The supercoin's trustless approach is similar to that used by OpenBazaar ( https://openbazaar.org/). This is a sound approach for trustless system and I'd consider it as "standard". BTW, I don't know if there exist any other system that is sound for making a trustless system. this is true. Another point is that the malleability issue is caused by malformed signature in transaction, while a simple check to disallow it will fix the issue. this problem already fixed in BTC 0.9. I don't think this is an issue for multisig based trustless system. Yes OpenBazaar used exact the same tech for their distributed marketplace. There's a youtube talking about it. |
|
|
|
Yes this is right. The trustless system we talk here has nothing to do with two-generals problem. Communications have no problem, the problem is that how to prevent any node from doing bad things (i.e. steal coins).
Actually no, the "guarantor" is only involved in the act of sending coins, which is a "communication" in the context of the Two General's problem. The "guarantor" is being trusted to do arbitration between the sender and the mixer. Therefore, given the nature of 2-of-3 multisig transactions, the guarantor and the mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the sender out of luck and out of funds. Even worse - the workflow is based on the txid and verifying the txid. Have we not learnt by now that the txid can change? How do you people not understand that this was the very thing that mtgox blamed for their destruction? In fact, if there was ever a clearer indication that the idiot "developer" that designed this system should stick to something less complicated, Satoshi Nakamoto himself wrote a seminal post in December 2010 explaining why this is a bad idea, so it's not like this is a novel and unknown thing: Transactions are dynamic. Past transactions can become unconfirmed, go away and come back, become invalid and disappear, or be replaced by a different double-spend. Their date can change, their order can change.
Programmers are naturally inclined to want to use listtransactions like this: feed me the new transactions since I last asked, and I'll keep my own tally or static record of them. This will seem to work in all regular use, but if you use the amounts for anything, it is highly exploitable:
1) How do you know if a past transaction becomes invalid and disappears?
2) When there's a block-chain reorg, it would be easy to double-count transactions when they get confirmed again.
3) A transaction can be replaced by a double-spend with a different txid. You would count both spends.
This is not a trustless system, this is a trivially broken, fundamentally flawed system. Praising it as anything but an idiotic idea merely reduces your own credibility. Again, the guarantor is not a communicator in the two general's problem. 1. All communications are signed and verified. There's no fake messages there. Also all messages are point-to-point. 2. All related deposits etc are independently verified by all parties. Posting a fake one does not go anywhere. I don't think you understand the system at all. What you described is a coordinated attack. If 2 out of 3 are cheaters, then you have no way to prevent the cheating. Like in coin system, is you have 51%, you do whatever you want. You verify the past transaction by its confirmations. Of course if the whole network is bad, you can't do anything. This is the same that BTC transaction confirmed 6 times, but can still go bad. Please don't mix the problems here. The blockchain re-org is a normal problem, even a transaction in btc confirmed 100 times can still go wrong. The trustless system is not trying to solve this issue. The trustless system is not for everything you want to mix here. It is a clearly defined one. If you don't understand what it is, then read it again. |
|
|
|
This algorithm will prevent cheating if one of the 3 nodes is bad, or no-2 nodes are in coordinated cheating.
If two out of 3 nodes are from the same cheater or same cheating organization, then you can't do anything with p2p decentralized trustless system. Use a centralized trust system instead.
Of course you can. Your consensus system can be designed around consensus, this is the very nature of Bitcoin - if 2 nodes cheat on the Bitcoin network, they get rejected as outliers. You've literally described a system that requires you to trust that there's not collusion between 2 parties, that is not a trustless system, which is a twist of irony given that you called that other piece of junk out as not being trustless. There is no Byzantine fault tolerance with this system, which is the very problem Bitcoin solves. You're trying to solve this problem: http://en.wikipedia.org/wiki/Two_Generals'_Problem - but the described system does not do so. We are talking two complete different things. The 2 nodes cheat in bitcoin will get rejected, is because 2 as compared to 100000 of the network. It is not the 2 in the sense of a transaction involving 3 parties. You completely messed up the concepts. The trustless system here, is to ensure the randomly selected parties will collaborate, and avoid cheating. The mini-escrow scheme by multisig tx accomplished perfectly this. The system does not require any inherent trusts there. BTW, this has nothing to do at all with the two-generals' problem. All communications here are point-2-point and signed with each party's private key. The message is verified with sender's public key on arriving. So there's no message-tampering issue at all. |
|
|
|
Creating addresses are trival, but if the minuimum coin requirements is 10K coins, then a cheater can not make many fakes nodes. Transfer funds back and forth is not an option, as the validity of the service nodes can be checked periodically (and most likely when the receiving node process the message). Also it is likely just before the service request the fund balance can be checked.
