On Monday, November 19, 2001, at 10:29 AM, Adam Shostack wrote:
| 6. The failure to get true digital money. Call it what you like, | "digital cash" or "ecash" or even one of Hettinga's pet names, but the | fact is that for both political and technical reasons we don't have | digital cash. This has ripple effects for nearly all of the constructs [...] | This failure to get workable untraceable digital cash (true 2-way | untraceable, not the bastardized, banker-friendly, government-friendly | one-way untraceable form) is the _deep_ reason things are stagnating.
Sad as it makes me, I don't know of any system which allows 2-way untracability and fraud prevention. Can you point me to one? With trustworthy reputation systems, you might be able to get away from this problem. I don't know of any reputation system that I'd trust for a multi-hundred dollar transaction today.
Doesn't the Barnes/Goldberg "moneychanging" protocol effectively symmetrize the untraceability? Even if the protocol is payer-untraceable-but-payee-traceable, the moneychanging protocol makes both untraceable. (Alice-Bob-Charles.) I'm not handwaving here, I hope, but the lack of blackboards and enough time (on all of our parts) to make sure our notation is correct, makes it tough to argue. Folks should go back to several articles written by Ian, Doug, and others. Circa 1996-7, as I recall. Also, some demos as CP physical meetings. There are issues of one party receiving part or all of the items being transferred and then burning the other party. And if the items, whether ecash or software or whatever, require later authorization/turn on to complete the transaction, there are further burning opportunities. (Note that this is not a problem unique to digital cash. There are always prospects for a merchant taking the money and then saying "Bye," or "I already gave you the stuff." Or delivering defective products. This is a kind of "handover deadlock" which, nonetheless, has not halted commerce of various kinds. Even at flea markets, where the sellers and buyers are largely anonymous. I realize that digital commerce systems have higher requirements, for the same (basic ontology of the world) reasons that security flaws in digital systems may be exploited far more rapidly and devastatingly than, for example, a security flaw at my house.) My _intuition_ is that an ecology of agents each exchanging digital money, even if the system in only uni-directionally untraceable, with "anyone a mint," goes a long way toward solving the problem. Squares the circle, so to speak. Throw in escrow agents and intermediate holders, bonded with nyms, and I see no particular reason why two-way untraceability is not feasible. But let me make a meta-point: We know that David Chaum, for various reasons, initially claimed two-way untraceability. We also know that he later emphasized offline clearing and "monitors" to deal with double-spending and repudiation problems. He also appeared to emphasize payer-untraceability (so that Alice could not have her purchases tracked by BobCo Enterprises) and claimed at one point that he could not see any need for payee-untraceability. (I refuted this to his face at a CFP, circa '97, by citing Bob the Seller of Birth Control Information, facing arrest and whatnot if caught selling banned information. This is just one of a huge class of situations where sellers are as much at risk as buyers. David had no answer, saying "Hmmmhhh...I'll think about it," or words to that effect. Him being an obviously very bright thinker, and him having spent many years thinking about these issues, I was and still am at a loss to understand why he would think payee untraceability is not needed.) So, here's the punchline, Regardless of companies trying to make money, not be run out of business by money laundering laws, trying to be banker- and Homeland Fascism-friendly, IS THERE A FUNDAMENTAL REASON WHY TWO-WAY UNTRACEABILITY IS NOT "POSSIBLE." I believe counterexamples have already been developed, showing there is nothing wired into the nature of mathematics that makes two-way untraceability impossible. I'll save these examples for later. --Tim May "As my father told me long ago, the objective is not to convince someone with your arguments but to provide the arguments with which he later convinces himself." -- David Friedman