Proof of BOINC UserID ownership using public key cryptography by cm-steem

View this thread on: hive.blog | peakd.com | ecency.com

boinc · @cm-steem · Sep 16 '17 (edited)

$78.66

Proof of BOINC UserID ownership using public key cryptography

https://i.imgur.com/ZzreiC8.png

## [Proof of BOINC UserID ownership using public key cryptography](https://github.com/BOINC/boinc/issues/2118)

# Transparency/Background

* [Original 'project-rain' cryptocurrency field issue](https://github.com/BOINC/boinc/issues/1998): The PR was rejected in accordance with the PMC's policies against the explicit inclusion of (and reference to) virtual currency related code within the core BOINC repo (still possible on an individual project basis).
* [Single user-data field](https://github.com/BOINC/boinc/issues/2087): A scaled back version of 'project-rain' with no explicit reference to virtualcurrencies (implied use, not explicit intended use). Several legitimate risks to BOINC projects were identified during the 2017 workshop, such as painting a massive target on BOINC projects (externally/internally) to hackers monetarily motivated (since projects would have been storing the data being scraped by 3rd party systems).

# Purpose

To prove within any external system that you are the owner of an UserID for an individual BOINC project, without storing external system data within the BOINC project's servers.

# Proposed steps within BOINC

* Introduce an additional openssl public/private key pair for this feature, keeping the existing keys separate and safe. Storing the public key in a scrape-able location (perhaps alongside the stats dumps).
* Introduce a link to the user's profile, taking them to a separate php page for generating the signed message.
* Within the new page there would be:
  * Some explanation text.
  * An input textbox (external system data for full handshake).
  * A button for executing the message signing function.
  * An output textbox where the output data will temporarily be displayed.
* The message signing function will:
  * Require:
    * A minimum RAC before enabling the function - reducing the ease of claiming idle account ownership.
    * A verified email account (unless the project doesn't use email verification).
  * Use:
    * [openssl_sign](https://secure.php.net/manual/en/function.openssl-sign.php) to sign the message "$UserID $External_System_Key"
    * External_system_key to provide full handshake, preventing extraction of master UserID from one network for replay on another.
  * Limit the length and accepted characters for $External_System_Key.
  * Potentially be limited to once an hour, if computationally expensive.
     * Downside being the requirement for an additional SQL table.
  * Output the signature and original message to the in-page output textbox. It will not store this data on the BOINC server (message is temporary).

# Proposed use within external system

Pre-req: External system downloads the public-keys (used solely for this function, not the existing keys) from each of the involved projects.

* User manually inputs their UserID signatures generated within each individual BOINC project.
  * If OAuth2 is implemented, streamline this process to improve user experience.
* Broadcast registration transactions for for each project, including the generated encrypted messages. 
* Peers upon receiving the registration transaction:
  * Attempt to verify the signed message (contained within broadcast registration transaction) with the appropriate project public key.
    * If successful:
       * Attempt to verify that the contained $External_System_Key matches the user's beacon key (perform same check for UserID).
         * If keys & Ids match: Approve ownership of UserID.
         * Else: Reject ownership of UserID.
    * If unsuccessful:
       * Reject ownership of UserID.

# Advantages over a [single user-data field](https://github.com/BOINC/boinc/issues/2087)

It's more difficult for an attacker to claim external system rewards if a MinRAC and Email Verification is required. Offsets the risk of account compromise on a large scale for the purpose of claiming rewards (concern raised within the workshop).

If a project wishes to cut off external systems from rewarding new users they can remove the public key from the scrape-able location, however an external system may cache the keys which would enable all currently registered users to continue earning rewards. If at any point a project administrator/owner doesn't want their volunteer userbase rewarded they should contact representatives of the external systems for streamlined removal (not a problem on the GRC network).

An upside of using UserID over CPID is that external system functionality wouldn't be interrupted by a CPID change (either accidental or malicious). A disadvantage of UserID is that each user will need to advertise a registration operation for each individual project (an external system's burden, not boinc's problem).

If an UserID registration is ever stolen on an external system, or if a hacker breaks into their account and issues a new registration transaction, the user just needs to log back in (change their password), generate a new message and advertise a new beacon. No more need for a centralized entity responsible for maintaining the registered userbase (improved decentralization).

# Affected code

* Profile: Link to new PHP page. Alternatively: propose a better link location?
* New PHP page for this function: 
* schema.sql: Potentially require introduction of an additional sql table to prevent dos of server resources by spamming the key generation.
* Make_Project scripts:
  * Generating an additional openssl public/private key pair.
  * Difficult: Introducing an additional MISC option to enable this functionality at build time.
* Additional openssl public/private key pair.

