mappum



Offline



Activity: 82

Merit: 10







MemberActivity: 82Merit: 10 Mercury - Fully trustless cryptocurrency exchange - Looking for testers! February 04, 2015, 11:46:04 PM

Last edit: March 05, 2015, 06:21:39 AM by mappum #1

The world's first trustless cryptocurrency exchange



Download

An early alpha preview is available for download. We're looking for testers, download it and try it out!



Windows (.exe)

OSX (.dmg)

Linux (.jar)

Source Code: https://github.com/mappum/mercury



Website: http://mercuryex.com



Twitter: @MercuryExchange







Introducing Mercury



Mercury is a desktop wallet that eliminates the need for centralized exchanges. Currencies can be traded peer-to-peer, directly from the wallets of the traders.



Mercury Wallet implements the



I've been working on Mercury for the past few months, and it is ready for an early alpha release.









What can I trade on Mercury?



Mercury v0.1 currently supports:

Bitcoin

Litecoin

Dogecoin

Many more currencies and crypto-assets will be added in the future if they are in high demand by Mercury users. Rather than supporting all altcoins, I strongly believe in only supporting cryptocurrencies that provide real value, especially innovative "Bitcoin 2.0" technologies. Any crypto-asset can be tradable on Mercury, as long as it at least supports transaction scripts like Bitcoin's.



Some possible assets to be added:

Ethereum

Colored coins (USD, company stock, etc.)

Sidechains

Nubits

Filecoin An early alpha preview is available for download. We're looking for testers, download it and try it out!Mercury is a desktop wallet that eliminates the need for centralized exchanges. Currencies can be traded peer-to-peer, directly from the wallets of the traders.Mercury Wallet implements the Cross-Chain Atomic Swap protocol, allowing users to buy and sell different cryptocurrencies, without any third-parties holding their funds. Trades happen on the blockchain(s), not in some exchange's database.I've been working on Mercury for the past few months, and it is ready for an early alpha release.Mercury v0.1 currently supports:Many more currencies and crypto-assets will be added in the future if they are in high demand by Mercury users. Rather than supporting all altcoins, I strongly believe in only supporting cryptocurrencies that provide real value, especially innovative "Bitcoin 2.0" technologies. Any crypto-asset can be tradable on Mercury, as long as it at least supports transaction scripts like Bitcoin's.Some possible assets to be added:

mappum



Offline



Activity: 82

Merit: 10







MemberActivity: 82Merit: 10 Re: [ANN] Mercury - Fully trustless cryptocurrency exchange - (Looking for testers) February 05, 2015, 12:08:50 AM #3 Quote from: jwinterm on February 05, 2015, 12:04:16 AM Do you plan to release source, or windows binary only?



Do you need to have a running core/qt wallet open to make a transaction using this app/service? So, would you need to have running synced bitcoin, litecoin, and dogecoin qt/core wallets synced and running to make trades?



Yes, the source is on Github, I'll make it public right now. I didn't post it at first because it's not really ready to support a huge amount of users, but I understand that it's important for people to be able to trust the software.



The wallet runs light (SPV) clients for each currency, so no other wallets are neccessary. The first time you run the wallet, it will take only a few minutes to sync the blockchains, then you can start sending/receiving money or trading via the peer-to-peer networks for each coin. Yes, the source is on Github, I'll make it public right now. I didn't post it at first because it's not really ready to support a huge amount of users, but I understand that it's important for people to be able to trust the software.The wallet runs light (SPV) clients for each currency, so no other wallets are neccessary. The first time you run the wallet, it will take only a few minutes to sync the blockchains, then you can start sending/receiving money or trading via the peer-to-peer networks for each coin.

jwinterm



Offline



Activity: 2394

Merit: 1070









LegendaryActivity: 2394Merit: 1070 Re: [ANN] Mercury - Fully trustless cryptocurrency exchange - (Looking for testers) February 05, 2015, 12:45:01 AM #5 Quote from: mappum on February 05, 2015, 12:08:50 AM Quote from: jwinterm on February 05, 2015, 12:04:16 AM Do you plan to release source, or windows binary only?



Do you need to have a running core/qt wallet open to make a transaction using this app/service? So, would you need to have running synced bitcoin, litecoin, and dogecoin qt/core wallets synced and running to make trades?



Yes, the source is on Github, I'll make it public right now. I didn't post it at first because it's not really ready to support a huge amount of users, but I understand that it's important for people to be able to trust the software.



The wallet runs light (SPV) clients for each currency, so no other wallets are neccessary. The first time you run the wallet, it will take only a few minutes to sync the blockchains, then you can start sending/receiving money or trading via the peer-to-peer networks for each coin.

Yes, the source is on Github, I'll make it public right now. I didn't post it at first because it's not really ready to support a huge amount of users, but I understand that it's important for people to be able to trust the software.The wallet runs light (SPV) clients for each currency, so no other wallets are neccessary. The first time you run the wallet, it will take only a few minutes to sync the blockchains, then you can start sending/receiving money or trading via the peer-to-peer networks for each coin.

