digital cc transactions, digital checks vs real digital cash

Robert Hettinga rah at shipwright.com
Fri May 2 10:38:23 PDT 1997


At 5:37 am -0400 on 5/2/97, Adam Back wrote:

> It's not an attempt to make money less negotiable, though this is of
> course the effect.

Say no more. :-).


> It's just another approach to avoiding the banking
> regulations.  As you admit the market will take care of the exchange
> mechanism, it just adds inconvenience in locating the exchange
> mechanisms, and the stigma that the mechanisms are not official.

The model I've been talking about, with a trustee bank holding the
book-entry assets for the certificates on the net does exactly this,
without the "inconvenience" of avoiding banking regulations. :-). Occam's
razor.


> So now you get to trust the trustee.  Doesn't seem like a big
> improvement.

Again, you can't have finance without trust. Fortunately, in cypherspace,
reputation is orthogonal to identity. No problem. You have identified
accounts for the underwriters, but you have unidentified users (once the
certificates are on the net) of the cash itself.

> I don't think VISA and friends want anonymous settlement, they like
> comprehensive transaction logs to keep people like FinCEN happy.
> You're not suggesting that SET offers anonymity are you?

By definition, VISA *can't* have anonymous settlement. Modulo anonymous
secured credit accounts, with a tip of the metaphor to Duncan and Co. And,
frankly, FinCEN *itself* can't control a bearer certificate economy, and it
*knows* so. If digital bearer certificates do prove to be, say, 100 times
as efficient to use as book entries, particularly on ubiquitous geodesic
public networks, then FinCEN will be able monitor what comes on and off the
net, but will simply have to <analogy> stand back and let the net.commerce
train go by </anology>. The assistant director of FinCEN as much as
admitted this, on a panel I was on, last fall at the Institute (nee'
Office) of Technology Assessment's conference on the regulation of digital
cash.

Again, folks, this is how to win the crypto fight. Just as faster shipping
killed the idea of royal charters and mercantilism in favor of lazzez faire
capitalism, so to will financial cryptography kill book-entry control
structures and taxation.

As far as SET goes, the only feature in SET that I care about, and
Cybercash has this also, is the ability to "tunnel" transaction messages
through the merchant to the card issuer. I claim the same kind of protocol
can be used to tunnel, an ATM message, through the underwriter, and the
trustee, to the cash purchaser's home bank for authentication. That's all.

> Anyway, I'm not against this initial approach necessarily.  Once
> you've got one non-anonymous electronic payment system with low entry
> costs to obtaining both a merchant and a purchaser, and is widely
> accepted, you can boot strap an anonymous payment system off it.

Precisely. It's an intermediate form. A profitable intermediary form, just
like those proto-wings on  those pond-skimming insects. See why the
metaphor is useful?

> The net model is that it should be that a merchant and a customer
> account are the same, and can be had by filling in a web page in real
> time.  However, aren't they trying to make big bucks out of merchant
> accounts.

I'm not sure what the above means...

> Will SET and Cybercash make it easier to be a merchant than it is to
> be a VISA merchant?  Becoming a credit card merchant is a rather
> onerous expensive, slow process I hear.

Right. However, this isn't like a credit card. You can almost liken an
underwriter to an ATM machine, except that it "prints" cash on the spot.
Yes, I know, the blinding takes place at the purchaser's machine, but the
certificates don't become *negotiable* until the underwriter signs them.
(That, by the way, is why you have to honor patents, because the
underwriter and the trustee, for the time being, are identified, litigable,
meatspace entities. The nice thing is, though, the users of the
certificates are *impossible* to identify.)

Anyway, the point is, modulo licensing the blind signature patent, which
Digicash should do, and probably won't (this week, anyway), being an actual
underwriter is more a question of marketing than anything else. Anyone with
a 486 (the original mint ran on one of these) and a full-time internet feed
could do it.

Takes a little more work to be a bank. Part of that work is adhering to all
that meatspace regulation, but, frankly, holding the float account is no
different from holding any other trust account. That, as they say in the
Great White North, is the beauty part. Much easier than growing a mouse in
a beer bottle, eh?

> You lost me there.  Above you described the trustee's function as
> holding the ability to issue money to keep the bank honest.  What _is_
> a bearer certificate in this discussion?  A digitally signed share
> certificate, or other representation of an unit of value?
>

The trustee holds assets, in trust, which are used to capitalize the
digital bearer certificates issued the underwriter.

