[ANN][SUPERCOIN] Unique Most Advanced Anonymous Trustless Multisig Technology

[marseille]

Hey guys, I was busy last 2-3 days, what happened in those 3 days.
Why price reduce to half, did anyone dump or what.

BTC prices dropped too much low. This made people panic. But i think it will ok.

Nah, it's just an excuse, we all know altcoins movement not related to bitcoin movement.
There were some bag holder who decide to sold at right time.

traders make most of the trades in altcoin world...

[iram3130]

Hey guys, I was busy last 2-3 days, what happened in those 3 days.
Why price reduce to half, did anyone dump or what.

BTC prices dropped too much low. This made people panic. But i think it will ok.

Nah, it's just an excuse, we all know altcoins movement not related to bitcoin movement.
There were some bag holder who decide to sold at right time.

traders make most of the trades in altcoin world...

Yup, Altcoins trading is one of the riskiest trading, you can multiple your earning many times in some day.
Or you will lost your earning 90-99% in someday if coin was scammed.

That is why when we select altcoin we have to must research before trading altcoins.

[Rnbin]

I added some Q&As in the Dev's Corner (2nd post after OP). As I heard there are some fuds on the Supercoin recently, some people who have no knowledge at all on multisig are attacking Supercoin's multisig technology.

By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.

The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.

Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.

With this, here are the Q&As (I added it to Dev's Corner too).


Q1: Since in normal case, Guarantor does not participate in transaction, why we still need it?
A: Guarantor is needed in case of dispute. For example, Mixer claims he sent the coins to destination, while Sender claims he does not see it. At this time, Guarantor is the one to decide whether to distribute the escrow fund as if the transaction completed, or the transaction cancelled.

Q2: Is Supersend with trustless system going to be slower than SuperSend Mixer (phase-1)?
A: In our testing it is pretty fast, the anonymous p2p trustless transaction usually takes 20-40 seconds to complete. But since there are several transactions during the process, it will be a little slower than the SuperSend with centralized mixers.

Q3: Is there a fee to use trustless anonymous system?
A: Yes. The service fee is 1% or 0.5 SUPER, whichever is bigger. The service fee will be shared equally by Mixer and Guarantor.

Q4: If you only use 1 mixer and 1 guarantor, what if I have so many nodes that I can send you a modified multisig transactions that actually sends the coin to another address instead?  
A: First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. Also, the system does broadcast any messages. Messages are point-2-point and not broadcasted.
Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has any way to get the message and know the id of transactions etc at all. So other nodes can can not forge messages.

Q5: If sender is only sending it to the mixer and then to the receiver, I can just analyze within X blocks for the same amount of coins and I will have a pretty high confidence level that the transaction belongs to the sender/receiver, especially if the amount is pretty unique?
A: You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do and we probably will do it in the next few releases.

Q6: The Guarantor is being trusted to do arbitration between the Sender and the Mixer. Therefore, given the nature of 2-of-3 multisig transactions, the Guarantor and the Mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the Sender out of luck and out of funds?
A: Yes this is true. However, the system assumes most people are good people. In any system, if majority are bad, then you can't do much, except to have a centralized trust system. This is similar to cryptocoin, if >50% are bad, then they will take over.
This is the same as in trustless distributed marketplace OpenBazaar (https://openbazaar.org/) did. In this system, there are Buyer, Seller and Arbitrator. If both Buyer and Arbitrator are bad (and coordinated), then you can't do much. They published a nice paper to describe this system (https://gist.github.com/dionyziz/e3b296861175e0ebea4b)

