Here is the summary of his review, again with the relevant links from Jesse James:
“I spent some quality time reviewing the core crypto NXT relies on. As part of my review I re-implemented the relevant algorithms https://gist.github.com/doctorevil/9521126 using a different approach in a different language to make sure I understood everything deeply. Although the implementation NXT uses doesn’t follow certain algorithm specifications to the letter, the deviations noted (motivated by simplicity and/or performance) seemed reasonable and in general nothing stuck out as a red flag. There was one bug in the signature generation function (that NXT is aware of and currently working around) for which I’ve provided a patch (or more precisely tweaked BloodyRookie’s proposed patch). It should be should be safe for devs to incorporate this patch at their convenience.
I have had difficulty making this post, as describing the importance is outside my competence, so I decided to ask one of our resident technical people, chanc3r, who is also a member of the Nxt Infrastructure Committee to explain it to me.
Here is what he mailed back to me:
Like many other crypto’s SHA-256 of a ‘brain wallet passphrase’ are used to generate the private key for a given account..
In the case of NXT, Curve25519+EC-KDSA as originally designed by Daniel Bernstein is additionally used by NXT to generate the public key for the account.
The original implementation of Curve25519 in x86 assembler has been lost and NXT originally used a port from C to Java to implement the Curve25519 encryption, the accuracy of the C-port was unknown due to th missing assembler sources.
It has been a source of concern that there is no direct link between the original Curve25519 specification paper and the Java implementation used within NXT.
Therefore the NXT community commissioned an audit of the current implementation against the original specification written by Dr Bernstein.
1. The choice of NXT developers of this cryptographic scheme is suitable for this purpose. 2. The implementation has a number of valid deviations/improvements from the original Curve25519 specification 3. NXT is immune as a result of this implementation to signature malleability. 4. The audit included a new Curve25519 implementation in Python from the original papers, this implementation and the NXT Java implementation agree exactly on key output when tested verifying the accuracy of the NXT Curve25519 implementation.
In summary the implementation of Curve25519 is an accurate translation of the specification of its designer Dr Daniel Bernstein and is a suitable choice for the use-cases that NXT requires.
As you may have noticed, the front page has been updated a bit. As a result of working on it, I went back to the BCT thread and when reading through it decided to do something special today. As you should know, because reading this religiously is your sworn duty, NiftyNikel is in Miami at this moment at the Bitcoin Conference there. He has been posting updates on his sterling work there and I today I want to make a compilation of all these updates so you can see which awesome things are being accomplished for Nxt by him! Tomorrow, a double, standard summary.
I left you yesterday with his first update that he had been speaking to Cryp2cash.com.
“I just spoke with James and Josh from Cryp2cash.com about adding Nxt to their offering. They appear very interested with our dev team working with them to make it happen. What they do is similar to localbitcoin.com with their escrow service, but they work with a debit card provider to offer instant transactions. This would allow us to get Nxt in the hand of everyday people, which I think is a huge deal.”
Update #2 Leetcoin – “Compete in your favorite games for Bitcoin.”
“The first person shooter we saw looked good (see screenshot) I spoke with the CEO. He is very open to the idea of adding in alts such as Nxt, I let him know we have a number of talented developers that could assist with getting a wallet to work. He’s agreed to do a conference call with their CIO, we’ll follow-up early next week.”
“We spoke a bit about the conference and they are shooting to be the largest Bitcoin conference in history. I think we need to get a speaker lined up and get them to this conference. Having this contact should help us get our foot in the door and really spread the word about Nxt.”
“- Met with Paul from Cryptsy – Met with Kraken – Spoke about an article with Bitcointalk magazine – Talked to an ATM that will accept alts – Justabit asked a panel question and helped plug Peer and Nxt and Gocoin gave a plug back“
“I had a chance to speak to Paul over at Cryptsy. Paul seemed to be very familiar with Nxt and is interested in integrating. This is not a confirmation but as close a possible. I understand their concerns, we need our development team to help show them the way ASAP.”
“I had a change to talk to the team from Kraken Exchange. They seemed very receptive after explaining the tech (thanks to JustaBit for helping out with the initial conversation starter). I have the CEO information that I will follow-up on when I get back home early in the week. Peercoin did a great job of presenting their case, there were people in the Kraken eco-system that were already talking about it. Nxt was an easy transition talk with PoS.”
“JustaBit (who has worked with Bitcoin Magazine in the past for Peercoin and Feathercoin) introduced me to Bitcoin Magazine’s Elizabeth. She was very receptive to Nxt, JustaBit spent some time outlining it’s importance. They have a new head writer and wants us to follow-up with the Coindesk article. JustaBit will make this happen.”
“Had a great conversation with the guys at CoinFlash ATM. They encouraged us to swarm the website to add Nxt, I will handle this early in the week. Great open source system that facilitates an easy way to add additional currencies. Once we end up on this ATM, we will use it as leverage to work our way on the rest of them.”
“This might be one of the of most exciting updates. Justabit introduced me to the GoCoin (payment processor) team. We had an opportunity to talk about Nxt PoS and what separates it from the onslaught of other coins. JustaBit is passing on final information for Peer… once we have a solid wallet, GoCoin will be ready to look deeper into Nxt This was a great step and feel we opened up another door today.”
“We sat down for lunch with one of the managing partners of Bit Angels. They have raised over 10 million dollars and looking to fund decentralized applications regardless of the platform. This could be a great funding opportunity down the road… in fact, there’s a crypto shark tank that we’ll talk about shortly that’ll appear at Bitcoin Vegas. Had a great time talking about Nxt and look forward to following up on this initial meeting next week.”
“eB101 arrived early this morning, we’re walking around… shaking hands and make final Nxt pitches at the conference. Had an opportunity to talk with the guys over a Bitshares, we talked about everything ranging from PoS to encouraging communities to continue to be extremely civil and educating people that either misunderstand (intentionally or not so intentionally) PoS and next gen systems. It was a great contact, we are eager to build relationships with other innovators in the space.”
“I spoke with the guys at Hive today. They have a pretty slick OSX wallet that is super easy to use. They are about to expand to android as well as looking for a colored coins type of implementation to accept all cryptos. I spoke with them about our Asset Exchange/Colored coins feature and they are wanting to get in contact to figure out our release time frame as well as the possibilities of using Nxt for this.”
“eB101 and myself have been walking around shaking hands today and we started to discuss community organization on the international side. eB101 is heading to France very soon and has a couple meetings lined up to discuss Nxt and see if we can get some traction in that market. I feel like we could use someone that is in charge of international initiatives so that we can have a coordinated and uniform marketing across all countries. eB101 said that he would be willing to step in that role and help out the community.”