What you said are non-issues and can be fully prevented by the algorithms. And supercoin did not state the concrete requirements for it, we can see when they publish them.
I agree. These are details that can be done to prevent fraud. I don't see any basic things that prevent us from secure the service node exchange step. Even if one of the two service nodes is a cheater node, it doesn't matter, everything will still work as planned. Among the 3 related nodes: sender, mixer and guarantor, as long as no 2 nodes are from the same cheating group, the transaction process will work perfectly. Well I'm not going to repeat what I said about increasing the barrier to entry and the knock-on effect of that. If it went over your head I completely understand. But again, as mentioned more than once, this is about cheating the system. A guarantor could collude with mixers - even offering it as a service - to screw the senders over. This isn't rocket science, guys. Again I don't think you get it, let me repeat what I said: "the whole idea is that most nodes are honest. If most nodes are bad, then you can't do anything whatsoever, and in which case the trusted centralized system is the only solution"This algorithm will prevent cheating if one of the 3 nodes is bad, or no-2 nodes are in coordinated cheating. If two out of 3 nodes are from the same cheater or same cheating organization, then you can't do anything with p2p decentralized trustless system. Use a centralized trust system instead. |
|
|
|
I read all the info published. Without multisig, I don't see a way of forceful situation in a p2p system. There's no restrictions to the middle nodes, you can't simply "expect" it to behave correctly  It is not the problem if we need to know how middle nodes work, it is the problem that if I put a fake node with same APIs but doing different things (e.g. steal coins or send coins to different places), how the system can prevent that? You can't simply expect people use the software you provide, otherwise that's too easy, there will be no cheaters, period. Cloak is in the middle of implementing a "block escrow" system that may share some similarities to a multi sig solution but is infact unique. Once in place there will be nothing that a "bad/fake/evil" node can do to act malicious during a send from A to B. This is because of the order of the posa tx, combined with the blockchain, will not allow corruption. PoSA will soon be entirely anon + trustless as we set out to achieve from day 1. Having any kind of risk that a corrupt node could interfere with a transaction was a genuine concern (of the Cloak team and others) and as such it's been dealt with accordingly. Good to know, and btw thanks to come to this thread and explain. Looking forward to see your "block escrow" system. But the multisig tech is there, of course you don't have to use it, but implementing some thing similar from scratch sounds stupid to me. This is like to say I don't want to use C++'s class, but I want to implement some structs to mimic the classes Node corruption or any kind of error handling in the middle of the transaction is a complex problem, I am looking forward to Supercoin's dev to publish their detailed algo, with their trustless system. But usually this has to be handled depending on the stage of the transaction. Again I see the power of 2-of-3 transactions (or in general m-of-n transaction), as this can be handled easily. |
|
|
|
Completely open to collusion. All you need is a significantly large number of nodes accepting requests to be guarantors, and since there's no barrier to entry this is trivial.
The barriers are minimum coin holding requirements. So a cheater can't have many nodes there. Also, the whole idea is that most nodes are honest. If most nodes are bad, then you can't do anything whatsoever, and in which case the trusted centralized system is the only solution. Moreover, guarantor doesn't do much, guarantor only gets involved if there's a disagreement between sender and mixer. If there's no disagreement (as should be in most cases), guarantor does not even participate the decision on distribution. - "Among all the online coin clients, if some minimum requirements are met (e.g. with minimum amount of coins in the balance, and with minimum 2 addresses in the wallet, etc), the node will advertise itself as a service node." Creating two addresses is trivial, and even if you use address signing to verify a balance it's trivial to move funds out and into another address to advertise that node, and then bounce it back again. Sybil attacks aren't prevented by these minimum requirements, and higher the requirements just created a high barrier to entry for a "service node", and thus a reason for those running service nodes to knock others off the network. Creating addresses are trival, but if the minuimum coin requirements is 10K coins, then a cheater can not make many fakes nodes. Transfer funds back and forth is not an option, as the validity of the service nodes can be checked periodically (and most likely when the receiving node process the message). Also it is likely just before the service request the fund balance can be checked. What you said are non-issues and can be fully prevented by the algorithms. And supercoin did not state the concrete requirements for it, we can see when they publish them. |
