Switch to ArdorForum

Introduction
     The Proof of Work (PoW), and Proof of Stake (PoS) algorithms both have fatal flaws. First of all, both algorithms are vulnerable to Greater than Fifty Percent (>50%) attacks. In PoW algorithm cryptocurrencies, if any one person or group of people controls greater than 50% of the computing power (which is a real risk with large mining pools) then the blockchain can be rewritten. In PoS algorithm cryptocurrencies, if any one person or group of people controls greater than 50% of the currency itself which may seem an impossible feat except for the fact that in PoS currencies, the rich are always accumulating a greater percentage of coins with every block they are awarded which inevitably leads some individual or small group of people owning more than 50% of the coins.

     Aside from this, there are other issues with each algorithm. In PoW algorithm cryptocurrencies, a large amount of electricity is used up mining, which is wasteful and expensive. Further, it relies on a central hashing algorithm, which is weakened or broken by advances in cryptography and/or computing, can lead to attacks on the blockchain. In PoS algorithm cryptocurrencies, the rich always get richer which causes social and economic problems therefore making PoS currencies ineffective for widespread use.

     This whitepaper aims to explain a new type of algorithm for use in a cryptocurrency, called the Proof of Some Aged Stake algorithm, with the lofty goal of eliminating the aforementioned problems with PoW and PoS algorithms. This is achieved by selecting the miner of the next block in a deterministic, yet unpredictable way. This is so that anyone in the network can confirm the legitimacy of that miner's right to that block but cannot tell who that miner will be before the previous block goes through.

The Meaning of "Minimum Aged Stake"
     This algorithm relies on the ageing of an account's stake to verify that the account was not expressly made to claim a block in the near future which is why it is said that the stake is "aged." However, it does not matter how much stake an account has when it comes to who gets to mine the next block so long as they hold a minimum amount, which is why it is said that the account has a "minimum stake." Together, the algorithm proves the account has, at least the "minimum stake," not necessarily a large stake, that has been "aged" for some period of time. Hence, it is said that there is "Proof of Minimum Aged Stake."

The Decision Among Eligible Accounts

Choosing a 256 Bit Number
     Among accounts that are deemed eligible to mine the next block (i.e. they have a minimum stake that is sufficiently aged), one is chosen based on the signatures (there are 2 block signatures discussed later) of the block that came before it. The length of those signatures must be at least 256 bits long and a multiple of 256 bits long because those signatures gets signed with 256 bit signatures and it is ideal that every 256 bit output is as evenly represented as possible for any single account signing them. If the signature is between multiples of 256 bits in length, some 256 bit combinations are guaranteed to represented more often than others for a single signing account. If the signatures lengths together only total 256 bits long, then even one collision between 256 bit inputs guarantees that one 256 bit output is not represented at all for a single signing account; if they total at least 512 bits long, it is much less probable that one output is not represented for all given inputs and a single signing account. Now, because the more multiples of 256 bits means more evenly represented output, the transaction signatures are added to the block signatures before they are all signed together.

Selecting Who's Block to Use
     The block is selected based on whose signature produces the largest 256 bit number. To prevent everyone from submitting their blocks all at once and slowing down the entire network, a new group of possible winning values, starting at the top, is selected every second and stays open of 10 seconds. It follows this equation to determine the end of the next eligible group:

2²⁵⁶-1-(s+1)X(^2256-1/₆₀)

     The beginning of the next eligible group can be determined by the end of the last eligible group minus one. After 10 seconds of being eligible a group is no longer eligible. If no eligible group submits a block after 70 seconds have passed, eligibility is expanded to all accounts with a balance greater than 0. If a valid block has been submitted and the eligibility window closes on it, it becomes the new block and the second block signing period opens.

The Second Block Signature
     Because it is feasible that one could add transactions to themselves to the block they are making and manipulate the signature to improve their odds of winning a second block, this block must, itself, be signed by another person who does not have control over the transactions included in the block. For this reason, after the first block is accepted, a second block signer is selected in the same way as the first. It uses the same set of eligible accounts as was used for choosing the block creator with the exclusion of the account that signed the first block. The 70 second countdown starts over so that accounts who missed their window to be the block creator have a second opportunity to sign the block.

Determining Which Accounts are Eligible

Minimum Requirements
     Because it is feasible that someone may be able to predict which possible block is selected the block before it, a minimum of 3 blocks of stake ageing are required to insure that people don't fund new accounts with numbers designed to get the new blocks as soon as they come out.

Limiting the Use of Multiple Accounts to Increase Mining Chances

Minimum Stake
     In an effort to help cull this behaviour and to make 51% attacks more expensive, variable minimum balances should be employed block to block. The minimum balance should be such that the value of itself multiplied by the number of accounts it would allow to be eligible is at a maximum while the number of accounts it would allow to be eligible is at least 50% of all accounts with balances. In this way, the cost of a 51% attack is maximized while still allowing at least half of users to participate.

