simplest possible ecash mint
Nomen Nescio
nobody at dizum.com
Mon Dec 24 13:20:20 PST 2001
Ryan Lackey writes:
>
> I don't believe "normal users" should ever interact directly with the
> mint; using the mint as a reissue server only in normal operation is a
> key optimization -- especially when coupled with tamper-resistant mint
> hardware. Easier to develop, easier to operate, easier to audit.
> Users should purchase cash from change makers; the issuer could also
> operate a change maker, and can handle sales to change-makers separately.
You're using some of these terms without defining them clearly:
mint, issuer, and change maker. Earlier you said the change maker was
responsible for changing between ecash and something of value, presumably
including other currencies. Presumably the mint is the cryptographic
engine which issues ecash coins. The issuer is apparently someone
who is allowed to force the mint to issue coins at will, although the
mint is supposed to log and report on such interventions. (Anyone can
destroy coins, so an issuer is not needed for that functionality.)
Can you explain how these three roles would work in a transaction where
Alice gets some ecash for dollars, pays Bob in ecash, who turns the
ecash back into dollars?
Here is how it seems like it should work. The change maker Carol has a
bunch of ecash she stands ready to sell. Alice gives her $X in dollars,
along with blinded data to become Alice's ecash. The change maker does an
exchange operation at the mint, giving the mint $X in the change maker's
own coins, along with the blinding factors from Alice. The mint gives
back new blinded coins which Carol passes to Alice, who unblinds them
to get her ecash.
Alice passes the ecash to Bob. He does an exchange operation at the
mint to get new coins and to verify that Alice's cash is good. He
then delivers whatever goods or service Alice has paid for.
Bob later wants dollars, so he goes to change maker Carol and delivers
to her ecash. She does an exchange at the mint to verify that Bob's
coins are good, and then sends Bob dollars in return for his ecoins.
This sequence conflicts somewhat with your model. Bob had to interact
directly with the mint, and you said that normal users would not.
But only the mint can verify the validity of coins so it seems to be
necessary.
The issuer was not involved in this transaction. Apparently he is
only there to inflate the currency. You should consider eliminating
the issuer, who can easily cause trouble. At startup time let the
mint generate its keys and emit a single high-value coin. That will
be the money supply for all time. Allow a banking system to grow
around this "high-powered" currency and fractional reserve bank loans
will automatically adjust the money supply as needed. See Selgin,
http://www.terry.uga.edu/~selgin/.
More information about the cypherpunks-legacy
mailing list