Topic: [ANN][SUPERCOIN] Unique Most Advanced Anonymous Trustless Multisig Technology - page 161. (Read 288838 times)
August 18, 2014, 08:45:28 PM
August 18, 2014, 08:43:54 PM
August 18, 2014, 08:36:59 PM
Buy orders are getting stronger, pretty interesting.
August 18, 2014, 08:27:58 PM
I added some Q&As in the Dev's Corner (2nd post after OP). As I heard there are some fuds on the Supercoin recently, some people who have no knowledge at all on multisig are attacking Supercoin's multisig technology.
By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.
The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.
Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.
With this, here are the Q&As (I added it to Dev's Corner too).
[snip...]
By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.
The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.
Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.
With this, here are the Q&As (I added it to Dev's Corner too).
[snip...]
Very nice! I like you dev!
August 18, 2014, 08:22:13 PM
I added some Q&As in the Dev's Corner (2nd post after OP). As I heard there are some fuds on the Supercoin recently, some people who have no knowledge at all on multisig are attacking Supercoin's multisig technology.
By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.
The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.
Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.
With this, here are the Q&As (I added it to Dev's Corner too).
Q1: Since in normal case, Guarantor does not participate in transaction, why we still need it?
A: Guarantor is needed in case of dispute. For example, Mixer claims he sent the coins to destination, while Sender claims he does not see it. At this time, Guarantor is the one to decide whether to distribute the escrow fund as if the transaction completed, or the transaction cancelled.
Q2: Is Supersend with trustless system going to be slower than SuperSend Mixer (phase-1)?
A: In our testing it is pretty fast, the anonymous p2p trustless transaction usually takes 20-40 seconds to complete. But since there are several transactions during the process, it will be a little slower than the SuperSend with centralized mixers.
Q3: Is there a fee to use trustless anonymous system?
A: Yes. The service fee is 1% or 0.5 SUPER, whichever is bigger. The service fee will be shared equally by Mixer and Guarantor.
Q4: If you only use 1 mixer and 1 guarantor, what if I have so many nodes that I can send you a modified multisig transactions that actually sends the coin to another address instead?
A: First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. Also, the system does broadcast any messages. Messages are point-2-point and not broadcasted.
Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has any way to get the message and know the id of transactions etc at all. So other nodes can can not forge messages.
Q5: If sender is only sending it to the mixer and then to the receiver, I can just analyze within X blocks for the same amount of coins and I will have a pretty high confidence level that the transaction belongs to the sender/receiver, especially if the amount is pretty unique?
A: You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do and we probably will do it in the next few releases.
Q6: The Guarantor is being trusted to do arbitration between the Sender and the Mixer. Therefore, given the nature of 2-of-3 multisig transactions, the Guarantor and the Mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the Sender out of luck and out of funds?
A: Yes this is true. However, the system assumes most people are good people. In any system, if majority are bad, then you can't do much, except to have a centralized trust system. This is similar to cryptocoin, if >50% are bad, then they will take over.
This is the same as in trustless distributed marketplace OpenBazaar (https://openbazaar.org/) did. In this system, there are Buyer, Seller and Arbitrator. If both Buyer and Arbitrator are bad (and coordinated), then you can't do much. They published a nice paper to describe this system (https://gist.github.com/dionyziz/e3b296861175e0ebea4b)
Q7: SuperSend Tustless uses TxIDs? With malleability what if the TxID changed?
A: Malleability mainly caused by multiple possible signature format that is in the TxID. This issue mostly fixed in Bitcoin 0.9.0 by restrict to one "standard" format and not replaying any mutated transactions. This basically fixed the problem.
Moreover, we don't need to transfer TxID per se. Our purpose in the algorithm is to verify whether all deposits made correctly, and whether Mixer actually sent the amount to the distinations. There are ways to do this without using TxIDs. strasboug in this thread proposed some solutions:
https://bitcointalksearch.org/topic/supercoins-supersend-technology-the-true-p2p-decentralized-trustless-system-734578
Since escrow is on the multisig address, and multisig address is broadcasted to all the related parties. Each party can verify the deposits by looking at the input on that address. For Mixer's sent tx it is also easy to verify based on the transaction after a given timestamp, and with Mixer's send wallet address. The solution is does not depend on TxIDs.
Last point I want to make on this is, even if in some very rare case (0.1%?, 0.01%? 0.001%?) the TxID changed, the worst is that the send transaction fails, all fund will be refunded to each party, there will be nothing lost.
Q8: Not all possible malleability vectors are "fixed" in 0.9.0, so transactions are still quite malleable and the transaction ID can still change. What do you do?