|
|
|
Happy to see you guys discussing here. I am fine with discussing but I am not fine with seeing only one site here. Cloak has to prove that Escrow and POSA works in V2 which is expected this week. After this they want to review everything by trustful Auditors. Thats the most they can do isn't it? After that comes the Open Source, but which is at this moment dangerous because of copying, I am right there too? Correct me if I am not please happy to discuss. Next thing I read here is not fast enough. Therefore please everyone check out my thread: https://bitcointalk.org/index.php?topic=714803.msg8296447#msg8296447 I tried to show the development of Cloak over the last 2 weeks. Only facts and community stuff. I didn't quote any rumor or fud. Cheers! People asked bunch of questions above, and never seen the reply. For Cloakcoin, there is no forceful way to keep the middle nodes to behave correctly, they can do whatever they want basically, thus easy to cheat. The system will work only if the middle nodes will corporate, but there are no reasons for them to do so, in a trustless system. Ok I am not a Developer to say in the begining. But now you say it is not possible, but how can you say that without seeing the code and everything because it is not Open Source? What if your knowledge (no offense please but critical thinking please! ) is not enough to understand what these guys (Developers) are doing. As I said I am happy to discuss. But how can anyone not beeing the developer saying at the moment that the system don't work? I just want people to see both sites, people who think its not working and people who think it is working. When I understand you right you say we will never know what they doing with the middle nodes created to create the annon feature right? Question here: Do we need to know? I mean if my money comes from a to b and no one can trace it isnt that enough? I read all the info published. Without multisig, I don't see a way of forceful situation in a p2p system. There's no restrictions to the middle nodes, you can't simply "expect" it to behave correctly It is not the problem if we need to know how middle nodes work, it is the problem that if I put a fake node with same APIs but doing different things (e.g. steal coins or send coins to different places), how the system can prevent that? You can't simply expect people use the software you provide, otherwise that's too easy, there will be no cheaters, period. |
|
|
|
Completely open to collusion. All you need is a significantly large number of nodes accepting requests to be guarantors, and since there's no barrier to entry this is trivial.
The barriers are minimum coin holding requirements. So a cheater can't have many nodes there. Also, the whole idea is that most nodes are honest. If most nodes are bad, then you can't do anything whatsoever, and in which case the trusted centralized system is the only solution. Moreover, guarantor doesn't do much, guarantor only gets involved if there's a disagreement between sender and mixer. If there's no disagreement (as should be in most cases), guarantor does not even participate the decision on distribution. |
|
|
|
Ok so What defines a Bad Altcoin ?
i want you all to say what YOU think so the guys making the coins see what YOU say.
this is not a spring board for me to attack on some coins or something.
i intend on keeping out of it if i can lol
for me it just means a useless coin that does not fit a solid attempt at dethroning Bitcoin.
or at the very least a solid sincere attempt at being better than what is around..
for example i chose to support Jackpotcoin because when it was released a couple months ago
it was the best of the newer coins i figured and i seen it had some new features that were actually a step in the right direction for crypto.
the idea of using two separate Algo for POS and POW was a great idea !
and i wanted to pick the least worst coin to support pretty much.
anyway i thought it would be good for us to put it all on the table and talk about it !
like is a coin with scam code put in it any worse than a pure clone or a coin with just enough changes to say "it's different"
..I see it as same shit different pile.. ALL BAD !
but.. at least if guys TRY and make their coins seem legit that is step up sort of.. rather than not even trying (with clones etc)
lets think about what the outsiders think of all this too guys..
