Update 26th August, 2021

@Nigel, your question crosses over to the recent discussion of whether to issue all SNT at the start. If that is done and there’s no way to create new SNT the supply might be guaranteed to be fixed.

I think that’s desirable which is why I’m inclined towards having a fixed supply from day one.


You can have receipts, would that suffice?

1 Like

Unsure. Maybe. Depends on how they could be viewed/audited on Safe. What I attempted to describe was a public dbc/wallet where the balance/history was publicly viewable.


Yes you can unblind your payments to show what they were.

Yes the audit right now would be is money supply still fixed, i.e. none created (although some could be lost, we never know that).

I think this would be hard to do actually as visibility of amounts reveals a lot and visibility of many use keys is as bad. It feels to me like all or nothing in many ways and private means nothing, except saying supply is still as it was. I kinda like that really as opposed to audit every coin. I think the audit of every coin is very unlike cash and is actually in opposition to a cash system.

I know many disagree with good reason, but I do favour audit supply and ensure no money creation and that should be as much as we do. I know @danda and I have hearty and good-natured debates on this part though. It’s interesting as we had a for a while “trust the code” then that failed with hacks like dao then “trust governance (read government)” and I think that has big flaws, so now it is “trust the crypto commitments” we are aiming for, I think (i.e. audit the SpentBook). Maybe there is more but I doubt it really I feel audit and privacy are some kind of human wish superposition quantum irregularity and not achievable unless we get new physics :slight_smile:


If Maidsafe have information from behind the curtain that advises safe passage, or are developing a super easy way to jailbreak phones and serve the app, then disregard the following .

Magical thinking, similar to the old concept of a clearnet bridge, Safe will not be in any App store.

  • The sooner Maidsafe swallow the fact that they are pariahs, the sooner we get a launch (on desktop/ Server OS)

Dev time spent on mobile apps and Gui design, is time not spent on launch.

  • It’s all or nothing, drop any notion of bridging clearnet, being embraced by gatekeepers, or getting free advertising on the nightly news.

Linux should be priority 1

  • Lets face it, Joe the plumber on windows was never gonna be the guy seeding the network with thousands of nodes and reaping those early rewards. Datacenters will be the vehicle to get this thing off the ground and most importantly secure, way before Joe finds out about it.

Docker is not the best mechanism for easy and efficient deployment at scale

  • My vote is with Linux Containers. I’d like to see (starting with next testnet) an ISO supplied with a skinny OS (Alpine?) + say 10 Safe Containers. We then just blast this image on to any bare metal machine, local or hosted with little fuss. This approach, could also level the playing field at launch, whereby everyone get’s to punt on launching mega nodes, maybe even in a datacentre group buy type scenario

In Summary

  1. MobileOS ye should abandon all hope

  2. Supply images for Linux Containers to facilitate Bare Metal deployment at scale and thus offer early adopters who are not gurus, the chance to benefit from those early rewards and not just the big players and gurus.


Some people are working on this already. It’s just not ready for release yet. I may reveal more when we hit beta. :wink:


We’ve already had mobile MaidSafe apps without using an App store. There are also new App stores which bypass Google Play.

This is a relatively unusual route at this point, but it is growing just as recognition of other issues which Safe addresses is causing people to want alternatives to surveillance platforms and apps.

To ignore mobile would be a big mistake, since it is a massive market and in many regions the only way people access online services.


Docker is a PITA and IME a poor way of deploying to Linux, or cross platform. It also relies on a vulnerable centralised service to deploy its containers, so has some of the same issues as App stores.

I think you overestimate the difficulty of supporting multiple platforms, desktop and mobile, and underestimate the importance of doing so.

Every time you cut a group of users loose, you reduce the opportunities for network effects and reduce the value of the product to every user, because we are all part of networks which include users of different platforms. The reason the web got so big and so useful so fast, overtaking desktop software which had dominated for decades, is because it was universal.

Safe is for everyone.


Amount hiding (pedersen commitments + bulletproofs) in and of itself would not prevent auditing, so long as the spendbook is publically accessible. Because one can check that the sum(input commitments) == sum (output commitments) for each reissue transaction. Whether or not to make the spendbook public has been a point of discussion.

