mr_random (OP)
Legendary
 Offline
Activity: 1302
Merit: 1001
|
 |
August 16, 2014, 09:33:59 PM |
|
Read this comment on Supercoin by fluffypony, one of the Monero devs, who explains why n-of-m multisig used in Supercoin is not safe:
"The "guarantor" is being trusted to do arbitration between the sender and the mixer. Therefore, given the nature of 2-of-3 multisig transactions, the guarantor and the mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the sender out of luck and out of funds."
Also, read this, why using the txid to do mixing in Supercoin is not safe:
"Even worse - the workflow is based on the txid and verifying the txid. Have we not learnt by now that the txid can change? How do you people not understand that this was the very thing that mtgox blamed for their destruction?
The issue here is relying on the txid, when malleability has shown that the txid can change. This so-called "trustless system" relies on txid's to confirm transactions in an automated fashion. That is bad, stupid, and fundamentally broken."
Be careful not to fall for new shady coins promising the earth and screaming FUD at more established coins.
|
|
|
|
|
synechist
Legendary
Offline
Activity: 1190
Merit: 1000
To commodify ethicality is to ethicise the market
|
|
August 16, 2014, 09:43:06 PM |
|
Read this comment on Supercoin by fluffypony, one of the Monero devs, who explains why n-of-m multisig is not safe:
"The "guarantor" is being trusted to do arbitration between the sender and the mixer. Therefore, given the nature of 2-of-3 multisig transactions, the guarantor and the mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the sender out of luck and out of funds."
Also, read this, why using the txid to mixing is not safe:
"Even worse - the workflow is based on the txid and verifying the txid. Have we not learnt by now that the txid can change? How do you people not understand that this was the very thing that mtgox blamed for their destruction?
The issue here is relying on the txid, when malleability has shown that the txid can change. This so-called "trustless system" relies on txid's to confirm transactions in an automated fashion. That is bad, stupid, and fundamentally broken."
Be careful not to fall for new shady coins promising the earth and screaming FUD at more established coins.
It certainly beats me how trusted third parties - "escrow" services, a very pre-Bitcoin thing - are presented as either trustless or anonymous. m-of-n multisig was not designed for trustless anonymous payments. |
Co-Founder, the Blocknet
|
|
|
|
battbot
|
|
August 16, 2014, 09:45:48 PM |
|
Would have said exactly this a lot sooner... it's just that the kids at Super & Mammoth seemed so happy these days, I just couldn't be the one to break the bad news to them.
|
|
|
|
|
|
demgains
|
|
August 16, 2014, 09:52:28 PM |
|
SUPERCOIN BACKFIRE IMMINENT  Even though I dont usually partake in these types of threads, this is well deserved |
|
|
|
|
|
SushiChef
|
|
August 16, 2014, 10:03:04 PM |
|
They are even deleting normal responses that don't agree with them and provide good arguments..
|
|
|
|
|
|
demgains
|
|
August 16, 2014, 10:08:06 PM |
|
They are even deleting normal responses that don't agree with them and provide good arguments..
not only that, but along with posting stuff like this https://bitcointalk.org/index.php?topic=742025.msg8386280#msg8386280How can you leave a post like this up and remove other ones. I had about 10 posts deleted so far, its clear that they are trying to paint a picture that is skewed in their favor and making it seems like we cannot come up with a legitimate response even though we have multiple times. Utterly pathetic, I wish the worst for Supercoin and its future. |
|
|
|
|
therightmintality
Member
Offline
Activity: 98
Merit: 10
|
|
August 16, 2014, 10:23:27 PM |
|
They are even deleting normal responses that don't agree with them and provide good arguments..
