QuantaDose Press Releases

Turning Constitutional Silver Into a Verified, Tradable 1 oz Unit—Backed by Secure NFC, Blockchain Certificates, and Community Grading

13
Jan

Silver stackers already understand the problem: owning real metal is the easy part. Trading it at fair value—without getting clipped by wide spreads, verification disputes, and “trust me” pricing—is where stacks quietly leak value.

SaveSilver.us exists to close that gap.

Not by “tokenizing silver” in a way that replaces the metal, and not by turning stackers into customers of another middleman. SaveSilver is built around a simpler idea:

Standardize constitutional silver into a recognizable one-ounce unit, bind it to cryptographic identity, and trade it inside a verified marketplace.

It’s a platform that connects physical money to digital verification—so that honest peer-to-peer trading can converge on fair value, consistently, anywhere.

Why constitutional silver needs a better trading system

Constitutional silver is real money. It’s also often treated like bulk commodity coinage at trade time. That creates predictable failure modes:

  • Verification friction: the buyer can’t quickly validate the set, the year/mint consistency, or whether anything was swapped.

  • Spread pressure: the more uncertainty, the more “discount” a buyer demands.

  • Price fragmentation: what you get depends on who you sell to, where you sell, and how much they trust your lot.

When you don’t have a certifiable, transparent market structure, value concentrates in the hands of the “money changers” who control liquidity.

A simple example shows the problem. If silver is hypothetically $89/oz, and you use the common 90% rule-of-thumb of 0.715 troy oz per $1.00 face (average circulated), then $1 face has an implied melt around:

  • 0.715 × 89 = $63.64

If someone offers 35× face (i.e., $35 per $1 face) in that environment, that’s roughly a 45% discount to melt. That is not a rare “edge case”—it is the natural outcome of opaque markets and verification friction.

SaveSilver is built to reduce that friction and bring trading closer to transparent, community-supported value.

The core unit: $1.40 face = “one-ounce-class” constitutional silver

SaveSilver standardizes around a unit that stackers can recognize instantly:

  • $1.40 face of 90% constitutional silver

  • same year, same mint whenever possible

  • packaged into a slab designed for fast inspection and verification

Why $1.40? Because with the common approximation:

  • $1.00 face ≈ 0.715 ozt (average circulated)

  • $1.40 face ≈ 0.715 × 1.40 = ~1.001 ozt

That makes $1.40 a practical “one-ounce-class” unit—easy for stackers to price, trade, and understand.

Two slab formats: Half Quad and Quarter Quad

Both slabs equal $1.40 face. The difference is the structure.

Half Quad — $1.40 face

  • 2 half dollars ($1.00)

  • 4 dimes ($0.40)

This set supports iconic half-dollar runs (Walking Liberty, Franklin, Kennedy 1964) paired with dimes that match the year/mint.

Quarter Quad — $1.40 face

  • 4 quarters ($1.00)

  • 4 dimes ($0.40)

A natural fit for Washington quarters and earlier quarter designs, with the same dime “quad” on the bottom.

The goal is repeatability: when a buyer sees “Half Quad 1958-P” they know exactly what that unit is—before they even scan it.

The platform architecture: five layers that work together

SaveSilver isn’t one trick. It’s a system. The platform is designed in layers so each layer is credible on its own, and stronger when combined.

Layer 1 — Physical packaging that’s built for inspection

A high-quality slab does not hide the coin. It displays it.

  • Four-point retention per coin so the rim and edge remain inspectable

  • consistent spacing and geometry (coins don’t overlap or crowd)

  • tamper-evident construction so opening attempts are obvious

This is the baseline: a slab that looks and behaves like a modern professional holder, but designed specifically for your $1.40 unit.

Layer 2 — Secure NFC authentication (anti-clone identity)

A basic NFC tag that contains only a URL or ID is easy to copy. SaveSilver uses secure NFC (cryptographic NFC), which enables the slab to prove:

“I am the original issued tag, not a copied label.”

