[fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

Mon Nov 28 01:35:01 PST 2005

cyphrpunk wrote:
>>In the electronic cash literature, governance issues have rarely been
>>raised, let alone properly addressed. Systematic treatment of transparent
>>governance in digital payments begun, AFAIK, with the research of Ian Grigg.
> 
> 
> One example is the Sander and Ta-Shma paper I mentioned earlier:
> http://citeseer.ist.psu.edu/sander98auditable.html

I wasn't aware of this paper, probably because
it was published in Crypto rather than FC.
Quickly flicking through it, I stopped at the
end of section 3.2 which raises some interesting
claims.  On the face of it, it would seem that
in order to operate the system,

   * merchants have to update frequently
   * merchants cannot accept real-time generated Tx,
     where "real-time" is inversely related to "frequently"
     in the first point
   * users have to likewise update many times per coin

While the solution may be elegant, I can't see
how that would work in real life.  The goal
for a transaction is quite simple:  send one
message, get one message back.  (In practical
engineering terms you can't get much more
efficient than that.)  But, the real point here
is that users will use the cheapest system in
preference to anything else, so a more efficient
system will dominate a less-efficient system, in
the long run.  Sander and Ta-Shma's solution
seems to propose something remarkably expensive
in message terms.

(Mind you, if he has done what he has claimed,
that is a remarkable result!)

>>In short, the basic idea is for the issuer to _publish_ in an undeniable
>>manner the responses (with some additional info) to exchange requests
>>instead of sending the information back to the requesting party using a private
>>channel. I do think (in agreement with several reviewers of my work) that
>>the setup proposed in the discussed paper, where the communication between
>>the users and the issuer is such that the issuer's responses to users'
>>requests are broadcast and archived in public records is novel.
> 
> 
> It will be interesting to see more details of how this works. Sander
> and Ta-Shma also had the server publish information for every issued
> coin, and then used zero knowledge techniques for the depositor to
> show that the coin was on the list. This added great complexity to the
> system.

Ah ok.  So we concur on the cost aspects.

As an aside, Sanders did pay a lot of attention
to these areas.  However, what he was focused on
was "regulatory" issues, as distinct from "governance"
issues.  Now, some would call them the same, but I
would not.  Governance is about the system looking
after itself and its users, where as "regulatory"
issues bring in a grab bag of wider issues which
have little to do with the system, other than their
presence having threat effects.  Hence for example,
the bank robbery problem is included in governance
because it steals money from in the system and threatens
system collapse, whereas money laundering is an exogenous
threat that only effects the system via regulation and
can never damage the system or users endogenously.

iang

PS: it was never necessary to pay attention to ML
issues any more closely, because all digital cash
(including anonymous ones) systems generally had
much stronger AML capabilities in comparison with
classical banking systems, so it wasn't as if there
was much point in improving them.