Hettinga's e$yllogism

Robert Hettinga rah at shipwright.com
Sun Aug 17 12:41:01 PDT 1997

At 11:57 pm -0400 on 6/22/97, Tim May wrote:

> >In <199706222220.AAA26096 at basement.replay.com>, on 06/23/97
> >   at 12:20 AM, nobody at REPLAY.COM (Anonymous) said:
> >
> >>>  Digital Commerce *is* Financial Cryptography,
> >>>  Financial Cryptography *is* Strong Cryptography,
> >>>  therefore,
> >>>  Digital Commerce *is* Strong Cryptography.
> >>>  and, therefore,
> >>>  No Strong Cryptography, no Digital Commerce.
> >
> >>Why can't escrowed ecash support digital commerce?  Strong crypto with a
> >>government backdoor.  That's what you're offered.  Prove it can't work.

First of all, Anonymous, proving a negative is logically impossible. :-).
Second of all, in general, escrow is H1, and strong crypto, the status quo,
is H0, so it's up to *proponents* of escrow to prove that it'll have the
same, or actually significantly better, results, than strong crypto would.

The same thing holds true for bearer certificates, in general. The
difference in cost between traceable and and anonymous digital bearer
certificate technology is lost in the noise of the enormous benefit of not
using book-entries for transaction settlement anymore. Since they're the
same price, and anonymous bearer certificates are more secure, people will
probably select anonymous certificate protocols for the extra security.

Okay, now on to Tim...

> I agree with "anonymous" that Bob Hettinga's syllogism is unconvincing.

*This* should be fun...

> Now, I happen to believe that untraceable, strong communications and
> monetary instruments allow for amazing things.

Amen. I also expect that the very definition of "amazing" will be in
greater utility (horrors!) to mankind. Progress, in other words. Which, of
course, is defined almost any way you cut it as more stuff for less work,
and which is usually measured in the price of things on an open market.

(Yes, I know. Money isn't everything, and freedom is probably the most
important thing there is. However, in a literal sense, freedom is not
priceless. It must be paid for. Fortunately, since people demand it so
much, progress can also reduce the price of freedom, just like it does with
other goods. :-).)

> But claiming that digital commerce is impossible with an escrowed key
> system is not a very persuasive argument.

One only needs to see the recent IBM FUDomercial about fear of commerce on
the net, or any of the other equivalent  niggling stuff in the press on
digital commerce, to give the lie to that argument. Again, if there's no
material difference between the cost of weak cryptography and strong
cryptography, which one are you going to choose? Occam's razor, and all

We've demonstrated time and time again that the cost of audit trails in
book entries is necessary for non-repudiation. "And then you go to jail" is
the error-handler we all have to live with in our transaction architecture,
because we couldn't move paper bearer certificates down a wire, and storage
of paper costs more money than numbers in a book or database. We pay for
that enforcement "subroutine" with taxes. With bearer certificates, none of
that cost, database storage, access/authentication -- or law enforcement --
is necessary.  If you *do* want audit trails with bearer certificates, you
have to put them back in as some type of kludge. Or, even if you figure out
how to leave them out, like Dan Simon did, you gain no material cost
advantage over anonymous certificates. So why do it? Just 'cause the
government wants it isn't an answer. Nation states have always wanted to do
lots of things which are economically impossible, and those things haven't
happened either.  Reality is not optional.

> (It is true that some major hacks
> of the escrowed system would undermine confidence in e-commerce, but so
> would major hacks of today's SWIFT or similar systems. So?)

Well, I've already answered this using, horrors, utilitarian arguments,
but, directly on the merits of your argument, the most sweeping commerce
protocols will be peer-to-peer ones, checks, cash, and the like. That
leaves a lot of points of weakness to the system. Not the least of which
would be any central place where the transactions are reported. Theft could
be done unobtrusively and on a large scale, and the nagging fear of that is
exactly what stuff like the IBM FUDomercial preys on, causing a "chilling"
effect on commerce in general. The answer is strong cryptography, which
costs the same anyway. So, Financial Cryptography is Strong Cryptography.

> Bob's syllogism is just too simplistic, and it won't be convicing to people
> who have to deal with human weak links in existing systems, and even with
> government interference and government ability to intervene (FinCEN,
> freezing of assets, regulation, etc.).

They can do all they want, but eventually, it boils down to whether strong
cryptography makes more money than weak crypto. I'm firmly convinced that
that is the case. Hence the syllogism.

> Beware too much simplification. It may make for nice t-shirts, but....

Frankly, simple is usually right. Progress in science is usually about
replacing klunky complex ideas with more simple and elegant ones.
Einsteinian space-time distortion is simple to visualize, so too is the
double helix, or Newton's Laws, or the efficient market hypothesis, or
Coase's stuff. Complexity is usually a symptom of cluttered and thus
ineffective theory. Otherwise, we'd still be calculating orbits with

Occam's Razor. It's not just a good idea, it's the only idea. :-).

Bob Hettinga

Robert Hettinga (rah at shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/

More information about the cypherpunks-legacy mailing list