Wei Dai writes:
[ infinite-cost risk ]
... The direct cost of a break-the-bank catastrophic failure is bounded by the amount of capital the bank has. This is because the market will not accept more liabilities (real or forged) from the bank than its capital. There may be other indirect costs resulting from dislocations, but these should also be proportional to the size of the bank. Therefore your argument is really against centralization and for diversification and distribution.
Why "the bank", rather than "all banks"? If there is a single cryptographic point of failure in a widely used ecash system, it seems unlikely that diversity would buy you anything. The worry would not be the compromised keys of a single bank, but rather, say, an effective cryptanalysis. I would put this in the supernova class; it may be just as unlikely. Peter Monta