How it works in plain language:

  • the NFC chip contains a secret that cannot be read out

  • each tap generates a cryptographic proof (not just a static number)

  • the verifier checks that proof and confirms the tag is authentic

This is what stops simple cloning.

Layer 3 — Tamper-evidence that resists tag swapping

Even secure NFC can be defeated if an attacker can transplant the tag from a genuine slab into a fake slab.

That is why the physical build matters:

  • embed the NFC inlay so removal breaks the antenna path or damages the slab

  • use design features that make reassembly obvious

  • treat the slab as a security device, not just a container

Crypto resists cloning. Construction resists swapping.

Layer 4 — On-chain certificate anchoring (immutability + transparency)

Blockchain does one thing extremely well: it provides a public, tamper-resistant record that anyone can verify.

SaveSilver uses chain anchoring to prove:

  • the certificate exists

  • the certificate has not been altered

  • optional: the certificate’s status (active / revoked)

  • optional: ownership and transfer history (if you choose to expose it)

Important distinction:

  • blockchain proves the record is authentic

  • NFC + construction helps prove the physical slab is authentic

SaveSilver uses both because they solve different problems.

Layer 5 — Marketplace restricted to verified slabs

This is where the value compounding happens.

If you build a marketplace where every listing must pass:

  • secure NFC authenticity

  • certificate match

  • metadata match (year/mint/type)
    then you are not just selling slabs—you are building liquidity around verified units.

That matters because liquidity is what closes spreads.

Offline verification at coin shows, and full online verification everywhere else

Coin shows are exactly where verification must work—because connectivity is unreliable and transactions are fast.

SaveSilver is designed for two modes:

“Show Mode” (offline-capable)

Works without internet to confirm:

  • secure NFC tag authenticity (cryptographic proof)

  • certificate validity if cached locally

  • visible image fingerprinting (if cached)

This supports the “tap and trust” moment at a table.

“Full Mode” (online)

Adds:

  • on-chain certificate hash confirmation

  • current status (active/revoked)

  • optional ownership history and marketplace linkage

Offline mode solves practical trading friction. Online mode provides maximum transparency.

High-definition image fingerprinting: proving the coin in the slab matches the certificate

The strongest anti-swap tool—besides physical tamper evidence—is imaging.

SaveSilver can attach a high-resolution “fingerprint pack” to each slab, per coin:

  • obverse photo

  • reverse photo

  • edge capture as an unrolled strip (especially useful for reeded edges)

Why edge strips matter:

  • rim dings, reed flattening, and edge marks are highly distinctive

  • the “unrolled strip” makes comparison simple and compact

  • it becomes a practical “match this coin to this record” tool for remote buyers

Critically, SaveSilver does not rely on “trust the images.” The images are anchored by cryptographic hashes:

  • each image/video is hashed

  • hashes are stored in the signed certificate

  • the certificate is anchored on-chain

So if anyone alters an image, the hash check fails.

Community grading: a market signal built on stake, reputation, and transparency

Authentication is objective. Grading is subjective.

SaveSilver treats grading as a separate layer: a market signal that improves price discovery, without contaminating the authenticity system.

Why community grading is valuable

Most stackers don’t need MS-67 precision. They need:

  • a credible sense of condition

  • a shared language (VF/XF/AU, etc.)

  • a transparent record of how the community sees the piece

This helps reduce disputes and widen the buyer pool.

How to prevent “grading your own coin”

You can reduce self-dealing by separating:

  • the slab’s identity (serial/owner/listing)
    from

  • the grading session (images only)

Graders see:

  • obverse/reverse/edge images

  • coin type/year/mint
    They do not see:

  • owner identity

  • listing identity

  • lot serial number

  • asking price

A submitter might still recognize their own coin—but anonymity removes the easy route for manipulation.

Commit–reveal voting: stopping herd behavior

To prevent “everyone votes whatever the first grader posted,” SaveSilver can use a two-phase protocol:

  1. graders commit a hidden vote (hash)

  2. graders reveal the vote later

This discourages copycat behavior and bribery.

