-----BEGIN PGP SIGNED MESSAGE----- One thing that could be done with the on-line ecash system would be to decentralize the task of detecting double-spending. DigiCash could set up a large number of coin validation centers on the net, dispersed geographically to equalize the load. Then the merchants would do a simple hash algorithm on the electronic coin to determine which validation center to use. That center only records spent coins which have the specified hash. Since any attempt to double-spend would mean re-use of a particular coin, both instances would hash to the same validation center and so the re-use would be detected. This way if a validation center went down it would hamper but not stop electronic commerce. Other coins could perhaps be offered in payment in place of those which cannot be validated (although this would require a certain amount of trust of the shop, but perhaps not much more than is necessary already). This might address some of the scalability concerns raised with the on-line cash system. Another idea comes from the NetCash people. Here you have the customer get a payment token from the bank which is made out to the specific merchant desired and given a time-stamp, perhaps good for one day. Now the merchant can accept these, check the signature, and check its own database of tokens which it has received earlier that day. As long as the incoming token is not in the database, the merchant can accept the payment with confidence and turn the tokens in to the bank for credit later as in an off-line system. Effectively these tokens would be digital cashier's checks. The big problem with this is the difficulty of the customer getting his payment token anonymously. If the bank knows the customer who is asking for a particular "cashier's check" to be cut then it learns the customer's spending patterns, defeating his privacy. So there would have to be some communication infrastructure to allow for anonymous connections in order for this system to work. Chaum, as it happens, has written on this topic as well, with his "Mix" and "DC-Net" systems for anonymous communications. Unfortunately, these systems have scaling problems of their own and don't appear to be entirely satisfactory for this purpose. Hal Finney hfinney@shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLt651RnMLJtOy9MBAQEzfwIApLw5dPjil4unqa0yToT1Wm5/kczvnE/E IdXrWqhbVz32VqKw1d6QrG/I20t8RiZSG+yuBCPSOcoMi9XMRs2nnw== =EJTS -----END PGP SIGNATURE-----