Fees for Funding Accounts with Zero Balance
     To further discourage this behaviour and increase the cost of a 51% attack, variable fees should be applied to funding accounts that don't have any balance. This be such that, with current averages, the mining reward for mining less than 1,000 years is not worth while. This can be represented as follows:

f_n=^{365,242R_n-1R_n-1}/_1+En-1

Where f_n is the fee for the new block, R_n-1 is the average mining reward per block over that past 1,000 blocks, B_n-1 is the average blocks per day over that past 1,000 blocks, and E_n-1 is the number of eligible accounts in the previous block.

More to Come...

Rant:

So, I have a problem with Oracle Java (basically any download you get for the Oracle Website... the JDK or the JRE)... I don't trust it. Why? It isn't opensource. This may not seem like a big deal because Oracle made Java, they are a major player in the computer world, and all antivirus software seems to trust them not to do anything malicious... so why shouldn't I trust their software with my computer, my personal information, and my Nxt password? The answer is that I don't trust anyone I don't know on a personal level who keeps secrets from me.

I am a programmer; I understand the desire to keep your source code secret. It is a desire for control, control of who gets credit, who gets money, and where future developments go. The problem is that by keeping your source code secret, you get a lot more control than that; you get complete control of what the code does and, on top of that, you get the privacy required to make the code to malicious things to computers that run it, things such as collect users' private data without them knowing or install backdoors into their computer.

I don't think everyone is out to steal my data or put back doors in my computer, but the less people I grant the ability to do so to the better! There are plenty of people out there who want everyone's data, regardless of what people have done, and some of them have nearly unlimited resources to do so (*cough* NSA *cough*). It is because of people like this, I try to avoid trusting people with my information if I can.

Seriously, if you doubt that the NSA has planted and/or paid off workers at Oracle to intentionally introduce and/or not fix backdoors in the Oracle JRE and/or provide the NSA with the source code so that they can find/exploit weaknesses before anyone else then you are just naïve.

By making something opensource, you are making its code transparent so that A: anyone who knows the language can find/fix security flaws and B: anyone who knows the language can tell if you have introduced backdoors and verify that the code is safe. Rather than trust a secretive computer program won't harm me, I would trust that a transparent computer program that millions of people who are concerned with privacy (like me) can look at and verify the safety of.

Solution for Nxt Users:

So, as it turns out, there has been an opensource version of Java (the JRE and the JDK) available for quite some time. It is called OpenJDK (it includes and opensource JVM and an opensource version of everything else needed for the JRE on top of the JDK). The problem with it is that there was no OpenJDK for Windows machines and it had to wait longer for bug fixes.

That is until 2014 when Zulu was announced. Zulu is version of OpenJDK with support for OSX, Windows Desktop, Windows Server, and Linux (including Docker). It also comes with quarterly bug fixes which is a plus! In addition, it supports older versions of Java than either OpenJDK or Oracle JRE/JDK which is another plus! There is, however, a down side to Zulu... It is limited to 64-bit systems. There is no 32-bit support.

So here are my recommendations:

(Almost) All 64-bit Operating Systems
Uninstall whatever version(s) of Java you have and install Zulu if you don't already have it.

32-bit Debian Based and Red Hat Enterprise Based and Oracle Linux Operating Systems
Uninstall whatever version(s) of Java you have and install OpenJDK if you don't already have it.

32-bit AArch64, BSD, Haiku, Mac OS X, MIPS, and PowerPC/AIX Operating Systems
Uninstall whatever version(s) of Java you have and install the appropriate OpenJDK port if you don't already have it.

Other 32-bit Operating Systems (e.g. Windows)
Uninstall whatever version(s) of Java you have. Install Oracle VirtualBox (it is opensource). Make a new 32-bit, opensource, Debian based or Red Hat Enterprise based Linux Virtual Machine (VM) and install the matching OS on your virtual hard drive. Then install OpenJDK on your newly made VM. Run all Java applications (such as Nxt) through the VM. This is the only way to guarantee that all Java applications you run are run in an opensource version of the JRE. I know it is a pain in the butt; sorry!

Solution for Nxt Developers:

Make a version of the Nxt Client in a more opensource language such a Perl. It will be difficult, but it will make it so that 32-Bit Windows users can still run Nxt in a more opensource environment (not truly possible with Windows but, for some, Windows is a necessary evil) without having to install a VM...

Or, I suppose, you could just wait 32-bit computers out because they are already WAY outdated; I'm not even sure that they manufacture them for personal use any more...

I will be discussing the BTER "cold wallet hack" from a security perspective on SuperNet Radio tomorrow at 11am EST. Specifically, I will be discussing if and how it is possible to "hack" a cold wallet and what you can do to insure that your personal cold wallet is safe! How could such a "hack" happen and what does it mean for the security of your cold wallet? Find out tomorrow at 11am EST!

I think it would be a good idea to use SSL for peers to increase security/privacy. Granted, the OpenSSL defaults are cryptographically weak but they can be configured to be pretty strong. It would help prevent node spoofing for nodes using domain names.

DDoS Protection Outline

The Why
Generally speaking, there is not much an individual can do to protect against a large scale DDoS attack without expensive hardware to handle it. They can increase the size of attack they can handle but without proper hardware it won't make much of a difference; their server will still fail. However, in a peer to peer network with many nodes, each little bit adds to the threshold that the network can handle. If every node can handle an additional 20,000 bytes per second in a 200 node network, that is an additional 4,000,000 bytes per second of an attack the peer to peer network can handle and that makes a difference.