Consensus math: medians beat averages

Averages are easy to skew. Medians resist manipulation.

SaveSilver grading can use:

  • median grade (or trimmed median)

  • plus a confidence score based on:

    • number of graders

    • dispersion (tight cluster vs wide disagreement)

Reputation: based on accuracy, not popularity

Reputation should not be “people liked you.” It should be:

  • how consistently your grades align with finalized consensus over time

This naturally rewards skill and penalizes noise.

Staking: used for integrity, not intimidation

Staking can prevent spam and sybil attacks (fake accounts). In early versions:

  • require a small stake to grade

  • lock it temporarily during grading windows

  • avoid harsh penalties until the system is proven

Later, penalties can apply for provable misconduct:

  • failing to reveal after commit

  • repeated extreme outliers

  • bot-like patterns

What “tying physical money to digital money” actually means

This is the philosophical center of SaveSilver.

Silver is physical. Blockchain is digital. SaveSilver is the bridge:

  • the slab is a physical unit of constitutional silver

  • the NFC tag is a cryptographic identity

  • the certificate/NFT is a digital proof record

  • the marketplace turns verification into liquidity

That does something important: it turns stackers into something like miners—not miners of a speculative token, but miners of a verified, standardized real asset unit that can trade with less friction.

You are not “creating” silver. You are creating:

  • standardized packaging,

  • verifiable identity,

  • and a trusted market channel.

That is how you reduce the penalty stackers pay to intermediaries.

What SaveSilver can truthfully claim

SaveSilver is designed to be credible. The language matters. The following claims are defensible:

  • Tap-to-verify authentication using a secure NFC chip

  • Cryptographic proof of an original-issued tag

  • Linked to a certificate/NFT record anchored on-chain

  • High-definition obverse/reverse/edge imaging with cryptographic integrity

  • Verified marketplace restricted to authenticated slabs

  • Community grading as a transparent market signal

  • Designed to resist cloning and tampering (not “impossible to fake”)

That last clause is important: serious systems avoid absolutes.

Why this platform is for silver stackers—not for money changers

In a fair monetary ecosystem, exchange should not require surrendering a massive percentage of value just to access liquidity.

SaveSilver’s thesis is simple:

  • the community that holds real money should have a marketplace that respects real value

  • verification should be fast, not subjective

  • authenticity should be provable, not asserted

  • pricing should converge toward transparent value, not opaque spreads

Constitutional silver deserves modern infrastructure.

SaveSilver is building it.

Homepage Manifesto (SaveSilver.us)

Constitutional silver deserves modern infrastructure.

Most stackers already know the truth: owning silver is easy. Trading it fairly is where value leaks.

When constitutional silver changes hands, it’s too often treated like “bulk,” priced by uncertainty, and discounted by the middlemen who control liquidity. That is not a healthy monetary ecosystem.

SaveSilver exists to fix one problem: trade friction.

We are building a standard unit and a verified marketplace so constitutional silver can move peer-to-peer with less spread, less debate, and more transparency—without changing what the metal is.

The unit: $1.40 face, one-ounce-class

SaveSilver slabs standardize $1.40 face value of U.S. 90% constitutional silver into a single, recognizable unit—targeting the traditional “one-ounce-class” convention used by stackers.

Each slab is assembled as:

  • Same year

  • Same mint (whenever possible)

  • Encapsulated into a tamper-evident holder

Two formats. Same unit:

  • Half Quad: 2 half dollars + 4 dimes = $1.40

  • Quarter Quad: 4 quarters + 4 dimes = $1.40

This isn’t hype. It’s the simplest standard that makes constitutional silver easier to quote, verify, and trade.

The problem: stackers lose value to uncertainty

Every time you trade without strong verification, you pay a “trust tax”:

  • disputes about authenticity

  • confusion about composition

  • fear of swaps

  • slow counter checks

  • wide spreads “just to be safe”

In an opaque market, the money changers win by default.

SaveSilver is the opposite: a system where the community supports transparent value through verified units and open proof.

