From: rah@shipwright.com (Robert Hettinga)
To: Hal <hfinney@shell.portal.com>
Message Hash: e347aea30858dccc840f2a9143081d8daeb099b1d3864d12bb07ae7fe0d57c6e
Message ID: <199408280517.BAA15363@zork.tiac.net>
Reply To: N/A
UTC Datetime: 1994-08-28 05:17:41 UTC
Raw Date: Sat, 27 Aug 94 22:17:41 PDT
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 27 Aug 94 22:17:41 PDT
To: Hal <hfinney@shell.portal.com>
Subject: Re: Cash, cheaters, and anonymity
Message-ID: <199408280517.BAA15363@zork.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain
Just getting caught up here. Started backwards, and cut out most of what is
addressed already. I swore I wouldn't touch Tim's posts, for all the
trouble I seem to get into when I do, but, well, here goes, anyway...
At 11:46 PM 8/25/94 -0800, Timothy C. May wrote:
>(Coins and cash bills are really "on-line clearing" though, in that their
>existential properties make them acceptable immediately; they are not
>replicable, at least not easily, and hence can be conserved in transations.
>All the usual stuff about the nature of cash money.)
I thought that was the definition of off-line, Tim. If you can be
reasonably certain, without running to the issuer on every transaction,
that a piece of digital cash will be worth a dollar when you cash it out to
get it off the net, then you have something whose existential properties
make it acceptable, right? If you have to run a piece of paper money to a
bank in order to cash it into something more stable wouldn't you consider
that more of an "on-line" transaction?
>"Zero knowledge interactive proof systems" have been used for password
>systems; no amount of past snooping or eavesdropping helps. (Of course, the
>user still has to have physical security over his local computer, or PDA,
>dongle, or secret decoder ring.) This seems like a readily-solvable problem
>(and one we already accept with existing ATM machines).
I really like this concept in a bunch of different applications, most
importantly, the ability to keep my personal history out a gajillion
databases someday.
>THE INCREDIBLE IMPORTANCE AND ELEGANCE OF ON-LINE CLEARING
Tim put a whole lot of stuff here, all of which I agree with, including the
concept of whoever gets to the train locker first, gets the loot. Except
I'm confused about why he doesn't think that if confidence is maintained in
the very same online scenario he just described (chaumian blinding, etc),
that extending it to off-line use is not too difficult, and that for a very
large percentage of transactions may be more useful, *if* the veracity of
the digital cash is still there.
I think that people *will* do predominately on-line transactions early on,
in a scheme which uses the ability to pass cash through several
transactions before getting cashed out.
I believe that if I were an underwriter, I would get more business if
off-line transactions were pretty much as safe as on-line ones. That
implies exposing double spenders, and that may or may not imply positive
identification. In schemes where I have an ATM gate, I let the referring
bank vouch for the identity of the person buying digital cash with real
money. It's also easy to see that only a bank customer (and thus
identified) could bring cash off the net to be deposited either. It's
easy to see how there may be holes in this scenario over time. And, if a
"self-credentialed" nym out there touches a piece of cash in the daisy
chain, who cares? If that same nym double-spends money I underwrote, then
the person who shows up at my "train locker" is shit out of luck, but they
have the identity of whoever dunnit (however useful that may be). As
underwriter, however, I reserve the right to go after the offending
double-spender with a pair of dull spoons (or with the law, whichever is
easier) if he did it on purpose, because he's messing with the efficacy of
my business.
>IS PROOF OF PHYSICAL IDENTITY NEEDED?
[snip]
>The danger of making the "person who withdrew it" a culprit if the money
>has already been "spent" is clear: he is just as likely to be an innocent
>victim of a setup as the guilty party.
I agree. This is why cash which unmasks double-spenders is important.
>UNTRACEABLE MARKETS FOR ASSASSINATIONS
This, and other "perfect crime" argments make me a little bit
uncomfortable. But not because they're right. It's because there's a forest
and trees mentality at work here that's readily apparent to people outside
the argument. It's like Alexander and the Gordian Knot. Just cut the damn
thing in half.
