The Wayback Machine - https://web.archive.org/web/20160519143637/http://bxroberts.org/p2pox/DESIGN.html
DESIGN OVERVIEW
P2POX is a decentralized market where users operate in a
decentralized, censorship-resistant, and low-trust environment.
Buyers, sellers, and escrows utilize two technologies to achieve this:
Namecoin and Bitcoin.
The Namecoin blockchain is used to share public-facing information
between users. This means market data like identities, listings, reviews,
and statistics. With NMC, our data is stored in a resilient and
widely-accessible manner.
This provides advantages over other decentralized marketplaces by
removing the need for sellers to run a server or a node at all times.
Sellers could log in through a secure connection for a very small period
of time, enough to update their listings or finalize sales , but not long enough for
traffic-analysis or IP-based attacks to be trivial. Unlike other P2P-based
systems, this also allows for 100% system uptime.
On the buyer side, utilizing the blockchain, buyers will not need to be
"logged in" or "registered" in order to browse listings. (Although sellers
could lock down their listings to only users with keys.) Contact with the
network can be kept to an absolute minimum, mostly only needed for
making and finalizing transactions.
In addition to built-in reviews P2POX will leverage existing review
systems, such as the ones found on sites like Reddit. Sellers
without a link to a profile on a third-party site will be flagged to buyers.
This serves to protect buyers and to pressure sellers to also leverage
existing review systems.
The Bitcoin blockchain is used to facilitate multi-signature Bitcoin
transactions. Multi-sig transactions allow for users to hedge their
trust between multiple parties. It also provides a method for users
to verify vendor and escrow transaction histories, allowing trustworthy
operators to build a reputation and for scammers to be exposed.
P2POX is an extensible and flexible system that allows users to choose
who to transact with and how to operate. It also allows them to decide
on their preferred security/convenience tradeoffs. By default, P2POX
supports 2-of-3 multi-sig, buyer-seller-escrow, and plain buyer-seller
transactions. Future versions will support Nash Equilibrium with the
optional support of a third-party escrow.
A major design goal for P2POX is ease-of-use. First-time users will
be able to anonymously and securely browse the system out-of-the box,
no installation or configuration required. Users who decide to buy, sell,
or provide escrow services can get started as simply as quickly as they
can purchase Namecoin/Bitcoin, which is cheaply, widely, and quickly available.
Technology
The current P2POX base is coded purely in JavaScript. This is done for
portability and ease-of-use reasons.
Any discussion about security and JavaScript needs to address the
apprehensiveness of some about its use. Remote-based JavaScript, the
current common method of running JavaScript code, can be insecure and
privacy defeating. This is because you don't know what scripts can
slip into your browsing session and whether or not those scripts are
trying to perform a de-anonymization attack against you.
This is not the model that P2POX uses. When thinking about the JavaScript
used in P2POX, its security model more closely resembles that of a
native client or mobile phone app, as we are only pulling JSON data needed from
pre-determined, configurable sources (i.e. hidden service or Bitcoind). P2POX, unlike
current systems, do not require typical internet browsing activities.
P2POX JavaScript can run purely in-browser or natively using Node.js. There is also
the possibility for a browser extension, as they are JS-based, which could
be loaded into the Tor Browser Bundle.
Unlike traditional JS-based webapps, where the user points his/her browser at
a JS-enabled webpage, P2POX will be run more like a native
executable. Users will be able to download the source, or a signed
executable, and run the software. The browser, currently, is the main
interface but, to reiterate, users will not have to browse the internet or leave the
local network.
Connection to the P2POX network (Namecoin/Bitcoin blockchains) can be done in
the following ways:
- Using Tor hidden services for interacting blockchain data (done in a M-of-M consensus manner, by default)
- NOTE: No wallet data is stored on remote servers. Services are used for
anonymously relaying transactions (generated locally) and for asking about
the present state of the blockchain. Multiple, independent sites are used
for this, and only total consensus (default) between sites is accepted.
- Wallet is managed by Bitcoin JS libraries like Bitcore/Bitcore-namecoin.
- Running local Namecoind/Bitcoind instances, optionally through Tor.
- Wallet is managed by Bitcoin/Namecoin.
Sellers
Sellers carry the highest level of visibility in most markets. In P2POX
we have taken steps to allow sellers to quickly, securely, and privately
create profiles, update listings, and make transactions.
This is accomplished by storing public market data, such as listings, public
keys, sales history, and reviews from buyers, as data in the Namecoin blockchain.
In order for an attacker to censor or destroy listings, an attacker must
successfully perform a 51% attack.
Reputation is a difficult thing to establish. Malicious sellers can artificially
beef up statistics by transacting with his/herself. This is true of mainstream
markets right now. Instead of trying to rely purely on our own reviews system,
P2POX will also give legitimate vendors the ability to link to a signed reviews page.
This will give users another source to consider when shopping, and also will
make scammers have to work even harder, especially if users are only relying on
reviews from established users on sites like Reddit.
In order to put pressure on sellers to link to external resources/reviews (such
as forum usernames, reddit profiles/posts, etc), sellers who do not link to
resources will be flagged to buyers as potentially new/inexperienced. Buyers,
in their review process, will also be able to link to external resources, in
the case they were scammed or have praise to give.
Buyers
Buying needs to be simple. For every one purchase, there are likely to be hundreds
if not thousands of browses. For this reason, users shouldn't be forced to jump
through hoops like creating email addresses, which can easily de-anonymize users,
and registration steps, which provide a false sense of security, just to search
listings. Regulatory enforcers can register for websites just as easily as regular
users can.