I agree. I think a good alt coin will need to have something new, at least serve as an experimentation of the new technology, so we understand better the crypto coins. Unfortunately in the space of alt coins there are too many coins that are simply copy-cats, nothing new and dev premine big amount, either publicly or with some twisted way to hide the premine, then promote the coins and dump. Too many high flyers if you look carefully, there's nothing new, only pure hypes. I like Jackpotcoin too, it has many new technologies first invented in this coin, including a new hash algo, pow/pos separation, jackpot that accumulates over a period of time, and true randomness etc. It is a truly innovative coin. Also I like Supercoin, which is the first to have PoS super random block. Also it developed the first truly p2p decentralized trustless anonymous wallet (they just published parts of the whitepaper), with multisig technologies. It looks very promising. The problem today is people mainly blindly follow the promo, so those coins with nothing and rely only on promo and hype work. With more education of people, I hope they will understand which coins are good ones. |
|
|
|
Happy to see you guys discussing here. I am fine with discussing but I am not fine with seeing only one site here. Cloak has to prove that Escrow and POSA works in V2 which is expected this week. After this they want to review everything by trustful Auditors. Thats the most they can do isn't it? After that comes the Open Source, but which is at this moment dangerous because of copying, I am right there too? Correct me if I am not please happy to discuss. Next thing I read here is not fast enough. Therefore please everyone check out my thread: https://bitcointalk.org/index.php?topic=714803.msg8296447#msg8296447 I tried to show the development of Cloak over the last 2 weeks. Only facts and community stuff. I didn't quote any rumor or fud. Cheers! People asked bunch of questions above, and never seen the reply. For Cloakcoin, there is no forceful way to keep the middle nodes to behave correctly, they can do whatever they want basically, thus easy to cheat. The system will work only if the middle nodes will corporate, but there are no reasons for them to do so, in a trustless system. |
|
|
|
lol, premine most, then promo to the shit, hope some fools to buy in and give you some BTCs? The alt coin domain becomes really insane |
|
|
|
I read the recent whitepaper from SuperCoin's thread, it looks to me that this is the true p2p decentralized trustless system. I don't see problems there. I welcome anyone to point out defects of this system, so we can understand better the trustless system and how to implement it. I always believe that multisig tech is the only tech that will make the trustless system possible. And thanks to Supercoin dev, the trustless system is implemented and I am looking forward to testing it. Below is the original post by supercoindev for references: Here is the 2nd part of the whitepaper, which gives a high level in-depth view of the trustless algorithm we use. Please refer to the part 1 if you need to understand some terms. Part 1 is here: https://bitcointalk.org/index.php?topic=618552.msg8272890#msg8272890== The following diagram shows a high level description of the trustless system algorithm. It shows the “normal” case where everything goes as expected.  The next diagram shows the case where, after step 6, the Sender is not satisfied with the Mixer’s txid. This could happen if the Sender cannot verify Mixer’s transaction, or Mixer did not send enough funds to the destination. In which case Sender asks Guarantor to do the arbitration. The new scenario are marked in brown lines and explained in the diagram.  There are other possible scenarios, that we will describe in the next parts, where we will show details of the algorithm and steps. But from the above two cases you see why multisig is tightly linked with trustless system and how it creates a bonding among all parties where they have to follow the anonymous transfer rules. |
|
|
|
Supercoin posted some info on their trustless system, I am still looking for their detailed algorithm (which they will publish in a few days). But they clearly explained multisig and why need it. This looks promising. I think multisig is the only tech can be used to support trustless system, without it the trustless system would be impossible.
Read through the supercoin update and I have a few questions for you. What prevents the middle nodes from being bad actors? The sender randomly selects service nodes based on a list of 30 nodes he can control in his configuration file. What prevents the sender from controlling 2 of the 3 nodes? As far as I understand(I am not a developer, but this is an attempt to paraphrase the devs when they give us updates in IRC) In cloak, the entire blockchain is the escrow service to prevent bad actors. If coins dont make it to the reciever, the transaction doesnt occur. Please read their whitepaper 2nd part published on the supercoin thread. I think the logic is very clear: they set up an escrow, where sender will deposit his coins to send to the destination plus any fee required, then each party will deposit a fund for escrow. Then the parties will have to behave otherwise they may lose the fund in escrow. Very nice system. |
|
|
|
|
Supercoin posted some info on their trustless system, I am still looking for their detailed algorithm (which they will publish in a few days). But they clearly explained multisig and why need it. This looks promising. I think multisig is the only tech can be used to support trustless system, without it the trustless system would be impossible.
|
|
|
|
While I am writing the whitepaper, I think instead of publishing it all at once when I finish, I will post it in parts, every 2-3 days, so community will get more details about the algorithm we use and logistics behind it. It is also an education process so people will understand what is a trustless system and why we need it. So expect 3 parts to be posted in this thread. I will prepare a pdf file with all parts together (the formal whitepaper).
All questions are welcomed, though I may not have time to answer all the questions. Because I still need to do testing on the code and fix bugs, and add bells and whistles etc.
Below is the first part on the SuperSend Trustless system. I will try to publish the next part in 2-3 days, maybe Monday/Tuesday time frame. Next parts will describe the overview and details of the algorithm.
==
SuperSend Trustless is an advanced p2p completely decentralized anonymous system. It belongs to Coinjoin category of the anonymous wallet. In this system all nodes (clients) are equal; there are no centralized or special nodes that hold more info than others. The coin transfer happens with the help of middle nodes that are randomly chosen. Mini-escrow is used with multisig address and transactions to ensure all the parties behave according to the transfer rules. This is a complete trustless system. The system is designed in a forceful way for all parties to behave correctly. If any party tries to cheat, he will lose more than his gain in the cheat.
