By coincidence, I was thinking about time-release protocols the other day. I've got most of a system worked out, but I need to write it up and look at it for a while to make sure it works. what I think I have is a system in which the sender is given a key by a beacon which he can verify, at issuance time, will be revealed by the beacon at some future time. The implementation (but not the basic idea) relies on using multiple public RSA keys with the same modulus. I know there are some attacks against this, but I don't know their nature. If someone who knows about this (or knows where to find out) could contact me I would be most appreciative. As far as sending money into the future goes, there are some tradeoffs between anonymity of payment, length of time in the future, and message size. Anonymity of payment is difficult, since digital cash has to expire in order for the bank not have to keep ever huger lists of deposited numbers. Large payments are less frequent anyway, and provide less covering traffic. If you continuously rotate your money into the future, therefore, all the steps must be encapsulated, making the size of the message grow linearly with the number of hops. One might be able to use a financial intermediary for anonymity, though. It's not obvious to me that this will work. Eric