From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 11 Apr 1996 15:20:18 +0800
To: cypherpunks@toad.com
Subject: Re: Tense visions of future imperfect
Message-ID: <199604102201.PAA13082@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:59 AM 4/9/96 -0800, frantz@netcom.com (Bill Frantz) wrote:
>>   Financial Times, April 9, 1996, p. 13.

>>   Garfinkel described it like this: "My name is Agent
>>   Jenkins. I'm an investigator with the secret service,
>>   working on a counterfeiting case. And it's tough. Last
>>   year, my office got a priority call from an economist at
>>   Stanford. The economist was looking at something called the
>>   money supply and velocity and both were increasing a little
>>   too fast. They just didn't add up. The economist finally
>>   figured an organisation was printing its own electronic
>>   money -- just like the US government does.

Personally, I find the idea that the government could hope to track the economy
so closely as to notice a $10M/year addition to the money supply to
be disturbing (though it was done in a science fiction story about
20 years ago :-)  With digital cash, it's also unrealistic - we
finally have a technology for moving money around _without_
them being able to track it all, if we want to deploy it.

>>   "This counterfeit currency looked just like the real thing,
>>   except it was a fraud. She even found some of it -- a
>>   digital dollar that was signed and sealed by the US
>>   government's secret key, yet had a serial number that had
>>   never been issued. The money that was being made was on the
>>   Net. It was everywhere and nowhere. And it was encrypted,
>>   so that we wouldn't even know it if we found it. Last
>>   month, we estimate, the total fraud was up to $900,000 a
>>   month, and it is increasing still."
>
>I don't see how this third scam would work in a system such as DigiCash
>which uses online clearing.  Unissued serial numbers would be refused when
>presented for clearing.

In Chaum's DigiCash, the payer makes up the serial number, blinds it,
and has the bank sign it blind, so the bank never knows the number
until the payee deposits it.  So this doesn't work.
(The payee knows the number when he receives it from the payer,
but in online operation he deposits it right away.)
(There are alternative ways to structure transactions so the payee
issues the serial number, or even so the bank does, but they're not needed.)

What the bank _does_ know is whether the total number of digibucks with
its signature on them that it's received is larger than the number it's signed -
so if their private signature key has been stolen by counterfeiters,
they'll know for sure once the counterfeiting level exceeds the amount of
float of outstanding digibucks they've issued; they may suspect it earlier
if the redemption level is high enough that the float statistics look real
funny.

On the other hand, with Chaum's system, what role would the US government
have in issuing digibucks, rather than banks doing it?  The one-big-bank
approach doesn't scale well, though I suppose the Feds could pay member banks
with digibucks instead of paperbucks or journal entries if they wanted to,
and FedBucks might be more spendable in some markets than VisaBucks or
TwainBucks
or MeritaKroner or HKL$ or YakuzaYen or Chemical$ or CocaRubles.

>If this kind of scam, particularly the counterfeiting scam,
>occurs too often, public trust in the cash will disappear, and people will
>refuse to buy it.

In a  multiple-bank scenario, that works fine.  With a government-issued
legal-tender digital currency, it's an offer you can't refuse...

>Note that people trying to maintain anonymity are particularly vulnerable
>since they have to hold cash for a period of time to defeat traffic
>analysis attacks.

Holding digital cash for a long time isn't difficult - it's easier than
holding paper cash for a long time, since you can keep multiple encrypted
copies (so stealing them isn't very useful to the thief and isn't as
damaging to the victim), and you can stash floppies in smaller, less armored
safe deposit boxes than you'd need for large quantities of cash.
Of course, if you happen to become dead while you're storing it,
the paper cash is far more useful to your heirs, so I assume we'll have
a government-sponsored cash-escrow system announced soon to protect
the government's interest in collection of inheritance taxes...
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215