I've been attempting to design a decentralized auction/ exchange system that permits pseudonymous participants. By 'decentralized', I mean that NO central server, or subset of individual servers, controls access to any resource the system cannot work without; that there is no single point of failure. A consequence of this is that every ability that exists in any node, must exist in every node. So the whole problem of currency issue gets the slightly weird solution of "everybody has to be able to print their own money." The sticking point is that this basically means the system will be without any single universal "currency". A lot of E-cash techniques are usable, but what you wind up trading is certificates that represent goods or services offered by individuals in the system -- Alice the Farmer might issue certificates for bushels of wheat, while Bob the Carpenter might issue a bunch of certificates that say "collect a thousand of these and I'll redeem them for a new 10x10 meter deck on your house" and Carol the moneychanger might promise to redeem hers for one US dollar each, just for the amusement value of "redeeming" something in a system where hard currencies are the norm with a fiat currency. So these would be effectively a sort of digital merchants scrip, reducing back down to barter. Exchange rates between the currencies issued by different participants would fluctuate according to trust and commodity values, and I'm okay with that. Given the nature of the trust/reputation thing, I'd expect only a very small percentage of the participants to *actually* issue their own currency, as they wouldn't get good acceptance/exchange values until widely known, but everybody would have the ability. The problem I'm running into is that while all kinds of e-cash protocols exist that protect the anonymity of the buyer and a lot protect the anonymity of the seller, there are none that protect the anonymity of the currency issuer, which would be ideal in this circumstance. With the techniques I know of, the issuer can have only "Nym" protection. The basic problem with anonymizing the issuers (beyond technique alone) would be how the scrip gets redeemed when you don't necessarily know whom the issuer is. Can anybody recommend appropriate reading? Bear