Finder's Keepers, Smartcards, Anon Cash [Re: double-spending prevention w. spent coins]
Major Variola (ret)
mv at cdc.gov
Sun Apr 27 09:37:32 PDT 2003
At 05:38 PM 4/26/03 -0700, Bill Stewart wrote:
>At 03:05 PM 04/26/2003 -0700, Major Variola (ret) wrote:
>>Clearly the most anonymous systems (cash)
>>have the 'finders keepers' property, *necessarily*.
>
> Ok, Major Variola has demonstrated that he's either Not Tim,
> or is Tim trying to make it look like he's Not Tim :-)
> He's also Not Even Hettinga, nor Adam, nor Choate....
> ... is that you, Lawrence?
Perhaps this whole thing is just one person talking to himself, with
Tim listening in! -Dr Evil, CP list
Clearly I'm not talking about online systems here, where the
online DB-query prevents double-spending, and protocols provide
anonymity. I'm talking about those systems where you have a
tamper-resistant
device providing double-spend assurance.
Yes, I know that a bank's secrets are not safe in Paul Kocher's back
pocket.
But lets assume a tamperproof system protected by a reasonable PIN.
The stored-value smartcard in your pocket was bought off the shelf with
cash and has
no identifying info.
>>But one can imagine anonymous systems that are useless to finders,
>>e.g., a smartcard with a real PIN and/or fingerprint reader.
>
> Fingerprint reader? No thanks; aside from their technical
weaknesses,
> they're rather at cross-purposes to anonymous digital cash.
> Do not double-spend by looking into laser with remaining eyeball.
I'm aware of the problems with biometrics & street surgery. Ok, a PIN
is fine.
> You don't even need a smartcard; a data file format that uses
> some kind of password-based encryption is enough.
> Smart cards, or dumb cards, may or may not be a useful adjunct
> to some digital cash systems, but one of the big reasons for
using
> digital cash instead of 500-Euro banknotes is for online
transactions.
> Smartcards may let you use your digital cash at somebody else's
>cash reader,
> and may reduce the risk of software problems trashing your cash,
> but digicash isn't necessarily something most people will carry
>around.
Physical tokens are better user interfaces. You can also leverage
their tamper-resistance as the origin of trust. Without going online
for every transaction. Obviously there are pros and cons for
different techs. (I don't see why a secure smartcard couldn't be
used for online transactions if it has a convenient home-computer i/f;
dedicated devices are more reliable, anyway.)
>>In these cases, it is advantageous to the finder to return the
>>smartcard in hope of a reward, IFF the loser makes this possible.
>
> Now, *that's* an interesting suggestion.
Pay-to-bearer has finder's-keepers property, but the PIN can remove
this property. I suppose this applies to online protocol based
systems, e.g., if someone trojans your computer and copies your coins.
Much like PGP does with private keys, requiring a passphrase to
get to them.
>>Maybe there's a bizmodel in being a clearing house for lost locked
>>smartcards, without trashing their potential "bearer" anonymity unless
>>the loser tells the clearing house they've lost it.
>
> Not any time soon :-) It's much more likely that the issuing
bank
> or the wallet vendor would be in this business than a third
party,
> and there are problems like how to preserve the anonymity,
My claim is that anonymity can be present *unless* you want your card
(with its stored-value) back. This is a feature that cash doesn't have.
> Or you just limit use of smartcards to money you're willing
to lose,
Much like a leather wallet & paper cash; but smartcard-cash could be
'safer' with a PIN & (anonymity-busting) reward mechanism. Obviously
you can't 'cancel' a smartcard like you can a lost credit card, since
the smartcard transactions are not online. So you hope its found,
instead of truly lost. When you lose paper cash, you don't care, its the
same to you.
More information about the cypherpunks-legacy
mailing list