On August 24th, COTI held a Tech AMA with two of their dev team, Guy and Yuval, to answer some more technical questions. The AMA took place on the COTI tech-dev channel on Discord. If you weren’t able to join, here is the full recap:
Hey everyone, thanks for joining us today for our technical AMA on Discord. My name is Lidar, COTI’s Community Manager, and I will be your host today. Joining me from our technical team are Guy, COTI’s Development and Technology Team Leader, and Yuval, COTI’s Full-stack Team Leader.
Before we get started, I would like to remind you that this AMA is for tech questions only. Any other questions can be answered at our next Twitter Spaces that will be announced soon 👀
We will start off by answering some pre-submitted questions, then open the conversation up to everyone. The chat will be muted for the first part. So without further adieu, let’s begin.
The first question is:
“My question is regarding the Trust Chain and its mechanism. Originally COTI created the Trust Chain to be able to trust entities during the payment flow. However, is the trust score really useful anymore as it’s never been used and wouldn’t any other type of DAG chain just be as useful. Is Trust Chain now just a name for the chain rather than a useful mechanism for proving validity of payments?”
Trust score is used on every transaction in the network. It specifies the SLA of the wallet in the network and enables the receiver on the other side of the transaction to determine how reliable the sender is by evaluating their trust score. As long as the wallet exists and is active with transactions, its trust score will increase.
Also, it is a metric that gets updated on every transaction showing how reliable and trustworthy the wallet is.
The trustscore is also used to incentivize users: the higher the trust score is, the quicker the transactions are, resulting in lower fees. The low transaction fees along with the trust score incentivize the users to make legit transactions, unlike the blockchain where the high transactions are created to incentivize miners.
Thanks for the detailed answer Guy.
Let’s move on to the next question:
“Are there any plans to prepare documentation for the NodeManager API? Analyzing the source code is a bit time-consuming..”
Yes, the API documentation for all of the nodes and design documents for features will be available on a COTI documentation site soon.
Great. The next question is:
“How does COTI maintain data security for all its users? Does it involve a third party?”
COTI has built mechanisms to monitor, detect and defend against any possible network attacks, ensuring network security. COTI is using Enterprise based services to protect its data and services against any possible attacks. The security around the COTI protocol consists of many aspects:
1. The distributed architecture of the network increases the resiliency of the overall network from being exposed to compromise from a single access point or point of failure.
2. The consensus mechanisms — COTI improve the overall robustness and integrity of shared ledgers and mitigates the possibility that a hacker or one or more compromised network participants can corrupt or manipulate the ledger.
3. Double-Spend Prevention — In COTI Trustchain protocol cybersecurity is achieved by introducing DSP nodes and applying trust to every participant in the network. DSP (double spend prevention) attacks are not possible at all — so we are much safer than any existing blockchain protocol. To mitigate DSP risk, COTI deploys dedicated Double Spend Prevention (DSP) Nodes. These nodes carry out additional transaction monitoring without affecting the network.
4. In addition to using industry best cyber security solutions to protect the network and infrastructure against any possible attack.
Thanks for the answer 🙏
Now the next question is:
“Hello, I want to ask if the COTI network is quantum resistant? If not, then is it on the roadmap? I found a few days ago an article that algorand bringing quantum resistance, so I would like to know if the COTI team has a similar plan.”
Quantum computing is an exciting new frontier, however it has not yet reached its full potential to become a viable risk and cause alerts. COTI’s cryptographic algorithm is based on the elliptic curve digital signature algorithm (ECDSA). This algorithm is not quantum resistant, similar to the bitcoin chain.
In COTI we have introduced a second layer of hash so trying to hack one layer won’t be enough which makes it a lot more secure.
We will continue to follow this field and make sure to adapt according to our future needs.
We have a few more questions. Here’s the next one:
“What is the difference between coti-node and coti-full-node available on Github? The readme files don’t explain this.”
It’s really simple, coti-full-node is a derivative of the coti-node, helping to clone only the fullnode in order to build and run it.
Now we have another question:
“What is the role of ZeroSpend Server? Is it still being developed?”
ZeroSpend’s role in their network is similar to the leader role in a BFT network. ZeroSpend is responsible for orchestrating the consensus mechanism between the DSP nodes; it has an additional role in facilitating the TrustScore consensus mechanism in case that network is idle.
Thanks for the answer! Next question:
“NodeManager — why does the nodes list return the ‘null’ value for trustScore?”
Currently the trust score of the node is transient data that is not returned as part of the API. There are plans to expose the data later on in the network development plans.
Thank you Guy. Moving on to the next question:
“Anything ERC20 holders should worry about post-merge?”
No, COTI ERC20 is not supposed to be affected by the ETH merge, just like all the other ERC20 tokens.