# Issue changelog

* Changed the openssl function section - It was identified that I used incorrect terminology (sign/verify private key signed message, not decryption of private key encrypted data).
* Changed advantages to be more accurate.

# Thoughts?

Any suggestions/constructive-criticism would be greatly appreciated, thus far I have not begun to implement this however I don't believe it will be that difficult.

Suggestions for alternatives to openssl? ([Related article](https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide))

👍 fuzzyvest, officialfuzzy, vortac, trafalgar, promoted, cm-steem, ripperone, goldmatters, pharesim, rapp, inverse, blockchained, bullshark, sc-steemit, steemtruth, solarsherpa, unrared, neonartist, killuminatic, buzzbeergeek, jkkim, scalextrix, marius19, sandra, jason, mandagoi, maarnio, bigtakosensei, jringo, ghasemkiani, blhz, xxcynicalkidxx, guk, anubisthegaylord, bravenewcoin, proctologic, darth-azrael, grider123, cheftony, ravonn, himal, stevescoins, jefpatat, barton26, ihashfury, profitgenerator, rocksg, alpinegiant, rulesforrebels, buggy143, michaelwilshaw, joelerbear, adnanrabbani, photorealistic, smartlogic, sodom, ifoggz, steemvotes, paradigmblog, nuad01, essar76, moisesmcardona, stiuly, ropname, and 92 others

`author`	cm-steem
`permlink`	proof-of-boinc-userid-ownership-using-public-key-cryptography
`category`	boinc
`json_metadata`	{"tags":["boinc","beyondbitcoin","gridcoin","cryptography","blockchain"],"image":["https://i.imgur.com/ZzreiC8.png"],"links":["https://github.com/BOINC/boinc/issues/2118","https://github.com/BOINC/boinc/issues/1998","https://github.com/BOINC/boinc/issues/2087","https://secure.php.net/manual/en/function.openssl-sign.php","https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide"],"app":"steemit/0.1","format":"markdown"}
`created`	2017-09-14 15:37:09
`last_update`	2017-09-16 00:50:42
`depth`	0
`children`	26
`last_payout`	2017-09-21 15:37:09
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	76.036 HBD
`curator_payout_value`	2.628 HBD
`pending_payout_value`	0.000 HBD
`promoted`	10.000 HBD
`body_length`	6,212
`author_reputation`	58,522,774,254,119
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,875,104
`net_rshares`	27,542,745,237,842
`author_curate_reward`	""

properties (23)vote details (156)

