In the interests of keeping the volume of postings down, I'll say only a few words about Nick Szabo's many good points:
I'm currently trying to analyze a digital cash "coupon" system proposed by Nick Szabo,
Whoa nelly! "S&H greenstamps" and another recent idea I've bounced off Tim refer to a LEGAL "protocol". S&H greenstamps are "coupons" that can be used to "win" a wide variety of items from several participating companies; they are not just coupons good for discount on a specific item or the products & services of a specific company ("Disney Dollars"). S&H greenstamps got into some legal hot water for being too close to a privately issued currency, but nevertheless they are still around. S&H greenstamps make a good legal "edge case".
I certainly consider "legal" issues to be part of the larger protocol, inasmuch as banks, credit unions, etc., must obey all sorts of laws. And there are IRS reporting "protocols," and so on. Part of my point was that calling things "Green Stamps" (not a slur on Nick's idea) does not exempt them, nor does it even really mean they are not money. Whether Green Stamps, coupons, digital bearer bonds, "Get Out of Jail Free Cards," whatever, are "money" or not is a complicated issue, which I can't go into here (1. No space, 2. I'm not an expert, 3. The _names_ alone are not enough to tell.). Eric Hughes investigated digital money from a legal point of view (for example, the funny messages printed on your checks, like "Pay to the order of," have actual, real meanings). I'm sure Eric, Duncan Frisell, Sandy Sandfort, Perry Metzger, etc., can elaborate. Part of the energy barrier we face, or soon will, is that crypto money has had none (or very little) of the centuries of evolution--successes and failures--that ordinary money has had. There may be clever ways to make some forms of digital money essentially be isomorphic to actual money--the stuff the world is used to, that is--and hence ride the coat tails of the world's current system. But these will be complicated, adding to the difficulty of analyzing new protocols for crytographic, legal, fiduciary, and social acceptability.
From an object-oriented point of view, "E-greenstamps" inherit digital cash and add legal structure. Here I am assuming that E-greenstamps or other business/legal manifestations of digital cash can be implemented with Chaum's protocol, providing "Pretty Good Digital Cash" in the cryptographic sense. The "Chaum off the shelf" assumption. If there are holes in Chaum's scheme, or major problems with implementing it in software, I'd like to hear more, but "S&H greenstamps" concept doesn't address software security issues.
Well, Chaum and his students have various specialized protocols, that is, they reduce the complexity by mainly targeting one particular type of system (toll roads, or digital cash for shops to redeem, whatever). The "difficulty of analyzing protocols" issue. Where Nick's idea fits it, how it might be spoofed by shopkeepers, what prevents forgery, etc., are some of the many issues. By the way, the latest (August) issue of "Mother Jones" has an article on a small town in New England (I think) which has their own barter dollars. We talked about barter dollars, and the Italian experiment some time back, about a year or so ago, when the List was just getting started. Let me point out that the IRS takes a dim view of barter transactions that are denominated in things other than dollars.
cash. If we think the work ends with implementing a good cryptographic protocol, we are sadly mistaken. Perhaps that's where the work of "cypherpunks" ends, but I have a broader vision of crypto-anarchy that covers the legal, business, and in general social issues as well. Any group that wants to seriously deploy cryptography in the real world has to discuss these as well.
Agreed. Which is yet another reason to better formalize our reasoning about complex protocols. The metaphors are too vague.
We do need to be more clear on when we are talking about cryptographic protocols ("digital cash"), legal structures ("S&H greenstamps"), and business concepts ("commercial remailer").
The lines that separate them are tenuous. I agree it would be nice to try to identify some truly basic "cryptographic primitives," and even have them available in libraries (secret sharing, bit committment, n-out-of-m voting, etc.). (But this is a tall order, as most of these schemes have been written about, but are not available in software.)
I'd love to see some digicash papers on soda. I also agree on the
They're best left scattered amongst the "Crypto" Proceedings, for reasons I've mentioned (briefly: 1. Hard to OCR them, 2. Anyone doing work in this area _must_ have access to the Proceedings, if only to track down the various referenced papers, 3. Too many papers on soda could expose it to legal action (copyright), 4. The printed papers are easier to read, anyway.).
* A "cracker's guild" to break weak cryptography and publicize ... * A formal Crypto Auditing Agency that would verify the algorithms and protocols were secure, without revealing trade secrets.
Any Cypherpunks are of course free to do these things, but I won't hold my breath waiting. These things take a lot of time. And the Cypherpunks group just is in no position to "decide" on a strategy and then somehow "assign" staff to these projects. So, it won't get done this way. (That's also why a "Cypherpunk chip" is farfetched....too much work.) This is not because Cypherpunks are lazy or unfocussed, but because Cypherpunks is a group of volunteers, all with their own goals and pet projects. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.