Signal adds a payments feature with a privacy-focused cryptocurrency

What's the consensus function you use on the mobile coin blockchain. Couldn't see if it's proof of work or proof of stake.

We use a modified version of the Stellar Consensus Protocol that we reimplemented from scratch using Rust.

https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste... << Page 81 is where you want to go.

How does Stellar Consensus prevent double-spends?

Imagine I have a private key to an address with 10 coins. Imagine I spend the same amount of money (10 coins) on Mars and Earth at the same time. There is a 10-lightminute gap between Mars and Earth. Assume Mars and Earth have a similar number of Stellar nodes. What happens in Stellar Consensus?

Stellar actually does nothing to prevent double-spends as it is the consensus layer and not the ledger. The ledger prevents double spends in mobilecoin by using a proof called a "key image" which is part of CryptoNote (https://bytecoin.org/old/whitepaper.pdf). Essentially, a ring signature is produced by the user which says "one of these N transactions belong to me" and the key image proves that one of the members of the set is a valid transaction without revealing which transaction was valid (and preventing future reuse of the valid input).

I don't understand the "key image" cryptography, but I can't fathom how any cryptography, no matter how smart it is, could prevent the user from:

1) Creating a backup of their wallet on disk.

2) Sending their coins somewhere, but not broadcasting the transaction to the network, instead storing it in a file.

3) Restoring from the backup

4) Sending the coins to a different address = double spending them.

5) Broadcasting the transactions in a very close timespan to conduct the double-spend.

The network needs to prevent this by storing, in an non-forge-able fashion such as PoW, which transaction happened first.

How does your system guarantee that?