Topic: Supercoin is fundamentally broken - read why inside and save yourself money - page 2. (Read 3632 times)

BEEEEEP, wrong!

Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will.

Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation.

Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working?

BEEEEEP, wrong!

Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will.

Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation.

Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working?

Ok I personally had to disturbed our dev during this hardworking time and he took time to answer me. I don't really get the XC/Supercoin "war" (from both sides) and I won't go any further than posting this because my specialty is finance, not tech.



/closethread

I'm confused then why supercoin "supporters" are spreading FUD and lies about coins with working anon tech like XC... when their own tech is broken  

the malleability issue is fixed in bitcoin 0.9.0, this is not an issue. The worst scenario is that the p2p trustless transaction will not go through, no one will lose any coins.

btw, strasboug replied the questions. I think overall his views are correct. This is not an issue, and even txid can change in very rare cases (supposely already fixed in bitcoin 0.9), the only consequence it will cause the anonymous send to fail, and coins return to everyone's original accts. It's like a failed tx in p2p marketplace, that's nothing strange to it. Also there are several ways the tx verification can be done (not always need txid) as pointed out by strasboug.

We are a small team, we don't have time to go all over the places. We don't act aggressively. So don't expect all opinions in favor of us. But fact is fact, it will not change, and people ultimately will understand.

Thanks.

its outdated tech, I dont expect much of it and it corresponds exactly to Super's pathetic market cap.

Really surprised no-one from supercoin is addressing the tx id issue.

Guess the devs just don't care? Have they not even acknowledged this fundamental flaw?

Be patient man, you posted questions for a few mins, and you expect dev waiting there watching for questions all the time?

Let me answer your questions here:

1. First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. The system does broadcast any messages. Messages are point-2-point and not broadcasted.

Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has no way to get the message and know the id of transactions etc at all. So what you described the scenario is not valid.

2. You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do.

Thanks for quoting me:)

There was a lot of push-back in that thread, which surprised me as strasboug seemed quite logical in his thread denouncing Cloakcoin's PoSA as not being trustless. I couldn't understand how he could accurately describe Cloakcoin's system as not being trustless, and then think that a system that only requires 2 parties to collude is somehow "trustless".

Look, cryptography is VERY, VERY hard to get right. I've got a reasonable grasp of it and I would NOT attempt to invent new cryptography that didn't simply build on the foundations others have left. I notice a lot of hero worship in this part of the forum - "the dev said X" or "the dev promised Y" and everyone accepts that. Cryptographers (real ones) don't push out code until they've pushed out papers and completely opened their ideas up for discussion. More importantly, those cryptographers are also able to accept where they're wrong. There is NOTHING wrong with being flat out wrong about an idea...but when you stick with the idea in spite of it being bad, that's a dangerous road to drive.

Nothing is flawless, but this is YOUR MONEY. Expect and demand good and cryptographically sound solutions - fewer pictures, more maths in a "whitepaper"!

Why would i be invested in a known scam coin to begin with ?

Read this comment on Supercoin by fluffypony, one of the Monero devs, who explains why n-of-m multisig used in Supercoin is not safe:

"The "guarantor" is being trusted to do arbitration between the sender and the mixer. Therefore, given the nature of 2-of-3 multisig transactions, the guarantor and the mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the sender out of luck and out of funds."

Also, read this, why using the txid to do mixing in Supercoin is not safe:

"Even worse - the workflow is based on the txid and verifying the txid. Have we not learnt by now that the txid can change? How do you people not understand that this was the very thing that mtgox blamed for their destruction?

The issue here is relying on the txid, when malleability has shown that the txid can change. This so-called "trustless system" relies on txid's to confirm transactions in an automated fashion. That is bad, stupid, and fundamentally broken."

Be careful not to fall for new shady coins promising the earth and screaming FUD at more established coins.

TOR DEPENDED POOR COIN  CERTAINLY NOT TRUSTLESS
They cheated people like they are trustless they dont haven even multisig address