On Thu, Jul 12, 2001 at 03:41:57PM -0700, Morlock Elloi wrote:
Probably people would be willing to accept other issuers currencies even if they don't know the issuer so long as they had the reputation rating for the currency / issuer.
But anonymous reptuations alone aren't any use as a rational issuer would refuse to redeem if the action didn't adversely affect his reputation -- you need to be assured that the rating of the anonymous issuer will be downrated if they refuse to redeem.
So then perhaps you could proceed by having unlinkably anonymous credentials for reputation with a trap-door for the rating party so that the rating party can identify the pseudonym behind the unlinkable credential and downrate it. You also want the unlinkable rating credentials to need to be refreshed by the rating credential issuer in order to re-show. Brands'
This just shifting the issue without actually solving it - instead of mint visibility now we have credential issuer visibility. There goes credential issuer.
So I have two types of issuer. The currency issuer (let's call them mints to avoid confusion). Ray has every one a mint (potentially, some users may choose to use other peoples mints to avoid having to manage the reputation of their own). Floating exchange rates based on reptuation of the mint. Then we have an issuer of one use (and hence unlinkable) credentials representing the reputation of the mint. So these are reputation credential issuers. My thought was that there would similarly be reputation credential issuers -- (potentially) everyone a reputation credential issuer. Also Stubblebine et al have a paper about abuse control with unlinkable anonymous credentials. They way they do this is to have one unlinkable credential which you can show only once. Then you can trade it for a fresh unlinkable credential if there have been no complaints against the current credential. Because the fresh credential is freshly blinded it's not linkable. And yet you retain some scope for abuse control, if the proof of misconduct arrives before you've handed over the new credential. (The Stubblebine paper doesn't say much more than that. Do a web search if you want the paper. It was in the context of unlinkable subscriptions to services, where you want to renew, but the service operator wants the ability to cancel abusers of their AUP's subscriptions.) Seems like this might be usable here.
The basic point here is that:
a) most "public" (including me and the few that I talked with) will not "trust" money that is pure math, without actual *people* (who can be pulped if something goes wrong) behind it. Pulpability (in this special meaning) is a key ingredient in trust - you trust someone that agrees to be hurt if she misuses the trust. Fuck the math, new advances happen and most do not understand it any way.
This seems like a technology trust issue. It seems just to do with branding, advertising and common acceptance. A mag-swipe card could fail, a bank could empty your acount, their security could fail and someone else empty your account via ATM. People trust the systems because their friends trust them and seem to use them without incident and they want to use the system because of convenience or some other useful attribute.
b) The competition (government) will pulp the pulpable mint.
So, n-way blind e-cash will never happen. It may be a nice thing to bullshit about and to do PhD thesis and patents on and thus attract chicks, but it will never happen.
Ray's scheme sounds interesting because it's a computer mediated Letts scheme. Letts schemes seem to exist with manual book-keeping. Also trust levels needed to trust in something as a value store are much higher than purely as a immediately cleared payment mechanism. With the reputation system you could even have insurance. Adam