Mostly offline digicash
After-the-fact detection probably won't fly, because organized multiple spending could kill it. There are people who are dumb enough to write their PIN numbers on their ATM cards.
Nevertheless, millions use ATM cards, with substantially less loss to fraud than with credit cards. Improvement in privacy and reduction of incidence of fraud over credit cards are sufficient goals for a digital cash system.
True, but if someone swipes your ATM card and PIN, they can only get what's in your account, and only $300 or $500 a day. If someone swipes your digi-coins, they can spend them hundreds of times, obtaining merchandise worth much more than the coins, before being detected. That's the hazard I'm worried about. A few such heists could make people back away from digicash. The problem with credit cards (and cellular phones) is the "replay attack." Some kind of authentication is needed. As I understand it, ATM's use DES with the PIN being used as part of the DES key, correct?
For Pretty Good Digicash, which would probably far exceed those goals, how about a "mostly offline" system as follows:
I like this approach. It does require the "online infrastructure" to be present at every shop, but it would generate less bandwidth than fully online systems. Offline processing could be done at night when the system is otherwise idle. The Russian-roulette aspect of trying to cheat would certainly discourage it.
I envision a decentralized credit-rating system, so that the integrity of ratings cannot be jeopardized by corrupting one or a related few credit rating agencies with false information. (The IP paradigm: an economy should be able to route around node failures).
Definitely. The goal of digicash, at least in my opinion, is to destroy centralized power. An online system should have multiple servers, and an observer-based system should have multiple suppliers of observers. The only secret in the observer should be the key. --- MikeIngle@delphi.com
Mike Ingle:
If someone swipes your digi-coins, they can spend them hundreds of times
For both the online and the mostly-offline system, only one one or a small number of fraudulent coins can be spent without online detection. Furthermore, digicash is much easier to lock up than cash; encrypt it with your secret key, following the normal procedure of keeping the secret key on a closely held floppy or smart card.
A few such heists could make people back away from digicash.
Why haven't people backed away from credit cards despite $10's of billions in fraud? Digital cash, implemented reasonably well, is probably going to lose orders of magnitude less to fraud per transaction than credit cards. The transaction costs may be much less than the 3-7% cut taken by credit card companies. One practical task will be thorough debugging before implemented on large scale, as there are plenty of people with (a) an ideological prejudice against cash that or (b) uncomfortable with their lack of understanding of the protocols, who will jump on the opportunity to flame it. (cf. current discussion on imp-interest with Detweiler & Co., for example). Nick Szabo szabo@netcom.com
Nick asks:
Why haven't people backed away from credit cards despite $10's of billions in fraud?
A very good question. The reason is largely because it's a very profitable business *for the card merchants* (banks, mostly). They get their percentage no matter what, and losses don't eat into it all that much. I agree with much of what Nick says, but I think we have to consider ways to help make digicash pay for its own implementation and enforcement, or it will not take hold. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex@media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request Try not to have a good time ... This is supposed to be educational.
participants (3)
-
Alan (Gesture Man) Wexelblat -
Mike Ingle -
szabo@netcom.com