Q7: SuperSend Tustless uses TxIDs? With malleability what if the TxID changed?
A: Malleability mainly caused by multiple possible signature format that is in the TxID. This issue mostly fixed in Bitcoin 0.9.0 by restrict to one "standard" format and not replaying any mutated transactions. This basically fixed the problem.
Moreover, we don't need to transfer TxID per se. Our purpose in the algorithm is to verify whether all deposits made correctly, and whether Mixer actually sent the amount to the distinations. There are ways to do this without using TxIDs. strasboug in this thread proposed some solutions:
https://bitcointalk.org/index.php?topic=734578.0
Since escrow is on the multisig address, and multisig address is broadcasted to all the related parties. Each party can verify the deposits by looking at the input on that address. For Mixer's sent tx it is also easy to verify based on the transaction after a given timestamp, and with Mixer's send wallet address. The solution is does not depend on TxIDs.
Last point I want to make on this is, even if in some very rare case (0.1%?, 0.01%? 0.001%?) the TxID changed, the worst is that the send transaction fails, all fund will be refunded to each party, there will be nothing lost.

Q8: Not all possible malleability vectors are "fixed" in 0.9.0, so transactions are still quite malleable and the transaction ID can still change. What do you do?
A: As said above, TxIDs are not mandatory in the solution. There are other ways to do it. In the first release we use TxIDs, we will possibly switch to non-TxID solutions.
BTW, if you are telling me that Bitcoin is still very vulnerable, I agree. However, we here do not try to beat Bitcoin. If people can still steal Bitcoin with malleability, then they can steal any cryptocoins, SUPER included. I won't feel bad on that at all. This is not related to trustless system, even with rare malleability not yet fixed by Bitcoin, all parties participating trustless transaction will not lose anything.

+1

[CryptoBull]

I added some Q&As in the Dev's Corner (2nd post after OP). As I heard there are some fuds on the Supercoin recently, some people who have no knowledge at all on multisig are attacking Supercoin's multisig technology.

By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.

The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.

Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.

With this, here are the Q&As (I added it to Dev's Corner too).


Q1: Since in normal case, Guarantor does not participate in transaction, why we still need it?
A: Guarantor is needed in case of dispute. For example, Mixer claims he sent the coins to destination, while Sender claims he does not see it. At this time, Guarantor is the one to decide whether to distribute the escrow fund as if the transaction completed, or the transaction cancelled.

Q2: Is Supersend with trustless system going to be slower than SuperSend Mixer (phase-1)?
A: In our testing it is pretty fast, the anonymous p2p trustless transaction usually takes 20-40 seconds to complete. But since there are several transactions during the process, it will be a little slower than the SuperSend with centralized mixers.

Q3: Is there a fee to use trustless anonymous system?
A: Yes. The service fee is 1% or 0.5 SUPER, whichever is bigger. The service fee will be shared equally by Mixer and Guarantor.

Q4: If you only use 1 mixer and 1 guarantor, what if I have so many nodes that I can send you a modified multisig transactions that actually sends the coin to another address instead?  
A: First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. Also, the system does broadcast any messages. Messages are point-2-point and not broadcasted.
Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has any way to get the message and know the id of transactions etc at all. So other nodes can can not forge messages.

Q5: If sender is only sending it to the mixer and then to the receiver, I can just analyze within X blocks for the same amount of coins and I will have a pretty high confidence level that the transaction belongs to the sender/receiver, especially if the amount is pretty unique?
A: You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do and we probably will do it in the next few releases.

Q6: The Guarantor is being trusted to do arbitration between the Sender and the Mixer. Therefore, given the nature of 2-of-3 multisig transactions, the Guarantor and the Mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the Sender out of luck and out of funds?
A: Yes this is true. However, the system assumes most people are good people. In any system, if majority are bad, then you can't do much, except to have a centralized trust system. This is similar to cryptocoin, if >50% are bad, then they will take over.
This is the same as in trustless distributed marketplace OpenBazaar (https://openbazaar.org/) did. In this system, there are Buyer, Seller and Arbitrator. If both Buyer and Arbitrator are bad (and coordinated), then you can't do much. They published a nice paper to describe this system (https://gist.github.com/dionyziz/e3b296861175e0ebea4b)

