I don't believe "normal users" should ever interact directly with the mint; using the mint as a reissue server only in normal operation is a key optimization -- especially when coupled with tamper-resistant mint hardware. Easier to develop, easier to operate, easier to audit. Users should purchase cash from change makers; the issuer could also operate a change maker, and can handle sales to change-makers separately. The mint should be able to report to the world exactly how many coins it has issued -- for without this figure, it would be difficult for users to trust that an issuer has not inflated the currency (I think free banking theory would disagree with this, proposing instead that competitors attempt to test withdrawals regularly, but I still think publishing a float figure is important). This also demands that certain keys be generated on the mint and only under the mint's control, not under even the issuer's control, except through logged and proscribed actions. I simply want there to be a way for the issuer of a currency to increase the authorized amount and withdraw the tokens, in a way which is logged by the mint itself. Otherwise, you need an external means of generating the initial batch of signed currency, the problem with currency withering away over time, etc. Much better to make it a clean part of the design. The issuer of the currency would be able to increase or decrease the authorized amount of cash (treasury), and could request from the mint an amount of tokens up to that amount. The issuer could also send coins and have them destroyed, and they would be subtracted from float. The reason for doing this explicitly is that in the future one may replace "issuer manually sets the treasury" with "mint directly contacts an external server to see account balance, publishing that as treasury", with rules internal to the mint on how much of various assets must be held to issue a currency -- perhaps you could have a derivative instrument issued against another token-based currency, where the mint itself held a single large coin in another issue. If you made it a single step (increase treasury directly results in increase in float, by sending coins to the treasury) it would make automatic/external changes to the treasury more difficult, due to the need for a multi-stage blinding protocol. A multi-currency mint would just have multiple accounts of this form, two for each currency, plus associated keys. This makes it very easy to separate mint-operator from currency issuer, etc.

...

[linkage of signing keys and external keys]

I'd like there to be a way for a textual description of the issue, the issuer signing keys, and external means of reputation/identity to be verified; this is just a question of what keys sign what and how to present it. -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F