Thanks! Sounds very interesting. Put thread on watch mode, hope to see some more updates soon... Thanks! Sounds very interesting. Put thread on watch mode, hope to see some more updates soon...

fatbitcoinfan



Offline



Activity: 24

Merit: 0







NewbieActivity: 24Merit: 0 Re: [ANN] Mercury - Fully trustless cryptocurrency exchange - (Looking for testers) February 05, 2015, 06:42:24 PM

Last edit: February 05, 2015, 07:04:04 PM by fatbitcoinfan #9



A decentralized exchange is tantalizingly close.



At first glance, it looks like it's vulnerable to transaction malleability, though. Do you have a way to defend against the following attack?



In



Quote B creates TX3: "Pay v alt-coins to <A-public-key> if (x for H(x) known and signed by A) or (signed by A & B)"



B creates TX4: "Pay v alt-coins from TX3 to <B's public key>, locked 24 hours in the future, signed by B"



B sends TX4 to A



A signs TX4 and sends back to B



2) B submits TX3 to the network

A broadcasts an equally valid TX3' with a different hash, which eventually gets into the blockchain instead of TX3. (A has deliberately made connections to many more nodes than B, so A will receive TX3 quickly and can then send TX3' to many nodes in one hop.)



Now TX4 is useless. A waits until his timelock expires and gets his coins back. B's coins are stuck.



A watches the Mercury community's public discussions to see if anybody complains that their coins are stuck.



If so, A creates TX5: "Pay 0.5*v alt-coins from TX3' to A and 0.5*v alt-coins to B", signs it, and sends B a private message saying,

"Hello B,



I'm scamming you. You can sign TX5 and get half of your coins back. Or not. It's up to you.



Don't bother replying. I won't read it.



Your friendly scammer,

A"

This looks great!A decentralized exchange is tantalizingly close.At first glance, it looks like it's vulnerable to transaction malleability, though. Do you have a way to defend against the following attack?In this context:A broadcasts an equally valid TX3' with a different hash, which eventually gets into the blockchain instead of TX3. (A has deliberately made connections to many more nodes than B, so A will receive TX3 quickly and can then send TX3' to many nodes in one hop.)Now TX4 is useless. A waits until his timelock expires and gets his coins back. B's coins are stuck.A watches the Mercury community's public discussions to see if anybody complains that their coins are stuck.If so, A creates TX5: "Pay 0.5*v alt-coins from TX3' to A and 0.5*v alt-coins to B", signs it, and sends B a private message saying,"Hello B,I'm scamming you. You can sign TX5 and get half of your coins back. Or not. It's up to you.Don't bother replying. I won't read it.Your friendly scammer,A"

mappum



Offline



Activity: 82

Merit: 10







MemberActivity: 82Merit: 10 Re: [ANN] Mercury - Fully trustless cryptocurrency exchange - (Looking for testers) February 05, 2015, 11:31:53 PM #12 Quote from: fatbitcoinfan on February 05, 2015, 06:42:24 PM At first glance, it looks like it's vulnerable to transaction malleability, though. Do you have a way to defend against the following attack?



That's a reasonable concern. It will be completely solved once OP_CHECKLOCKTIMEVERIFY is implemented in Bitcoin Core (refunds can then come from a timelocked output, instead of a pre-signed timelocked refund transaction). Until then, changes in Bitcoin Core 0.9 have made mutating transactions expensive enough that this should not be a huge issue (the attacker would need to mine the mutated transaction in a block). The alpha version of Mercury only allows trading with the Bitcoin Testnet, and before I open it up to real trading I'll have to be sure this attack is not viable. That's a reasonable concern. It will be completely solved once OP_CHECKLOCKTIMEVERIFY is implemented in Bitcoin Core (refunds can then come from a timelocked output, instead of a pre-signed timelocked refund transaction). Until then, changes in Bitcoin Core 0.9 have made mutating transactions expensive enough that this should not be a huge issue (the attacker would need to mine the mutated transaction in a block). The alpha version of Mercury only allows trading with the Bitcoin Testnet, and before I open it up to real trading I'll have to be sure this attack is not viable.

dzimbeck



Offline



Activity: 2226

Merit: 1032







LegendaryActivity: 2226Merit: 1032 Re: [ANN] Mercury - Fully trustless cryptocurrency exchange - (Looking for testers) February 06, 2015, 01:45:37 PM #18 Yeah this is a good attempt but it doesnt work!



Transaction malleability will destroy any trade. ONLY coins with checklocktimeverify can do AT. I also think Qora has it. If you try AT without it, you are going to run into Malleability and one partly will lose all their Bitcoins.



Also, SPV clients rely on a server correct?!? Then its not trustless because the servers data could be interfered with to say a tx has confirmed when it hasnt causing you to submit your TX and give the attacker coins. I might be misunderstanding SPV but from what I'm reading it communicates with servers and thus their data can be spoofed and it requires a lot of trust.



I would recommend manually rewriting the clients and pruning the blockchain instead of SPV. And then you can only wait for a Malleability patch or Checklocktimeverify.