A: As said above, TxIDs are not mandatory in the solution. There are other ways to do it. In the first release we use TxIDs, we will possibly switch to non-TxID solutions.
BTW, if you are telling me that Bitcoin is still very vulnerable, I agree. However, we here do not try to beat Bitcoin. If people can still steal Bitcoin with malleability, then they can steal any cryptocoins, SUPER included. I won't feel bad on that at all. This is not related to trustless system, even with rare malleability not yet fixed by Bitcoin, all parties participating trustless transaction will not lose anything.
By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.
The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.
Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.
With this, here are the Q&As (I added it to Dev's Corner too).
Q1: Since in normal case, Guarantor does not participate in transaction, why we still need it?
A: Guarantor is needed in case of dispute. For example, Mixer claims he sent the coins to destination, while Sender claims he does not see it. At this time, Guarantor is the one to decide whether to distribute the escrow fund as if the transaction completed, or the transaction cancelled.
Q2: Is Supersend with trustless system going to be slower than SuperSend Mixer (phase-1)?
A: In our testing it is pretty fast, the anonymous p2p trustless transaction usually takes 20-40 seconds to complete. But since there are several transactions during the process, it will be a little slower than the SuperSend with centralized mixers.
Q3: Is there a fee to use trustless anonymous system?
A: Yes. The service fee is 1% or 0.5 SUPER, whichever is bigger. The service fee will be shared equally by Mixer and Guarantor.
Q4: If you only use 1 mixer and 1 guarantor, what if I have so many nodes that I can send you a modified multisig transactions that actually sends the coin to another address instead?
A: First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. Also, the system does broadcast any messages. Messages are point-2-point and not broadcasted.
Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has any way to get the message and know the id of transactions etc at all. So other nodes can can not forge messages.
Q5: If sender is only sending it to the mixer and then to the receiver, I can just analyze within X blocks for the same amount of coins and I will have a pretty high confidence level that the transaction belongs to the sender/receiver, especially if the amount is pretty unique?
A: You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do and we probably will do it in the next few releases.
Q6: The Guarantor is being trusted to do arbitration between the Sender and the Mixer. Therefore, given the nature of 2-of-3 multisig transactions, the Guarantor and the Mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the Sender out of luck and out of funds?
A: Yes this is true. However, the system assumes most people are good people. In any system, if majority are bad, then you can't do much, except to have a centralized trust system. This is similar to cryptocoin, if >50% are bad, then they will take over.
This is the same as in trustless distributed marketplace OpenBazaar (https://openbazaar.org/) did. In this system, there are Buyer, Seller and Arbitrator. If both Buyer and Arbitrator are bad (and coordinated), then you can't do much. They published a nice paper to describe this system (https://gist.github.com/dionyziz/e3b296861175e0ebea4b)
Q7: SuperSend Tustless uses TxIDs? With malleability what if the TxID changed?
A: Malleability mainly caused by multiple possible signature format that is in the TxID. This issue mostly fixed in Bitcoin 0.9.0 by restrict to one "standard" format and not replaying any mutated transactions. This basically fixed the problem.
Moreover, we don't need to transfer TxID per se. Our purpose in the algorithm is to verify whether all deposits made correctly, and whether Mixer actually sent the amount to the distinations. There are ways to do this without using TxIDs. strasboug in this thread proposed some solutions:
https://bitcointalksearch.org/topic/supercoins-supersend-technology-the-true-p2p-decentralized-trustless-system-734578
Since escrow is on the multisig address, and multisig address is broadcasted to all the related parties. Each party can verify the deposits by looking at the input on that address. For Mixer's sent tx it is also easy to verify based on the transaction after a given timestamp, and with Mixer's send wallet address. The solution is does not depend on TxIDs.
Last point I want to make on this is, even if in some very rare case (0.1%?, 0.01%? 0.001%?) the TxID changed, the worst is that the send transaction fails, all fund will be refunded to each party, there will be nothing lost.
Q8: Not all possible malleability vectors are "fixed" in 0.9.0, so transactions are still quite malleable and the transaction ID can still change. What do you do?
A: As said above, TxIDs are not mandatory in the solution. There are other ways to do it. In the first release we use TxIDs, we will possibly switch to non-TxID solutions.
BTW, if you are telling me that Bitcoin is still very vulnerable, I agree. However, we here do not try to beat Bitcoin. If people can still steal Bitcoin with malleability, then they can steal any cryptocoins, SUPER included. I won't feel bad on that at all. This is not related to trustless system, even with rare malleability not yet fixed by Bitcoin, all parties participating trustless transaction will not lose anything.
