Signal adds a payments feature with a privacy-focused cryptocurrency

Hi!

I'm the CEO of MobileCoin. If anyone has any questions please feel free to ask here. We've been working on this project for four years and it has been a labor of love. There's a lot of new technology here.

We exist in a highly regulated space so it's possible some questions will require reaching out to lawyers to make sure we answer them in a way that's compliant so please don't feel offended if a response takes a while to come back.

The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].

We'll be around here and on our forums [1] to answer questions. Please also check out our foundation website[2]. The github[3] is also a lot of fun, especially the section on Fog[4].

[0]https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste...

[1]https://community.mobilecoin.foundation

[2]https://mobilecoin.foundation

[3]https://github.com/mobilecoinfoundation/mobilecoin

[4]https://github.com/mobilecoinfoundation/fog

The Oblivious RAM implementation is incredible

I tried going to https://buymobilecoin.com/ as referenced in https://www.mobilecoin.com/terms-of-sale.html but get a Cloudflare "Error 1020" page. What's up with that?

This occurs when you try to access it from a US-IP.

Can late MobileCoin adopters buy the same amount of coin for the same price as early adopters or is it a multi-level marketing pyramid scheme like the rest of the crypto“currency” greed and spam inducing cesspool?

https://www.cynicusrex.com/file/cryptocultscience.html

Cloudflare lets you create custom error pages [1]. I would recommend making one for any geo-restricted pages. The benefit is that you can emulate your site theme and have an opportunity to explain the reasoning for the geographic restrictions.

[1] https://support.cloudflare.com/hc/en-us/articles/200172706-C...

Hi, I still have to read the docs more thoroughly, but given that these HN threads die out quickly, I'd rather ask now that I have the chance, so forgive me if some of these are answered in the docs:

1. how does MobileCoin make money?

2. how many coins do you / does MobileCoin own?

3. related to that, are there mechanisms in place to prove that this is not a pump and dump? Or simply, how do I know it's not one and it's here for the long-term?

4. what's the threat model of the blockchain you're using? E.g. for Bitcoin, the chain is compromised once 51% of the hashing rate belongs to collaborative evil miners (as a rough approximation). What about MobileCoin? When would something bad happen? How is it prevented?

5. how does MobileCoin compare with privacy-oriented cryptocurrencies such as Monero?

P.S.: you might wanna add a F.A.Q. section somewhere for the questions I've mentioned and the others in this HN thread, right now we either have to blindly trust the claims on https://www.mobilecoin.com/ or going through the 133 pages of https://github.com/UkoeHB/Mechanics-of-MobileCoin, there should be some intermediate tech documentation (or does it exist already?)

MobileCoin is already liquid on multiple exchanges so the coins would just be purchased at whatever the market price is. It also doesn't make sense for late adopters to get the same price because there's a lot more risk associated with being an early adopter than a late adopter. This works both ways — if something bad happens to MobileCoin that tanks the price late adopters would be able to buy at a cheaper price because the new information gets priced in.

Why does a decentralized communication system need a defi based payment system that has the requirement of a CEO to run it?

I don't run anything related to the protocol. The protocol governed by the MobileCoin Foundation, an independent board of directors. The foundation makes recommendations about how the network might behave, but ultimately it's up to the node operators to decide what code they run.

>“It also doesn't make sense for late adopters to get the same price because there's a lot more risk associated with being an early adopter than a late adopter.”

Often repeated but false. Early adopters mine or buy large proportions at negligible prices while late adopters mine or buy negligible proportions at large prices.

> 1. how does MobileCoin make money?

MobileCoin pre-mined the coins and is selling them to users. According to other comments, they hold 85% of the coins.

The CEO is commenting in this thread with a link to buy the coins. They make money by selling these coins.

Assuming an attacker fully compromises SGX for machines under his physical control (e.g. can execute arbitrary code inside an attested enclave), what can the attacker do/what security properties of MobileCoin break?

I know Moxie seems to put near-complete trust in SGX, but many security professionals don't.

Hi Josh, thanks for taking the time!

