1995-01-21 - Re: Why emoney? Why not a web of debt?

Header Data

From: Anonymous <nowhere@bsu-cs.bsu.edu>
To: cypherpunks@toad.com
Message Hash: ab9c9b1d4ab6c084abfe2554ddca85c25bf0c44c498ba8be5b7ef6e94ac91720
Message ID: <199501210809.DAA12896@bsu-cs.bsu.edu>
Reply To: N/A
UTC Datetime: 1995-01-21 08:09:44 UTC
Raw Date: Sat, 21 Jan 95 00:09:44 PST

Raw message

From: Anonymous <nowhere@bsu-cs.bsu.edu>
Date: Sat, 21 Jan 95 00:09:44 PST
To: cypherpunks@toad.com
Subject: Re: Why emoney?  Why not a web of debt?
Message-ID: <199501210809.DAA12896@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



> Date: Fri, 20 Jan 1995 19:36:34 -0500
> From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
> 
> Certainly, that's what money is after all. Pretty much.  But how are you
> going to transfer these IOUs electronically in a way that is relatively
> fraud-proof?  [...]

  By only trading with trusted partners.  Read on...

> And of course, if you want to use these certificates of value anonymously,
> which is what is required to pay for an anon remailer, there are some
> slightly more stringent requirements. The right kind of ecash protocol can
> still handle it.  But Carol probably shouldn't be paying for a remailer in
> CarolBucks (or CarolIOUs, whatever), at least not unless Carol is such a
> big spender that CarolBucks are in wide circulation and used by lots of
> people other then Carol.  Which I guess is possible in your system.

  If the remailer operator trusts Carol, then Carol and the Op can
exchange Op-IOU's for money, or Carol-IOU's for Op-IOU's.  (This is
the base case of the induction for you math geeks.)  Carol can use the
Op-IOU's directly with the Op or 'sell' them to people who want to do
business with the Op.

  If the remailer operator doesn't trust Carol, but there is a chain
of trust from Carol to the remailer operator, then Carol can get IOUs
from someone which the remailer operator does trust.  Call them
Jo-IOUs.  To do this Carol asks Pat who asks ... who asks Jo for an
IOU worth $32.  Carol gives Pat a Carol-IOU worth $32(+transaction fee
is Pat is a greedy sole) in exchange for which Pat gives Carol the
Jo-IOU worth $32 (which Carol got from Pat (which Pat got from some
place only Pat knows for sure)).

  IOU swaps will probably be done under the cover of encryption.
Swaps can also be done with a nice ecash system like Chaum and
Brandt(sp?) have proposed.  But I am not sure it is required.

  Anonymity can come also from the chain of IOU swaps, in the same way
remailers produce anonymity -- each person neglects to tell any others
for whom they carry out IOU swaps.  Sure Pat knows Carol wants a Jo
IOU, but Pat doesn't know why.  Jo could figure out that Jo's IOU went
out to W.Smith, and came back from V.Jones but can't make any
conclusion about weather W. and V. are trading partners or not.  It
would take a conspiracy of each person along the swap path to expose
the real trade.  Alternatively the buyer or seller can out the
transaction.  (But suppose they only know each other via some
anonymous email pool...)

  And privacy (from other than your trading partners) comes from using
encryption during each IOU swap.

  But if you don't trust your trading partners enough to keep quiet
about who you are, by all means use an untraceable ecash system.
(There are other advantages to using blind signatures anyway.)

> A pseudo-anarchist non-state-supported debt system would work fine, but you
> still need a mechanism to transfer your certificates of value, whether they

  Well...  TackyTokens, and a little bit (ha!) of client code (start
with Sameer's?) ought to do the trick.  (So perhaps the original
message's subject ought to have been "Why Ebanks?  Why not a web of
debt-trust?" since it is the central bank I am avoiding here.  Not
tacky tokens.)

  But it isn't really necesary.  Read on...

> [...]  There are advantages and disadvantages to that
> sort of thing, and it might be something interesting to think about, but

  One problem with getting an ecash system off the ground is making
the tokens worth moeny.  The advantage of a distributed web-of-
debt/trust model is that I only need to trade IOUs for US$ with a few
trusted friends.  I don't need to go to any kind of central bank.  No
central bank means no central point to be attacked with guns, hacks,
or taxes.  No central bank means no credit card numbers, money orders,
or green backs mailed away to strangers.

  Another cool thing, and the reason you don't need Chaumian digital
cash, is that the only people you can steal from (or who can steal
from you) are your trusted friends!  If I pass a bogus token in
exchange for a real IOU, then I just ripped off my friend.  The only
place two non-friends interface is at the final buyer-seller
interface.  If the seller refuses to honor the token, the buyer can
ask the friend who gave it to them for a refund, who can ask for a
refund from ... until the token gets back to the thief.  The thief can
either steal from their friend by refusing the refund, or infact honor
the bogus token, and eat the loss (if any).

  One bad thing is anyone can deny service to people by passing bogus
tokens, and then refunding them.  Lukily the friends of the blocker
will notice that when getting tokens through that person, the number
of refunds is higher than average.  In that case, the blocker can be
removed from lists of their friends, and cut out of the economy.

  Denial of service can be prevented another way too -- but it does
require Chaumian blind signatures.  Instead of trading a Carol-IOU for
any old Jo-IOU, Carol might demand a Jo-IOU which is a signature on a
particular (blinded) secret number.  Just as if Carol were doing a
TackyToken protocol exchange directly with Jo.  If Carol gets a thing
from Pat which isn't signed by Jo, Carol complains to Pat.  If Carol
gets a thing which un-blinded isn't a signature by Jo of Carol's
secret number, Carol again complains to Pat.  Symbolically: instead of
a <-> b, then b <-> c, then ... y <-> z; do a -> via b -> via c
... via y -> z signs -> via y ... via b -> to a.  The disadvantage is
that Pr0duct Cypher's Tacky Token code would need to be hacked a bit
more.  And then there is the nasty old issue of algorithm patents.

  Noyb





Thread