On 2011-06-13, Ian G wrote:

Double entry achieves the remarkable trick of separating out mishaps from frauds. The problem with single entry (what people do when making lists of numbers and adding them up) is that the person can leave off a number, and no-one is the wiser [7].

I would tend to disagree here. It's not too difficult to defraud with double entry, either: just appear sloppy. Yes, I know, the system's value is usually painted as deriving from this primitive form of error correction, consistency checking and redundancy. But really I think it's more about something else -- equally trivial -- that took me a long time to figure out since the accounting literature doesn't much help you there. I think that something has to do with the asynchronous, multiple-input-multiple-output nature of how a firm operates, and people's highly limited ability to deal with more than one single thing or aspect of things at any one time. This dawned on me when I had to partake in a scheme used to manage a collective liqueur cabinet. It eventually evolved all by itself into a double entry system, which I went on to describe in http://boleforjoy.blogspot.com/2009/12/accounting-wonders.html . Thus, I think that we shouldn't be considering the trusted (distributed) third party in BitCoin on an equal footing with the innovation of double entry. Fundamentally I see them as performing separate roles, with the trusted verifier being the only one that has relevance wrt security. A better comparison in the world of accounting would be how receipts are kept, balanced cleared, different ledgers compared with each other by an independent accountant, or perhaps procedures where different people own different accounts and need to establish mutual trust upon a transaction before accepting it.

There is only one area where a signed receipt falls short of complete evidence and that is when a digital piece of evidence can be lost. For this reason, all three of Alice, Bob and Ivan keep hold of a copy. All three combined have the incentive to preserve it; the three will police each other.

Well, there's also the point about Byzantine failure tolerance. At the very minimum it always takes three parties to guarantee that even a single malfunctioning party can be reliably voted down. That's why mirroring wouldn't be any good by itself, without the independent check from the underlying error correcting code. BitCoin goes with the general version, and tries to limit each party from having more than one vote (or too many votes) by imposing a computational challenge which is economically limiting "in the real world". -- Sampo Syreeni, aka decoy - decoy@iki.fi, http://decoy.iki.fi/front +358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE