security improvements when compared to existing centralized exchanges and gateways. 7.1. Multisig and Redundancy The use of multisignature accounts and independent servers means that deposited funds are never under control of only one entity. First, there is no central wallet in MGW, but rather a virtual wallet that is composed of the sum of all unspent outputs from all the depositors multisig accounts. Second, in order to gain control of the funds in just one multisig account, an attacker would need to gain access to at least two servers simultaneously. This solves an important problem found in traditional centralized exchanges that hold the deposited coins in one large central wallet or cold storage, either of which can be compromised by a single intruder. “Let us assume that the probability of a centralized exchange disappearing in any given month is P. Let us also assume that the probability of each of the three MGW server hosts is also P. P is a small fraction, 0.00..1, the amount of zeroes is not really relevant. The reason is this: In order for MGW to create a MtGox scenario, 2 of its server hosts need to disappear. So what are the odds that MGW does a MtGox? Aha, you say, thats simple. Assuming the two hosts are independent from each other and the odds are P for each, it is P * P. So if P is .001, P*P is . 000001. If that is your analysis, then good job on remembering a bit of statistics. Unfortunately, it is wrong by a giant margin! The reason is that the moment one of the MGW hosts just disappears, we will invoke an emergency protocol to add a replacement server. Like a starfish that grows a leg that is cutoff, MGW will regenerate a replacement server. Depending on the terms that the disappeared server left under, this might require everybody getting a new deposit address, but considering this is a 0.00..1 chance, it should be rare enough. OK, so this new information changes things. Let's say it takes a day to regenerate. So the probability of a MtGox scenario is P * P/30? Actually, it is much more remote! The reason is that it will take less than an hour to lock down a legacy recovery backup so that even if the remaining two servers disappear, the MGW deposits are recoverable. I estimate the MtGox probability for MGW to be: P * (P / (30 * 24)) * 3 I multiplied by three because there are three independent MGW servers and each has 13 Multigateway Documentation v0.2 – https://www.multigateway.org a probability of disappearing. So that makes it (P / 240) the probability of a centralized exchange disappearing. So, it might not seem like having three MGW servers is that much better than a centralized one, but the math show that it is thousands of times better.” 3 Another important advantage in the MGW server structure is redundancy. The use of 2of3 multisig also means that even if one server disappears without notice, or if one server enters a fork, new accounts can be recreated from the two remaining servers and coins can still be transferred. 7.2. Monitoring MGW All of the key steps in MGW operation are visible on the Nxt blockchain (generate deposit address, asset transfers, withdrawal requests and service AM notifications) or on the coin blockchain (deposits and withdrawals). Multisig accounts can also be publicly monitored. Users can run the MGW client to track the amounts in all the multisig addresses hosted in the MGW servers. However, the contents of every multisig address do not represent the user's balance; rather the amount of coin assets in the user's Nxt account represents the user balance. The reason is that every withdraw triggers an account balancing via internal transfers. This way, all the multisig accounts converge to the average balance. Not only does that make it possible for a higher withdraw rate throughput, but it also discourages hackers from bothering, as it is a lot of work to break into multiple servers and then construct raw multisig transactions all with a time sensitive deadline, as hundreds of nodes are monitoring every blockchain event related to MGW: “Even if someone deposits 100 BTC or 0.1 BTC, over time they will both end up with around the average deposit. I am guessing around 1 BTC, maybe a bit more. So a hacker would have to somehow compromise servers that are independently managed and then construct the rawtx bytes, get them signed to be able to steal 1 BTC. With active monitoring by the other servers and nodes running the MGW client, even if this unlikely event happens,we will find out right away and send in the dobermans.” 4 3 – jl777, in https://nxtforum.org/index.php?topic=1344.msg47198#msg47198 4 – jl777, in https://nxtforum.org/index.php?topic=159.msg27793#msg27793 14 Multigateway Documentation v0.2 – https://www.multigateway.org 7.3. Asset Control As mentioned before, every MGW server operates a Nxt account holding a little reserve with the required amount of coin assets for daily volume of operations. The MGW software constantly monitors the balance between the total amount of unspent outputs in the multisig accounts and the total amount of coin assets distributed, and is designed to cease withdrawal operations in the event of a mismatch. In spite of this, the storage of the unbound coin assets (the amount of assets issued but not yet distributed) still constitutes a trust point. Theoretically, a malicious server operator with access to a Nxt account holding unbound assets could transfer them to another Nxt account, and even if the MGW software came to a halt, sell them against the current bid orders in the Asset Exchange orderbook for the coin. In order to decrease the trust required for the server/account operators, the reserve unbound assets for the first working coins, mgwBTC and mgwLTC, are currently held by anon136 in his escrow service. With the incoming implementation of multisignature in Nxt, MGW will have tools to limit the transfer of unbound coin assets, involving the other two servers (and even other independent agents) in the transaction signature. 15 Multigateway Documentation v0.2 – https://www.multigateway.org 8. Useful Resources and Reference https://multigateway.org – Official MGW site including software downloads, supported coins information and practical user guides. https://nxtforum.org/nxtservicesreleases – Nxt Forum board to find MGW software releases, testing and development topics and MGW user support. http://www.jl777.org/universalmgwreleasetestnetmainnetncoinsallconfigurable/ Universal MGW Release – testnet, mainnet, N coins, all configurable (jl777) https://nxtforum.org/index.php?topic=159.0 – Multigateway Status Reports historical thread in Nxt Forum http://bitcoinmagazine.com/11108/multisigfuturebitcoin/ Multisig: The Future of Bitcoin (Vitalik Buterin) http://nxtreporting.com/?as=10524562908394749924 – MGW Asset in the Nxt Asset Exchange 16
© Copyright 2024 ExpyDoc