voter	rshares	pct
pharesim	206,315,883,350	0.75%
fuzzyvest	11,004,449,946,170	100%
sandra	17,964,328,836	9%
ihashfury	3,021,271,527	2.34%
jason	17,911,336,482	6.21%
officialfuzzy	6,480,252,017,201	100%
proctologic	5,740,253,984	5%
scalextrix	21,889,666,319	100%
cm-steem	557,529,141,371	100%
bravenewcoin	6,095,775,081	100%
cheftony	4,685,301,328	2.5%
dtbahoney	333,007,546	100%
vortac	4,160,802,875,828	100%
marius19	18,698,825,112	100%
neonartist	37,709,676,970	100%
rapp	159,434,016,370	100%
jackpot	90,959,395	100%
steem-engine	664,498,625	100%
sc-steemit	71,872,844,096	100%
moisesmcardona	1,209,722,997	1%
stevescoins	3,981,087,375	5%
ghasemkiani	12,475,625,156	1%
profitgenerator	2,864,453,075	100%
maarnio	14,266,120,947	20%
joelerbear	2,314,213,542	100%
direhuntergador	137,449,954	100%
photorealistic	1,842,720,852	100%
goldmatters	486,606,164,941	100%
steemtruth	55,556,846,384	15%
barton26	3,027,048,161	100%
blhz	9,668,292,236	45%
ravonn	4,606,905,268	100%
bigtakosensei	12,603,800,927	100%
killuminatic	32,273,575,740	100%
darth-azrael	5,241,233,742	13%
blockchained	103,195,551,578	100%
ripperone	520,073,308,806	14%
darth-cryptic	932,166,171	13%
sodom	1,490,486,707	100%
buzzbeergeek	30,749,255,079	25%
ifoggz	1,434,973,652	100%
trafalgar	1,909,376,548,834	9%
fragtyy	537,492,875	100%
nofun	534,082,553	100%
buggy143	2,372,342,245	100%
luckyboy	535,960,890	100%
blonde	537,580,249	100%
nuad01	1,322,582,102	100%
jexkin	553,278,742	100%
aarkay	62,263,830	100%
solarsherpa	46,078,677,077	50%
grider123	5,096,605,101	100%
anubisthegaylord	6,936,324,290	100%
mandagoi	15,542,918,714	20%
davy73	56,804,559	100%
guk	8,340,770,710	100%
rocksg	2,748,017,031	10%
alpinegiant	2,663,052,441	100%
jkkim	23,803,661,332	10%
nrg	755,956,134	1.11%
emanuelteixeira	62,134,000	100%
dailygiveaway	1,057,387,769	25%
jringo	12,492,439,616	100%
michaelwilshaw	2,371,866,909	10%
rulesforrebels	2,398,255,979	8%
yyruisbfjs	620,303,764	100%
inverse	113,605,383,774	100%
rambinho	619,520,000	100%
theissen	786,842,548	100%
kimjongunx420	430,652,640	100%
z7hpdpdzygql	621,543,059	100%
xxcynicalkidxx	8,517,548,209	50%
steemvotes	1,344,651,380	100%
sipildanarsitek	482,077,435	100%
planet-power	200,536,999	100%
bullshark	82,153,105,401	100%
himal	4,402,043,244	100%
promoted	1,105,394,975,038	50%
trikkstar	877,551,666	100%
zipity	0	100%
steemitlovers	542,787,782	100%
dailygrcstats	104,505,585	5%
leveragetrading	271,902,249	25%
pettr	353,597,286	100%
unrared	43,926,537,113	20%
kmart	148,793,802	25%
uow	148,783,898	25%
unsw	148,793,808	25%
openledgerio	148,773,987	25%
commbank	148,783,899	25%
ingdirect	148,793,803	25%
a1n21t	638,140,766	100%
abcbullion	148,773,987	25%
perthmint	148,773,987	25%
flodner	636,635,861	100%
serguev	620,138,620	100%
avydova	621,666,619	100%
icmarkets	278,718,125	25%
muhammadridwan	713,666,620	100%
adnanrabbani	2,038,674,538	100%
moorsepova	1,162,974,489	100%
briansa	334,540,800	100%
neshamurato	621,211,424	100%
monash	148,773,987	25%
garudi	563,550,483	9%
steemstatistics	148,773,987	25%
zvonok	620,344,977	100%
stafeevaleksej	619,808,688	100%
lomina.zoya	620,468,656	100%
georgij.evstaxov	621,500,712	100%
saxonenko	620,179,862	100%
elane	648,496,875	100%
staroverova	619,891,181	100%
anatolich	573,889,986	100%
lyxng	395,468,016	100%
jedigeiss	753,260,866	21.2%
fubek	644,160,763	100%
jefpatat	3,032,447,482	100%
ihmenin	1,162,010,338	100%
safwanmarley	1,160,649,202	100%
abontikazaman	125,830,112	100%
miyata1987	107,527,925	100%
unimelb	278,623,882	25%
naveen44	1,137,771,101	100%
marketanalysis	109,924,859	100%
pavelddr	1,161,258,989	100%
essar76	1,264,982,851	100%
ropname	1,173,098,752	100%
steemit-bank	1,018,989,919	100%
amirsarufmondal	399,128,013	100%
amayag	1,063,681,350	100%
stiuly	1,202,689,427	100%
lebeyd	1,160,631,790	100%
trubcev	1,160,631,789	100%
gywip	597,725,206	100%
chudilo	1,160,629,001	100%
antonmalis	1,160,624,314	100%
smartlogic	1,602,301,001	100%
upati	1,160,622,750	100%
perublev	1,160,621,842	100%
imadbisdaoune	1,074,614,637	100%
lifenow.rocks	893,676,368	100%
valerynz	1,096,783,427	100%
javivasv	1,159,090,439	100%
alfa-good	273,415,956	100%
foodforyourbrain	279,805,679	100%
paradigmblog	1,328,312,124	100%
emmalynnemiriam	162,485,160	100%
brittansiusan	185,697,326	100%
ivanviso	980,713,788	100%
ehabfox	1,027,138,054	100%
kot84	278,545,615	100%
sheikh27	481,651,267	100%
bestsapolok4	0	100%
jhkcreates	0	100%
hugojimenez	0	100%

@abdel-ali · Sep 14 '17

good posting

properties (22)

`author`	abdel-ali
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t154746518z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 15:47:36
`last_update`	2017-09-14 15:47:36
`depth`	1
`children`	0
`last_payout`	2017-09-21 15:47:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	12
`author_reputation`	-273,324,103,528
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,876,124
`net_rshares`	0

@abontikazaman · Sep 14 '17

$0.05

nice@cm-steem, improvising about your project and it will developed boinc alot, thanks.

