Cash, cheaters, and anonymity

James A. Donald jamesd at netcom.com
Fri Aug 26 11:01:46 PDT 1994


Timothy C. May writes
> Alice pays Bob a unit of money, then quickly Alice spends that
> money before Bob can...Bob is then revealed as a "double spender," and his
> identity revealed to whomver wanted it...Alice, IRS, Gestapo, etc. A very
> broken idea.

Correctly implemented, with offline cash that grows in each transaction
until cleared online, this should reveal Alice's identity, not Bob's

If we fear double spending we insist on the spender presenting 
an expensive identity, an identity that would be tedious or costly
to replace.  The larger the amount, the stronger our concerns
of identity.  But the identity is known only to the parties to
the transaction.  (Who may be different tentacles of the same
biological person.)

The tentacle trick is what makes the existing identity based
checks on Bermudan and Hong Kong banks effectively anonymous.

If we do not like the identity, we ask for online clearance.

> I want to elaborate on this, even though I think most of Hal's points are
> made with off-line clearing in mind. I want to make the case for why
> on-line clearing is the One True Digital Cash.

Quite so.  And with a smooth interface between the truly anonymous
online cash and the controlled nomity offline cash - an interface
sufficiently smooth that the spender rarely notices which his
software is using, we can have the best of both worlds.

It is all in the software interface, something notoriously lacking
from existing implementations.

> Off-line systems may be useful for paying for movies, toll roads, etc., but
> there the protocols can be set up to limit exposure to fraud. (Ontological
> constraints, such as number of movie theater attendees, etc., will limit
> the losses. Scams will likely still exist, but the problem seems manageable
> with some work.)

Exactly so.  Like the use of slugs in vending machines.
> 
> 
> IS PROOF OF PHYSICAL IDENTITY NEEDED?

No, but for offline cash proof of an identity that would be
expensive or tedious to replace is needed.

> This
> situation is as old as time, and has always involved protcols in which
> trust, repeat business, etc., are factors. Or escrow agents.

Exactly so.  We need varied kinds of digicash, for varied situations,
and a smooth interface between them.

> REAL ESCROW AND TRUE NYMS
> 
> 
> Long before the "key escrow" of Clipper, true escrow was planned. Escrow as
> in escrow agents. Or bonding agents.
> 
> Alice and Bob want to conduct a transaction. Neither trusts the other;
> indeed, they are unknown to each other. In steps "Esther's Escrow Service."
> She is _also untraceable_, but has established a digitally-signed presence
> and a good reputation for fairness. 

Exactly so:

> I apologize if this essay, while long, is not quite long enough to capture
> the ideas I wanted to express. To me, these are core ideas.

Keep going, you mentioned, rather than explained, the problem of local
and extended clearing.

It seems to me, that rather than the one true protocol, we need a
collection of standardized protocol tools and anybody and his dog
can issue his own protocol for his own purpose, and the other
guys computer can understand it and can give its master a list
of options of what how the deal can go sour and who to finger 
if the deal goes sour in a particular way -- tell its master 
who the the master is trusting to pay and when.


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jamesd at netcom.com






More information about the cypherpunks-legacy mailing list