Q7: SuperSend Tustless uses TxIDs? With malleability what if the TxID changed?
A: Malleability mainly caused by multiple possible signature format that is in the TxID. This issue mostly fixed in Bitcoin 0.9.0 by restrict to one "standard" format and not replaying any mutated transactions. This basically fixed the problem.
Moreover, we don't need to transfer TxID per se. Our purpose in the algorithm is to verify whether all deposits made correctly, and whether Mixer actually sent the amount to the distinations. There are ways to do this without using TxIDs. strasboug in this thread proposed some solutions:
https://bitcointalk.org/index.php?topic=734578.0
Since escrow is on the multisig address, and multisig address is broadcasted to all the related parties. Each party can verify the deposits by looking at the input on that address. For Mixer's sent tx it is also easy to verify based on the transaction after a given timestamp, and with Mixer's send wallet address. The solution is does not depend on TxIDs.
Last point I want to make on this is, even if in some very rare case (0.1%?, 0.01%? 0.001%?) the TxID changed, the worst is that the send transaction fails, all fund will be refunded to each party, there will be nothing lost.

Q8: Not all possible malleability vectors are "fixed" in 0.9.0, so transactions are still quite malleable and the transaction ID can still change. What do you do?
A: As said above, TxIDs are not mandatory in the solution. There are other ways to do it. In the first release we use TxIDs, we will possibly switch to non-TxID solutions.
BTW, if you are telling me that Bitcoin is still very vulnerable, I agree. However, we here do not try to beat Bitcoin. If people can still steal Bitcoin with malleability, then they can steal any cryptocoins, SUPER included. I won't feel bad on that at all. This is not related to trustless system, even with rare malleability not yet fixed by Bitcoin, all parties participating trustless transaction will not lose anything.

+1

+1

[fenix79]

Maybe yes or maybe not

[marseille]

Hey guys, I was busy last 2-3 days, what happened in those 3 days.
Why price reduce to half, did anyone dump or what.

BTC prices dropped too much low. This made people panic. But i think it will ok.

Nah, it's just an excuse, we all know altcoins movement not related to bitcoin movement.
There were some bag holder who decide to sold at right time.

traders make most of the trades in altcoin world...

Yup, Altcoins trading is one of the riskiest trading, you can multiple your earning many times in some day.
Or you will lost your earning 90-99% in someday if coin was scammed.

That is why when we select altcoin we have to must research before trading altcoins.

Yes or the competitors fud the coin. Supercoin's recent downturn was initiated by some big fuds (nothing is reality) from some nasty coins. What they claimed all wrong, and dev posted Q&A to clarfy all the issues raised.

[erep]

I added some Q&As in the Dev's Corner (2nd post after OP). As I heard there are some fuds on the Supercoin recently, some people who have no knowledge at all on multisig are attacking Supercoin's multisig technology.

By looking at all questions, I found some are good questions (like some from fluffypony), so while ignoring all fuds, I try to answer these questions in Q&A, and we welcome all reasonable questions and I am willing to discuss all details with other qualified devs.

The multisig tech we are using is 100% sound. Other projects such as Open Bazaar (creating a p2p decentralized trustless marketplace) uses the same tech. Unfortunately I see some attacks on Supercoin are completely out of rack. These people with zero knowledge on multisig better find some basic tutorials to understand it before posting nonsense in some threads.

Our purpose is to advance the technologies for cryptocoin. The cryptocoin domain is very new, there will be inevitably mistakes here and there. Our goal is not to say our coin is the best, but to do our best with best technologies and advance our understanding onthe cryptocoin.

With this, here are the Q&As (I added it to Dev's Corner too).


Q1: Since in normal case, Guarantor does not participate in transaction, why we still need it?
A: Guarantor is needed in case of dispute. For example, Mixer claims he sent the coins to destination, while Sender claims he does not see it. At this time, Guarantor is the one to decide whether to distribute the escrow fund as if the transaction completed, or the transaction cancelled.