👍 cm-steem

`author`	abontikazaman
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t183937173z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 18:39:39
`last_update`	2017-09-14 18:39:39
`depth`	1
`children`	0
`last_payout`	2017-09-21 18:39:39
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.041 HBD
`curator_payout_value`	0.013 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	87
`author_reputation`	2,684,877,663,799
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,891,626
`net_rshares`	19,914,228,863
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		19,914,228,863	4%

@adnanrabbani · Sep 14 '17 (edited)

$1.53

it looks like these are some improvement in Boinc project, i hope these developments improve boinc alot, thanks for sharing.

👍 cm-steem

`author`	adnanrabbani
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t154445997z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 15:44:54
`last_update`	2017-09-14 15:46:36
`depth`	1
`children`	0
`last_payout`	2017-09-21 15:44:54
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	1.151 HBD
`curator_payout_value`	0.382 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	124
`author_reputation`	93,370,785,737,224
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,875,851
`net_rshares`	537,617,386,322
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		537,617,386,322	100%

@alfa-good · Sep 14 '17

a very good post thanks for sharing my story I wanted to share a good story but I have not been able to! success is always friends

properties (22)

`author`	alfa-good
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t153858873z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 15:39:00
`last_update`	2017-09-14 15:39:00
`depth`	1
`children`	0
`last_payout`	2017-09-21 15:39:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	130
`author_reputation`	1,130,135,742,804
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,875,270
`net_rshares`	0

@brittansiusan · Sep 14 '17

@cm-steem Sharing to have this witnessed far more (and perhaps open up the eyes of some)! Thanks  for the properly put up and documented report! Resteemed.

👍 cm-steem
👎 pharesim

`author`	brittansiusan
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t193214170z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"users":["cm-steem"],"app":"steemit/0.1"}
`created`	2017-09-14 19:32:15
`last_update`	2017-09-14 19:32:15
`depth`	1
`children`	0
`last_payout`	2017-09-21 19:32:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	155
`author_reputation`	-796,398,750,287
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,896,196
`net_rshares`	-1,631,246,530,797
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
pharesim	0 B		-1,651,160,759,660	-10%
cm-steem	0 B		19,914,228,863	4%

@buzzbeergeek · Sep 14 '17

$1.75

I really don't understand the techical detials, but I am a fan of Gridcoin which is obviously a close relative to BOINC.

Advertised BOINC in my last beer tasting post. Hope it gets you more visibility and clicks!

Cheers

👍 cm-steem, azfix, trikkstar

`author`	buzzbeergeek
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t171702382z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 17:17:00
`last_update`	2017-09-14 17:17:00
`depth`	1
`children`	0
`last_payout`	2017-09-21 17:17:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	1.317 HBD
`curator_payout_value`	0.436 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	221
`author_reputation`	220,781,585,123,283
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,884,374
`net_rshares`	616,230,637,114
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
cm-steem	520,550,167,709	100%
azfix	94,784,730,140	76%
trikkstar	895,739,265	100%

@emmalynnemiriam · Sep 14 '17

@cm-steem yeah! Why I have never considered that until eventually now. Tend to be the animals immortal in advance of male fully commited sin??? Upvoted.

properties (22)

`author`	emmalynnemiriam
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t210841445z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"users":["cm-steem"],"app":"steemit/0.1"}
`created`	2017-09-14 21:08:42
`last_update`	2017-09-14 21:08:42
`depth`	1
`children`	0
`last_payout`	2017-09-21 21:08:42
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	152
`author_reputation`	-995,670,637,569
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,903,460
`net_rshares`	0

@farihelper · Sep 14 '17

very informative article 
sir i want to ask something sir i write very informative article about steemit but its doesn't  earn why sir i am confuse can you help me if you have time sir

properties (22)

`author`	farihelper
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t164733625z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 16:47:33
`last_update`	2017-09-14 16:47:33
`depth`	1
`children`	2
`last_payout`	2017-09-21 16:47:33
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	184
`author_reputation`	3,539,060,974,508
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,881,730
`net_rshares`	0

@cm-steem · Sep 14 '17

> sir i want to ask something sir i write very informative article about steemit but its doesn't earn why sir i am confuse can you help me if you have time sir

Just keep posting articles of good quality.