For instance, in the corporate bearer bond market, there were three people
involved in issuing the bond, besides the eventual purchaser of the bond.
There was the corporation, like IBM, or GE, or US Steel, say, which was
issuing the bond. There was the underwriter, an investment bank, in other
words, who sold the bond into the primary market, usually to brokers who in
turn sold them to their clients. There was the trustee, a bank who actually
handled the cash payments from the issuing corporation to the holders of
the bond, and technically worked on behalf of the bond holders. On the day
the interest was payable, the corporation cut a check to the trustee, who
in turn cut checks to people who mailed in the little coupons they clipped
off the bond every quarter.

In the case of a book-entry trustee, the underwriter markets digital bearer
certificates, cash in this case, to the public, in exchange for a book
entry asset, money transferred through the ATM/Swift system to the
underwriter's collateral account at the trustee bank. The money sits at the
trustee bank until someone takes that money off the net by exchanging a
digital bearer certificate for an ATM deposit transaction to the redeemer's
bank.

Now, sometime in the future, when there are other assets in bearer form on
the net besides cash, like digital bearer bonds, or digital bearer stock,
or commodities contracts, or derivatives thereof, it's easy to see how you
could create a trustee which holds *those* kinds of assets instead of
deposits on account somewhere in meatspace. In fact, I claim, because
identity and reputation are orthogonal in cypherspace, that such a trustee,
and thus, every party in the underwriting process, including the
underwriter, *and* the development of any future bearer certificate
cryptographic protocol, can be *anonymous*, that is, identity-free. Though,
of course, they'd all have to use perfect pseudonyms.

> Who issues the bearer certificates?

The underwriter.

> What does possesion of the bearer
> certificate represent in terms of ownership of assetts?

The face value of the digital bearer certificate. For example, with a
traveller's check, you buy at a premium, so that the person you give the
check to can redeem them at face value, or "par", in bond language. Yes,
unless the agreement between you and the issuer, as enforced by the
trustee, specifies that the certificate must be backed up one for one by
the assets in the reserve account, held by the trustee bank, then the
issuer has the right to take some of that money and invest it in something
else, and not just take the interest it accrues while it sits in the
trustee's account. For the most part, the particulars about what that money
is used for will be subject to market constraints. For instance, if money
goes onto the net and stays there and never leaves, then, in an effort to
compete, an issuer might offer lower issuing fees, even discounting the
price of the certificates at issue, because he's going to make it up
eventually, in the interest and other returns he gets for investing some or
all of that money. However, all that's probably too messy to mess around
with here. If you're interested, ( a little bond humor, there), go dig up a
book on corporate finance (Brealy and Meyers was a good one, once), or
fixed income mathematics (Fabbozzi's was the best, last time I looked).

> Actually it's micromint which has the threshold function feature
> through use of k-way hashes, my hash cash is quite simple, and
> probably impractical to use as a basis for a currency you wished to
> connect to a real currency.  There is a cost of printing hashcash
> coins, which can be made high (say a weeks CPU for a P100), but
> basically anyone can mint all the money they have CPU power for.  This
> is interesting for throttling systematic abuse of limited net
> resources, and combining with a digicash system you could have
> transferability as well as anonymity.  However the stability of the
> money supply is probably not up to it.  It's kind of like allowing
> anyone to print money, but making it cost them in time only; the
> resources they already have.

It's exactly like that, and that's why I find the idea so attractive. :-).

> You think you can create a digital bearer certificate market on the
> back of your architecture of issuers, and trustees.  I don't see a
> great difference between this and a traditional bank.

That's the point. Reality, financial or otherwise, is not optional. :-).

> How is it going
> to reduce the per transaction overhead, and how is it in any way
> distributed.  (I presume your term "geodisic" refers to a distributed
> value transfer system).

The geodesity happens on the other side of the trustee. On the net itself.
Once you get the money on the net, you can do all *kinds* of fun things
there with it, and, eventually, it'll never have to leave, because, I
claim, all financial assets, (stocks, bonds, notes, commodities contracts,
derivatives) will be held in digital bearer form someday. It'll be too
cheap not to.

<beating-a-metaphor-like-a-dead-horse-mode>

What we're doing at first is creating financial pond skimmers, net-based
entities, in the same way that pond skimmers are air-based entities, who
use financial cryptography and digital bearer certificates as proto-wings
to aerodynamically flit around on the surface tension of the existing
hierarchical book-entry finance system. Waterborne predators, like FinCEN,
can't catch them, and the predators don't care, really.  Because, sooner or
later, these pond skimmers will have to breed (take the money off the net),
which means laying eggs in the water, and, of course, that's where the
larval pond skimmers live. :-).