not only that, but along with posting stuff like this https://bitcointalk.org/index.php?topic=742025.msg8386280#msg8386280How can you leave a post like this up and remove other ones. I had about 10 posts deleted so far, its clear that they are trying to paint a picture that is skewed in their favor and making it seems like we cannot come up with a legitimate response even though we have multiple times. Utterly pathetic, I wish the worst for Supercoin and its future. This was removed as well: Quote from: marseille on Today at 08:49:59 PM BTW, this is Gavin Andersen's example on the multisig in Bitcoin. Supercoin/mammothcoin implemented exactly the multisig technology, same is done at OpenBazaar. https://gist.github.com/gavinandresen/3966071XC devs please learn and hope you will have a real multisig system implemented, not just a name. read before he deletes this: Funny... do you still use AOL for your email as well. You are using bitcoin technology and open bazaar's rationale, both without anon.... therefore nodes can be more trusted, but they have to be trusted. XC offers trustless mixing where every node signs off and can't steal coins, if it doesn't sign, it resyncs and sends the transaction to another set. Highly likely most transactions will be very quick, but if there is an attempt to be a bad actor they are inhibited from gaining access to the coins. Your old technology multi sig allows bad actors/nodes to steal coins. THis has been know for a long time, with coins before yours that you stole to write your code. In fact you deleted a 500 post thread because it primarily discussed the inadequacies of this design. |
|
|
|
|
synechist
Legendary
Offline
Activity: 1190
Merit: 1000
To commodify ethicality is to ethicise the market
|
|
August 16, 2014, 10:29:09 PM |
|
The following posts of mine were deleted by timerland: TOR DEPENDED POOR COIN CERTAINLY NOT TRUSTLESSThey cheated people like they are trustless they dont haven even multisig address I'm not sure what is less appealing about this post: - the poor linguistic abilities it portrays - its factual inaccuracy (because XC does use multisig transactions) - its deceitfulness. Poor showing sir.
No, there's only one technology for multisig, there's nothing "different", or it is not multisig. Try to use some other names.
You are incorrect about this. I repeat: you are not in a position to tell what technology XC has or has not implemented. XC has technology that you do not know about. Therefore you are not in a position to make the above statement.
Yes this is the truth from all the above messages.
This is an irresponsibly one-sided remark. And in what sense can the following deleted posts possibly be taken as inappropriate?
No, there's only one technology for multisig, there's nothing "different", or it is not multisig. Try to use some other names.
You are incorrect about this. I repeat: you are not in a position to tell what technology XC has or has not implemented. XC has technology that you do not know about. Therefore you are not in a position to make the above statement.
Yes this is the truth from all the above messages.
This is an irresponsibly one-sided remark. What possible reason would you have for deleting these? because while you are arguing and without knowing what is multisig address and what is multisig transaction! marseille posted Gavin Andersen's example of multisig transaction, go read it and understand it please, before repeating the same thing here! I understand multisig quite well thank you, and I object to your patronising remarks on this topic. Proceed as if I understand, and you'll come across less arrogantly. because while you are arguing and without knowing what is multisig address and what is multisig transaction! marseille posted Gavin Andersen's example of multisig transaction, go read it and understand it please, before repeating the same thing here! I again request you that please on the facts, no fuds, and understand multisig before posting please. Again here Gavin Andersen showed what is a multisig tx and how to create, sign and spend!https://gist.github.com/gavinandresen/3966071Ah, deleting perfectly relevant posts again are you? Nice ethics you have. Go ahead, delete this one too. It'll make you look good. because while you are arguing and without knowing what is multisig address and what is multisig transaction! marseille posted Gavin Andersen's example of multisig transaction, go read it and understand it please, before repeating the same thing here! I again request you that please on the facts, no fuds, and understand multisig before posting please. Again here Gavin Andersen showed what is a multisig tx and how to create, sign and spend!https://gist.github.com/gavinandresen/3966071I understand multisig quite well thank you, and I do not enjoy being patronised, so kindly stop. You are not in a position to tell what I do not understand, so kindly refrain from making assertions you cannot substantiate. I am tired to argue with you guys, please if you want to show facts:
provide us an XC multisig address that has tx associated with it, in the blockchain, so we can inspect and see what is there. This can prove you actually have the capability of multisig.
what you have provided so far are NOT XC multisig addresses, they are regular XC addresses. What I asked is extremely simple, and can be provided in 30 sec.