Our solution: verified slabs + verified marketplace

SaveSilver combines:

  • high-quality encapsulation built for inspection

  • secure NFC tap-to-verify authentication

  • digital certificates anchored on-chain

  • optional high-definition imaging fingerprints

  • optional community grading signals

The result is a simple experience:
tap → verify → trade

At coin shows, verification should still work even when there’s no signal. Online, the full record becomes permanent and public.

We are not a coin dealer.

We do not buy or sell metals. We package and certify customer-submitted constitutional silver into standardized units, issue a verifiable certificate identity, and return the slab to the owner.

This is infrastructure—built for stackers.

The mission

Constitutional silver is real money. It should trade like real money.

SaveSilver is building the standard unit, the verification layer, and the marketplace—so stackers stop bleeding value to spreads and start trading with confidence.

If you stack silver, you already understand why this matters.

Now it’s time to build what the metal deserves.

Technical Appendix (Whitepaper-Style Draft)

SaveSilver Verification, Certification, Marketplace, and Community Grading Protocols (v0.1)

Status: Draft for discussion.
Goal: Define a system that binds physical constitutional silver slabs to cryptographically verifiable digital certificates (optionally NFT-backed), supports offline/online verification, and enables an authenticated marketplace with an optional community grading layer.

1. Definitions

  • Constitutional silver: U.S. 90% silver coinage commonly traded by stackers (pre-1965 dimes/quarters/halves, with recognized series).

  • Slab: A tamper-evident encapsulation containing a standardized set totaling $1.40 face value.

  • Half Quad: $1.40 face = 2 half dollars + 4 dimes.

  • Quarter Quad: $1.40 face = 4 quarters + 4 dimes.

  • Certificate: A digitally signed record describing the slab and its identity bindings.

  • Secure NFC tag: NFC hardware capable of cryptographic authentication (dynamic proof), not merely static ID storage.

  • On-chain anchor: A blockchain record that stores or references a hash/ID that commits to the certificate content.

2. Threat Model (Non-Exhaustive)

Primary threats:

  1. Clone attack: Copying NFC data from a legitimate slab to a counterfeit tag.

  2. Replay attack: Reusing static NFC payloads to impersonate authenticity.

  3. Transplant attack: Moving a genuine NFC tag from a genuine slab into a counterfeit slab.

  4. Certificate forgery: Altering certificate metadata or substituting a different certificate.

  5. Image substitution: Editing or swapping image sets to misrepresent coin identity.

  6. Grading manipulation: Coordinated voting or bribery to inflate/deflate grades.

Design stance: Avoid absolute claims; system is “designed to resist cloning and tampering.”

3. Architecture Overview

SaveSilver uses a layered model:

Layer A — Physical slab security

  • Four-point retention per coin for inspectable rim visibility.

  • Tamper-evident sealing.

  • NFC inlay embedded in a way that discourages extraction or causes visible damage / antenna detuning if tampered.

Layer B — NFC cryptographic authentication

  • Tag provides dynamic proofs per tap (cryptogram/MAC + counter/session component).

  • Verification can be performed offline with embedded issuer keys and validation logic.

Layer C — Certificate signing

  • Issuer signs a canonical JSON certificate.

  • Certificate is stored off-chain (SaveSilver domain or decentralized storage), but integrity is committed on-chain via a hash anchor.

Layer D — On-chain anchoring

  • On-chain stores: certificate hash, token ID, optional status (active/revoked), optional ownership.

Layer E — Marketplace gating

  • Only slabs that pass verification checks can list or trade through the verified marketplace.

Layer F — Optional imaging fingerprints

  • Obv/rev + edge capture (edge “unrolled strip” preferred).

  • Hashes of media anchored to certificate.

Layer G — Optional community grading

  • Anonymous grading sessions, commit–reveal voting, reputation weighting.

4. Data Model

4.1 Slab Identity

  • slab_serial: human-readable, unique.

  • product_type: HALF_QUAD or QUARTER_QUAD.

  • year: integer.

  • mint: P|D|S (blank treated as P).

  • face_value: fixed at 1.40.

