[ANN][SUPERCOIN] Unique Most Advanced Anonymous Trustless Multisig Technology

[CryptoJohn]

@ SuperCoinDev

Nice work....still accumulating here

[1715570235]

1715570235

[1715570235]

1715570235

[1715570235]

1715570235

[nomad13666]

Have a Super Day! 

[toaster3]

I added some Q&As in the Dev's Corner (2nd post after OP). As I heard there are some fuds on the Supercoin recently, some people who have no knowledge at all on multisig are attacking Supercoin's multisig technology.

By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.

The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.

Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.

With this, here are the Q&As (I added it to Dev's Corner too).


Q1: Since in normal case, Guarantor does not participate in transaction, why we still need it?
A: Guarantor is needed in case of dispute. For example, Mixer claims he sent the coins to destination, while Sender claims he does not see it. At this time, Guarantor is the one to decide whether to distribute the escrow fund as if the transaction completed, or the transaction cancelled.

Q2: Is Supersend with trustless system going to be slower than SuperSend Mixer (phase-1)?
A: In our testing it is pretty fast, the anonymous p2p trustless transaction usually takes 20-40 seconds to complete. But since there are several transactions during the process, it will be a little slower than the SuperSend with centralized mixers.

Q3: Is there a fee to use trustless anonymous system?
A: Yes. The service fee is 1% or 0.5 SUPER, whichever is bigger. The service fee will be shared equally by Mixer and Guarantor.

Q4: If you only use 1 mixer and 1 guarantor, what if I have so many nodes that I can send you a modified multisig transactions that actually sends the coin to another address instead?  
A: First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. Also, the system does broadcast any messages. Messages are point-2-point and not broadcasted.
Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has any way to get the message and know the id of transactions etc at all. So other nodes can can not forge messages.

Q5: If sender is only sending it to the mixer and then to the receiver, I can just analyze within X blocks for the same amount of coins and I will have a pretty high confidence level that the transaction belongs to the sender/receiver, especially if the amount is pretty unique?
A: You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do and we probably will do it in the next few releases.

Q6: The Guarantor is being trusted to do arbitration between the Sender and the Mixer. Therefore, given the nature of 2-of-3 multisig transactions, the Guarantor and the Mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the Sender out of luck and out of funds?
A: Yes this is true. However, the system assumes most people are good people. In any system, if majority are bad, then you can't do much, except to have a centralized trust system. This is similar to cryptocoin, if >50% are bad, then they will take over.
This is the same as in trustless distributed marketplace OpenBazaar (https://openbazaar.org/) did. In this system, there are Buyer, Seller and Arbitrator. If both Buyer and Arbitrator are bad (and coordinated), then you can't do much. They published a nice paper to describe this system (https://gist.github.com/dionyziz/e3b296861175e0ebea4b)

Q7: SuperSend Tustless uses TxIDs? With malleability what if the TxID changed?
A: Malleability mainly caused by multiple possible signature format that is in the TxID. This issue mostly fixed in Bitcoin 0.9.0 by restrict to one "standard" format and not replaying any mutated transactions. This basically fixed the problem.
Moreover, we don't need to transfer TxID per se. Our purpose in the algorithm is to verify whether all deposits made correctly, and whether Mixer actually sent the amount to the distinations. There are ways to do this without using TxIDs. strasboug in this thread proposed some solutions:
https://bitcointalk.org/index.php?topic=734578.0
Since escrow is on the multisig address, and multisig address is broadcasted to all the related parties. Each party can verify the deposits by looking at the input on that address. For Mixer's sent tx it is also easy to verify based on the transaction after a given timestamp, and with Mixer's send wallet address. The solution is does not depend on TxIDs.
Last point I want to make on this is, even if in some very rare case (0.1%?, 0.01%? 0.001%?) the TxID changed, the worst is that the send transaction fails, all fund will be refunded to each party, there will be nothing lost.

Q8: Not all possible malleability vectors are "fixed" in 0.9.0, so transactions are still quite malleable and the transaction ID can still change. What do you do?
A: As said above, TxIDs are not mandatory in the solution. There are other ways to do it. In the first release we use TxIDs, we will possibly switch to non-TxID solutions.
BTW, if you are telling me that Bitcoin is still very vulnerable, I agree. However, we here do not try to beat Bitcoin. If people can still steal Bitcoin with malleability, then they can steal any cryptocoins, SUPER included. I won't feel bad on that at all. This is not related to trustless system, even with rare malleability not yet fixed by Bitcoin, all parties participating trustless transaction will not lose anything.

excellent Q&As!

[nomad13666]

[nomad13666]

“Notice that the stiffest tree is most easily cracked, while the bamboo or willow survives by bending with the wind.”
― Bruce Lee

[fancy2973]

good q and a from dev!

[supercointeam]

It is that much scientific yeah.

[supercointeam]

Not surprised that the dev delivers as usual! Good job!

https://twitter.com/yurimir12/statuses/501510831075364864

retwitt pls!