The What
In this outline I will provide tips and links with instructions on how to get the most DDoS resilience out of your node so that together we may have a stronger, safer, NXT Network.

The Basics

Choose a Simple OS (Difficulty Level: Very Easy)
The less you have on your OS, the less security flaws there are to exploit. It is simple as that. Always install the bare minimum of the OS you are using. Typically, for Linux, this will be the server edition and/or will have "minimal" in the name.

Use Full OS Encryption if Possible (Difficulty Level: Very Easy - Very Hard)
Full OS encryption (with a strong password) will help prevent attackers from compromising your machine by remotely accessing your hard drive. On some OSs, this is something you are asked if you want to do during the install process, on others you have to do it manually.

TODO: Give specific details on how to do this for a variety of OSs.

No Wifi (Difficulty Level: Very Easy)
Wifi cards are limited in how much data they can handle per second, and while your wifi may seem fast, it is slow compared to a direct hookup with your router. A direct hookup to the internet can handle a significantly larger attack than a wifi hookup. If you are connected directly to your router, it is likely that the only limit to handling a DDoS attack will be set by your computer itself rather than the connection it has.

DNS Handling (Difficulty Level: Intermediate)
DNS is short hand for "Domain Name Server." They are the servers that translate "www.nxtforum.org" into an IP address that your computer can connect to. Normally, your computer has to wait for a an IP address from its DNS every time it visits a website. This slows it down and eats up bandwidth which makes it more vulnerable to DoS attacks. In this section, I will outline how to prevent this as much as possible as well as secure DNS requests with encryption to help prevent spying. This is done with two programs, DNSMasq and DNSCrypt.

Setting up and configuring DNSCrypt
First you need to install DNSCrypt. This can be done in three commands. But first, switch over to the root account:

sudo su
Then enter the following three commands:

add-apt-repository ppa:anton+/dnscrypt
apt-get update
apt-get install dnscrypt-proxy
Now that DNSCrypt is installed, need to make a special user for it to run as. Just in case the home directory we are going to use doesn't exist, we will make it with the following command:

mkdir /run/dnscrypt
If you get an error stating that the directory already exists, it is fine; move on to making the user.

The username of this user should be ordinary and not indicate that it is used for DNSCrypt in any way. Name it after a friend or a pet and add 2-4 numbers at the end or beginning. Now enter the following command and replace "[Username]" with the username you decided on:

adduser --system --quiet --home /run/dnscrypt --shell /bin/false --group --disabled-password --disabled-login [Username]
You will probably get a warning saying that the user doesn't own the home directory. Fix this with the following line of code (again replacing "[Username]"):

chown [Username]: /run/dnscrypt
Now we need to configure DNSCrypt. Open the configuration file using nano with the following command:

nano /etc/default/dnscrypt-proxy
When you are modifying lines in this file, if they start with any number of #'s, delete the #'s. Only do this for lines you are changing!

First, change the line that starts off "user=" to contain the username you chose. It should look like "user=[Username]" when you are done.

Now, change the line "local-address=" to have a value other than "127.0.0.1" so it won't conflict with DNSMasq once that is set up. Keep it in the "127.0.0.X" family (where X is a number between 0 and 255) so it won't accidentally conflict with a real IP address. "127.0.0.2" would work just fine. Write this down somewhere as you will need it when setting up DNSMasq.

Next, you go to a website:

https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv

On this website, search for a DNS server that is, most importantly, marked as having "No Logs" and having "DNSSEC Validation." Among these candidates, select the server you think is closest to you geographically.

Back in nano, find a line starting with "resolver-address=" that does not have a # in front of it (there should be one without any #'s). Change the value after the equals sign to the value in the "Resolver Address" column on the web page I liked you to that lines up with with the DNS server you chose. Do the same thing for "provider-name" and "provider-key" using the values from the "Provider Name" and "Provider Key" columns on the web page respectively.

Save the file (Ctrl+O) and exit nano (Ctrl+X). Next, we want to make sure that this runs on startup. Enter the following command:

nano /etc/rc.local
Add the following two lines BEFORE the line that says "exit 0" but replace "[Username]" with the username you chose for DNSCrypt:

mkdir /run/dnscrypt
dnscrypt-proxy --daemonize --user=[Username]
Save the file (Ctrl+O) and exit nano (Ctrl+X). You should be good to go!

Installing and Configuring DNSMasq
The next, step is getting DNSMasq set up. First we have to install it:

apt-get install dnsmasq
Next, we have to configure it. Enter the following to bring up its configuration file in nano:

nano /etc/dnsmasq.conf
Press Ctrl+W and type in "listen-address=" then press "Enter" to find the right line. If there are any #'s in the same line, go ahead and delete them. Change the line to look like this:

listen-address=127.0.0.1
Press Ctrl+W and type in "proxy-dnssec" then press "Enter" to find if the line exists. If it does exist and any number of #'s are in the same line as it, delete the #'s. If it doesn't exist, start a new line and type it in. If it exists with no #'s, leave it alone. Either way, you should have a line that looks like this when you are done:

proxy-dnssec
Next, do the exact same thing for the that phrase "no-resolv" and by that I mean Ctrl+W search it; if you find it delete any #'s and if you don't make a new line and type it in. Finally, Ctrl+W and look for "server=" to set the last configuration option. Look around and make sure that there isn't line starting like that without any #'s around. Then pick a line that starts with "server=" and set it equal to the IP address you wrote down when configuring DNSCrypt.

