At 05:38 PM 4/26/03 -0700, Bill Stewart wrote:
At 03:05 PM 04/26/2003 -0700, Major Variola (ret) wrote:
Clearly the most anonymous systems (cash) have the 'finders keepers' property, *necessarily*.
Ok, Major Variola has demonstrated that he's either Not Tim, or is Tim trying to make it look like he's Not Tim :-) He's also Not Even Hettinga, nor Adam, nor Choate.... ... is that you, Lawrence?
Perhaps this whole thing is just one person talking to himself, with Tim listening in! -Dr Evil, CP list Clearly I'm not talking about online systems here, where the online DB-query prevents double-spending, and protocols provide anonymity. I'm talking about those systems where you have a tamper-resistant device providing double-spend assurance. Yes, I know that a bank's secrets are not safe in Paul Kocher's back pocket. But lets assume a tamperproof system protected by a reasonable PIN. The stored-value smartcard in your pocket was bought off the shelf with cash and has no identifying info.
But one can imagine anonymous systems that are useless to finders, e.g., a smartcard with a real PIN and/or fingerprint reader.
Fingerprint reader? No thanks; aside from their technical weaknesses, they're rather at cross-purposes to anonymous digital cash. Do not double-spend by looking into laser with remaining eyeball.
I'm aware of the problems with biometrics & street surgery. Ok, a PIN is fine.
You don't even need a smartcard; a data file format that uses some kind of password-based encryption is enough. Smart cards, or dumb cards, may or may not be a useful adjunct to some digital cash systems, but one of the big reasons for
using
digital cash instead of 500-Euro banknotes is for online
transactions.
Smartcards may let you use your digital cash at somebody else's cash reader, and may reduce the risk of software problems trashing your cash, but digicash isn't necessarily something most people will carry around.
Physical tokens are better user interfaces. You can also leverage their tamper-resistance as the origin of trust. Without going online for every transaction. Obviously there are pros and cons for different techs. (I don't see why a secure smartcard couldn't be used for online transactions if it has a convenient home-computer i/f; dedicated devices are more reliable, anyway.)
In these cases, it is advantageous to the finder to return the smartcard in hope of a reward, IFF the loser makes this possible.
Now, *that's* an interesting suggestion.
Maybe there's a bizmodel in being a clearing house for lost locked smartcards, without trashing their potential "bearer" anonymity unless the loser tells the clearing house they've lost it.
Not any time soon :-) It's much more likely that the issuing bank or the wallet vendor would be in this business than a third
Pay-to-bearer has finder's-keepers property, but the PIN can remove this property. I suppose this applies to online protocol based systems, e.g., if someone trojans your computer and copies your coins. Much like PGP does with private keys, requiring a passphrase to get to them. party,
and there are problems like how to preserve the anonymity,
My claim is that anonymity can be present *unless* you want your card (with its stored-value) back. This is a feature that cash doesn't have.
Or you just limit use of smartcards to money you're willing
to lose, Much like a leather wallet & paper cash; but smartcard-cash could be 'safer' with a PIN & (anonymity-busting) reward mechanism. Obviously you can't 'cancel' a smartcard like you can a lost credit card, since the smartcard transactions are not online. So you hope its found, instead of truly lost. When you lose paper cash, you don't care, its the same to you.