4.2 NFC Tag Fields (Public NDEF)

Recommended minimal NDEF payload:

  • issuer_id

  • issuer_key_version

  • slab_serial

  • cert_uri (pointer)

  • tag_public_id (non-secret identifier)

  • sig_static (optional issuer signature over the above)

4.3 NFC Dynamic Auth Fields

On tap, tag provides:

  • ctr or session

  • auth_code (dynamic cryptographic proof)

Verifier validates auth_code against issuer logic. A valid proof indicates the tap came from a genuine secure tag.

4.4 Certificate JSON (Off-chain, Signed)

Canonical certificate schema (example fields):

  • schema_version

  • slab_serial, product_type, year, mint, face_value

  • composition (coin denominations + design types)

  • tag_public_id, issuer_id, issuer_key_version, issued_at

  • media_hashes (optional): obv, rev, edge_strip or edge_video

  • sig_cert: issuer signature over canonicalized JSON

4.5 On-chain Anchor

On-chain record contains:

  • token_id (derived deterministically or minted)

  • cert_hash (hash of canonical certificate JSON)

  • cert_uri (optional)

  • status (optional): active/revoked

  • owner (optional): token ownership

5. Issuance Protocol (Packaging + Certification)

Input: customer-submitted constitutional silver coins.
Output: slab + certificate + optional NFT anchor.

  1. Intake recording: video-record opening and initial count.

  2. Authenticity screening: basic tests + exception handling; no numeric grading.

  3. Set assembly: match year/mint per product rules (or label as mixed-mint if supported).

  4. Encapsulation: insert coins with four-point retention; seal slab.

  5. Tag provisioning: write NDEF payload; initialize auth state (counter).

  6. Certificate creation: generate canonical certificate; sign with issuer key.

  7. On-chain anchoring: commit certificate hash; optionally mint token.

  8. Return shipment: slab returned to submitter; certificate link provided.

6. Verification Protocol

6.1 Offline Verification (“Show Mode”)

Offline verification aims to confirm:

  • secure NFC tag authenticity (dynamic proof passes)

  • certificate integrity if cached (signature valid, metadata matches)

  • media integrity if cached (hashes match)

Offline cannot guarantee:

  • latest revocation status

  • current on-chain ownership

UI requirement: display “Offline verified” vs “Online verified” clearly.

6.2 Online Verification (“Full Mode”)

Online verification adds:

  • fetch certificate from cert_uri

  • verify sig_cert

  • validate cert_hash matches on-chain anchor

  • check status active/revoked

  • optional ownership view

7. Verified Marketplace Rules

A slab is eligible for verified marketplace listing if:

  • NFC dynamic authentication passes

  • certificate signature is valid

  • certificate hash matches on-chain anchor (online requirement for listing)

  • slab status is active (not revoked)

Marketplace may require periodic re-verification for active listings.

8. Imaging Fingerprint Protocol (Optional)

Goal: strengthen anti-swap detection and remote buyer confidence.

For each coin:

  • capture obverse and reverse in controlled lighting

  • capture edge as:

    • rotational video + extracted strip, or

    • stitched “unrolled edge strip”

Store media off-chain; compute hashes.
Include media hashes in certificate; anchor certificate hash on-chain.

9. Community Grading Protocol (Optional)

Goal: provide a market signal without conflating it with authenticity.

9.1 Separation of Concerns

  • Authenticity: cryptographic + certificate + tamper evidence.

  • Grade: subjective, consensus-based signal.

9.2 Anonymized Grading Sessions

Create grading_session_id separate from slab_serial.
Expose only:

  • coin type/year/mint

  • media set
    Hide:

  • slab serial, owner, listing price, marketplace link.

9.3 Commit–Reveal

  • Commit phase: grader posts hash of grade selection.

  • Reveal phase: grader reveals grade; system verifies commitment.

9.4 Consensus Calculation

  • use median or trimmed median

  • compute confidence score from dispersion and grader count

9.5 Reputation Weighting

Reputation updates based on distance from consensus over time.
Reputation can weight future votes.