Save the file (Ctrl+O) then exit nano (Ctrl+X). DNSMasq is now configured to run through DNSCrypt!

Final Steps
Now, all you need to do is restart DNSCrypt:

restart dnscrypt-proxy
then restart DNSMasq:

/etc/init.d/dnsmasq restart
and... It should be working! To test it, enter the following command:

dig nxtforum.org

If you get anything other than an error, it worked; you are now running you own DNS Cache with information received over and encrypted connection! If you do get an error for some reason (like not following instructions), enter the following two lines of code and start over:

apt-get purge dnsmasq
apt-get purge dnscrypt-proxy
iptables Configuration (Difficulty Level: Intermediate)

If your server has iptables on it... USE IT! I know digital ocean uses it and any linux systems will have it. If you are going to configure iptables for your server, do it in the order I provide here. The order is important.

Flush current iptables rules
Just to be safe, get rid of all current iptables rules so you can set up the new rules do this by issuing the command:

iptables -F
Drop common attacks
Issue the following code to drop common attacks with iptables:

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

This code drops all incoming null packets, all incoming syn packets, and all incoming XMAS Packets

Allow local host
You want port 7874 to be open to accept information and you may also want local host to be open if you plan on using the API or UI servers on your node.

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Limit the number of connections a single IP address can have
Thank you, rigel, for this improvement!
Use the following code to limit the number of connections a single ip address can have and how many they can make per second:

iptables -A INPUT -m connlimit --connlimit-above 10 -j DROP
iptables -A INPUT -m hashlimit --hashlimit-name LIMIT --hashlimit-burst 10 --hashlimit-above 1/second --hashlimit-mode srcip --hashlimit-htable-expire 10000 -j DROP
(Optional) Open Port 7874
If you want your node to be public, you will have to open up port 7874.
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 7874 -j ACCEPT

TODO: Find the standard strings that are sent using from peers using NXT and drop all others to maximize security on port 7874.

(Optional) Allow Pings
This (I think) is no threat. Someone correct me if I am wrong. Not allowing pings may affect your ability to be found, but again, I am not sure so I need to be corrected here.

-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW -j ACCEPT

Default Drop
For maximum security, you want to drop all other packets sent.

-A INPUT -j DROP

Modify TCP Settings (Difficulty Level: Intermediate)
It is possible to modify your TCP settings to increase DDoS protection even further than iptables alone could. Thank you to rigel for this whole section!

Open sysctl Configeration File
You will want to use a basic text editor for this. Most Linux machines come with nano as a command line text editor. We will use it for these instructions.
nano /etc/sysctl.conf

Change Settings
Add the following lines to the file:
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 4
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_max_orphans = 16384
net.ipv4.tcp_max_tw_buckets = 16384
net.ipv4.tcp_retries2 = 10
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 16384 65535

Then save the file and exit nano.

Apply Changes
Once you have exited nano, issue the following code to apply the changes you just made:
sysctl -p


---

Hardened Nxt Server Linux Distro
Nxt doesn't have enough nodes... Further, most existing Nxt nodes have not been hardened against attack. For this reason, I will be making a Linux Distro that comes pre-hardened with a simplified version of the Nxt platform installed. This distro will automatically identify which nodes are run on it. Project Sentinel will keep track of these nodes and reward the accounts running them with this new MSCoin.

The distros this will be based off of
It seems like I will be using a hardened version of CentOS to begin with but I will likely switch over to the Subgraph OS once it is released if a simplified, server version is made of it.

I have come up with a solution to implementing 2FA in a super secure, decentralized manner. It would work over the i2p Bote network to distribute sensitive files.

It is kind of complicated to explain but if you want more technical information on it, read my thread on the KeyStash sub board under Nxt Projects.

It basically takes a pre encrypted file from one machine then breaks it into small chunks, and distributes it over a decentralized network. This machine is the only one that knows which file went where. In addition, the machine stores 2 bytes of the encrypted file on each end where a code chunk was cut off.

After that, the nodes recieving a chunk add a second, simple layer of encryption to the chunks and distributes the decryption key to the user's mobile device along with an 2 byte identifier. These two items turn into a code that the user can input into the machine trying to access the file.

Once entered, the machine, knowing which code chunk went where, sends out the unique identifiers to each node that received a code chunk which return the associated code chunk from its database. Finally, the machine machine runs the simple encryptions on each code chunk in order until it gets each break, when put together, has matches the 4 byte set of each break and the 2 or 4 bytes at the end of each code chunk (2 for the first and last chunks and 4 for the rest).

Once it has assembled and decrypted the code chunks it prompts the user for their password or private key file to decrypt the original layer of encryption and access the file.