👍 farihelper

`author`	cm-steem
`permlink`	re-farihelper-re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t182052300z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 18:20:51
`last_update`	2017-09-14 18:20:51
`depth`	2
`children`	1
`last_payout`	2017-09-21 18:20:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	204
`author_reputation`	58,522,774,254,119
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,889,974
`net_rshares`	1,198,092,758
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
farihelper	0 B		1,198,092,758	100%

@farihelper · Sep 15 '17

Sir if you have time then see my article is that value able or not . is this right way which i choose

properties (22)

`author`	farihelper
`permlink`	re-cm-steem-re-farihelper-re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170915t070529513z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-15 07:05:30
`last_update`	2017-09-15 07:05:30
`depth`	3
`children`	0
`last_payout`	2017-09-22 07:05:30
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	101
`author_reputation`	3,539,060,974,508
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,939,654
`net_rshares`	0

@ghasemkiani · Sep 17 '17

Reblogged — let’s promote quality content!

properties (22)

`author`	ghasemkiani
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170917t144947907z
`category`	boinc
`json_metadata`	{"tags":[],"app":"juya/test","format":"markdown"}
`created`	2017-09-17 14:49:48
`last_update`	2017-09-17 14:49:48
`depth`	1
`children`	0
`last_payout`	2017-09-24 14:49:48
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	42
`author_reputation`	90,438,911,242,538
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	15,142,939
`net_rshares`	0

@hassanabid · Sep 16 '17

$0.12

Boinc Rocks <3

👍 cm-steem

`author`	hassanabid
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170916t170115004z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-16 17:01:27
`last_update`	2017-09-16 17:01:27
`depth`	1
`children`	1
`last_payout`	2017-09-23 17:01:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.093 HBD
`curator_payout_value`	0.030 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	14
`author_reputation`	85,694,454,774,657
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	15,071,262
`net_rshares`	48,363,127,239
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		48,363,127,239	9%

@hassanabid · Sep 16 '17

best of luck <3

properties (22)

`author`	hassanabid
`permlink`	re-hassanabid-re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170916t170226771z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-16 17:02:36
`last_update`	2017-09-16 17:02:36
`depth`	2
`children`	0
`last_payout`	2017-09-23 17:02:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	15
`author_reputation`	85,694,454,774,657
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	15,071,362
`net_rshares`	0

@ivanviso · Sep 14 '17

$0.45

The implementation indeed doesnt seem that hard. But what are you planing for the transition?

👍 cm-steem, ivanviso

`author`	ivanviso
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t141858119z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 16:19:03
`last_update`	2017-09-14 16:19:03
`depth`	1
`children`	0
`last_payout`	2017-09-21 16:19:03
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.338 HBD
`curator_payout_value`	0.113 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	93
`author_reputation`	448,087,264,912
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,879,097
`net_rshares`	159,294,040,391
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		159,294,040,391	30%
ivanviso	0 B		0	100%

@jedigeiss · Sep 14 '17

$1.58

hi @cm-steem, read it once and read it twice, i think it would make sense to go down this road, especially for the decentralisation part.  It really does not seem to be that difficult but most likely theres a detail that i did not see yet. Transition needs to be planned thoroughly...

👍 cm-steem, guk

`author`	jedigeiss
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t171230893z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"users":["cm-steem"],"app":"steemit/0.1"}
`created`	2017-09-14 17:12:30
`last_update`	2017-09-14 17:12:30
`depth`	1
`children`	0
`last_payout`	2017-09-21 17:12:30
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	1.189 HBD
`curator_payout_value`	0.395 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	284
`author_reputation`	326,601,261,931,660
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,883,967
`net_rshares`	557,163,437,060
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		548,995,532,064	100%
guk	0 B		8,167,904,996	100%

@lahcen80 · Sep 14 '17

Really nice post.....I enjoyed reading

properties (22)

`author`	lahcen80
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t162444053z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 16:24:45
`last_update`	2017-09-14 16:24:45
`depth`	1
`children`	0
`last_payout`	2017-09-21 16:24:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	38
`author_reputation`	105,900,808,796
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,879,639
`net_rshares`	0

@ratul8940 · Sep 14 '17

highly informative post

👍 ratul8940, liang-cn

`author`	ratul8940
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t160254194z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 16:02:57
`last_update`	2017-09-14 16:02:57
`depth`	1
`children`	0
`last_payout`	2017-09-21 16:02:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	23
`author_reputation`	-565,838,797,745
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,877,630
`net_rshares`	5,602,701,221
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
ratul8940	0 B		5,202,289,984	100%
liang-cn	0 B		400,411,237	100%

@regie · Sep 15 '17

Join Regalcoin ICO...