9.6 Staking (Phase-dependent)

  • MVP: small stake to prevent spam, no slashing.

  • Later: penalties for non-reveal and repeated extreme outliers.

10. Truthful Claims and Communication Policy

Allowed claims:

  • “Tap-to-verify authentication using a secure NFC chip.”

  • “Cryptographic proof of an original-issued tag.”

  • “Linked to a signed digital certificate anchored on-chain.”

  • “Tamper-evident slab construction designed to resist cloning and swapping.”

  • “Offline verification for tag authenticity; online verification for full certificate + status checks.”

  • “Community grading is an optional market signal.”

Avoid:

  • “Impossible to counterfeit”

  • “Unhackable”

  • “Blockchain proves the coin is real” (blockchain proves the record; the system verifies the slab identity)

11. Roadmap (Suggested)

Phase 1: Slabs + secure NFC + signed certificate + on-chain hash anchor + verified marketplace.
Phase 2: Imaging fingerprints (obv/rev) + hash anchoring.
Phase 3: Edge strip capture + viewer tools.
Phase 4: Community grading v1 (commit–reveal + reputation).
Phase 5: Staking and governance (only after real-world data).

2. Threat Model and Defensive Design (Non-Exhaustive)

SaveSilver’s design goal is not “perfect security” (no system can promise that), but to be as strong an authenticator as technologically practical, using layered defenses. The system assumes motivated adversaries, and it focuses on reducing both:

  • the feasibility of counterfeiting, and

  • the profitability of cheating.

2.1 Primary Threats

(T1) Clone attack
Copying NFC data from a legitimate slab to a counterfeit tag.

(T2) Replay attack
Reusing static NFC payloads to impersonate authenticity.

(T3) Transplant attack
Moving a genuine NFC tag from a genuine slab into a counterfeit slab.

(T4) Certificate forgery
Altering certificate metadata or substituting a different certificate.

(T5) Image substitution
Editing or swapping image sets to misrepresent coin identity.

(T6) Grading manipulation
Coordinated voting, bribery, or self-dealing to inflate/deflate grades.

2.2 Defensive Principles

SaveSilver uses four foundational principles:

  1. No static trust: nothing important relies on a static ID or URL alone.

  2. Cryptographic binding: the slab identity is bound to signed records and verified tag proofs.

  3. Physical tamper evidence: packaging design discourages or reveals extraction and swapping.

  4. Market transparency: grading is treated as a separate, auditable signal with strong anti-manipulation mechanics.

2.3 Countermeasures by Threat

(D1) Defeating Clone and Replay Attacks (T1, T2)

Problem: If a tag only stores a serial number or URL, attackers can copy the payload and reproduce “verification” with a cheap clone.

Countermeasures:

  • Secure NFC with cryptographic authentication: Tags must produce dynamic cryptographic proofs (e.g., cryptogram/MAC) on each tap, not a static payload.

  • Monotonic counter / session variance: Each tap incorporates changing state, making “record-and-replay” fail.

  • Verifier-side validation: The app validates proofs using issuer keys/logic so a copied tag cannot generate correct responses.

Outcome: Copying the NDEF payload is insufficient; the attacker must replicate a secure chip’s secret, which is substantially harder than copying a serial.

(D2) Defeating Transplant Attacks (T3)

Problem: Even a genuine secure NFC tag can be moved into a counterfeit slab if the tag can be extracted cleanly.

Countermeasures:

  • Embedded inlay placement: Tag and antenna are embedded inside a sealed cavity or laminated channel.

  • Destructible antenna path: Physical removal is designed to detune, tear, or break the antenna, causing failed scans or obvious damage.

  • Tamper-evident construction: The slab is designed such that opening attempts create visible evidence (stress marks, misalignment, seal damage).

  • Identity + physical witness features (optional): Add a visible witness mark aligned to the inlay’s position so a moved tag is detectable.

Outcome: Secure NFC prevents simple cloning; tamper design prevents easy “move the real tag to a fake slab.”