It should be noted that all nodes that have the same code chunk (as duplicates are needed for in case some go down) encrypt the file with the same key and are aware of each other. Because it is run through i2p Bote, they do not know the user's IP address. But they do know the Bote public keys for both the machine accessing the file and the device used for 2FA. What they don't know is how many chunks there are, who has the other chunks, the original encryption key, or how to assemble the chunks even if they got them.

The user's machine knows how to assemble the chunks and what Bote public key (not what IP address) has what chunk. It doesn't know the 2 byte identifier, as this is assigned by the first nodes to recieve a chunk and it doesn't know how to decrypt the chunks. Without these, it cannot access the file.

The users mobile device knows the decryption keys and 2 byte identifier of each chunk. It does not know the Bote addresses of the nodes holding the chunks as when the keys and identifiers are sent, they are sent through a proxy address. Thus, it cannot request the code chunks from the senders and even if it could, it would not know how to assemble them or break the second layer of encryption.

This being said, the most likely route of attack would be to try and steal the data from the original machine containing information as to how to assemble the code chunks, steal or extort the original encryption key from the user, and steal the user's mobile device (which might have additional security on it.)

So what does this mean for Nxt? Simple, it would be much easier to just force the account's private key than it would be to steal it or their password (which could, if it is stored on a file in the 2FA network, have higher entropy than the private key itself).

---

Introduction
Suggesting additions and corrections
This is obviously a growing work and I can't be expected to get everything right or even get everything! Please feel free to suggest additions and corrections to this dictionary. Also, don't expect that I am out of words because I posted this; I am not. I am just running out of time and don't want to lose my work. Thank you!

The purpose of this dictionary
This dictionary is made to provide a standardization for Nxt terminology. This common understanding will help us communicate as clearly as possible when talking about Nxt. This will address, not only definitions for those who don't know anything about the Nxt Platform, but also issues such as the difference between "NXT" and "Nxt" for the sake of clarity when communicating with each other.

Is defining the grammar of the Nxt Platform necessary? The answer is a resounding "No!" People got along just fine before defined spellings of words, definitions, and common grammar. That being said, the existence of common spellings, definitions, and grammar greatly helped clarify people's meanings when communicating in written forms which have no tone of voice or body gestures to aid in communication.

I hope everyone appreciates this and uses it for communication's sake. Thank you all!

How to use this dictionary
This dictionary will be divided into sections based on what part of the Nxt Platform they relate to. The first section will relate to the Nxt Core and the following sections will relate to different parts of the Nxt Platform such as the Nxt Monetary System, the Nxt Asset Exchange, and the Nxt Marketplace. This is to make finding words and phrases simpler. After that, words and phrases will be listed alphabetically.

If you find a word and don't know what category it belongs to, the second post in this thread will contain a complete, alphabetical list of words that points to which category/categories the term belongs for easy searching.

In the future, I will try to provide a pronunciation guide as well but it is not high priority.

Definitions by Category
Nxt Platform Core
Absolute QNT:
Noun
Singular/Plural

• Sngl./Plur.: See "QNT" for details.

Avalible Balance:
Noun
Singular/Plural

• Sngl.: The amount of NXT, a Nxt asset, or an MSCoin that is currently usable.
  
  Additional Info:
  
  This amount will always be less than or equal to the standard balance of the currency or Nxt asset in question; it will never be greater. If someone places an order on the Asset Exchange or the Exchange Booth they will essentially commit the amount of NXT, a Nxt asset, or an MSCoin to be exchanged. This amount will immediately be removed from their account's respective standard balance even though they still technically control that amount. If they wish to spend it in another way, they mush first cancel their order at which point it will again become part of their avalible balance.
  
  Example: "Why is my 'balance' different from my 'avalible balance?'"
  
  
• Plur.: A group of amounts of NXT, Nxt assets, or MSCoins avalible for spending on a single Nxt account or across multiple Nxt accounts.
  
  Examples: "What are the avalible balances in your account?" "Do you all have lower avalible balances than standard balances; is this normal?"

Balance:
Noun
Singular/Plural

• Sngl.: The standard balance of an account's NXT or specific Nxt asset or MSCoin. See "Standard Balance" for details.
  
  Examples: "What is my NXT balance?" "I have a balance of 100 ASTKN!"
  
  
• Plur.: A number of standard balances within a single account or across multiple accounts. See "Standard Balance" for details.
  
  Examples: "The balances of all my Nxt assets are very high." "What balances do all of you have for LIFE?"
  
  
• Sngl.: Any of a set of specific values within the Nxt Platform that has the word "balance" in the name. See "Account Balance," "Asset Balance," "Avalible Balance," "Committed Balance," "Currency Balance," "Effective Balance," "Forged Balance," "Guaranteed Balance," "MSCoin Balance," "Standard Balance," and "Uncommitted Balance" for details.
  
  Example: "What balance are you talking about?"
  
  
• Plur.: More than one of a set of values that has the word "balance" in the name. See "Account Balance," "Asset Balance," "Avalible Balance," "Committed Balance," "Currency Balance," "Effective Balance," "Forged Balance," "Guaranteed Balance," "MSCoin Balance," "Standard Balance," and "Uncommitted Balance" for details.
  
  Example: "What kinds of balances are there in the Nxt Platform and what do they all mean?"