Re tweeted who is next to join me?

[nomad13666]

Just tested new anonymous supercoin wallet All info included in whitepaper is real

Made some anon transactions , they were super fasssssttttt about 30 seconds

I couldn`t trace also my sending address in block explorer

This is huge entry to the crypto world

Dev is amazing !!!

Thank you for the feedback.

+1

[supercointeam]

i think that today the team showed that when they say something they deliver  

cant trace any of my transaction in block explorer  
sending time is between 20-40 secs i have a chronometer running so i know for sure.
Thanks again for everything lets make it official in couple of days
WE ARE ANONYMOUS ! SO KEEP CALM WE ARE GOING TO BE RICH


Another update Cointelegraph and my self are debating what to do with the announcement for Phase II and i have pretty good ideas but i will left it for another day when we make an agreement

Thanks all

I wouldn`t call it even alpha test, it should has RC status already as test went perfectly through all stages

And supercoin is starting from the ground with such capabilities , it has bright future ahead

In a week official version,just wow,they spent a lot of time definitely to code, tweak and make such great RC version

Yes this coin is very good investment right now and the masses will reach for it very soon, they are reaching already lol

This is the first trustless anonymous wallet ever created and well documented. I am proud of my community. We would not success this without you. You are so good!

[jakiman]

It would be great if some pretty & non-geek friendly infographic was created based on Supercoindev's whitepaper.

[supercointeam]

I added some Q&As in the Dev's Corner (2nd post after OP). As I heard there are some fuds on the Supercoin recently, some people who have no knowledge at all on multisig are attacking Supercoin's multisig technology.

By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.

The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.

Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.

With this, here are the Q&As (I added it to Dev's Corner too).


Q1: Since in normal case, Guarantor does not participate in transaction, why we still need it?
A: Guarantor is needed in case of dispute. For example, Mixer claims he sent the coins to destination, while Sender claims he does not see it. At this time, Guarantor is the one to decide whether to distribute the escrow fund as if the transaction completed, or the transaction cancelled.

Q2: Is Supersend with trustless system going to be slower than SuperSend Mixer (phase-1)?
A: In our testing it is pretty fast, the anonymous p2p trustless transaction usually takes 20-40 seconds to complete. But since there are several transactions during the process, it will be a little slower than the SuperSend with centralized mixers.

Q3: Is there a fee to use trustless anonymous system?
A: Yes. The service fee is 1% or 0.5 SUPER, whichever is bigger. The service fee will be shared equally by Mixer and Guarantor.

Q4: If you only use 1 mixer and 1 guarantor, what if I have so many nodes that I can send you a modified multisig transactions that actually sends the coin to another address instead?  
A: First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. Also, the system does broadcast any messages. Messages are point-2-point and not broadcasted.
Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has any way to get the message and know the id of transactions etc at all. So other nodes can can not forge messages.

Q5: If sender is only sending it to the mixer and then to the receiver, I can just analyze within X blocks for the same amount of coins and I will have a pretty high confidence level that the transaction belongs to the sender/receiver, especially if the amount is pretty unique?
A: You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do and we probably will do it in the next few releases.

Q6: The Guarantor is being trusted to do arbitration between the Sender and the Mixer. Therefore, given the nature of 2-of-3 multisig transactions, the Guarantor and the Mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the Sender out of luck and out of funds?
A: Yes this is true. However, the system assumes most people are good people. In any system, if majority are bad, then you can't do much, except to have a centralized trust system. This is similar to cryptocoin, if >50% are bad, then they will take over.
This is the same as in trustless distributed marketplace OpenBazaar (https://openbazaar.org/) did. In this system, there are Buyer, Seller and Arbitrator. If both Buyer and Arbitrator are bad (and coordinated), then you can't do much. They published a nice paper to describe this system (https://gist.github.com/dionyziz/e3b296861175e0ebea4b)

Q7: SuperSend Tustless uses TxIDs? With malleability what if the TxID changed?
A: Malleability mainly caused by multiple possible signature format that is in the TxID. This issue mostly fixed in Bitcoin 0.9.0 by restrict to one "standard" format and not replaying any mutated transactions. This basically fixed the problem.
Moreover, we don't need to transfer TxID per se. Our purpose in the algorithm is to verify whether all deposits made correctly, and whether Mixer actually sent the amount to the distinations. There are ways to do this without using TxIDs. strasboug in this thread proposed some solutions:
https://bitcointalk.org/index.php?topic=734578.0
Since escrow is on the multisig address, and multisig address is broadcasted to all the related parties. Each party can verify the deposits by looking at the input on that address. For Mixer's sent tx it is also easy to verify based on the transaction after a given timestamp, and with Mixer's send wallet address. The solution is does not depend on TxIDs.
Last point I want to make on this is, even if in some very rare case (0.1%?, 0.01%? 0.001%?) the TxID changed, the worst is that the send transaction fails, all fund will be refunded to each party, there will be nothing lost.