(D3) Defeating Certificate Forgery (T4)

Problem: Attackers may try to alter metadata (year, mint, composition) or substitute a different certificate for a slab.

Countermeasures:

  • Signed certificate object: The issuer signs a canonical certificate JSON (immutable fields + schema version).

  • On-chain anchor: The certificate hash is anchored on-chain; any change to the certificate breaks the hash match.

  • Tag-to-certificate binding: Tag public ID and slab serial are included in the signed certificate, making substitutions detectable.

  • Key versioning: Certificates include issuer_key_version so verification always uses the correct issuer key and supports key rotation.

Outcome: Certificates cannot be altered or swapped without detection, and “fake certificates” won’t validate.

(D4) Defeating Image Substitution and “Coin Swap” Misrepresentation (T5)

Problem: Attackers may swap images or edit images to make a different coin appear to be the certified coin.

Countermeasures:

  • High-definition imaging fingerprints: For each coin, capture:

    • obverse

    • reverse

    • edge capture (preferably an unrolled edge strip)

  • Media hashing: Store cryptographic hashes of each media file in the certificate.

  • Certificate anchoring: Media hashes are protected by the issuer signature and the on-chain certificate hash.

  • Standardized capture protocol: Fixed lighting, alignment, and camera parameters to improve comparability.

  • Human + machine comparison path: The marketplace UI allows buyers to compare certified images to the coin in hand; later, automated matching can be added.

Outcome: If images are edited or swapped, hashes fail. If coins are swapped, mismatch is visible—especially on the edge strip and micro-marks.

(D5) Defeating Grading Manipulation (T6)

Problem: Grading is subjective and therefore vulnerable to:

  • coordinated manipulation (“pump the grade”)

  • bribery

  • herd behavior

  • self-grading (“I boost my own listing”)

Countermeasures (layered):

1) Identity separation: grading sessions are not listings

  • Create a grading session ID that is separate from:

    • slab serial

    • marketplace listing

    • owner identity

    • asking price

  • Graders see coin type/year/mint + media only; they do not see “whose coin” or “which lot.”

This reduces self-dealing because graders cannot easily target a specific listing.

2) Anonymized evaluation inputs

  • Graders do not see:

    • lot numbers

    • seller identity

    • marketplace links

    • price information

  • Optional: mask unique identifying metadata beyond what’s necessary (e.g., do not show edition/serial).

This reduces targeted vote-buying and collusion.

3) Commit–reveal voting

  • Commit phase: graders submit a hash commitment of their grade (hidden).

  • Reveal phase: graders reveal the grade; system verifies it matches the commitment.

This prevents copycat voting and reduces “follow-the-leader” dynamics.

4) Robust aggregation: median > mean

  • Use median or trimmed median for consensus grade.

  • Outliers do not shift results as easily as with averages.

This reduces the impact of a coordinated minority.

5) Reputation weighting based on accuracy over time

  • Reputation increases when a grader’s votes consistently align with final consensus.

  • Reputation decreases for repeated extreme divergence.

  • Reputation impacts future vote weight.

This discourages chronic manipulation and rewards consistent graders.

6) Anti-sybil controls

  • Rate limits, stake-to-grade gating, and identity friction reduce bot networks.

  • (Optional later) stake slashing for provable misconduct:

    • failure to reveal

    • repeated extreme outliers across many sessions

    • suspicious timing patterns

Outcome: Grading becomes a transparent market signal that is harder to manipulate, and economically irrational to game at scale.

2.4 Verification Claims Policy (Security Communication)

SaveSilver avoids absolute claims (“impossible to fake”). The system is designed to resist key counterfeiting vectors using modern best practices:

  • Secure NFC cryptographic proof to resist cloning/replay

  • Tamper-evident construction to resist tag transplant

  • Signed certificates + on-chain anchors to resist forgery

  • Hashed high-definition imaging to resist image substitution and coin swaps

  • Anonymized, commit–reveal, reputation-weighted grading to resist manipulation

This approach maximizes authenticity and transparency without overstating guarantees.