My question, to both you and (especially) Moxie: Why do you trust Intel SGX so much (for Signal but now also MobileCoin)? Why are you not worried about vulnerabilities? As you're surely aware, even Matt Green who is/used to be(?) the biggest fan of Signal[0] is very concerned[1] about SGX. I don't question your intentions but the fact that Signal as an organization has stayed completely silent about this is… worrisome and at the very least taints its reputation of openness and trustworthiness. With MobileCoin now relying on it, too (more or less), this only seems to be getting worse.

[0]: http://web.archive.org/web/20200201112751/https://signal.org...

[1]: https://blog.cryptographyengineering.com/2020/07/10/a-few-th...

So what organization are you the CEO of? Is it a for-profit entity? What is that entities relation to the protocol?

Hi Josh, thank you for taking questions. Can you speak to the financial distribution of coins/funds for the employees and foundation?

There is no guarantee that there will be late adopters. So yes, there is risk.

Thanks for answering questions, it's nice to see that MobileCoin shares so many similarities with Monero with changes that seems to make decent tradeoffs for usability. I have a few questions:

What is the identity and distribution behind the current mobilecoin nodes? What are the requirements for running a node? Since there is no node rewards how will nodes funded in the long term (10+ years)?

Does mobilecoin employ something similar to Dandelion++? What prevents nodes or those running fog from performing timing based attacks? Is mobilecoin suseptable to any other attacks (e.g. Poisoned output, subaddress association)?

How will the mobilecoin foundation and continued development be funded in the long term (10+ years)?

If SGX is found to be vulnerable/no longer fit for purpose is there a mitigation plan?

Elsewhere[1] in the thread it's been claimed your organization owns 85% of the total market cap of this coin. Can you speak to this? Is it true or not? If not true, what is the correct percentage? How much is left?

1: https://news.ycombinator.com/item?id=26715348

and why are you geofencing in this way?

> It also doesn't make sense for late adopters to get the same price because there's a lot more risk associated with being an early adopter than a late adopter.

Other way of saying it, is that early participants in a pyramid scheme don’t have guarantees that they’ll find enough people for the scheme to be successful.

Why do you feel the need to geofence it outside of the US? Where is the foundation based/registered? Where is the for-profit that you are the CEO of registered? How much is Signal getting for this?

Hi Josh! Why does nothing, in plain English, explain why MobileCoin should be used over another decentralized digital currency that exists? For example, if I look at your GitHub [0], the first FAQ item is about Intel SGX, and the overview is just...a blockchain overview.

Why does it make sense to integrate MobileCoin into anything? Why not use Monero or zCash? Sure, you can definitely explain this to me, but nothing explains that to general people on your GitHub page. Same thing on your foundation page, which simply has logos and "Private Payments for everyone" [1].

I've spent a lot of time working on blockchain and perceptually, it feels like you're trying to sell snake oil here. For example, the mechanics paper [2] starts with "Cryptography. It may seem like only mathematicians and computer scientists have access to this obscure, esoteric, powerful, elegant topic." Cryptography is a tool. What's obscure about it? People are using it right this second. Why is it esoteric?

The paper then continues with a brief overview of 'blockchains' (why the scare quotes?). In the same paragraph, it states that the purpose of blockchains is that "no piece of money can be duplicated or created at will" but this is only one of many points of the entire point of a blockchain. Why does it not explore other facets of blockchains if the goal is to be introductory?

Then, in the fifth paragraph, the paper remembers that people may not be reading this for the first time with no experience, and suddenly jumps up to 11, with this paragraph. Note, this paragraph is one single 91-word jargon-filled sentence:

> MobileCoin is a standard one-dimensional directed acyclic graph (DAG) cryptocurrency blockchain, where blocks are consensuated with an implementation of the Stellar Consensus Protocol, transactions are validated in SGX secure enclaves and are based on elliptic curve cryptography using the Ristretto abstraction on curve E25519, transaction inputs are shown to exist in the blockchain with Merkle proofs of membership and are signed with Schnorr-style multilayered linkable spontaneous anonymous group signatures (MLSAG), and output amounts (communicated to recipients via ECDH) are concealed with Pedersen commitments and proven in a legitimate range with Bulletproofs.