Q2: Is Supersend with trustless system going to be slower than SuperSend Mixer (phase-1)?
A: In our testing it is pretty fast, the anonymous p2p trustless transaction usually takes 20-40 seconds to complete. But since there are several transactions during the process, it will be a little slower than the SuperSend with centralized mixers.

Q3: Is there a fee to use trustless anonymous system?
A: Yes. The service fee is 1% or 0.5 SUPER, whichever is bigger. The service fee will be shared equally by Mixer and Guarantor.

Q4: If you only use 1 mixer and 1 guarantor, what if I have so many nodes that I can send you a modified multisig transactions that actually sends the coin to another address instead?  
A: First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. Also, the system does broadcast any messages. Messages are point-2-point and not broadcasted.
Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has any way to get the message and know the id of transactions etc at all. So other nodes can can not forge messages.

Q5: If sender is only sending it to the mixer and then to the receiver, I can just analyze within X blocks for the same amount of coins and I will have a pretty high confidence level that the transaction belongs to the sender/receiver, especially if the amount is pretty unique?
A: You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do and we probably will do it in the next few releases.

Q6: The Guarantor is being trusted to do arbitration between the Sender and the Mixer. Therefore, given the nature of 2-of-3 multisig transactions, the Guarantor and the Mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the Sender out of luck and out of funds?
A: Yes this is true. However, the system assumes most people are good people. In any system, if majority are bad, then you can't do much, except to have a centralized trust system. This is similar to cryptocoin, if >50% are bad, then they will take over.
This is the same as in trustless distributed marketplace OpenBazaar (https://openbazaar.org/) did. In this system, there are Buyer, Seller and Arbitrator. If both Buyer and Arbitrator are bad (and coordinated), then you can't do much. They published a nice paper to describe this system (https://gist.github.com/dionyziz/e3b296861175e0ebea4b)

Q7: SuperSend Tustless uses TxIDs? With malleability what if the TxID changed?
A: Malleability mainly caused by multiple possible signature format that is in the TxID. This issue mostly fixed in Bitcoin 0.9.0 by restrict to one "standard" format and not replaying any mutated transactions. This basically fixed the problem.
Moreover, we don't need to transfer TxID per se. Our purpose in the algorithm is to verify whether all deposits made correctly, and whether Mixer actually sent the amount to the distinations. There are ways to do this without using TxIDs. strasboug in this thread proposed some solutions:
https://bitcointalk.org/index.php?topic=734578.0
Since escrow is on the multisig address, and multisig address is broadcasted to all the related parties. Each party can verify the deposits by looking at the input on that address. For Mixer's sent tx it is also easy to verify based on the transaction after a given timestamp, and with Mixer's send wallet address. The solution is does not depend on TxIDs.
Last point I want to make on this is, even if in some very rare case (0.1%?, 0.01%? 0.001%?) the TxID changed, the worst is that the send transaction fails, all fund will be refunded to each party, there will be nothing lost.

Q8: Not all possible malleability vectors are "fixed" in 0.9.0, so transactions are still quite malleable and the transaction ID can still change. What do you do?
A: As said above, TxIDs are not mandatory in the solution. There are other ways to do it. In the first release we use TxIDs, we will possibly switch to non-TxID solutions.
BTW, if you are telling me that Bitcoin is still very vulnerable, I agree. However, we here do not try to beat Bitcoin. If people can still steal Bitcoin with malleability, then they can steal any cryptocoins, SUPER included. I won't feel bad on that at all. This is not related to trustless system, even with rare malleability not yet fixed by Bitcoin, all parties participating trustless transaction will not lose anything.

+1

We trust you developer, and we know how hard you are working.
It's not easy to work on new technology.

[finity]

Maybe yes or maybe not

You do know candlestick graphes don't work that way on stocks don't you. Please don't make investments based on it. Not to hate just looking out for your money.

I daily see people losing their savings making investments this way on the stockfloor and that's when there's certain stop-loss savers in place. Crypto has no rules so this way of reading a chart is even more unreliable.