Register here: https://regalcoin.co/ref/REEDG

👎 cm-steem, cm-mobile

`author`	regie
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170915t163501012z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"links":["https://regalcoin.co/ref/REEDG"],"app":"steemit/0.1"}
`created`	2017-09-15 16:35:00
`last_update`	2017-09-15 16:35:00
`depth`	1
`children`	0
`last_payout`	2017-09-22 16:35:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	68
`author_reputation`	-6,960,031,839
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,983,195
`net_rshares`	-479,397,294,021
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		-477,941,492,721	-100%
cm-mobile	0 B		-1,455,801,300	-100%

@rocksg · Sep 16 '17

$0.12

This BOINC project looks very promising. We hope all the very best for its future.

👍 cm-steem

`author`	rocksg
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170916t121438955z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-16 12:14:39
`last_update`	2017-09-16 12:14:39
`depth`	1
`children`	0
`last_payout`	2017-09-23 12:14:39
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.093 HBD
`curator_payout_value`	0.030 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	82
`author_reputation`	116,981,533,538,953
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	15,050,428
`net_rshares`	48,363,127,239
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		48,363,127,239	9%

@romanaz00 · Sep 14 '17 (edited)

$0.36

This system has almost endless possibilities IF applied properly. Good luck with it!

👍 cm-steem

`author`	romanaz00
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t154219606z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-14 15:42:21
`last_update`	2017-09-14 15:42:36
`depth`	1
`children`	0
`last_payout`	2017-09-21 15:42:21
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.274 HBD
`curator_payout_value`	0.090 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	84
`author_reputation`	2,109,778,187
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,875,591
`net_rshares`	128,004,139,600
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		128,004,139,600	24%

@sheikh27 · Sep 16 '17

$0.13

nice presentation, full of information, thanks for sharing.

👍 cm-steem

`author`	sheikh27
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170916t034141261z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"app":"steemit/0.1"}
`created`	2017-09-16 03:41:57
`last_update`	2017-09-16 03:41:57
`depth`	1
`children`	0
`last_payout`	2017-09-23 03:41:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.096 HBD
`curator_payout_value`	0.032 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	59
`author_reputation`	31,287,734,702,835
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	15,021,761
`net_rshares`	48,363,127,239
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		48,363,127,239	9%

@starkerz · Sep 18 '17

@cm-steem, this is very interesting reading! I love steemit, as I did not even think this stuff was possible, until i try reading blogs like this! 

I am working with the #promo-uk team and @stephenkendal to promote steemit on a UK tour around 22 universities during freshers week! As a promonent UK steemian, we would like to ask for your support and if you have time, even to come and join us for whatever time you can spare at your nearest university! 

The tour started in Manchester today, does a trip around the country and ends up in Lancaster on 07th Oct.  

[THIS](https://steemit.com/promo-steem/@starkerz/promo-uk-steemit-freshers-week-roadshow-volunteers-needed) link will show you the tour route, meeting times and meet up locations.

[THIS](https://steemit.com/promo-steem/@starkerz/day-1-of-22-university-freshers-promotion-tour-steemit) link shows you our success around Manchester today!

It would be really great if you could make it to one of these promotional events to have some fun talking Steemit and letting people know how great it is!!

We are also presenting at the London investors fair on 20th October.  We plan to get together with some steemians in a London bar after the event for some drinks (which we will put 150 GBP behind the bar for)
[HERE](https://steemit.com/promo-uk/@joannaaxinte/fomo-alert-about-last-night-s-steemit-promo-uk-birmingham-meet-up) is a summary of our last meetup


Please reply to this or contact me in [steemit.chat](https://steemit.chat/home) if you are interested to take part or support our work!

properties (22)

`author`	starkerz
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170918t220513345z
`category`	boinc
`json_metadata`	{"tags":["promo-uk","boinc"],"users":["cm-steem","stephenkendal"],"links":["https://steemit.com/promo-steem/@starkerz/promo-uk-steemit-freshers-week-roadshow-volunteers-needed","https://steemit.com/promo-steem/@starkerz/day-1-of-22-university-freshers-promotion-tour-steemit","https://steemit.com/promo-uk/@joannaaxinte/fomo-alert-about-last-night-s-steemit-promo-uk-birmingham-meet-up","https://steemit.chat/home"],"app":"steemit/0.1"}
`created`	2017-09-18 22:05:03
`last_update`	2017-09-18 22:05:03
`depth`	1
`children`	0
`last_payout`	2017-09-25 22:05:03
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	1,558
`author_reputation`	107,320,470,462,549
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	15,269,134
`net_rshares`	0

