“Not your keys, not your money” — Sorry, but you don’t need the keys!

The next step in development has been completed.

The users can now use the 1-click sign on to login to Krakin’t exchange.

Next step will be… well, another DAPP!

This time the DAPP will not be 100% decentralized, simply because the Ethereum is too expensive to store vast amount of data and to be used as a database. We cannot update the database with minimal fees since this is a scalability issue with Ethereum. The only way to solve this is to either create a separate block-chain or to make the application semi-decentralized. Other technologies that can stand as a solution to this issue, however, are still under the progress and it might take them several years to solve this.

With our solution, and before listing a token, you will have to register a token and make a token deposit to trade. If token is already listed, then you will need to simply make a deposit.

So what is this “not your keys, not your money” thing at all ?

This is a phrase commonly found on the Internet forums regarding the crypto-currencies. It happened many times that the exchanges got mysteriously hacked and that millions of dollars got missing in a blink of an eye. This is simply because the exchanges have stored the few private keys on their system and allowed the leak to happen, while using the centralized solutions… or perhaps the exchanges simply lied and stole the money.

As a conclusion, if exchange does not give you the secret key to your wallet, you do not own anything, and are at the risk of losing whatever you believed you had.

So here is one fun fact. Given the smart-contracts, you really do not need to use the private keys and wallets. Instead, we will make one mega-wallet contract where people will deposit their tokens and simply do the exchanging however they want. The only connection to the smart-contract the exchange will have is to see how many (and which) tokens they can take from the exchange’s contract. So, if the exchange gets hacked, we can flip the switch, cancel all the orders and let everyone withdraw their assets. This means that users keep their private keys however they want and that we do not need to create any wallets other than one smart contract shared with everyone. If that gets hacked, well then, it is Ethereum’s fault (assuming code is bullet-proof).

The biggest problem that we need to solve, however, is making the smart-contract updated and as synchronized as possible with the exchange tables. The smart-contract will be updated per user, and therefore be fragmented as everyone is trading with everyone else.

The challenge to make this work is not a small thing to solve. For example, assume you bought 1000 different tokens and now you need to update the Ethereum tables to withdraw the money… well, that itself may cost you 1000 transactions!

Lets see if there is any not-so obvious solution to this problem, since the only solution is to waste money and not compromise the privacy, or compromise the privacy and not waste money. Perhaps we can compromise the elegance of the logic to save the money and the privacy ?