1994-08-27 - e$: e-cash underwriting

Header Data

From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: db2e45049f1b2629b651c8b90cf99f8bebfb123b777914ecfcf2f228c6aa0e6a
Message ID: <9408271841.AA26491@ah.com>
Reply To: <199408210219.WAA15566@zork.tiac.net>
UTC Datetime: 1994-08-27 19:03:33 UTC
Raw Date: Sat, 27 Aug 94 12:03:33 PDT

Raw message

From: hughes@ah.com (Eric Hughes)
Date: Sat, 27 Aug 94 12:03:33 PDT
To: cypherpunks@toad.com
Subject: e$: e-cash underwriting
In-Reply-To: <199408210219.WAA15566@zork.tiac.net>
Message-ID: <9408271841.AA26491@ah.com>
MIME-Version: 1.0
Content-Type: text/plain

   By the way, I think the problem of double spending is a risk that can be
   managed, like the risk that a bank takes when a check is bounced.

Exactly.  There is some cost incurred by attempts to double-spend, no
matter what the outcome.  The costs are either direct, e.g. redemption
of duplicated notes, or indirect.  Indirect costs include the
implementation of systems to get rid of double spending and the cost
of dealing with rejected transactions when challenged.  In any case,
double spending creates costs.

   The culprit is identified, and it becomes a matter between the
   bouncee (however removed from the criminal transaction), the law,
   and the bouncer.

Why does everyone think that the law must immediately be invoked when
double spending is detected?

Double spending is an informational property of digital cash systems.
Need we find malicious intent in a formal property?  The obvious
moralism about the law and double spenders is inappropriate.  It
evokes images of revenge and retribution, which are stupid, not to
mention of negative economic value.

What is needed are techniques to prevent the possibility of double
spending from taking down the system.  These might include law, and
hence also identity, but need not.  What is the point of an anonymous
system if identity is needed to make it stable?  The contradiction
here is enormous.  The offline cash protocols suffer from this fatal
design flaw, namely, anonymity for "good people" and identity for "bad
people".  Why invoke identity at all if you can do without it?

Having a database of "spent money" is the primary technique for
prevent direct costs from being a problem.  So what is left are
attempts to redeem multiple times the same note.  They won't actually
get redeemed, but if there's a negligible marginal cost for trying,
well, then, some folks will try.

One solution is clear and direct: charge for each redemption attempt.
In that situation, multiple attempts get rejected, and the issuer is
recompensed for the attempt.  No morality need be invoked.

There remains an issue as to the size of this redemption fee, which
would have to be small.  In order to optimize the transaction costs of
charging this fee, a bank might be willing to accept identity in
escrow for the transaction and to remove the fee for good
transactions.  Identity might be a pseudonym revealed after 10 bad
attempts, say.  This system removes the requirement for identity and
substitutes it for an economic optimization based on identity.

An anonymous depositor, however, can still use the system with zero
risk to identity.

   Are there any non-proprietary, public sources of information on these legal
   and regulatory research efforts?  Are there archives of the c'punks traffic
   on this subject that I can look at?

The research efforts are basically my own, Hal's, and Perry's.  There
is no reference other than back traffic, which others can provide.