Tim May wrote:
So, here's the punchline,
Regardless of companies trying to make money, not be run out of business by money laundering laws, trying to be banker- and Homeland Fascism-friendly, IS THERE A FUNDAMENTAL REASON WHY TWO-WAY UNTRACEABILITY IS NOT "POSSIBLE."
I believe counterexamples have already been developed, showing there is nothing wired into the nature of mathematics that makes two-way untraceability impossible. I'll save these examples for later.
I don't know if there is. I'll have to think about it. Any train of thought that involves a distinction betwen "seller" and "buyer" is probably going up the wrong track. As is any that involves a distinction between "cash" and "goods?" Yes, I suspect. So we can think of it as barter, but digital barter, so moneychanging *is* a good model. It is sufficient to prove that you can do anoynymous, safe, digital money-changing. The full, hard, question then is something like this: Is there are protocol that allows moneychanging between different forms of digital money that 1) allows complete anonymity to both partners to a transaction, and 2) provides strong defences against fraud to both parties, and 3) works well if one partner has much more to lose than the other (& therefore for arbitrarily large amounts) and 4) works without a trusted 3rd party (broker, bank, court, police, godfather, whatever), and 5) can be relied upon for a single transaction - in other words the partners have no previous knowledge of each other, and need never have a further relationship. ? The protocol needs to be stateless between trades. (though not, of course, within them). Everyone comes to the table with no history and leaves it with no requirement to return. Several slightly weaker cases are of course trivially possible, if we allow some pseudonymity, or assume that the transactions are small enough that fraud will hurt neither party. It is trivially possible if there are repeated pseudnymous transactions, and there is enough time for the parties to build up a reputation. Requirement (4) need not be true if both parties are allowed to have a pseudonymous relationship with a 3rd party, but that just gets us back to banking, which is boring. It is also easy if only one party is really worried about fraud. Ordinary cash transactions for small amounts work like that already. The shopkeeper doesn't care who I am or, really, if my cash is any good. If I pass him a few dud coins he has lost a tiny part of his turnover. I do care that the goods I am buying are good though. So he has to reassure me of his reliability not the other way round. Though they do care if lots of people start to pass forged coins. If their turnover is high enough they have an interest in the average quality of money, not the quality of any one coin. The system only has to be good enough, not perfect. Pseudonymous exchange can be achieved by breaking trades down into small increments none of which is significant enough to damage either player. If I'm going to give you a thousand pounds for 1600 dollars we could do it a dollar at a a time and just withdraw - but we know this already so no point in thinking aloud along those lines Ken Brown