[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hash trees and bank solvency.
"James A. Donald" <[email protected]> writes:
> One solution to this problem is government auditors.
> Government inspectors, unlike private auditors, can force
> their way in, in the early hours of the morning, and as each
> bank employee turns up, take him to a separate cubicle and
> interogate him with a gun in one hand and an account book in
> the other. This makes it difficult for the financial
> institution to fabricate a misleading picture of its
> financial situation.
This would be killing a mosquito with a flyswatter. Besides, the
employees of a financial institution may be in no position to
accurately state its financial situation, even if they are in
little cubicles with guns to their heads.
A somewhat more civilized method is used by my broker, who gets
audited on a regular schedule by one of the major accounting
firms. The accounting firm puts an insert into every statement
periodically, with an envelope addressed to the accounting firm,
asking the customer to carefully examine the enclosed statement
and to contact them if it is not entirely accurate.
> A hash tree can provide proof to a banks customers that the
> bank only has the amount outstanding that it claims to
> have, without the need for gunmen to check the totals.
> At the close of month, the customer accounts are orgnized
> into a hash tree with the totals forming part of the hash
> Each node is a hash of the two nodes below it, and the
> amounts of money in the two nodes, and the sum of those two
> amounts.
> Each customer can then see that the money the bank owes him
> is a part of the total the bank claims to owe. If a
> customer discovers he is not part of the hash tree, he knows
> the bank, or financial institution, understates its
> indebtedness;
I would trust the typical customer to mail back a form to an
outside auditor far more than I would trust him to examine a hash
tree, check his own entry, check the neighborhood of his own
entry for cryptographic integrity, and sound an alarm.
To be perfectly candid, I would not even want the task of
explaining to the typical banking customer what a hash tree was.
The outside auditor can of course be spoofed by giving him access
only to some subset of customer accounts. The hash tree can be
spoofed by not telling a subset of customers of its existance.
All things considered, I think I would prefer the auditor.
--
Mike Duvos $ PGP 2.6 Public Key available $
[email protected] $ via Finger. $