Bypassing the Digicash Patents

Adam Back aba at dcs.ex.ac.uk
Wed Apr 30 03:56:49 PDT 1997



Robert Hettinga <rah at shipwright.com> writes:
> Remember, proto-wings were evolved by pond-skimming insects so they could
> skim across ponds faster. Eventually, when those proto-wings evolved into
> actual wings, flying insects didn't need ponds anymore. With that idea in
> mind, digital bearer certificates are going to have to interface with the
> book entry world of meatspace for a while, in order to be convertable into
> other assets. Eventually, at some point, those assets won't be book-entries
> anymore.

No offense Bob, but your pose takes some reading, too full of
metaphors, but I grok what you're saying, and the topic discussed here
I find interesting.

How about this, rather than interface your ecash system with US
dollars yourself through credit cards/ debit cards/ cheques / cash,
just set up an entirely disconnected system.

You may remember the digicash trial mint.  It was monopoly money,
theoretically it was worthless.  However people were selling freebees
for it (the odd T-shirt, cap etc), plus images, programs.  Also it was
collectable in the sense that there was a limited mint.

The unofficial digicash exchange was set up and some transactions took
place.  People were buying and selling the monopoly money for real
money, without digicash having to worry about the legality of the
interface to existing payment systems.  The black market/ unoffcial
market took care of it.  Also the internet casino is interesting in
relation to this.  They accept many payment forms, if they started
accepting our "net cash" (net in the sense that it only means anything
directly in terms of the net), then you could exchange cash by playing
some low rake off game such as roulette.  (Just keep betting on black,
the commision is the house slot, and you take your chips away in real
world currency).

The cryptographic requirements for a system such as this would be:

 1) anonymous (privacy preserving, payee and payer anonymous
 2) distributed (to make it hard to shut down)
 3) have some built in scarcity
 4) require no trust of any one individual
 5) preferably offline (difficult to do with pure software)
 6) reusable

My ideas so far are hashcash (where the scarcity is related to your
processing power).  (See http://www.dcs.ex.ac.uk/~aba/hashcash/)
However this makes for hyper-inflation because of the rapid increase
in CPU power.  

hashcash is not directly transferable because to make it distributed,
each service provider accepts payment only in cash created for them.

You could perhaps setup a digicash style mint (with chaumian ecash)
and have the bank only mint cash on receipt of hash collisions
addressed to it.

However this means you've got to trust the bank not to mint unlimited
amounts of money for it's own use.

So, perhaps you could have multiple banks and let reputation sort them
out, if you could arrange the protocols so that it would be apparent
if a bank was minting more cash than it had received hash collisions
for.  (Say by publishing the collisions, and making it possible to
publically verify the quantity of cash in circulation).

But if you've got multiple banks then you've got to have an exchange
mechanism.  The market could probably take care of this, setting
exchange rates based on banks reputations.

However it would be nicer to have something which required no trust
and which had no posssibility of cheating rather than relying on
reputation to sort them out.

> Think about it this way. Personal computers didn't really start to kill
> mainframes until they were networked into mainframes and could hoover data
> out of them with impunity, and out-process the information. Excel killed
> 123 that much quicker because it could read .WK1 files transparently,
> macros and all, and then do much more with it. Soon, this upcoming
> "protocol conversion", between the net world of bearer certificates and the
> meatspace world of book-entries, will be done by a financial trustee.

The problem with anonymous ecash to continue your metaphor is that
.WK1 files also happen to be illegal or surrounded by huge amounts of
banking regulations.  So even though the new system is better the
negative forces acting against so far have succeeded in stifling it.

One of the negative forces also is user stagnation, people are used to
cheques and credit cards, even if they are inefficient and prone to
fraud.

Adam

-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






More information about the cypherpunks-legacy mailing list