That said, blind signature based mint and amount hiding appear to be incompatible. It would take a lengthy-ish post to demonstrate why. So a blind-sig mint typically will have fixed amount denominations, each signed with a unique key. This enables the extremely desirable property of unlinkability. Also known as fungibility. The result is a true digital cash.


This sounds like coins and notes, which if true seems to introduce some problems, such as divisibility. Or have I got the wrong idea about this?

1 Like

Thanks me too! Though it is not my decision to make alone. Right now we are building a prototype to show the team and then we can evaluate tradeoffs and decide as a team (and community). shout-out to @mav who has been a key contributor in getting the blind sigs code working nicely.

That said, my personal view is that unlinkability/fungibility is a primary and necessary property of sound money. And a functional digital cash needs to be scaleable to national and even world-wide usage levels. These are sort of the two key pieces that bitcoin (layer1) has always been missing. And they are what got us excited about DBCs in the first place. So I’m optimistic that the blind-sigs approach + sharded, decentralized mint gives us both properties and can make the Safe Network token competitive.


not wrong, but also not much of a problem I think. Consider an unsigned 64 bit integer for amounts. If we use fixed denominations of powers of 10, eg (1, 10, 100, 1000 …) there are only 20 denominations from 1 to TenQuintillion. Or if we include 5’s eg (1, 5, 10, 50, 100, 500, 1000) then there are 40 denominations. So if Bob has 100 and need to make payment of 76 to Alice, then Bob performs a reissue with input = bob: 100, outputs = alice: 50, 10, 10, 5, 1, bob: 10, 10, 1, 1, 1, 1. The same works at every power of 10.

Blinded DBCs are about the closest thing we have to digital cash.


So you can split and combine arbitrarily so long as you use the defined ratios?

That’s much better than I’d thought. Fungibility and unlinkability is an amazing win here, and if we can find a suitable way of avoiding new issues (SNT creation) I think Safe has an amazing technical solution to digital money.

Thanks for explaining and for finding these solutions. :clap:


yes, you got it. :slight_smile:


I think people will just ‘get it’ since it’s just like fiat in that sense. Fungible and unlinkable also, it’s all just pure genius.

Great work to you @danda, rusu, and @mav


Didn’t know that, I hope we can learn more about the mobile strategy.

Well if there is a course that can be charted, then indeed. I’m just worried about the huge amount of work and the hoops required to gain access into a store, only to be pulled ala Telegram.

Very glad to be a poor estimator on this occasion

Absolutely, just questioning the order of development and it’s impact on a release date. I feel that the archiving of private data comes before the consumption of public data.

That’s great to hear, I’m no guru but I played around with Bare Metal in Hetzner…found it really clunky to try and achieve this manually, whereas a ready made ISO can be sneaker netted.

  • David encourages us to kick the tyres any way we can, but can see by the replies that folks are at the ready to soothe concerns…great stuff :clap:

There are many discussions on the forum concerning the use of denominations for divisibility. You may find them interesting.

I agree, I think unless you are talking about unsigned apps you install off the app store (only on Android) it’s never going to be available.

Mobile should be a later concern if at all. The first customers will be few and very knowledgeable, no need to waste ressourse on mobile if the app stores won’t open their doors.

Just like Tor, I don’t expect many people will use it at first. It’s going to be an amazing feat, and very useful, but the masses won’t use it in many years.

Ressourses being limited and time precious, the team should concentrate on bringing a stable, rock solid network, anything else is inconsequential .

Mobile first has been a general dev strategy for a long time. Loads more people have smart phones and tablets than laptops/desktops.

For Android, the most popular mobile/tablet OS, you can easily download a custom app store directly, much like Amazon do/did. Or you can just install an app directly.

A custom app store would avoid repeated warnings about security, although someone would need to review store content, etc.

These don’t seem like blockers to me and at least Android support out of the gates would open up a much larger audience out of the gates. Tbh, most of my interactions would be via mobile despite using a laptop all day.

Apple may be a different kettle of fish. They aren’t renouned for their open platforms, although Iay be judging. I don’t use Apple devices as much as Android.


The fact that Apple is loosening its monopoly app store payment rules is a pretty big deal for this project when the time comes.


Indeed, most folk won’t even notice as the clients will handle all that for them. So I’ll still just hit pay @nigel 10.56 and you’ll see that amount deposited in your safe.