I've told you this several times: XC DOES NOT USE WHAT YOU CALL "MULTISIG". It uses multisig transactions, not multisig addresses. Can we move on? It uses regular tx in this case, where you can put software to do anything, but it does not require all party to sign in order to spend! mutisig transaction is the transaction created on multisig address (you understand why? well read what is multisig!). You do not have sufficient grounds to assert that XC uses regular transactions. You only have sufficient grounds to assert that XC uses addresses that conform to the regular format (but don't necessarily behave that way in XC by any means. Again, you're making assumptions that go beyond the evidence you have. You've deleted multiple relevant posts of mine. I will post them here so that those who wish to pursue this discussion can participate. |
Co-Founder, the Blocknet
|
|
|
mr_random (OP)
Legendary
Offline
Activity: 1302
Merit: 1001
|
|
August 16, 2014, 10:34:46 PM |
|
The Supercoin fanboys seem strangely quiet  I should add, I have not deleted any posts here (yet). |
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
August 16, 2014, 11:12:55 PM |
|
Thanks for quoting me:) There was a lot of push-back in that thread, which surprised me as strasboug seemed quite logical in his thread denouncing Cloakcoin's PoSA as not being trustless. I couldn't understand how he could accurately describe Cloakcoin's system as not being trustless, and then think that a system that only requires 2 parties to collude is somehow "trustless". Look, cryptography is VERY, VERY hard to get right. I've got a reasonable grasp of it and I would NOT attempt to invent new cryptography that didn't simply build on the foundations others have left. I notice a lot of hero worship in this part of the forum - "the dev said X" or "the dev promised Y" and everyone accepts that. Cryptographers (real ones) don't push out code until they've pushed out papers and completely opened their ideas up for discussion. More importantly, those cryptographers are also able to accept where they're wrong. There is NOTHING wrong with being flat out wrong about an idea...but when you stick with the idea in spite of it being bad, that's a dangerous road to drive. Nothing is flawless, but this is YOUR MONEY. Expect and demand good and cryptographically sound solutions - fewer pictures, more maths in a "whitepaper"! |
|
|
|
|
CryptoGretzky
|
|
August 17, 2014, 05:14:54 AM |
|
Just own a few nodes so you can be Guarantor and Mixer. Free Supercoin/Mammothcoin! Weeee!
|
|
|
|
jakiman
Legendary
Offline
Activity: 1638
Merit: 1011
jakiman is back!
|
|
August 17, 2014, 05:54:58 AM
Last edit: August 17, 2014, 06:23:58 AM by jakiman |
|
Read this comment on Supercoin by fluffypony, one of the Monero devs, who explains why n-of-m multisig used in Supercoin is not safe:
"The "guarantor" is being trusted to do arbitration between the sender and the mixer. Therefore, given the nature of 2-of-3 multisig transactions, the guarantor and the mixer can sign the transaction, and then refuse to sign the cancellation transaction, leaving the sender out of luck and out of funds."
Also, read this, why using the txid to do mixing in Supercoin is not safe:
"Even worse - the workflow is based on the txid and verifying the txid. Have we not learnt by now that the txid can change? How do you people not understand that this was the very thing that mtgox blamed for their destruction?
The issue here is relying on the txid, when malleability has shown that the txid can change. This so-called "trustless system" relies on txid's to confirm transactions in an automated fashion. That is bad, stupid, and fundamentally broken."
Be careful not to fall for new shady coins promising the earth and screaming FUD at more established coins.
Okay. I am no dev and am invested in Supercoin as many know.  I'm just trying to understand that is it that easy to "gain" both the guarantor & the mixer node (2 completely different nodes) to be under your control like what was said in order to out-vote the sender or its cancellation? If it was, I guess it would be the same for any coin with small number of confirmations. As far as I remember, Supercoindev said he will start with 2-of-3 but can increase this number at any time to increase its security at the expense of transaction time. So I don't think that's a real strong argument to the case of Supercoin's new system. As for the txid, that sounds like a valid concern that supercoindev will need to answer. Surely for a dev who seems very competent (I'm sure you guys also agree to an extent), this txid stuff sounds too dumb/simple for him to make such a mistake. Well, if it was a mistake, I guess it can easily be changed anyways to use a more static ID. But yeah, I'm also curious about the truth to this argument. BTW, I don't remember supercoindev ever bad mouth XC or any other coin before. Feel free to check his previous posts. Ignore the fanboys on both sides of the fence who are just pouring fuel to the flame to this. I do. I just want facts. Update: Even my post in their thread asking about this just got deleted. Fine line between clarifying & stopping troll/fud attacks I guess.  |
|
|
|
eXe47
Member
Offline
Activity: 118
Merit: 10
|
|
August 17, 2014, 06:59:00 AM |
|
Final Whitepaper will be out in 48hours. Beta Testing is running smooth and its only a short period till release to the public. So, lot of talking going on here, when Supercoin Phase 2 goes live, test it, hack it, whatever you like to do. If thats done, come back here and talk about the facts  Till then, thats nothing but chitchat. |
|
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
August 17, 2014, 07:43:10 AM |
|
Why would i be invested in a known scam coin to begin with ?
|
FUD first & ask questions later™ |
|
|
jakiman
Legendary
Offline
Activity: 1638
Merit: 1011
jakiman is back!
|
|
August 17, 2014, 08:10:49 AM |
|
Why would i be invested in a known scam coin to begin with ?