@steemit-bank · Sep 14 '17

<p><a href="https://steemit.com/@steemit-bank">Steemit Bank</a> invested in your post.</p>
<p>Follow <a href="https://steemit.com/@steemit-bank">Steemit Bank</a></p>
<p>Support the project by upvoted the this comment.</p>

👍 cm-steem

`author`	steemit-bank
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t160107732z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"links":["https://steemit.com/@steemit-bank"],"app":"steemit/0.1"}
`created`	2017-09-14 16:01:00
`last_update`	2017-09-14 16:01:00
`depth`	1
`children`	0
`last_payout`	2017-09-21 16:01:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	221
`author_reputation`	615,129,545,920
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,877,443
`net_rshares`	5,689,072,871
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
cm-steem	0 B		5,689,072,871	1%

@tomasbrod · Sep 14 '17 (edited)

$1.94

First, I am happy that you @cm-steem, started working on the issue of CPID/UserID Ownership.
Website [boinc signature](http://signature.statseb.fr/), requires boinc account authenticator to prove ownership. As authenticator grants full control of the account, this is obviously out of question.

What you propose, is for a project to maintain signing key-pair and a api/form to sign UserID + custom data with the project key. Then this signature proves that the user has access to the boinc account.

>  ... decrypt message with project's public key

In your article, you used said project server *encrypts* the message with project private key and peers then *decrypt* it with the public part. I assume you mean *sign* and *verify*, because one does not decrypt with public key. (encrypt with public, decrypt with private, sign with private, verify with public)

I don't know if you realize the effects, but with this proposal, gridcoin nodes will not need to make a single request to the project server to verify the association! The project public key can be included into the project beacon.

> Timestamp to prevent replay attack within a network.

Can you elaborate on what replay attack is possible without this timestamp? If it was not there, attacker could capture an re-send the registration, but it would be essentially a no-op, as it would simply associate the same External_System_Key with the UserID.

> If a project wishes to cut off external systems from rewarding their users, they can simply change or remove the public key.

This claim is false. As the key will remain cached in the external system.

> It's more difficult for an attacker to claim external system rewards if they aren't able to just include an address in their profile & they need to run a wallet per UserID they claim.

This is again false. If attacker can gains access to boinc account to edit profile, he can as easily use the message signing form. And one wallet will suffice for claiming multiple UserIDs, if they are attackers, they can edit the source.

Advantages:
 * verify association without contacting server
 * better than current state, obviously
 * independent of CPID

Disadvantages:
 * requires (non-trivial) modification to boinc server software
 * project admins must maintain yet another key-pair
 * user must  perform registration of every project

And Last, current state it's issues and some research on the topic is available on [CPID Ownership wiki](https://github.com/gridcoin/Gridcoin-Research/wiki/DEV-CPID-Ownership).

👍 cm-steem, forkpullmerge, bullshark, jringo, barton26, tomasbrod

`author`	tomasbrod
`permlink`	re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170914t183508386z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"users":["cm-steem"],"links":["http://signature.statseb.fr/","https://github.com/gridcoin/Gridcoin-Research/wiki/DEV-CPID-Ownership"],"app":"steemit/0.1"}
`created`	2017-09-14 18:35:09
`last_update`	2017-09-14 19:26:42
`depth`	1
`children`	2
`last_payout`	2017-09-21 18:35:09
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	1.475 HBD
`curator_payout_value`	0.461 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	2,531
`author_reputation`	868,427,350,086
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,891,206
`net_rshares`	682,942,812,065
`author_curate_reward`	""

properties (23)vote details (6)

voter	rshares	pct
cm-steem	495,010,831,747	100%
barton26	2,955,402,050	100%
jringo	12,242,590,824	100%
bullshark	83,855,760,435	100%
forkpullmerge	87,723,412,655	100%
tomasbrod	1,154,814,354	100%

@cm-steem · Sep 15 '17 (edited)

$0.22

> First, I am happy that you @cm-steem, started working on the issue of CPID/UserID Ownership.

Thanks, it's a natural progression from the last few issues & rain related projects. Hopefully this research can be used by many external systems (not just gridcoin).

> Website boinc signature, requires boinc account authenticator to prove ownership. As authenticator grants full control of the account, this is obviously out of question.

Wow, that's pretty bad!

On the upside, during the BOINC workshop Marius from cosmology@home began working on the removal of the account key web-authentication, so the account key effectively becomes a weak auth key.

>> ... decrypt message with project's public key
>
> In your article, you used said project server encrypts the message with project private key and peers then decrypt it with the public part. I assume you mean sign and verify, because one does not decrypt with public key. (encrypt with public, decrypt with private, sign with private, verify with public)

Whoops - misuse of terminology & under-specification as a result.

