Non-linkability of blind-signature keys to bank-accounts (was Re: double-spending prevention w. spent coins)

Sat Apr 26 06:58:20 PDT 2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vamping on Adam's post a little more...

At 2:50 AM +0100 4/26/03, Adam Back wrote: 
>Another bad aspect of identity is that it afects usability --
>everyone has to be a registered and identified user at the bank to
>participate, even if they allow accountless operation just to meet
>the offline  double-spending system. 
>
>This is bad for functionality as you'd like to be able to fully
>participate without ever registering with or identifying yourself to
>the bank. 

My thinking about this has been that net-originated
non-identity-linked self-signed ssh-style keys work better for
internet bearer transaction methods like Chaum's blind signature
protocols, and that, for the sake of security at least, they
shouldn't be associated with the book-entry
account/PIN/Password/SSL-PKI-Key required to convert an asset from
book-entry form to internet bearer form. 

The result is, not-coincidentally, lower risk-adjusted transaction
cost in the conversion of those assets form book-entry to bearer
form, and, yes, the conversion is an identified one, because of the
phase change between protocol-enforced and law-enforced financial
operations. However, only to convert money into a bank-account
balance, for instance, does one need to be identified to the
financial system, which only makes sense, because that data is
required to prevent transaction repudiation there.

The result of independent self-signed keys is that people without
accounts in the book-entry transaction system can still safely buy
and sell digital goods on the net, at least, because the system,
while using keys, is inherently accountless. It also grows an economy
that can only reside on the net, which is desirable for lots of
reasons.

These tokens have to be moved on and off the net easily, and, more
important, they have to be able to be *reserved* in book-entry form
at the outset anyway. Notes, coins, whatever, are redeemed for
dollars, for instance, transferred to your bank through the ACH
system, or gold through GoldMoney/e-Gold, or equity through a
securities depository, or whatever. Otherwise, they're meaningless,
financially. Financial instruments have to be fungible *and*
exchangeable or they don't exist, and the only other financially
useful things to exchange them into, dollars in a bank or the PayPal
system, for instance, are off-the-net book-entry assets.

So, in the early stages of an internet bearer economy, we're looking
at notes and coins that move around the net almost exactly the way
that physical notes and coins do. People withdraw cash from a
book-entry account, spend it on the net using different protocols
than the ones they used for withdrawal, earn it with the same
protocol they spent it, and deposit cash using the same way they
withdrew it. The same can be said for bearer financial transactions,
except that "cash" would be replaced with some kind of depository
receipt (Steve Schear and I came up with "Unsponsored Network
Depository Receipt" one afternoon on the phone), and "spend" would be
replaced with "trade".

At some point, an entirely bearer market evolves, with bearer assets
(don't say it fast...) backed up by and exchangeable into other
bearer assets, just like we do with book-entry assets now. A
direct-to-the-net bearer bond issue would be underwritten by some
financial entity on behalf of a borrower without needing to float a
book-entry issue and then creating depository receipts to be held in
internet bearer form. 

At that point, connections to existing book-entry systems would
become as vestigial as capital market book-entry system connections
are to physically delivered bearer certificates these days, in the
same way that whole issues of stock are currently traded in
book-entry form, but technically "owned" by a single firm, with a
single certificate in a vault at the Depository Trust Company, for
instance.

Cheers,
RAH

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com

iQA/AwUBPqqQUcPxH8jf3ohaEQKW7QCfQgMhjNl11jc05vekRKS1/3PYn0oAn3bZ
SsoEw3L3ImvAD5KxBTXPjRuY
=W+n5
-----END PGP SIGNATURE-----

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'