Among all the online coin clients, if some minimum requirements are met (e.g. with minimum amount of coins in the balance, and with minimum 2 addresses in the wallet, etc), the node will advertise itself as a service node. Other nodes receiving the advertisement will add it to their service node list. There’s a limit in the service node list for each client (currently limited at 30). Any client can turn off the advertisement, if it does not want to be a service node. To turn off the service node advertisement, user just need to put a line in the config file. A service node will receive certain fee for each service it performs. Node not want to be service node can still receive other node’s advertisement and use the anonymous service, as long as it pays the service fee.
SuperSend Trustless makes heavy use of multisig technology. The sender of the coin will choose randomly 2 middle service nodes from his service node list to help the anonymous transfer. Among the two nodes chosen, one provides mix service, and another provides guarantee service. Why need 2 nodes? Because if there are any disputes between sender and mixer, it is up to guarantor to make a final judgment and then distribute the fund in the escrow accordingly.
Mixer is the node to mix the coins with his own, and send to destination. It is possible to have multiple mixer nodes, so to further obfuscate the transfer. At the current implementation, we use a single mixer node.
Guarantor is the one who will make the final judgment if any dispute between sender and mixer. If everything goes on well, Guarantor’s job is just to create multisig address and multisig transactions. It will not be involved in the signing processes of the multisig transactions in normal cases. But if there are disputes, the Guarantor will decide, based on the facts of the existing transactions, the outcome of escrow distribution. Of course, Guarantor cannot decide alone, he has to coordinate with another party (see below for the signing of multisig transactions).
We use a 2-of-3 multisig address for escrow. What is a 2-of-3 multisig address? It is an address that is created based on 3 public keys, each from Sender, Mixer and Guarantor, respectively. Remember, Sender, Mixer and Guarantor each hold the corresponding private key of the public key. Anyone is free to deposit coins to the 2-of-3 address. But in order to spend any fund from the address (i.e. send to another address), the transaction needs to be signed using at least 2 out of 3 private keys. Since the private keys are in different nodes, different nodes must willing to sign the same transaction before it becomes valid. In another words, the coins in that address cannot be spent by anyone alone, at least two of them should agree before the money can be spent.
==
Good information. Looking forward to the algorithm. Clearly the supercoin dev understands very well the trustless system. I am curious to see the algorithms if there are any issues. But multisig is the only tech I think can support the trustless system. Some other coins claimed trustless but have no idea what they talk about |
|
|
|
Again, the dev of cloak does not understand what is a true trustless system.
They will get it right eventually. Have faith. Exactly. Have trust in them. lol.  Only promise does not mean much, many coins have promises... Way too many promises, and too little being done That's exactly the problem |
|
|
|
Again, the dev of cloak does not understand what is a true trustless system.
They will get it right eventually. Have faith. Yes I hope so, actually I am helping them to understand here, what are the issues they need to consider |
|
|
|
None of you know for certain what cloakcoin is capable of.
The devs have made promises of anonymity, not specifying the exact method in their whitepaper. I see nothing wrong with this. Maybe they are testing various methods and have not made a concrete decision. Who cares?
What's the point of this thread other than to spread your own fear, uncertainty, and doubt? Everyone in the game should know the risks of this game. But if cloak is able to deliver, then these risks are worth it. If not, the world keeps spinning. If you dont believe in cloak and youre not invested in it, you have nothing to lose so why bother making this thread? Are you afraid of this coin destroying the coins you're invested in?
All that is described is very clear, don't dream some fictitious stuff that cloakcoin "is capable of", this does not mean anything. The key here is there is no forceful way to keep the middle nodes to behave correctly, they can do whatever they want basically, thus easy to cheat. The system will work only if the middle nodes will corporate, but there are no reasons for them to do so, in a trustless system. Again, the dev of cloak does not understand what is a true trustless system. |
|
|
|
Is Monero more secure than CLOAK?
This is what makes me think the alt world is truly mad as a hatter. We have a proven WORKING anon that is untraceable and people still keep acting like we are still searching for the holy grail elsewhere. Yes it seems to me that CryptoNote is a good anon algorithm, will learn more details. Other anonymous Coinjoin solutions such as Darksend, supersend are good too. Though they are not p2p trustless systems, but they work fine and reliable. Cloak's method is very doubtful, and from what I understand, it is not a trustless system at all. I am not even sure it is non-traceable. When I have more time, I'll look into the traceability of it. |
|
|
|
|
It is clearly that Cloakcoin does not have the true trustless system. I doubt its dev understand what is a true trustless system at all.
Otherwise, please answer the questions people asked above.
|
|
|
|
|
Show Posts