Of course, evolution on the net is much faster than real life. So, someday,
soon,  those financial cryptography pond skimmers will have wings and not
rely on surface tension (book-entries) at all, and, someday after that,
they won't even need water(meatspace) to hatch into. By that time,
obviously, there'll be a whole *new* class of predators to worry about, but
they haven't even been invented yet.

</dead-horse>


> What is an ACH transaction?  A electronic bank clearing protocol?
> FSTC is Financial Securities Trading... electronic checks?

ACH: Automated Clearinghouse. FSTC: Financial Services Technology Consortium.


> Isn't this going to be just another electronic check, with full
> transaction log, and associated overhead, banking regulations giving
> banks enough effective monopoly to charge high handling fees?

Yup. But the neat thing about them is they take pennies to clear, instead
of quarters for paper checks. The other thing is, they're peer-to-peer.
Credit cards aren't, remember? When was the last time you sold a car or
house and took MasterCard in payment. :-).

> I don't
> find electronic checks that interesting.

Yeah. You're a "wings" person. So am I, obviously. However, I think of FSTC
(or any other) electronic checks, or Cybercash/coin, or even FV, and
barely, SSL/SET, as "legs" which are just long enough to let the surface
tension of the banking system hold us up, so we can do transactions in
cypherspace.

> What we want is fully anonymous, ultra low transaction cost,
> transferable units of exchange.

Amen.

> If we get that going (and obviously
> there are some people trying DigiCash, and a couple of others), the
> banks will become the obsolete dinasaurs they deserve to become.

Wellll... Depends on what you call a "bank" I suppose. I would claim that,
more than anything else, a trustee in my model is a bank, whether its
assets are digital bearer or not. I won't quibble with you about it,
though. A bank is a type of financial intermediary. Someone who risks
reputation in return for interest, or other profit of somekind. You can't
have finance, and thus trade and economics, without financial
intermediaries. Might as well call some kinds of them "banks", whether they
live on the net or not.

> I
> think this would be a good outcome, and I'd rather see this happen
> than see anyone go to any great effort to get the banks involved.  Let
> them stick to electronic "cash" systems (what a misuse of the word)
> based on credit cards and checks.  See how that survives against
> _real_ distributed electronic cash with transaction costs 10 to 100
> times lower, with 0 red tape barriers to entry for both sellers and
> buyers.

Well, the consequence of book-entry transactions, of course, is the
interference of the nation-state, because that's your anti-repudiation
mechanism. Book-entry banks need nation-states, or force monopolies of
somekind, to exist. However, the net represents a whole new financial
biome, if you will. A biome where book-entries, like fins, are too slow to
fly with. :-).

> The net is becoming more and more important as an mechanism for
> information exchange in it's own right.  This is why I think just
> cutting the ties with the physical world and having a payment system
> working now would be interesting.

Certainly the sooner the better. However, you still have to get those
assets on the net in negotiable form. That's why you need to use good old
fashioned book-entry banks to make your assets negotiable. It's like
punching paper numbers into a spreadsheet when you can download a file from
the mainframe. Yes. Mainframes sucked. But that's where the data was.

> Deployment wins and all that.
> Hashcash is completely distributed; there is NO bank.  You can not
> forge hash cash, you can not double spend hash cash.  You can print as
> much hashcash as you have CPU time for.  You can resell hashcash for
> real money on an unoffical exchange, or trade hashcash for different
> services.

Way cool. So, how, if you're going to issue hashcash denominated in
dollars, are you going to convert them into actual dollars? Are you going
to put up a physical deposit window and take in bills somewhere? :-).
Wouldn't it be nice for someone to swipe their ATM card into a reader on
their machine using your web page, and get hashcash?

To do that, you need a trustee bank.

> I don't see any particular inherent reason why an electronic payment
> protocol can't be designed which requires no trust of the bank; at
> least it should be possible to arrange it so that the bank minting
> funds for it's own use will be detected.  All you need is that the
> protocol is publically verifiable.  Digicash already prevents double
> spending through the database of protocoins.

You might not have to trust the bank. But you do have to trust a financial
intermediary of some kind. In finance, more often than not, that entity is
called a "bank", for lack of a better term.

Again. You can't have finance, and thus trade and economics, without
reputation. Trust, in other words.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
Lesley Stahl: "You mean *anyone* can set up a web site and compete
               with the New York Times?"
Andrew Kantor: "Yes."  Stahl:  "Isn't that dangerous?"
The e$ Home Page: http://www.shipwright.com/









More information about the cypherpunks-legacy mailing list