Why is Nxt decentralized Multigateway safer than any other centralized gateway? (by: jl777)

Server redundancy
In case of hardware failure, always remaining 2 servers provide ability to release funds.
jl777: Server redundancy is quite a benefit, especially when you consider blockchain forks. For a centralized gateway if their server (for any coin) goes on a fork, well, problems. With MGW, at least on the withdraw side everything comes to a stop. Granted response time isnt good, but I think stopping all withdraws until the fork is resolved is really the only practical solution and MGW design does this automatically. Also, MGW uses the blockchains as its database, thats pretty redundant.

More secure 
sile16: Potentially slightly better security. 2 hosts would have to be compromised, but assuming a hacker can compromise 1 host, and all 3 hosts are running the same OS, and MGW software then if he can find an other host whatever method worked on the first one would probably work on the second. As for finding the hosts, it seems like you could just crossreference all the IPs of BTC nodes as well as NXT nodes. However, if MGW was re-implemented 3 times by 3 different programers and secured (os, firewall, etc) 3 unique ways it could achieve significantly higher security.

jl777: Your assumption of "if he can find an other host whatever method worked on the first one would probably work on the second" is flawed. The three MGW hosts will be proving three different sets of operational security, each based on their own proprietary security procedures. Its not like there will be a magic incantation that opens all the pathways to the MGW private keys. Now even it there was, it wont be as simple as doing a sendmoney call as all the funds are in multisig accts. Maybe this is not a big issue, but also, there wont be a single large account, but lots of small accounts. So, this magical hacker needs to crack one server host then while undetected crack another MGW host, then deal with hundreds or thousands of accounts. All without being detected as once detected, everything can be shutdown. Now how exactly the hacker will even contact an MGW server externally is a mystery to me. In any case, MGW doesnt have to run faster than the bear, it just needs to be more secure than a centralized setup. I think a social engineering hack is the weakest link, but whatever the exposure the odds are P*P vs P, where P is the probability of being cracked. Add to that the difficulty of multisig tx, add to that the lack of a centralized account. Whatever those factors are, call it X factor we have MGW being (X / P) more secure. So, if odds of one facility being cracked are .001 and X factor is 5, MGW is 5000 times more secure.

Other benefits

Open

MGW is open. Meaning anybody can do a realtime audit on all the account balances and compare against the outstanding assets. In fact, the MGW client does this when configured with bitcoin-qt. I dont know of any centralized gateway that lets you verify they have 100% backing. Fractional reserve is always a tempting thing, but with MGW it is not possible. This is something that you overlook and I think could be one of the most powerful MGW advantages. You dont have to trust the issuer to not do fractional reserve, it is all there on the blockchain and the MGW clients can monitor this block by block. So in this most important sense, MGW is trustless. Realtime verification of unspent reserves.

Secure
MGW is thousands of times more secure than centralized gateways. MGW does NOT require trust that it has 100% reserve. MGW has lower target appeal due to no central wallet and multisig. MGW utilizes blockchain redundancy for its state data and is more immune to blockchain forks. MGW is monitored by all independent nodes running the MGW client (which is 95% the same code as MGW server) to obtain realtime verification of all MGW operations, eg. deposits and withdraws.

Now a totally blockchain solution is of course theoretically much more desirable, but I am not smart enough to figure out how to do it. The fundamental problem is "where are the private keys". If you can figure out how to store the private keys on the blockchain without allowing anybody to just empty the accounts, then let me know and I will implement it. To my knowledge, MGW is far and away the most secure gateway solution with the least trust required of any gateway in existence.

Basically, technically it is the best. The bottomline is users have to use either a centralized exchange, a centralized gateway or MGW. Well, OK, I guess people can use NXTsubatomic/NXTatomic and not have to deposit their bitcoins anywhere. Maybe for people like you that seem to want to eliminate all third party risk, that is the way to go. I do understand your point of view. So the best gateway is no gateway at all.

James
Source: https://nxtforum.org/nxtservices-releases/how-to-test-multigateway-with-nxtservices-a-test-user-guide/msg64364/#msg64364