While I want to assume good faith here, I find that the blockchain community often has a history of attempting to "smooth over problems" with lots of jargon and hoping for the best. This sentence, when run through Hemingway [3], gives it a post-graduate reading level. But that's not anything about the cryptography: the paragraph/sentence is simply unreadable to most people. It serves no purpose in the middle of this section.

While I'm sure you'll mention that this is a preview document, you're pointing people to it as the primary resource for people to learn "how the whole thing fits together."

Other warning signs that make me wary are everywhere.

The foundation about page has the Intel, Azure, and IBM logos under a "powered by" footer [4]. The meaning is ambiguous, and the intent is clear: you want to use these big tech company logos, because they're recognized. Yet, this is the exact same thing companies do when they're sponsored by other companies. To the untrained eye, these are indistinguishable things. Is MobileCoin sponsored by Intel, IBM, or Azure? If not, you should remove the logos. It feels like a "trust play." You're not linking to any sites or providing any information as to your relationships with these companies, but it seems like you just have cloud services with Azure and IBM, and use Intel SGX.

There's a typo on the "Foundation Trusted Nodes" page (two words slammed together): "MobileCoin Consensus is built on trust relationships between individuals and organizations who are running MobileCoin Consensus Validator Nodes.Determining" [5].

So, I suppose, if I had a question, it's: why, in all of this documentation and all of the websites that you've linked to, is there not a single "you should use MobileCoin over Monero and zCash because of ..." comparison? Why does it seem more like it's interested in propping itself up and being trustworthy, rather than conveying details about how it's superior to its competition for mobile payments?

[0]: https://github.com/mobilecoinfoundation/mobilecoin

[1]: https://www.mobilecoin.foundation/ & https://archive.is/ktf3o

[2]: https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste... (archive: https://files.catbox.moe/1wal8z.pdf)

[3]: https://hemingwayapp.com/

[4]: https://www.mobilecoin.foundation/about & https://archive.is/JNDbG

[5]: https://www.mobilecoin.foundation/foundation-trusted-nodes & https://archive.is/Pr868

If that is true, what is it that makes it inaccessible to US individuals? My understanding is that a “real” decentralized cryptocurrency not misrepresented by the issuers will not fall under regulation like that.

What is the total supply of MobileCoin, and what percentage of MobileCoin is owned by folks inside (or related to) the company?

1) MobileCoin will build a payments ecosystem around the protocol.

2) I have to check with the lawyers on whether we can disclose exact amounts, but our intention is to own a small minority of coins over the long term. We want the supply to circulate.

3) I don’t know how to prove this other than to tell you that MobileCoin is here to stay. You’ll know us by our deeds.

4) the threat model is 100% of nodes being compromised with an active attack against SGX. If there is even a single honest machine, the network will scream on any fault.

5) MobileCoin is fast and privacy-protecting (and it works on mobile without consuming tons of energy). There aren’t any other cryptocurrencies that presently fit that bill.

The correct answer to (1) was: "by selling the coins we pre-mined (85% of current float) at a high price, after using the popularity of Signal to pump the price further".

Shameful.

Do you feel bad for having a direct part in ruining signal?

What a bunch of non answers...

Much privacy, such decentralized

> The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].

There's a missing reference on p. 61 (physical page 68)

> ...Chapter ?? discusses how enclaves fit into the broader picture of consensuating transactions and growing the MobileCoin blockchain.

I assume it means chapter 10.

1% of nodes can keep the data intact?

This smells of centralisation.

Not when you know beforehand that it will be implemented into signal :)

What are the co2 emissions of mobilecoin usage?

It is centralization. The central authority is Intel.

The MobileCoin consensus protocol does not use proof-of-work, so CO2 emissions should be negligible compared to e.g. Bitcoin.

And a follow-up question in case it's not true/unanswerable: any idea where they got that number from?

True, but in general.

While I agree with the sentiment, that part is just the time-value of money.

The same is true for stocks, gold, and pretty much anything else you can invest in.

In retrospect it would have been a good deal to buy AAPL for $1.50 in 2005, but what can you do. That doesn't make Apple a ponzi scheme.

I think the more pertinent question is how much of a stake Signal has in MobileCoin and why the details of this relationship are not being disclosed.

MobileCoin isn't even on the list of cryptocurrencies you can make a donation in.. which makes this seem more like a cash grab rather than something that was thought out.