Tim May:
Crypto protocols are _hard_ to analyze!
Agreed, alas.
I'm currently trying to analyze a digital cash "coupon" system proposed by Nick Szabo,
Whoa nelly! "S&H greenstamps" and another recent idea I've bounced off Tim refer to a LEGAL "protocol". S&H greenstamps are "coupons" that can be used to "win" a wide variety of items from several participating companies; they are not just coupons good for discount on a specific item or the products & services of a specific company ("Disney Dollars"). S&H greenstamps got into some legal hot water for being too close to a privately issued currency, but nevertheless they are still around. S&H greenstamps make a good legal "edge case".
From an object-oriented point of view, "E-greenstamps" inherit digital cash and add legal structure. Here I am assuming that E-greenstamps or other business/legal manifestations of digital cash can be implemented with Chaum's protocol, providing "Pretty Good Digital Cash" in the cryptographic sense. The "Chaum off the shelf" assumption. If there are holes in Chaum's scheme, or major problems with implementing it in software, I'd like to hear more, but "S&H greenstamps" concept doesn't address software security issues.
"premature productization"?)
I think it's good to discuss business and legal issues -- cf. the excellent thread on methods of converting physical to/from digital cash. If we think the work ends with implementing a good cryptographic protocol, we are sadly mistaken. Perhaps that's where the work of "cypherpunks" ends, but I have a broader vision of crypto-anarchy that covers the legal, business, and in general social issues as well. Any group that wants to seriously deploy cryptography in the real world has to discuss these as well. And indeed we do -- does PGP infringe on patents, is it proper for a remailer operater to read or record what goes through his system, etc. Crypto-anarchy will really take off when the (real, spendable) money starts flowing. Thus we should examine a wide variety of business concepts. The "speculative business plan" is a great way to do this. Of course cypherpunks are mostly hackers, and we will concentrate on the hacking -- but before crypto-anarchy emerges, the legal and business problems (eg not driving off customers with complex or "shady" operations) also have to be solved. We do need to be more clear on when we are talking about cryptographic protocols ("digital cash"), legal structures ("S&H greenstamps"), and business concepts ("commercial remailer").
1. Our archive site of papers and books is not available to many of the folks attempting to develop new protocols. To pick one example: digital money in all its various forms.
I'd love to see some digicash papers on soda. I also agree on the need for standardizing terminology in the field of cryptography and related protocols for remailers, digital cash, etc. Your concept of a "Protocol Compiler" to enable testing of new concepts for anon remailers, digicash, etc. is intriguing. We have already started a "tricks database" with the Word Perfect crypto-cracker on soda; we need to expand that. Alas, there may be strong incentive for businesses to put hype before strong crypto substance. In response, we need to pursue the following two activities -- eventually, perhaps creating a separate organization for each: * A "cracker's guild" to break weak cryptography and publicize the cryptanalysis algorithms (cf. the Word Perfect crypto cracker), forcing the weak crypto off the market. For example, if NetCash was deployed this organization would crack it. This organization might be funded anonymously by those selling strong crypto (who have an incentive to debunk their competitor's hype). * A formal Crypto Auditing Agency that would verify the algorithms and protocols were secure, without revealing trade secrets. My next statement may cause hisses & boos, but I think the recent Crypto-Auditing of Clipper by Denning and other eminent cryptologists will be a model widely applied in the commercial computer security business. The auditors should be able to examine the source and run the programs without revealing trade secrets. Nick Szabo szabo@netcom.com