Committed Balance:
Noun
Singular/Plural

• The amount of one of an account's standard balances that is committed in the Asset Exchange or MS Exchange Booth.
  
  Additional Info:
  
  This will always be equal to the standard balance minus the avalible balance or uncommitted balance.
  
  Example: "I can't spend my committed balance of NXT"
  
  
• Plur.: A set of amounts of standard balances that are committed to the Nxt Asset Exchange or MS Exchange Booth.
  
  Example: "What are the committed balances of all your assets?"

Effective Balance:
Noun
Singular/Plural

• Sngl.: The amount of NXT contributing to an account's forging power.
  
  Additional Info:
  
  This amount may be greater than, less than, or equal to an account's standard balance of NXT. It will usually be equal to an account's Guaranteed Balance but will be greater if anyone is leasing to that Nxt account or less if that Nxt account is leasing to a different account.
  
  Example: "My effective balance is more than my guaranteed balance; that means someone is leasing to my account!"
  
  
• Plur.: The amounts of NXT contributing to multiple accounts' forging powers.
  
  Example: "What are the effective balances of the major forging pools?"

Forged Balance:
Noun
Singular/Plural

• Sngl.: The total amount of NXT an account has forged over its lifetime.
  
  Example: "I finally forged a block; now my forged balance is 10'000 NXT!
  
  
• Plur.: Multiple amounts each associated with a different Nxt account. These values are equal to the total amount of NXT their respective Nxt account has forged over its lifetime.
  
  Example: "What are the forged balances of the major forging pools?

Forging Pool:
Noun
Singular/Plural

• Sngl.: A Nxt account that people lease their balances to which will return a percentage of everything they forge to their leasers based on how much each account leases to them. They usually have a very high forging power.
  
  Additional Info:
  
  As Smart Contracts have not been implemented yet, there is a risk that this account will never pay the accounts leasing to it. For those with only small amounts to lease, this is of little consequence because it is already unlikely that they will get anything for it.
  
  Example: "What is your favourite forging pool?"
  
  
• Plur.: Nxt accounts that people lease their balances to which will return a percentage of everything they forge to their leasers based on how much each account leases to them. They usually have a very high forging power.
  
  Example: "I wish there were more forging pools!"

Guaranteed Balance:
Noun
Singular/Plural

• Sngl.: The amount of NXT an account has coming from transactions with over 1440 blocks of confirmation.
  
  Example: "I have a guaranteed balance of 10'000 NXT!"
  
  
• Plur.: More than one value each associated with a specific Nxt account. Each of these values is equal to the amount of NXT their respective Nxt account has coming from transactions with over 1440 blocks of confirmation.
  
  Example: "What is everyone's guaranteed balances?"

Nxt:
Proper Noun
Singular

• Refers to the Nxt Platform; a second generation cryptocurrency platform. See Nxt Platform for more details.
  
  Example: "Nxt has many uses!"

NXT:
Ticker Symbol/Noun ( Allways All Capital Letters)
Singular/Plural

• N. Plur.: A number of units of the primary cryptocurrency of the Nxt Platform.
  
  Additional Info:
  
  When referring to amounts of NXT, an apostrophe ( ' ) is used to separate the values every three decimal positions that have a value greater than or equal to 1 (ex. 1'000'000) to make it easier to read. A period ( . ) is used to separate whole value decimal spaces from fractional value decimal spaces (ex. 1'000.0034). Nothing is typically used to separate fractional decimal spaces which differs from the whole decimal spaces.
  
  If working with large amounts of fractional decimal spaces, I recommend placing apostrophes in the mathematical equivalent of their whole counterparts (ex. 1'000.01'003'046) rather than the visual equivalent (ex. 1'000.010'030'46). The visual equivalent may look more even, but the mathematical equivalent makes it more clear what the value of the fractional decimal place is and reminds people that the third decimal place is ¹/_1'000^th of a NXT rather than ¹/_100^th of a NXT.
  
  Note that this numeric grammar system also applies to MSCoins and Nxt Assets.
  
  Examples: "How much is 6'000.0001 NXT worth in USD?" "I only have 0.0036 NXT!"
  
  
• N. Sngl.: A single, whole unit of the primary cryptocurrency on the Nxt Platform.
  
  Examples: "What is a NXT worth?" "What will you give me for 1 NXT?"
  
  
• Tkr Symb.: The symbol representing the primary cryptocurrency of the Nxt Platform. It is similar to USD or a stock market ticker.
  
  Examples: "What does the NXT/USD market look like right now?" "NXT is doing well!"
  

NQT:
Noun (Always All Capital Letters)
Singular/Plural

• Sngl.: The smallest fractional decimal unit supported by the Nxt Platform. This is 0.00'000'001 NXT or ¹/_{100'000'000^th} of a NXT. It is comparable to a single Bitcoin satoshi or a single US cent.
  
  Additional Info:
  
  The same punctuation rules for NXT apply to NQT. See the "Additional Info" section under "NXT" for details.
  
  NQT is different than QNT. A QNT is 10 times smaller than an NQT and never refers to NXT.
  
  Example: "An NQT is a very small unit of value!"
  
