I sent mail to Stefan Brands yesterday asking about what kind of information is retained by the (hardware-based) observer in his digital cash system. Brands has worked with Chaum in the past and is now seeking funding (via Usenet, apparently) for development of his own digital cash and anonymous transaction technology, which he claims is greatly improved over existing systems in terms of memory and computation requirements. Brands explained that the way his system works, the user *never* has all the information needed to represent the "digital coin". Instead, the user has part of the information, and the tamper-resistant observer chip has the other part. To spend the coin, the user and the chip have to cooperate in the protocol. Then the chip can mark its own information about that coin as having been spent, or even erase it altogether. It is this change in the internal state of the observer chip which lets it prevent double-spending (and which arguably could be defeated in any software rep- resentation of an observer). I have always been skeptical of this observer-chip approach, because it wasn't clear that it was feasible to make a tamper-resistant chip economically, and because the specialized hardware that would be required would prevent the system from being used on widely-available PCs. However, now we see that our military rulers apparently trust tamper-resistant technology well enough to put it into thousands of public hands, without fear that even one chip will be opened and read. Breaking an observer only lets you double-spend the coins it holds, while breaking Clipper allows you to permanently defeat the escrow provisions of the whole system. So this suggests that the technology is adequate for observers. As for the specialized hardware, probably a more realistic picture of the digital cash user of the future is someone holding a PDA in his hand, with possibly an infrared or cellular modem link, rather than the hacker sitting at home in front of his PC. In that context it may be realistic to imagine custom PDA's which support secure offline cash as a practical product. Hal
I have always been skeptical of this observer-chip approach, because it wasn't clear that it was feasible to make a tamper-resistant chip economically, and because the specialized hardware that would be required would prevent the system from being used on widely-available PCs. Think "PCMCIA" here.. not just laptops, but now desktop systems and palmtop systems are starting to get PCMCIA slots these days. - Bill
I have always been skeptical of this observer-chip approach, because it wasn't clear that it was feasible to make a tamper-resistant chip economically, and because the specialized hardware that would be required would prevent the system from being used on widely-available PCs.
Think "PCMCIA" here.. not just laptops, but now desktop systems and palmtop systems are starting to get PCMCIA slots these days.
- Bill
I have two devices that support PCMCIA-type slots: an Apple Newton and an H-P 48sx (technically not a PCMCIA, but very close). In both cases the slot is "spoken for" with memory cards. I suspect this is the case with many of the laptops now beginning to sport PCMCIA capability: the customers will not look kindly to having to fill the slot of their whizbang laptop with a VISA or Digital Express observer-chip card. Some may, and some will willingly swap cards when the need arises (the newer PCMCIA cards allow hot-socketing, i.e., removal while powered). Many won't. The upshot: an observer-chip system predicated on having access to an available PCMCIA slot will be a market failure, at least in the next several years. (May be a moot point, as I see no move towards observer-chip protocols happening anytime soon.) Personally, I expect personal crypto dongles and/or similar gadgets to be self-contained, in a wearable form. Maybe pendants, maybe rings (real decoder rings!), maybe wristwatches. Communication will be by inductive coupling or similarly robust links. (Inductive, noncontacting transfer would allow implantation of the unit. IR transfer through the skin is also possible.) Little storage is needed for crypto keys, so the full capacity of a PCMCIA card (tens of megabytes of flash memory, for example) is overkill. An observer-chip system may need more storage, but not the full capacity of a PCMCIA card of today. Hence, smaller size is possible. Hence, wearable. Hence, always with the owner. Just my view. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
participants (3)
-
Hal -
sommerfeld@orchard.medford.ma.us -
tcmay@netcom.com