Ryan Lackey writes:
I don't believe "normal users" should ever interact directly with the mint; using the mint as a reissue server only in normal operation is a key optimization -- especially when coupled with tamper-resistant mint hardware. Easier to develop, easier to operate, easier to audit. Users should purchase cash from change makers; the issuer could also operate a change maker, and can handle sales to change-makers separately.
You're using some of these terms without defining them clearly: mint, issuer, and change maker. Earlier you said the change maker was responsible for changing between ecash and something of value, presumably including other currencies. Presumably the mint is the cryptographic engine which issues ecash coins. The issuer is apparently someone who is allowed to force the mint to issue coins at will, although the mint is supposed to log and report on such interventions. (Anyone can destroy coins, so an issuer is not needed for that functionality.) Can you explain how these three roles would work in a transaction where Alice gets some ecash for dollars, pays Bob in ecash, who turns the ecash back into dollars? Here is how it seems like it should work. The change maker Carol has a bunch of ecash she stands ready to sell. Alice gives her $X in dollars, along with blinded data to become Alice's ecash. The change maker does an exchange operation at the mint, giving the mint $X in the change maker's own coins, along with the blinding factors from Alice. The mint gives back new blinded coins which Carol passes to Alice, who unblinds them to get her ecash. Alice passes the ecash to Bob. He does an exchange operation at the mint to get new coins and to verify that Alice's cash is good. He then delivers whatever goods or service Alice has paid for. Bob later wants dollars, so he goes to change maker Carol and delivers to her ecash. She does an exchange at the mint to verify that Bob's coins are good, and then sends Bob dollars in return for his ecoins. This sequence conflicts somewhat with your model. Bob had to interact directly with the mint, and you said that normal users would not. But only the mint can verify the validity of coins so it seems to be necessary. The issuer was not involved in this transaction. Apparently he is only there to inflate the currency. You should consider eliminating the issuer, who can easily cause trouble. At startup time let the mint generate its keys and emit a single high-value coin. That will be the money supply for all time. Allow a banking system to grow around this "high-powered" currency and fractional reserve bank loans will automatically adjust the money supply as needed. See Selgin, http://www.terry.uga.edu/~selgin/.