I think it's good to start not to start with half a million BTCD 
It's a young crypto, and imperfections can be expected. Still quite a value - and a good show of confidence... could even be raised over time.
Maybe it would make sense to allow a period where the bounty-winner can sell their stake, before it's announced - because else they might lose value.
The "find out more information check here" link is not awfully rich in specific information though, maybe more detailed rules could be listed.
Anyways, to the topic: I've read some documents about how it's supposed to work. But I still don't get how the Mantissa attack is prevented. Say, that I send 2354 BTCD, then even if they're split up on the way, they should still arrive at the destination at that amount in the end. Can't someone just match where it goes out, and where it goes in? With the current volume of transactions that seems nearly trivial. Unless the delays are substantial... lets say two days or so.
Assuming that we have telepods for 1000, 1000, 300, 50, 1, 1, 1, 1 = 2354 total It's a young crypto, and imperfections can be expected. Still quite a value - and a good show of confidence... could even be raised over time.Maybe it would make sense to allow a period where the bounty-winner can sell their stake, before it's announced - because else they might lose value.
The "find out more information check here" link is not awfully rich in specific information though, maybe more detailed rules could be listed.
Anyways, to the topic: I've read some documents about how it's supposed to work. But I still don't get how the Mantissa attack is prevented. Say, that I send 2354 BTCD, then even if they're split up on the way, they should still arrive at the destination at that amount in the end. Can't someone just match where it goes out, and where it goes in? With the current volume of transactions that seems nearly trivial. Unless the delays are substantial... lets say two days or so.
Using telepathic transfer, these telepods are sent to dead drop addresses that nobody actually controls
However, the destination account was able to decrypt them in transit through the DHT routing process
At this point, both parties have copies of the telepod and it is arguable who actually controls it. In some sense it exists in both places at once. Of course to eliminate the risk of the sender simply spending the 2354 BTCD, the destination clones them into new telepods. So on the blockchain you will see spends of 1, 50, 1, 1000, 300, 1, 1000, 1 over the next hour to ?? amount of time.
Clearly if these were the only transaction, it could be for just 1 BTCD and we would know the source and destination acct. However, even in that case WHO did the sending and receiving? Short of either party announcing that they just did a tx, the telepods are onetime addresses to onetime addresses. With telepathic transfer you can even announce that you received a telepod at a specific time, but as long as you wait until there are other similar denomination clonings to make yours, even by announcing a specific denomination at a specific time, there is no way to tell which telepod you control.
Now imagine an hour window of cloning and ten transactions of similar amounts. But can we really assume a one hour window? What if some people set it for 4 hours or even the whole weekend because they were in no hurry? Do we even know which tx for 1, 50, 300 and 1000 are the possible tx?
So there is doubt as to who the sender is, who the recipient is and even which specific tx make up the total. And this is if the specific amount of the tx is known.
With the IP address shielded and the temporal mixing, the anon set scales the more transactions. Once there are hundreds of tx per hour, then I just dont see how any meaningful correlations can be done. So far there have been no actual issues that have been identified and this is after months of being disclosed along with the source code.
The entry/exit into the Teleport system is the vulnerability, but I have a cool solution for this in the works. I just want to get the internals solid. All the other anon solutions are working on anonymizing the blockchain, what I have done is anonymize the IP and timing. Since both are needed to deanonymize, either approach is equally valid.
James