If the message being verified (signed with private key) is not encrypted, then we'll need to hash the message  prior to signing the hash on the BOINC server, then within the Gridcoin client recreate the hash using the same original message data ("$UserID $External_System_Key $Current_Time") for comparison, right?

So perhaps the output text box should include:

```
Plaintext: $UserID $External_System_Key $Current_Time
Signed_Hash: function_output
```

To which we then paste (one project at a time) into the Gridcoin client, which hashes the plaintext and performs the signature verification.

Sound better? Or additional areas for improvement? 

> I don't know if you realize the effects, but with this proposal, gridcoin nodes will not need to make a single request to the project server to verify the association! The project public key can be included into the project beacon.

Indeed, the client will only need to maintain an updated list of project public keys for beacon verification, there would be zero need for providing the gridcoin client an email address too (since with this proposal you establish full proof of account ownership).

Additionally, given that UserID's don't change (unlike CPID) we could move towards permanent beacons, especially if we were to utilize burn addresses (instead of looking back 6 months of blocks).

>> Timestamp to prevent replay attack within a network.
>
> Can you elaborate on what replay attack is possible without this timestamp? If it was not there, attacker could capture an re-send the registration, but it would be essentially a no-op, as it would simply associate the same External_System_Key with the UserID.

If the 'External_System_Key' was the address used to register the beacon, then sure the timestamp wouldn't play any serious role & in fact it should be removed to improve simplicity of generating the hash of the originally signed message.

If the 'key' was simply GRC/ETH/ETC (ticker term instead of address) then the timestamp would play a role in preventing replay of the beacon within a network and upon external networks.

I think you're right that the timestamp could be phased out entirely, in favour of just $UserID & $External_System_Key.

>> If a project wishes to cut off external systems from rewarding their users, they can simply change or remove the public key.
>
> This claim is false. As the key will remain cached in the external system.

It would cut off new registrations, but you're right that anyone that had successfully proven their UserID ownership with the project's public keys cached would continue earning rewards despite the key being removed from the BOINC server.

This would be grounds from removal from the whitelist. If we didn't bundle these keys within the gridcoin client, then on first boot if the keys weren't present the superblock mechanism may experience instability as some may simply not recognize the project's beacons as legit.

>> It's more difficult for an attacker to claim external system rewards if they aren't able to just include an address in their profile & they need to run a wallet per UserID they claim.
>
> This is again false. If attacker can gains access to boinc account to edit profile, he can as easily use the message signing form. And one wallet will suffice for claiming multiple UserIDs, if they are attackers, they can edit the source.

You're possibly right that a modified client could potentially register one beacon per address, and never attempt to stake across UserIDs (flagging to the rest of the network a duplicate UserID registration), which would reduce the cost of registering many accounts.

I proposed a couple additional security measures to make hackers lives harder:

### Require:

* A minimum RAC before enabling the function - reducing the ease of claiming idle account ownership.
* A verified email account (unless the project doesn't use email verification).

---

> ### Disadvantages:

> requires (non-trivial) modification to boinc server software

If accepted in the main repo, and enabled perhaps with an MISC build option then only projects which have heavily modified the web server implementation would have difficulties implementing the new functionality (WCG, Einstein).

Otherwise, it's a rather simple chunk of code to develop, especially if we're just using openssl instead of an alternative public key cryptography library.

> project admins must maintain yet another key-pair

This is true, however it's not as critical as the other key-pairs.

Currently, project admins are advised to take private keys offline or move to a more secure location, we'll possibly need to investigate securing the private key for hot use (instead of cold storage).

---

Thanks for the reply, much appreciated.

Best regards,
CM.

👍 bullshark

`author`	cm-steem
`permlink`	re-tomasbrod-re-cm-steem-proof-of-boinc-userid-ownership-using-public-key-cryptography-20170915t004952154z
`category`	boinc
`json_metadata`	{"tags":["boinc"],"users":["cm-steem"],"app":"steemit/0.1"}
`created`	2017-09-15 00:49:54
`last_update`	2017-09-15 00:59:06
`depth`	2
`children`	0
`last_payout`	2017-09-22 00:49:54
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.168 HBD
`curator_payout_value`	0.056 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	5,864
`author_reputation`	58,522,774,254,119
`root_title`	"Proof of BOINC UserID ownership using public key cryptography"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	14,916,655
`net_rshares`	80,450,450,367
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
bullshark	0 B		80,450,450,367	100%

@cm-steem · Sep 16 '17

I've updated the original post with your input in mind.

properties (22)