[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



I thank Hal Finney for his thoughtful reply, and Tim May for
his excellent essay.   It looks like we can start 
to draw a stronger conclusion: there are serious holes in the 
assumptions made by offline digital cash protocols when applied 
to computer networks rather than manually operated smart cards.

Hal's comparison of coin theft to digital signature protection and 
repudiation is apt, but usually Irving only has one or a few keys to 
protect, while he might have thousands of coins, issued by
various banks.  I doubt digital signatures will ever be
used alone much for signing expensive contracts.  A
digital signature on an expensive contract, in addition
to being repudiable, will be suspicious, since if few people
accept such signatures as strongly binding (the initial
state), they will not be widely used on expensive contracts, 
and thus their existance on an expensive contract will be 
suspicous.  I predict it will become common practice, or even 
law, that digitally signed contracts over a certain amount are 
automatically invalid unless further precuations have been 
taken (signatures of notary witnesses, or perhaps some better 
crypto protocol designed for this purpose).

The trouble with offline cash in a network environment is that
the upper limit for fraud liability can be incredibly high.
If there are hundreds of thousands of vendors on the net, a situation 
CommerceNet predicts before the end of the decade, and they are using 
this offline protocol, then even with small transactions the fraud 
could run into the millions of dollars.  There's plenty of incentive 
for Irving to steal Jane's coins, run off to some place on the net 
that has no extradition treaty, and pump good change out of the 
vendors and into his Lichtenstein account to his heart's content.  

We may yet find protocols to mitigate or limit this kind of fraud -- 
make change traceable if linked to double spending, do random
online checks as a cypherpunks poster suggested last year, or
similar precautions layered on top of the basic protocol.
But so far these problems haven't been put on the front burner
of digital cash design, and already we have people out there selling
offline cash on the network as a superior solution!

Reliance on law enforcement flies in the face of
cypherpunk goals, and indeed against the goals of good cops 
as well -- one of their most vocal complaints is about
people setting up systems that are vulnerable to crime, putting
them in unecessary danger.

It also goes against political reality to think that a startup
operation can lobby governments all across the globe to protect
a system that is ideal for money laundering and tax evasion.  
Ain't gonna happen -- they'll let those "dirty money banks 
and money laundering net sites" rot; they may even give 
Irving a helping hand.

I disagree that "there is no excuse" for double spending.  If
the software is implemented badly (no fault of the user),
it might get mixed up with systems programs in such a way as
to cause double spending.  For example, if the system crashes
and one must recover from a month old backup, one has to
go through that old purse and determine which coins have been
spent.  If the software and/or user makes a mistake in this 
process, we get double spending.  If a network burps and
sends a vendor two coins where there should have been one,
we get double spending.  

The possibilities for accident are legion and cannot all be 
foreseen.  "Shit happens".  A protocol that treats common
accident the same as criminal fraud, when the stakes are
so high, is pathological.

In the online system the consequences of double spending
(or million spending) are far more benign.  At worst
one customer is out stolen coins.  In a networked offline
system those same few coins are a potential loss for
every vendor on the net.  As Tim May 
noted, we may not even need to recongize fraud in online
cash -- just treat all online double spending as accident.   
No bonding, secured accounts, investigators, ID badges
or cops with guns busting down Janes's door after
Iriving has million-spent her coins.  Here we both have 
a simple liability system and much less chance of fraud.

Tim May also suggested that most offline protocols are
intended for manually used smart cards.  This makes sense --
unlike an network environment with automated spending agents,
the scope of multi spending for manually used pruchases
in small amounts is quite limited.  On the network even
fraud of a few cents per transaction can quickly add
up to big $$$ across thousands of vendors.

What are the communications costs of online clearing, anyway?
Don't credit card clearings cost about two cents per transaction
these days?  If clearing costs are less than plausible offline cash
fraud and fraud prevention costs, online cash is a winner,
both now and increasingly in the future as bandwidth becomes 
even cheaper.

sincerely,
-- An Unauthenticated Agent with no credentials: WYSIWYG