Which one is a known scam coin? Both aren't last time I checked. |
|
|
|
synechist
Legendary
Offline
Activity: 1190
Merit: 1000
To commodify ethicality is to ethicise the market
|
|
August 17, 2014, 08:17:49 AM |
|
Thanks for quoting me:) There was a lot of push-back in that thread, which surprised me as strasboug seemed quite logical in his thread denouncing Cloakcoin's PoSA as not being trustless. I couldn't understand how he could accurately describe Cloakcoin's system as not being trustless, and then think that a system that only requires 2 parties to collude is somehow "trustless". Look, cryptography is VERY, VERY hard to get right. I've got a reasonable grasp of it and I would NOT attempt to invent new cryptography that didn't simply build on the foundations others have left. I notice a lot of hero worship in this part of the forum - "the dev said X" or "the dev promised Y" and everyone accepts that. Cryptographers (real ones) don't push out code until they've pushed out papers and completely opened their ideas up for discussion. More importantly, those cryptographers are also able to accept where they're wrong. There is NOTHING wrong with being flat out wrong about an idea...but when you stick with the idea in spite of it being bad, that's a dangerous road to drive. Nothing is flawless, but this is YOUR MONEY. Expect and demand good and cryptographically sound solutions - fewer pictures, more maths in a "whitepaper"! Hear hear. I wish there was more space for genuine conversation about various coins' technologies. |
Co-Founder, the Blocknet
|
|
|
jakiman
Legendary
Offline
Activity: 1638
Merit: 1011
jakiman is back!
|
|
August 17, 2014, 10:01:40 AM |
|
FYI. Sorta related which was posted by supercoindev few days ago: Some questions...
1) If you only use 1 mixer and 1 guarantor, what if I have so many nodes that I can send you a modified multisig transactions that actually sends the coin to another address instead? What's to guarantee that my coins won't get stolen in the process in that scenario? The sender will lose because 2 of 3 belongs to the bad nodes?
2) If sender is only sending it to the mixer and then to the receiver, I can just analyze within X blocks for the same amount of coins and I will have a pretty high confidence level that the transaction belongs to the sender/receiver, especially if the amount is pretty unique like 312.91871298?
Be patient man, you posted questions for a few mins, and you expect dev waiting there watching for questions all the time? Let me answer your questions here: 1. First of all, another node will have no idea on what is the escrow multisig address. It is not a public address. It is created on the fly with randomly selected public keys from each of the participating nodes. Other nodes will not receive any info on the public keys. The system does broadcast any messages. Messages are point-2-point and not broadcasted. Second, all communicated private messages are signed with each party's private key, and verified on arriving by the public key of that party. So another node can not forge a message from a participating party, not to say he has no way to get the message and know the id of transactions etc at all. So what you described the scenario is not valid. 2. You can't analysis these for sure. The first step we send as one amount, the amount can easily be splitted into multiple amounts as we did in our phase-1 mixer scenario (amount splitted into random 2-4 parts). Moreover, there are many similar amount sent around. All escrow amounts are similar amounts, all you see is that 3-4 similar amounts sent around and you can't trace them as in/out addresses are not linked at all. It is also easy to split the sending amount (and all fund transfer in the transaction) into "canonical" values (meaning standard like 100, 50, 25, 10, 5, 2, 1 etc). These enhancements are very easy to do. |
|
|
|
mr_random (OP)
Legendary
Offline
Activity: 1302
Merit: 1001
|
|
August 17, 2014, 06:19:18 PM |
|
Really surprised no-one from supercoin is addressing the tx id issue.
Guess the devs just don't care? Have they not even acknowledged this fundamental flaw?
|
|
|
|
|
|
demgains
|
|
August 17, 2014, 07:26:37 PM |
|
Really surprised no-one from supercoin is addressing the tx id issue.
Guess the devs just don't care? Have they not even acknowledged this fundamental flaw?
its outdated tech, I dont expect much of it and it corresponds exactly to Super's pathetic market cap. |
|
|
|
|
mr_random (OP)
Legendary
Offline
Activity: 1302
Merit: 1001
|
|
August 17, 2014, 09:11:04 PM |
|
Really surprised no-one from supercoin is addressing the tx id issue.
Guess the devs just don't care? Have they not even acknowledged this fundamental flaw?
its outdated tech, I dont expect much of it and it corresponds exactly to Super's pathetic market cap. I'm confused then why supercoin "supporters" are spreading FUD and lies about coins with working anon tech like XC... when their own tech is broken  |
|
|
|
|
|
