I'm having a hard time understanding the approach to digital money that Mike Duvos described here. Mike writes:
If multiple transactions involving the same instrument reveal the double-spender, then appropriate action may be taken. One could of course do the exact same transaction twice with the exact same person using identical copies of the tamperproof module, but that would yield no more data than having done the transaction only one time, and certainly wouldn't create any additional value.
The whole issue with digital cash has been centered around exactly this issue: detecting double-spending or, more properly, finding ways to give the receiver of such digital cash high confidence that the digital cash he receives will be honored/redeemed/converted to other forms of money. As David Chaum puts it, "there is no digital coin." That is, there is no representation of "digital money" that behaves like an unforgeable coin. So far as we know, of course. If Frank the Forger, to pick a standard sort of crypto example, takes a set of bits (possibly made with the elaborate system Mike Duvos described in an earlier posting) and copies that set of bits n times and then "spends" them n times, how can any of his recipients know that parallel transactions are happening, that the "same" money is being spent n times and that it is very likely that n - 1 of the recipients will be screwed? One approach is online clearing. Essentially, Roger the Recipient insists on "clearing" the digital money at the point of transaction, ensuring that some form of money he trusts (may be real money, the word of his banker, coupons, whatever) has been transferred into his account. At that point, the transaction is completed and Roger could care less about what happens later. (This is still a useful protocol, especially has communications bandwidths increase, as physical anonymity--the main feature of cash--is still possible. And the transfers are electronic, so stealable amounts of physical cash need not be carried, locked up, etc.) This approach resembles wire transfers of money, checks with immediate clearing, and lots of other financial instruments of one flavor or another. The other main approach is to build in to the blinding protocols which protect anonymity ways to detect the identity of those who spend a unit of digital money more than the specified number of times. "Double spenders" is the common term. This can avoid online clearing, but at the expense of additional protocol complexity and some peculiar wrinkles which can develop. Hal Finney has several times posted summaries of this approach and the issues involved. I must be missing something in Mike Duvos's explanation of how the system he describes can be used as a "digital coin" (my terminology, after Chaum). I can see the use for protecting algorithms--indeed, executable code that cannot be disassembled practically is the main way many programs are currently "protected" (that's what we mean when we say "source" is or is not provided). I just can't see how some set of bits representing a piece of money, however complex the bits may be, are protected from being copied and "spent" multiple times. Think of this form of digital money as the combination to a train locker containing money, or as a treasure map: whoever uses the number _first_ to get to the money, gets it. The others are out of luck. They may try to go after the guy who double-crossed them, but remember that he has anonymity (else, why bother?). Reputations do matter, of course, even digital reputations (_especially_ digital reputations, actually), and there are some fascinating approaches to digital money that involve third-party anonymous escrow services, reputation capital, etc. Lots of work to be done, and the crypto folks are generally now working on these issues of markets, reputations, and webs of trust. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."