I do agree Mammothcoin and Supercoin are good investments at this point in time, but not because of that chart

[brookefinancial]

So just to be sure we're on the same page, the community is asking for 1 thing:

1) Third Party Audit

It would also be important to fix the .conf file thing when installing th wallet for new users. I remember when I downloaded NautilusCoin wallet the first thing they asked is where I wanted to store the conf file and the AppDataRoaming files.

Last time we asked for something it was for road map and some direction and I think it benefited to all of us with big price increase and good involvement from the dev.

Somebody knows who to contact?

P.s.: Price is bottoming, I will probably increase on some strength around 3000.

[nomad13666]

[nomad13666]

Price is bottoming, I will probably increase on some strength around 3000.

Thank you for your always-informative and super-keen market insight.

It's an important part of a well-balanced thread diet  

[jakiman]

A very good established exchange that could add SUPER/USD pair is crypto-trade.com. (I used to trade there back in Feb/March)
Volume is low now but they just recently upgraded and the site looks excellent. Volume has been slowly growing this month.

https://www.crypto-trade.com/voting

They have a voting system and it's not that hard to get on really.
Next coin will be picked on 2014, August 31st (6pm GMT).

Either everyone votes there few times per day or pay to vote with BTC. (0.001 BTC per vote)
Heck, just 0.3 BTC or so will get SUPER on there with USD pair so people can trade with FIAT.

[brookefinancial]

I got someone who is trying to mine on SuperMultiPool but he is getting only REJECTED block, what is the solution for that?

[jakiman]

I got someone who is trying to mine on SuperMultiPool but he is getting only REJECTED block, what is the solution for that?

It's been a while since I mined last but usually can happen when mining on wrong port for wrong algorithm etc.

[nomad13666]

I got someone who is trying to mine on SuperMultiPool but he is getting only REJECTED block, what is the solution for that?

It's been a while since I mined last but usually can happen when mining on wrong port for wrong algorithm etc.

If he's mining x11 then he's on the right port (3333)...

What algo is he mining, brokefinancial? Can you post his command line?

[nomad13666]

A very good established exchange that could add SUPER/USD pair is crypto-trade.com. (I used to trade there back in Feb/March)
Volume is low now but they just recently upgraded and the site looks excellent. Volume has been slowly growing this month.

https://www.crypto-trade.com/voting

They have a voting system and it's not that hard to get on really.
Next coin will be picked on 2014, August 31st (6pm GMT).

Either everyone votes there few times per day or pay to vote with BTC. (0.001 BTC per vote)
Heck, just 0.3 BTC or so will get SUPER on there with USD pair so people can trade with FIAT.

+1

Good idea! Vote now!

[brookefinancial]

I got someone who is trying to mine on SuperMultiPool but he is getting only REJECTED block, what is the solution for that?

It's been a while since I mined last but usually can happen when mining on wrong port for wrong algorithm etc.

If he's mining x11 then he's on the right port (3333)...

What algo is he mining, brokefinancial? Can you post his command line?

Yes he is mining at X11 on port 3333

His command line:

sgminer.exe --kernel=x11mod -o stratum+tcp://ca.supermultipool.com:3333 -u SeWouWGL9j1Rcd6J7z9NFWbbWmA3np7Dex -p d=0.0256

[jakiman]

Yes he is mining at X11 on port 3333

His command line:

sgminer.exe --kernel=x11mod -o stratum+tcp://ca.supermultipool.com:3333 -u SeWouWGL9j1Rcd6J7z9NFWbbWmA3np7Dex -p d=0.0256

Looks okay. Does he have any issues mining any other x11 coin right now? Is it only SUPER?

[brookefinancial]

Yeah he just told me he has very small mining power it's not very important haha, but looks like he's getting something different now:




EDIT: looks fine now!

[Grgechkapitalac]

Well, if i saw well, he had some kind of problem with difficulty settings. It was 0.16 (or 0.256) and now is 256.