  
• Plur.: A number of ¹/_{100'000'000^ths} of a NXT.
  
  Examples: "It takes 100'000'000 NQT to make a single NXT." "How many NQT do you want for that item?"

QNT:
Noun (Always All Capital Letters)
Singular/Plural

• Sngl.: The smallest possible fractional decimal unit of a Nxt Asset or MSCoin supported by the Nxt Platform. This is comparable to a single Bitcoin satoshi or a US cent. It is equal to 0.00'000'000'1 units of a Nxt Asset or MSCoin or ¹/_{1'000'000'000^th} of a Nxt Asset or MSCoin.
  
  Example: " How much is a QNT of STNLC worth?"
  
  
• Plur.: A number of ¹/_{1'000'000'000^ths} of a Nxt asset or MSCoin.
  
  Examples: "What is two QNT of ASTKN worth?" "How much NXT do you want for 300 QNT of my new asset?"
  
  
• Sngl./Plur.: The "relative QNT" or "RQNT" of a particular Nxt asset or MSCoin. See "Relative QNT" and "RQNT" for details.
  
  Examples: "How many QNT of my 2 decimal MSCoin do you want?" "What is a QNT of this 1 decimal asset worth?

Relative QNT:
Noun (QNT is always all capital letters)
Singular/Plural

• Sngl.: The smallest possible fractional decimal unit of a specific Nxt asset or MSCoin.
  
  Additional Info:
  
  This value will never be greater than 0.1 units of a Nxt asset or MSCoin or smaller than a single absolute NQT of a Nxt asset or MSCoin.
  
  Example: "What is the relative QNT of ELEMS?"
  
  
• Plur.: A number of the smallest possible units of a specific Nxt asset or MSCoin.
  
  Examples: "What is the difficulty of minting the 5 relative QNT of NMAUA?" "How many relative QNT do you want for that item?"
  
  
• A general term for the smallest possible units of multiple Nxt assets or MSCoins.
  
  Example: "What are the relative QNT of EGOLD, ASTKN, and LIFE?"

Standard Balance:
Noun
Singular/Plural

• Sngl.: The total amount of NXT, a particular Nxt asset, or MSCoin has (committed and uncommitted).
  
  Examples: "My standard balance of ORA is " 1'000 ORA."
  
  
• Plur.: A set of the total amounts that a single account has or that multiple accounts have (committed and uncommitted).
  
  Examples: "What are the standard balances of everything in your account?" "What standard balances do you guys have for NXT?"

Uncommitted Balance:
Noun
Singular/Plural

• Sngl.: An available balance. See "Available Balance" for details.
  
  Example: "I have an uncommitted balance of only 20 NXT because I have a lot of pending AE orders."
  
  
• Plur.:More than one available balance either within a single account or across multiple accounts.
  
  Examples: "The uncommitted balances for my assets are all zero because I am selling everything!" "What uncommitted balances of NXT does everyone have?"

[/list]

I feel very uncomfortable putting my password in a plain text file for the minting process. It isn't very secure and making another account is inconvenient plus transferring MSCoins I mint from a specific minting account to a main account costs transaction fees I don't want to pay. I believe I have come up with a better system than storing the account password in a plain text file. The answer is setting up minting permissions and a separate minting password.

Here is what I mean, we set up "Minting Permissions" as account properties. These would include whatwhat options such as what coins are acceptable to mint for that account, how many should be attempted each mint, and for advanced users, settings such as only allowing computers with a specific IP address to mint under that account and the minimum amount of NXT the account needs to have in order for minting to be permitted.

An account may optionally set up a special minting password which will be required for someone to be able to mint with that account. This password would work only for minting transactions and nothing else. A special option should be avalible to allow the minting client to remember the password (either the account password if no minting password has been set up, or if it has, the minting password) and ask for it when the client is first set up so that the password never has to be stored in a plain text file... Especially if the main password is used!

I am aware that a minting password would take up more storage space in the account database but the security benefits are tremendous! First of all, if someone steals the main password, they can steal everything in the account! If they steal the minting password, all they can do is mint coins which they cannot even access without the main password! This can drain the NXT supply of the account owner but doesn't really benefit the attacker in any way. Further, with additional account settings I mentioned before, they can only mint for coins that the user wants to mint anyways and can only drain the user down to the minimum supply of NXT that the user specified.

For this reason, the minting password hash doesn't have to have the same length as the users password hash as there is an additional security net which makes it so that, if anything, the attacker just helps the user mint faster which could even benefit the user!

Also, if the attacker gets the minting password from the user and the user doesn't appreciate the  minting help, they can use their main password to change their minting password whenever they wish which would suddenly block out the attackers attempts to mint for the user.

There should be an option to allow people to mint on your account using only your RS Address. This would allow people to essentially donate their minting power to the user if the user wants it. With the account options the require a minimum amount of units per mint and allow the user to specify which MSCoins are permitted to be minted, the account owner would not need to worry about people wasting their NXT by not minting enough per NXT or minting undesired coins with their NXT.

Let me know what you guys think!