Q8: Not all possible malleability vectors are "fixed" in 0.9.0, so transactions are still quite malleable and the transaction ID can still change. What do you do?
A: As said above, TxIDs are not mandatory in the solution. There are other ways to do it. In the first release we use TxIDs, we will possibly switch to non-TxID solutions.
BTW, if you are telling me that Bitcoin is still very vulnerable, I agree. However, we here do not try to beat Bitcoin. If people can still steal Bitcoin with malleability, then they can steal any cryptocoins, SUPER included. I won't feel bad on that at all. This is not related to trustless system, even with rare malleability not yet fixed by Bitcoin, all parties participating trustless transaction will not lose anything.

Thanks for the FAQ update.

[supercointeam]

It would be great if some pretty & non-geek friendly infographic was created based on Supercoindev's whitepaper.

It could be interesting yes.

[supercointeam]

Question regarding SuperSend Trustless.

If I have 1000 SUPER and want to send ALL of it to someone via trustless anon. Is that possible?
Or can only 50% (minus fee) of what you have can be send via trustless anon? (due to escrow)

Yes it is possible, there can be no limits in the future QTs, because we are in test period, we limited it as 1000 SUPERs.
can only 50% (minus fee) is temporary.

[toaster3]

Question regarding SuperSend Trustless.

If I have 1000 SUPER and want to send ALL of it to someone via trustless anon. Is that possible?
Or can only 50% (minus fee) of what you have can be send via trustless anon? (due to escrow)

Yes it is possible, there can be no limits in the future QTs, because we are in test period, we limited it as 1000 SUPERs.

The algorithm requires wallet have 2 times the amount of send, otherwise you need to use the regular send. This is a limitation I guess.

[jakiman]

Question regarding SuperSend Trustless.

If I have 1000 SUPER and want to send ALL of it to someone via trustless anon. Is that possible?
Or can only 50% (minus fee) of what you have can be send via trustless anon? (due to escrow)

Yes it is possible, there can be no limits in the future QTs, because we are in test period, we limited it as 1000 SUPERs.

The algorithm requires wallet have 2 times the amount of send, otherwise you need to use the regular send. This is a limitation I guess.

That's what I meant to ask really. So yeah, you can only send 50% of what you have at a time it seems. (which is fine by me really)

[supercointeam]

So, when can we expect a (private) audit of the "trustless" part of this coin?  

I want to know for sure that it's trustless anonymous.

it's well documented here
https://bitcointalk.org/index.php?topic=736705.msg8324932#msg8324932

You can also join tests and you can see your self.

We need 3rd party audit, if you we wanna see 500btc + volume

True and just to be 1000℅ sure

Guys (Supercointeam and Supercoindev), make sure this is done, this seems to be very important to attract new investors since the FUD we had last night.

3rd Party Audit let's go!

Yup Mammoth and Super should get 3rd party to test it, so nobody can bitch about it

Normally, all coins are tested by the coin creators,  if other people want to test, they should wait it to be released.
if you know any core respected Bitcoin developer knowing or working on multisig let me know, (Standard altcoin developers can't check our technology, This is unfair and not good for our technology.) They can just check our trustless schemes and simply say this is really trustless and it can work. I know Bitcoin devs was lately trying to develop products with multisig technolgy. Check this: http://bitcoinmagazine.com/11108/multisig-future-bitcoin/  We can make also actual tests with people working on multisig technology in Bitcoin.

[supercointeam]

Not surprised that the dev delivers as usual! Good job!

Just be 100% sure. If you haven't already, go over and read what happened to CLOAK. They thought they had it licked but, found, through an independent audit, it wasn't so. I am invested in Supercoin and I think it has incredible potential. Just be 110% sure before announcing it to the general public.

PS: Go Supercoin!! 

Agree. An independent audit who confirms Super being trustless will stop any doubt any investor has and will build strenght in Supercoin long term.

Read my earlier post please. We are actually beyond Bitcoin on this technology application.

[supercointeam]

So, when can we expect a (private) audit of the "trustless" part of this coin?  

I want to know for sure that it's trustless anonymous.

it's well documented here
https://bitcointalk.org/index.php?topic=736705.msg8324932#msg8324932

You can also join tests and you can see your self.

We need 3rd party audit, if you we wanna see 500btc + volume

RELAX baby there is no competition here

[supercointeam]

So, when can we expect a (private) audit of the "trustless" part of this coin?  

I want to know for sure that it's trustless anonymous.

it's well documented here
https://bitcointalk.org/index.php?topic=736705.msg8324932#msg8324932

You can also join tests and you can see your self.

We need 3rd party audit, if you we wanna see 500btc + volume

True and just to be 1000℅ sure

Guys (Supercointeam and Supercoindev), make sure this is done, this seems to be very important to attract new investors since the FUD we had last night.

3rd Party Audit let's go!

-Be water my friend!
We are in next years technology and they are just found out (thanks to our schemes) there is such a thing.
Learn more http://bitcoinmagazine.com/11108/multisig-future-bitcoin/