Great Yuval. Now we’ll take one more question from our pre-submitted questions and then let you guys submit a few live questions:
“Can COTI create stable coin pegged to EURO or GOLD”
Yes, we possess the technical know-how in order to issue stable coins pegged to different Fiat currencies.
Thank you guys for answering those questions. Now we are going to unmute the channel to take some live questions. Once there are many questions we will mute the chat again to give the team time to answer. Let’s go! 🔥
“Great AMA so far! I have a MultiDAG 2.0 question: How will enterprises be able to add utility to their CMD token? Can they easily connect their existing applications to a CMD token (if so, how? Will there be an SDK or anything like that available for that)?”
Enterprises usually turn to crypto-based solutions to resolve issues related to the cost of operating a business or building new cryptocurrency-based solutions. Either way, they can utilize COTIs experience in building Payment solutions such as Crypto Gateways, Custodian and Non-Custodian wallets, Stable payment tokens, Loyalty Tokens, etc… The integration with the trust chain will be done with an SDK that documentation will be available soon. Today it is already possible to integrate easily…
“How far is COTI with testing Djed on Vasil?”
Djed is still pending the version that supports the Vasil hardfork.
*After the AMA we received some followup questions about this topic. We will provide a more detailed answer during Shahaf’s update video in the upcoming days.
“When will the development of the Governance Token finish?”
In the next few weeks the team will release more details and the development timeline
“Will it come together with Mainnet MultiDAG 2.0?”
No, we’ll launch the MultiDAG 2.0 Mainnet first, and then the governance token
“Thanks for these technical answers. Regarding transaction fees, with the max amount of TS, can the fees be zero?”
Indeed the network transaction fees change depending on the wallet’s trust-score, and wallets that have high trust scores pay less fees.
Not only that they will pay less, they will also get a faster response time from the network by being attached to a high speed part in the DAG.
“But can the fees reach zero? If so, would I be able to write an automated script in order to send funds from wallet A to wallet B, then back from wallet B to wallet A, maintaining a high level of TS and flooding the network for free?”
Network fees won’t be zero. Keep in mind that also there are full node fees… you are correct that a script that might have done such actions could compromise the network, but that wallet will spend lots of funds and never succeed. Let me know if that answers your question.
“Is PCI DSS compliance an objective? If not, why not? If so, then who are the internal and external auditors?”
It depends on the product: In COTI Pay, the credit card clearing is done through simplex, which is a third party app. ADA Pay on the other hand, does not require PCI compliance because it does not require credit card clearing.
“PCI compliance is a global enterprise standard indicator for payment system security. It started with, but is not limited to credit card payment security.
Not being PCI DSS compliant could be a significant barrier to enterprise adoption. 💯”
Of course. COTI always puts the security of the funds of the wallets first. Today we do not take any credit details into any of our networks — therefore the PCI DSS is not applicable so far. If we will need to use credit details we will take the most compliant regulations like PCI DSS 4. Today we use third party reliable services such as simplex that follow those regulations — this is a must to work with us.
“Are you planning to reduce 150k COTI requirements to be able to run a mainnet node?”
Not planned at the moment
“Does treasury have an open API? If so, is there any documentation available to build on top of it? If not, is there any plan to make one?”
Yes there is an open API, the authentication is based on messages signed by your wallet. We will release documentation as part of our general COTI documentation project.
“Will Node holders be able to earn “dynamic” fees instead of the standard 3750 (30% on 150k) COTI per month when MultiDAg 2.0 is live? Some node holders (like @fireflight for example) provide a lot of value like tools, websites etc and yet cant benefit from the amount of extra people using their node etc. I think node holders should be incentivized for providing good security, tools, maintenance and the like and I feel this is lacking currently and should be discussed further. I’m assuming you guys have some plans to improve this?”
“Please elaborate upon COTI’s position and plans regarding mainnet node decentralization.”
Let me answer Jay [CERP] and GeordieR. Both questions are related to the node holders.
In the near future our plans to decentralize nodes and we will update very soon on new nodes that are candidates to be decentralized back to their owners. Once a community member receives his full node to his ownership he can change the fee as he wants to offer a competitive price.
Part of the governance token distribution plans take into consideration the node operators and everyone that supported the network and provided tools, bots and services to the COTI ecosystem. We will elaborate more closer to the governance token announcement.
“How far is the team with longer staking periods in the Treasury? Just a rough idea as I have been holding back staking more for now.”
We have plans to extend the lock period, we will gather data about what additional time period the community wants us to add and act on those requests (implementation wise it’s not a bigy).
That is all the time we have today folks. Thank you everyone for these excellent questions, and thank you Yuval, Guy and Alex for answering them. We will share the AMA recap soon. If you have any further questions feel free to send them here 😃 Have a great day! 👋
Glad to have this chance to talk with the community! #staycoti
Thank you everyone!
Thank you for your questions, looking forward for future AMAs. #stayCOTI 🤟