---

Intro
Have some nice MSCoin names and currency codes that you want to sell? It may seem relatively simple, just fill in some random data and list it on the marketplace. Well... there is an easier and cheaper way to do it that doesn't involve active work or potential buyers trusting you to follow through! This means more security for the buyer than using the NXT Marketplace and more security for both the seller and the buyer than using an escrow.

Filling out the MSCoin issuance forum
Making it sellable!
This is simple to do but the trustless selling process won't work unless you give your coin the right settings.

I will touch very briefly on coin name and currency code. If possible you want the two to be closely related; this increases the selling value. You can still sell a good code with a meaningless name and vice versa but it will be more valuable if you get two that go together perfectly. The code needs to be memorable to work and if it reflects the name, it will be easier to remember even if the code itself is hard to pronounce.

Also, you don't simply want a cool or fun currency code or name. It makes for good bragging rights but nothing else. The name "Sword" for example is cool AND memorable, but it is hard to give a coin a theme off of the word "Sword." On the other hand, there is the name/code "LUX;" it is cool, easy to remember, and is easy to make a theme out of as it suggests high end luxury products, colors, and design. "EGold" is similar! It is easy to remember, may not be as cool as "LUX" but it gives potential buyers material to work with when designing logos and websites! These are the types of MSCoin names and currency codes that have the most potential to sell.

Next is the description. There is a race to claim currency names and codes so you want to fill this out fast. But having it explain the value of the code and/or name you are trying to sell is important to attracting buyers. You can fill it out as junk for the first transaction and later make a lengthy, detailed description as to why it is valuable for only an extra 40 NXT. If you are on a tight budget, writing something quick and simple... even a single meaningful sentence, will suffice. Take, for example, the currency code and name pair I am trying to sell "Iliad." It may have a 5 letter code but the description is simply "Greek Gods and Goddesses." This is short and reflects something about the name and code. Even if a potential buyer doesn't know what the Iliad is, this will give them an idea of the themes they could use with this code.

I likely could have made a better description, such as "The Greek Gods and Goddesses are at your command" but I am not worried about it. I am just happy I got it before someone else.

The technical details
Now that your coin name and/or code is in a position to sell as best as possible, you need to get the rest of the settings right for the trustless method to work. First of all, you want the currency to be exchangeable. Without this, you can't sell it to anyone for NXT. If you add anything else, this method won't work.

Next, the initial and max supply should both be set to "1." Then you set the number of decimals to "0." This combination of settings makes it so that people have to buy all of the currency or none of it at the Exchange. A buyer needs to own all of the coins in existence to change any settings about it. When you go to the final step, this is important because otherwise people can buy a part of the total supply and ruin things for your buyer. They could even hold the parts of the supply ransom and extort money from you to get them back so you can give them to the buyer!

Selling the name and/or currency code! (If you want to auction your name and/or code and DON'T want an instant buy price, skip this step!)
After the issuing transaction goes through, click on the transaction then click on the link at the top which says "Click here to view this currency in the Exchange Booth." There are a number of ways to get to your currency in the exchange booth, but this one is the fastest.

Next, click on the "+" sign next to "Exchange [your currency code here] for NXT." This will expand the menu for listing an exchange request for your currency to NXT. Type 1 into the text bar labeled "Units." This is the number of your currency you wish to sell but, since there is only 1 in existence and decimals are not allowed, the only value that will possibly go through is 1.

In the text bar labeled "Rate" type the amount of NXT you want to sell the name and/or code for. Normally, this is the amount of NXT you want per whole unit of your MSCoin that you want. Since, there is only one to sell, this is the exact amount you will recieve.

The text bar labeled "Total" should be equal the "Rate" you just entered. The text box labeled "Fee" is set to "1" by default. Right now, as far as I know, there has never been a case where there were more transactions requested than was able to be filled by a single block. The higher fee you put in, the higher priority your transaction has of getting into the next block but since so far, just about every transaction makes it into the next block no matter what the fee is, you can just leave the fee equal to 1 (unless you want to donate to forgers).

What next?
Now, you should announce on the NXT forums what you are selling. After that, you can pretty much kick back and relax until someone buys it from you. People can leave offers lower than your listlist price at the Exchange Booth. If you are willing to accept a lower price, you should check the offerings occasionally to see what people are willing to pay. If you are auctioning it off without an "instant buy/buy it now" price, you need to occasionally check the Exchange Booth to see what people are offering.

When you see a price you are willing to accept at the Exchange Booth, cancel your exchange offer and wait  block to get your coin back; if you did not list an exchange offer, you should skip this step. Now, make an exchange offer for the highest price listed at the Exchange Booth. By the next block, the person who made the offer will own all the existing coins of that name and currency code (and thus be able to modify the properties however they wish) and you will have all of the NXT they offered at the Exchange Booth! This all happens with minimum transaction fees, hardly any effort on your part, and without trusting anything but the blockchain!

For those who have already made MSCoins without these properties
If you have made a MSCoin that is not exchangeable, has other properties, has decimal places, or has an initial and/or maximum supply other than 1; if you still own all the coins in existence, you can change the properties of the coin by issuing a new MSCoin with the same name and code while changing the other properties to match what I described here. Luckily this will only cost you 40 NXT no matter how many letters you have in your code! (Thanks to Jean-Luc for this information!l