In this case, even though there's a perfect double blind, there are still
two crimes being committed, (buying a hit, killing someone, three really,
acting as agent for a hit). All unknown, all untraceable. The person who
ordered the hit knows he did it. The person who arranged the hit knows she
did it. The person who made the hit knows he did it. At some point one or
all links in that chain of silence will break. In normal criminal procedure
that's it. All is known. In this case it isn't. But, on a separate,
independent basis, one of those people *ever* tells anyone, that person
knows, and maybe snitches someday. Depending on how perfect the criminal
is, evidence will be left, confessions will be made, and, who knows, maybe
the guilty party goes to jail. Actually, that's how most cases are solved.
Someone rats on somebody, and gives the cop an excuse to snoop around and
find something else which incriminates the culprit.
The upshot is, the independence of the events doesn't make a crime less
amenable to most criminal procedure. It's like our friend Binky, the third
(International Drug Trafficking) horse of the apocolypse. There isn't a
direct chain of evidence linking him to each and every crime he directly
committed, much less the second and third order effects of his actions.
But he was there in Columbia with a monsterous pile of cash and no visable
means of support. Hung with other drug types. If it walks like Binky, and
quacks like Binky, hey, it's Binky, right? Find a few times when he was
messy, find a few snitches, presto, changeo, Binky's in jail.
You can assume all the perfect crimes you want, but, just like the argument
about the evil guy in Plato's Symposium, who did only right deeds but was
an evil man nonetheless, you come to silly conclusions. People aren't
perfect. They screw up more often than not. They get caught. When they
don't get caught, that's tough, but I wouldn't bet the rent on the
possibility of it consistently happening.
>THE DANGER OF EVER USING PHYSICAL IDENITY VERIFICATION
>Danger! Danger! Danger! Any such system, that relies on physical IDs is
>substantially less private that banks today in many countries, and is not
>at all what I would call "digital cash."
>
>On-line clearing makes this unnecessary.
So do offline systems, I thought. I thought it was easier to do an offline
trade with a nym, than an online one. I bet that you would have a huge
problem putting up an anonymous on-line system. Without fiating your own
country into the argument, I mean.
>Hal says:
>>Without the authentication, you're not going to have off-line cash,
>>IMO. You will be stuck with on-line systems in which everyone has to
>>verify everything before accepting it. This means you pay a cost in
>>communications overhead and possibly other foregone opportunities.
>
>Agreed. But acceptable with a two-tiered system:
>
>- off-line cash for small transactions, with smartcards, "observer"
>protocols, and with built-in limits
>
>- on-line , immediately-cleared cash for larger transactions, also with
>various agreed-upon limits or requirements
How about a single system that covers both. Isn't it the case that when a
seller in an otherwise offline system deposits cash directly upon receipt
(possibly while the receipt of cash is happening) you have something
equivalent to an on-line system?
Isn't it also the case that if the last person to the train locker loses,
then trust of nyms will be sort of forced to happen eventually? It seems to
me that people won't waste their time instantly depositing their digital
cash revenue the second they get it if the currency doesn't get bounced.
___________________________
There. Let me say here that Tim May is one of the major reasons I read this
list. This posting that I'm replying to is easily the best one he's made,
probably anyone's made, since I got here a few months ago.
Having said that, fully expect him to piss on my shoes, for any of a number
of reasons. I've put on my sea boots as precaution. Fire away, Tim. :-).
Cheers,
Bob Hettinga
-----------------
Robert Hettinga (rah@shipwright.com) "There is no difference between someone
Shipwright Development Corporation who eats too little and sees Heaven and
44 Farquhar Street someone who drinks too much and sees
Boston, MA 02331 USA snakes." -- Bertrand Russell
(617) 323-7923
Return to August 1994
Return to “rah@shipwright.com (Robert Hettinga)”
1994-08-28 (Sat, 27 Aug 94 22:17:41 PDT) - Re: Cash, cheaters, and anonymity - rah@shipwright.com (Robert Hettinga)