August 18, 2014, 08:09:19 PM
Not surprised that the dev delivers as usual! Good job!
https://twitter.com/yurimir12/statuses/501510831075364864
retwitt pls!
You forgot the previous alpha test on Mammoth network, running smooth on both it seems!
No, all published history
http://www.reddit.com/r/mammothcoin
August 18, 2014, 07:42:05 PM
Not surprised that the dev delivers as usual! Good job!
https://twitter.com/yurimir12/statuses/501510831075364864
retwitt pls!
You forgot the previous alpha test on Mammoth network, running smooth on both it seems!
August 18, 2014, 07:34:28 PM
Not surprised that the dev delivers as usual! Good job!
https://twitter.com/yurimir12/statuses/501510831075364864
retwitt pls!
August 18, 2014, 07:23:21 PM
Question regarding SuperSend Trustless.
If I have 1000 SUPER and want to send ALL of it to someone via trustless anon. Is that possible?
Or can only 50% (minus fee) of what you have can be send via trustless anon? (due to escrow)
If I have 1000 SUPER and want to send ALL of it to someone via trustless anon. Is that possible?
Or can only 50% (minus fee) of what you have can be send via trustless anon? (due to escrow)
Good question.
August 18, 2014, 07:23:13 PM
So, when can we expect a (private) audit of the "trustless" part of this coin? 
I want to know for sure that it's trustless anonymous.
it's well documented here I want to know for sure that it's trustless anonymous.
https://bitcointalksearch.org/topic/m.8324932
You can also join tests and you can see your self.
We need 3rd party audit, if you we wanna see 500btc + volume
True and just to be 1000℅ sure
Guys (Supercointeam and Supercoindev), make sure this is done, this seems to be very important to attract new investors since the FUD we had last night.
3rd Party Audit let's go!
Yup Mammoth and Super should get 3rd party to test it, so nobody can bitch about it
August 18, 2014, 06:57:47 PM
Question regarding SuperSend Trustless.
If I have 1000 SUPER and want to send ALL of it to someone via trustless anon. Is that possible?
Or can only 50% (minus fee) of what you have can be send via trustless anon? (due to escrow)
If I have 1000 SUPER and want to send ALL of it to someone via trustless anon. Is that possible?
Or can only 50% (minus fee) of what you have can be send via trustless anon? (due to escrow)
August 18, 2014, 06:33:46 PM
August 18, 2014, 06:19:16 PM
Pretty amazing stuff...
Excuse me while I put on my spacesuit & get into my shuttle
Excuse me while I put on my spacesuit & get into my shuttle
August 18, 2014, 06:15:44 PM
Supercoin is a gem in the crypto world.
The devs will polish it to perfection and it will shine like a diamond
The future is very bright.
The devs will polish it to perfection and it will shine like a diamond
The future is very bright.
August 18, 2014, 06:09:35 PM
So, when can we expect a (private) audit of the "trustless" part of this coin?
I want to know for sure that it's trustless anonymous.
it's well documented here I want to know for sure that it's trustless anonymous.
https://bitcointalksearch.org/topic/m.8324932
You can also join tests and you can see your self.
We need 3rd party audit, if you we wanna see 500btc + volume
True and just to be 1000℅ sure
Guys (Supercointeam and Supercoindev), make sure this is done, this seems to be very important to attract new investors since the FUD we had last night.
3rd Party Audit let's go!
August 18, 2014, 06:06:02 PM
Great job dev team, as always!
August 18, 2014, 05:44:14 PM
Good Job Dev!
+1
Things continue to get better and better!
Go Super!
August 18, 2014, 05:42:43 PM
Good Job Dev!
August 18, 2014, 05:40:28 PM
So, when can we expect a (private) audit of the "trustless" part of this coin?
I want to know for sure that it's trustless anonymous.
it's well documented here I want to know for sure that it's trustless anonymous.
https://bitcointalksearch.org/topic/m.8324932
You can also join tests and you can see your self.
We need 3rd party audit, if you we wanna see 500btc + volume
True and just to be 1000℅ sure
August 18, 2014, 05:37:51 PM
So, when can we expect a (private) audit of the "trustless" part of this coin?
I want to know for sure that it's trustless anonymous.
it's well documented here I want to know for sure that it's trustless anonymous.
https://bitcointalksearch.org/topic/m.8324932
You can also join tests and you can see your self.
We need 3rd party audit, if you we wanna see 500btc + volume
Jump to: