1993-11-19 - Re: All our eggs in one basket?

Header Data

From: jim@bilbo.suite.com (Jim Miller)
To: cypherpunks@toad.com
Message Hash: 111bb55d0c461d362b1491e96bc94186bca4f7438f1b9742ae7bf74256ad3716
Message ID: <9311191945.AA08821@bilbo.suite.com>
Reply To: N/A
UTC Datetime: 1993-11-19 19:46:58 UTC
Raw Date: Fri, 19 Nov 93 11:46:58 PST

Raw message

From: jim@bilbo.suite.com (Jim Miller)
Date: Fri, 19 Nov 93 11:46:58 PST
To: cypherpunks@toad.com
Subject: Re: All our eggs in one basket?
Message-ID: <9311191945.AA08821@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain



> How can I prove that the bank did not send me the money? 

> 

> The withdraw protocol must somehow produce a receipt,
> signed by *me*, saying I receiving the money.  If the bank
> cannot present such a receipt, then the arbitrator
> shouldn't believe that the bank really sent the money.
> 

> Yet why would I sign a receipt before verifying that the
> bits the bank sent me was a valid chunk of digital money? 

> Does this mean the bank sends me valid digital money first
> and I reply with a signed receipt? 

> 


Perhaps the bank would send the valid chuck of digital coin first.

If I failed to reply with a signed receipt, the bank could invalidate the  
digital coin.  I assume the bank could register the coin in a "voided coin"  
registry, placing my "name" in the registry along side the coin's ID.  If I  
kept the coin, without sending a receipt, and later tried to spend it, I would  
eventually get caught.  The coin would make its way back to the bank and when  
it arrived, the bank would see that it was a voided coin and it would know that  
I was the one who first tried to spend it.

Here's the protocol so far:

1) I send the bank a signed request asking to withdraw $10,000.  The bank could  
use this request to prove it was given permission to withdraw money from my  
account.

2) The bank withdraws the money from my account, mints digital coin X with  
value $10,000 and sends it to me.

3) I validate the coin, and send a signed receipt saying I received coin X with  
value $10,000.  If I fail to send the receipt, the bank places my "name" and  
"coin X" in a voided coin registry, and refunds my account for the value of the  
coin.


What if I send the receipt, but the bank puts the coin on the voided coin list  
anyways *and* fails to refund my account?  I would want some way of proving  
that I received a valid coin, sent the receipt, and the receipt was received.

To do this, we modify step 3).  Instead of simply sending the bank a signed  
receipt, the bank and I would engage in a simultaneous contract signing  
protocol which would result in both parties receiving a "receipt" of the coin  
transfer.

If the bank tried to cheat me by putting the valid coin in the voided coin  
registry, I would be able to prove that the bank sent me the coin (I still have  
the coin) and that the bank received a receipt (I have a copy of the  
simultaneously signed receipt).

If I tried to cheat the bank by saying I never received the coin, the bank  
would be able to prove that I *did* received the coin (the simultaneously  
signed receipt indicates that I *said* I received the coin).  The bank also has  
the signed withdraw request proving it was authorized to withdraw money from  
the account.

If I received the coin, yet fail to engage in the receipt signing protocol, the  
bank would place the coin in the voided coin registry.

If the bank withdrew the money yet failed to send me the coin, I could show the  
arbitrator my last two bank statements (before the cheating).  If the bank  
could not produce the transfer receipt for the disputed withdraw, the  
arbitrator would rule in my favor.

How does all this sound?  I'm not claiming to have just invented something.   
I'm just trying to find out if I correctly understand the withdraw of digital  
coins from a digital bank account.


Jim_Miller@suite.com






Thread