simplest possible ecash mint

Ryan Lackey ryan at havenco.com
Mon Dec 24 11:34:41 PST 2001 

I don't believe "normal users" should ever interact directly with the
mint; using the mint as a reissue server only in normal operation is a
key optimization -- especially when coupled with tamper-resistant mint 
hardware.  Easier to develop, easier to operate, easier to audit.
Users should purchase cash from change makers; the issuer could also
operate a change maker, and can handle sales to change-makers separately.

The mint should be able to report to the world exactly how many coins
it has issued -- for without this figure, it would be difficult for
users to trust that an issuer has not inflated the currency (I think
free banking theory would disagree with this, proposing instead that
competitors attempt to test withdrawals regularly, but I still think
publishing a float figure is important).  This also demands that
certain keys be generated on the mint and only under the mint's
control, not under even the issuer's control, except through logged
and proscribed actions.

I simply want there to be a way for the issuer of a currency to
increase the authorized amount and withdraw the tokens, in a way which
is logged by the mint itself.  Otherwise, you need an external means
of generating the initial batch of signed currency, the problem with
currency withering away over time, etc.  Much better to make it a
clean part of the design.

The issuer of the currency would be able to increase or decrease the
authorized amount of cash (treasury), and could request from the mint 
an amount of tokens up to that amount.  The issuer could also send coins and
have them destroyed, and they would be subtracted from float.

The reason for doing this explicitly is that in the future one may
replace "issuer manually sets the treasury" with
"mint directly contacts an external server to see account balance,
publishing that as treasury", with rules internal to the mint on how
much of various assets must be held to issue a currency -- perhaps you
could have a derivative instrument issued against another token-based
currency, where the mint itself held a single large coin in another
issue.  If you made it a single step (increase treasury directly
results in increase in float, by sending coins to the treasury) it
would make automatic/external changes to the treasury more difficult,
due to the need for a multi-stage blinding protocol.

A multi-currency mint would just have multiple accounts of this form,
two for each currency, plus associated keys.  This makes it very easy
to separate mint-operator from currency issuer, etc.


> > [linkage of signing keys and external keys]

I'd like there to be a way for a textual description of the issue, the
issuer signing keys, and external means of reputation/identity to be
verified; this is just a question of what keys sign what and how to
present it.  

-- 
Ryan Lackey [RL7618 RL5931-RIPE]	ryan at havenco.com
CTO and Co-founder, HavenCo Ltd.	+44 7970 633 277 
the free world just milliseconds away	http://www.havenco.com/
OpenPGP 4096: B8B8 3D95 F940 9760 C64B  DE90 07AD BE07 D2E0 301F

More information about the cypherpunks-legacy mailing list