NexusAccessLinks / Specifications
Nexus Market Specifications and Architecture
Technical specifications of the Nexus Market infrastructure: onion service parameters, escrow protocol, anti-phishing scheme, supported currencies, security model.
Onion Service Layer
| Parameter | Value |
|---|---|
| Onion version | v3 (RFC-compatible) |
| Address length | 56 characters base32 |
| Key algorithm | ed25519 |
| Forward secrecy | Yes (per-circuit) |
| V2 fallback | None |
| Mirror count | 3 public + 2 leaked = 5 total |
| Mirror back-end | Single shared back-end |
| Rotation cadence | On-demand (DoS-driven) |
Escrow Protocol
| Parameter | Value |
|---|---|
| Default escrow | 2-of-3 multisig |
| Key holders | Buyer, vendor, market |
| Signatures required to release | 2 |
| Wallet format | PSBT / script-pay |
| Standard escrow option | Available (single-sig) |
| FE option | Vetted vendors only |
| Auto-finalize window | Configurable per category |
| Dispute resolution | Staff-mediated, signed by prevailing party |
Anti-Phishing: Fingerprint Captcha
The Nexus Market login captcha image carries the canonical onion fingerprint baked into the pixels using a steganographic encoding signed by the operator key. The encoding is deterministic for a given address-key pair, which means the same address always produces the same captcha layout.
A phishing clone running on a different onion cannot regenerate a captcha that matches its own URL bar because the encoding requires the operator private key, which the phisher does not have. The clone either ships a captcha with the wrong embedded fingerprint, omits the fingerprint entirely, or replaces the captcha system with a generic form. All three patterns are visible to a user who checks before logging in.
Supported Currencies
| Currency | Symbol | Typical Confirmation | Privacy |
|---|---|---|---|
| Bitcoin | BTC | 1-3 confirmations (~30-60 min) | Pseudonymous, traceable |
| Monero | XMR | ~10 blocks (~20 min) | Private by default |
| Litecoin | LTC | 2-6 confirmations (~15-25 min) | Pseudonymous, traceable |
Security Model
The Nexus Market threat model assumes the marketplace itself can be compromised. Multisig escrow ensures that a single-side compromise (just the market, just one vendor) cannot release buyer funds. PGP-encrypted shipping addresses ensure that a database leak does not expose buyer geography. The fingerprint captcha ensures that phishing clones cannot impersonate the marketplace without breaking the captcha first.
The model assumes the operator does not retain server logs beyond twenty-four hours, an operational policy that cannot be cryptographically verified from outside but is consistent with the marketplace's other choices.
Tor Circuit Considerations
Each mirror lives on a separate Tor circuit. When Nexus rotates a mirror, the new onion uses a fresh ed25519 keypair and is published on different rendezvous points in the Tor directory. This separation means that an attacker who manages to compromise one mirror's network position does not automatically gain visibility into traffic for the other mirrors.
Tor Browser opens an isolated circuit per onion service by default. Visiting two mirrors in two tabs from the same browser uses two different exit-side paths through the Tor network, which reduces the linkability that would otherwise come from a shared circuit pattern.
Wallet Compatibility for Multisig
The 2-of-3 multisig protocol on Nexus uses standard Bitcoin script formats (P2SH-wrapped multisig for BTC, native Monero multisig for XMR). Any wallet that supports PSBT for BTC or the official Monero multisig flow for XMR will work. Sparrow Wallet, Electrum, and Bitcoin Core are tested-compatible for BTC; Feather Wallet and the official Monero GUI are tested-compatible for XMR.
For users on mobile, multisig wallet support is thinner. Most mobile wallets handle receive addresses fine but stumble on PSBT signing. The recommendation is to keep multisig signing on a desktop wallet even if the rest of the buyer workflow runs on mobile.