International Dollar

Github link: https://github.com/Hortofagos/International-Dollar

All code is open source and available on GitHub.

International Dollar is a fixed-supply digital bearer-token system. It does not use a blockchain, mining, staking, KYC, or IP based voting. Instead every token carries its own cryptographic history, and desktop nodes gossip transfers, receipts, and double-spend proofs.

There can only ever be exactly 33,000,000,000 token indexes. At genesis, the issuer can publish a signed supply manifest instead of creating every possible bill at once. Bills can then be minted from that manifest when they first move, and after genesis no new supply is created.

When you send a token, the current owner signs the next owner into that token history. Every person who receives it can verify the full chain back to genesis from the token itself. There is no global ordered ledger. The token is the record.

Nodes are not voters. They are volunteer desktop nodes that talk over TCP port 8888. Their job is to spread valid transfers, receipts, transparency roots, and double-spend evidence. IP addresses are only discovery hints, not power in the system.

Security Measures

Fixed supply genesis: Public nodes pin the trusted genesis issuer keys, the exact supply manifest hash, or both. This prevents somebody from inventing a second supply later and pretending it belongs to the same currency.

Signature chain validation: Every transfer must be signed by the current owner and must connect back to genesis. A wallet can validate a bill from its own payload, even without asking a blockchain for permission.

Receipt finality buffer: When a recipient receives a token, they sign a receipt and nodes hold the transfer as pending for at least 60 seconds. If no conflict appears during that time, the token settles to the new owner. Merchants should wait through this buffer before releasing real value.

Double-spend proofs: If the same owner signs the same token state to two different people, any node can build a cryptographic conflict proof. A valid proof burns that token locally and is gossiped to other peers. No vote is needed.

Transparency log: Nodes can submit accepted transfer hashes to an optional Merkle transparency log. Clients can require inclusion proofs against mirrored signed roots, so hidden history becomes much harder to rewrite after the fact.

Abuse limits: Each token can only move 100 times per UTC day, timestamps must increase, and metadata is capped. This keeps tokens from being bloated into file storage or fake backdated histories.

Encrypted node transport: Node connections use the INDN1 encrypted transport with X25519 and ChaCha20-Poly1305. This protects peer traffic, while token validity still comes from the signatures inside the bills themselves.

Known limits: No financial system is magic. Initial distribution, fair launch, long network partitions, transparency mirror diversity, and genesis auditability are still real problems that need public review.