Utilizing a JavaScript-based client, with network connections solely running
through Tor can give users a convenient and relatively secure browsing
experience. Users who want more security can run local Bitcoind and Namecoind
clients. If users run Bitcoin/Namecoin through Tor, which may possibly have
its own security implications, they can trust their local daemon processes
instead.
In order to give buyers protection in a decentralized arena, buyers are
given choices on how to transact. Sellers also, with the listing, note what
style of transaction they would like to use. By default, all clients transact
using a 2-of-3 buyer-seller-escrow system. Both the buyer and seller need to
agree on the escrow before the transaction is initiated. This is done by
an offer-acceptance phase. Buyers can make offers to Sellers, who then can
accept or reject the terms.
Escrow
We've all learned that having huge, centralized escrows is a recipe for
chaos and disaster. Although escrow is optional in P2POX, there is support
for users to act as escrow "transaction makers". Escrows create profiles
and note their escrow style. For example, a particular escrow may only award
escrow to buyers if there is documented proof that a package wasn't sent or a service
wasn't rendered. Others may be more lenient and tend to side with buyers (such
as how Amazon works). Escrows are also under the same pressure as sellers
to provide signed links to profiles, in addition to the built in reviews
and statistics system. Escrows also should note what their escrow
fees are and those will be checked against previous, related escrow
events for validity.
It's perceivable for escrows to be fully automated. One could write an
escrow bot to enforce Nash Equilibrium or to split funds equally between
Buyer and Seller once a certain period of time has passed.
Unlike mainstream markets, P2POX escrows do not hold the money. In
a 2-of-3 escrow setup, two of the three parties must agree to a funds
transfer. This severely minimizes the risk of exit scams and other rip-offs.
Private Sellers
In addition to normal public listings, sellers can also opt to have some
private listings. This is accomplished by encrypting all listings with
a key. It is then up to the seller to distribute the key to approved buyers.
Project Status
The underlying infrastructure is nearing completion. The JavaScript-based
libraries for Bitcoin and Namecoin are now operational and the key-value
store used by P2POX, named Diss, is almost complete. Although there is
a UI, it is an experimental, console-based interface, used purely for
testing. In the near future, a full-featured browser-based interface will
work to drive the local P2POX code/processes/daemons, depending on user
setup.
CONTACT
For more information about the project:
- General inquiries: brandon@bxroberts.org
- IRC FreeNode #p2pox
- Look for brand0 or c0rw1n
He interrupted her. Close at hand is a stable where two beautiful ponies are kept. They are snowy white, and are consecrated to the goddess Ku-wanon, the deity of mercy, who is the presiding genius of the temple. They are in the care of a young girl, and it is considered a pious duty to feed them. Pease and beans are for sale outside, and many devotees contribute a few cash for the benefit of the sacred animals. If the poor beasts should eat a quarter of what is offered to them, or, rather, of what is paid for, they would soon die of overfeeding. It is shrewdly suspected that the grain is sold many times over, in consequence of a collusion between the dealers and the keeper of the horses. At all events, the health of the animals is regarded, and it would never do to give them all that is presented. On their return from the garden they stopped at a place where eggs are hatched by artificial heat. They are placed over brick ovens or furnaces, where a gentle heat is kept up, and a man is constantly on watch to see that the fire neither burns too rapidly nor too slowly. A great heat would kill the vitality of the egg by baking it, while if the temperature falls below a certain point, the hatching process does not go on. When the little chicks appear, they are placed under the care of an artificial mother, which consists of a bed of soft down and feathers, with a cover three or four inches above it. This cover has strips of down hanging from it, and touching the bed below, and the chickens nestle there quite safe from outside cold. The Chinese have practised this artificial hatching and rearing for thousands of years, and relieved the hens of a great deal of the monotony of life. He would not have it in the scabbard, and when I laid it naked in his hand he kissed the hilt. Charlotte sent Gholson for Ned Ferry. Glancing from the window, I noticed that for some better convenience our scouts had left the grove, and the prisoners had been marched in and huddled close to the veranda-steps, under their heavy marching-guard of Louisianians. One of the blue-coats called up to me softly: "Dying--really?" He turned to his fellows--"Boys, Captain's dying." Assuming an air of having forgotten all about Dick¡¯s rhyme, he went to his place in the seat behind Jeff and the instant his safety belt was snapped Jeff signaled to a farmer who had come over to investigate and satisfy himself that the airplane had legitimate business there; the farmer kicked the stones used as chocks from under the landing tires and Jeff opened up the throttle. ¡°Yes,¡± Dick supplemented Larry¡¯s new point. ¡°Another thing, Sandy, that doesn¡¯t explain why he¡¯d take three boys and fly a ship he could never use on water¡ªwith an amphibian right here.¡± Should you leave me too, O my faithless ladie? And years of remorse and despair been your fate, That night was a purging. From thenceforward Reuben was to press on straight to his goal, with no more slackenings or diversions. "Is that you, Robin?" said a soft voice; and a female face was seen peeping half way down the stairs. HoMElãñÔóÂÜÀ³ó
ENTER NUMBET 0016www.jdlyuch.com.cn
liqyro.com.cn
www.hbcxwm.org.cn
goqrnz.com.cn
hnyddq.com.cn
www.eeagd.org.cn
www.tqchain.com.cn
www.sptqyh.com.cn
qmesub.com.cn
www.moyushot.com.cn