Privacy vs. Transparency, Anonymity vs. Identity (was Re: [gsc] Fwd: (micro)payments for anonymous routing in Tor?)

R.A. Hettinga rah at
Sat Sep 27 06:06:53 PDT 2008

On Sep 27, 2008, at 5:09 AM, George Hara wrote:

> None of that guarantees that transactions are anonymous, as in digital
> blinded cash anonymous.

The point to bearer transactions is that you don't *need* identity to  
do the transaction. If the transaction doesn't complete the "nutty  
crypto" protocol (as you called it; yes, I know, Barbie, Crypto is  
Hard), the transaction *fails*, no harm, no foul. It doesn't even  
*execute*, much less clear or settle.

Bearer transactions *can* be anonymous, and they're cheaper if you do  
them that way. Book entry transactions *must* be public, "transparent"  
these days, or they don't work, ultimately. Primarily to keep the  
system fair, pick your definition of "fair", but also to *force* the  
non-repudiation of a given transaction using guys with guns provided  
by your friendly neighborhood force monopoly.

In other words, in a bearer transaction, identity/transparency costs  
money. In a book-entry transaction, anonymity/privacy costs money. I  
claim that in the geodesic economy that is currently emerging on the  
geodesic internetworks we've been building at least since the advent  
of the microprocessor, privacy will ultimately be cheaper than  
transparency, as an artifact of the cheapest technology we use in the  
execution, clearing, and settlement of our transactions. In the same  
way that *transparancy* has been an artifact of book-entry  
transactions, the cheapest way to do financial transactions since the  
advent of the Hollerith card, if not the telegraph.

In a book entry transaction you *need* identity to execute, clear and  
settle the transaction, because the *way* you prevent repudiation of a  
bearer transaction is to send someone to *jail* if they lie about a  
debit or credit in a database somewhere.

By definition, bearer transactions clear and settle instantaneously,  
or not at all. By definition, book-entry transactions execute, clear,  
and settle in at least twelve different book entries, all of them, by  
definition, happening at *different* times. [For each asset exchanged  
(at least two), there is both a debit and a credit (one each), for the  
buyer, the seller, and at least one, and usually two clearing/ 
settlement entities. Two assets times (two debit/credits times three  
entities) equals twelve database/accounting book-entries. It's usually  
*way* more than this, try charting a credit card transaction, or a  
stock exchange transaction sometime.]

I think that as we get to t-zero in transaction execution/settlement/ 
clearing time, the *risk* of book-entries tends toward not merely the  
value of the transaction in question, but the value of *all* the  
assets that a given key controls.

With digital bearer transactions, the *most* a given counterparty can  
lose is the value of a transaction, and not even that if the bearer  
certificate(s) used in that transaction are redeemed and reissued  
sometime at or near time of the transaction to prevent double  
spending. The more valuable the asset, the more it behooves you to  
redeem and reissue it to yourself, so valuable transactions happen on- 
line, and less valuable transactions happen quasi-offline with some  
kind of probabilistic settlement / assay method.

As for guarantees that something on a public internetwork is  
anonymous, I leave that for other people. I can only say that with a  
bearer protocol, the transaction at least *can* be anonymous, instead  
of the way it is now, where all parties to a book-entry transaction  
*must* be identified.


More information about the cypherpunks-legacy mailing list