Anonymous writes
there are serious holes in the assumptions made by offline digital cash protocols when applied to computer networks rather than manually operated smart cards.
... I disagree that "there is no excuse" for double spending. If the software is implemented badly (no fault of the user),
So implement it right - the fact that a poorly programmed bank computer might credit someone with a million dollars does not prevent banks from using computers.
... if the system crashes and one must recover from a month old backup, one has to go through that old purse and determine which coins have been spent.
Return suspect coins to vendor and ask for new coins. Vendor will detect most of the already spent coins. If some coins are double spent they will eventually show up as double spent by the person who had the system crash, who will simply make them good.
If a network burps and sends a vendor two coins where there should have been one, we get double spending.
Actually we do not, because the recipient will detect the coins are non unique, assuming the protocol is implemented correctly, and will treat the duplicated message as a single message. Indeed since coin transport will probably be by datagrams duplicated and lost coins will happen continuously, and will be automatically fixed by the protocol.
The possibilities for accident are legion and cannot all be foreseen. "Shit happens".
That is what debugging and beta testing is for.
A protocol that treats common accident the same as criminal fraud, when the stakes are so high, is pathological.
If you make good on the accident, no problem. It is only a problem if the accident causes substantial money transfer, which can be prevented by adequate protocols. It is possible to construct the protocols so that any "accident" resulting in substantial money transfer must be old fashioned fraud or robbery. If someone breaks into your computer, that is no more an argument against offline digicash than if someone breaks into your safe. If Joe million spends one of Janes coins he must interact with a million separate vendors in a rather short time. This will inevitably make waves. Offline digicash is not so much anonymous as offering controlled nomity. Again I point out that the existing grey capitalist system involving foreign bank accounts in the names of bermuda and Hong Kong companies, is quite adequately anonymous even though checks are purely identity based money. Offline digital cash cannot be "real" digital cash, whatever that is. It has to be identity based cash with controlled limits on identification. It will resemble those Bermuda check accounts with Visa debit cards more than it resembles cash in your pocket. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com