On Sep 27, 2008, at 5:09 AM, George Hara wrote:

None of that guarantees that transactions are anonymous, as in digital blinded cash anonymous.

The point to bearer transactions is that you don't *need* identity to do the transaction. If the transaction doesn't complete the "nutty crypto" protocol (as you called it; yes, I know, Barbie, Crypto is Hard), the transaction *fails*, no harm, no foul. It doesn't even *execute*, much less clear or settle. Bearer transactions *can* be anonymous, and they're cheaper if you do them that way. Book entry transactions *must* be public, "transparent" these days, or they don't work, ultimately. Primarily to keep the system fair, pick your definition of "fair", but also to *force* the non-repudiation of a given transaction using guys with guns provided by your friendly neighborhood force monopoly. In other words, in a bearer transaction, identity/transparency costs money. In a book-entry transaction, anonymity/privacy costs money. I claim that in the geodesic economy that is currently emerging on the geodesic internetworks we've been building at least since the advent of the microprocessor, privacy will ultimately be cheaper than transparency, as an artifact of the cheapest technology we use in the execution, clearing, and settlement of our transactions. In the same way that *transparancy* has been an artifact of book-entry transactions, the cheapest way to do financial transactions since the advent of the Hollerith card, if not the telegraph. In a book entry transaction you *need* identity to execute, clear and settle the transaction, because the *way* you prevent repudiation of a bearer transaction is to send someone to *jail* if they lie about a debit or credit in a database somewhere. By definition, bearer transactions clear and settle instantaneously, or not at all. By definition, book-entry transactions execute, clear, and settle in at least twelve different book entries, all of them, by definition, happening at *different* times. [For each asset exchanged (at least two), there is both a debit and a credit (one each), for the buyer, the seller, and at least one, and usually two clearing/ settlement entities. Two assets times (two debit/credits times three entities) equals twelve database/accounting book-entries. It's usually *way* more than this, try charting a credit card transaction, or a stock exchange transaction sometime.] I think that as we get to t-zero in transaction execution/settlement/ clearing time, the *risk* of book-entries tends toward not merely the value of the transaction in question, but the value of *all* the assets that a given key controls. With digital bearer transactions, the *most* a given counterparty can lose is the value of a transaction, and not even that if the bearer certificate(s) used in that transaction are redeemed and reissued sometime at or near time of the transaction to prevent double spending. The more valuable the asset, the more it behooves you to redeem and reissue it to yourself, so valuable transactions happen on- line, and less valuable transactions happen quasi-offline with some kind of probabilistic settlement / assay method. As for guarantees that something on a public internetwork is anonymous, I leave that for other people. I can only say that with a bearer protocol, the transaction at least *can* be anonymous, instead of the way it is now, where all parties to a book-entry transaction *must* be identified. Cheers, RAH