1995-09-02 - Cyphernomicon, and a section on Escrow and Reputations

Header Data

From: tcmay@got.net (Timothy C. May)
To: CYPHERPUNKS@toad.com
Message Hash: 32698ca4148fd2665a673f113255a6c208a80b53e4abbcde3cd20564ef5390b7
Message ID: <ac6d2ced00021004ee17@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1995-09-02 04:44:22 UTC
Raw Date: Fri, 1 Sep 95 21:44:22 PDT

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Fri, 1 Sep 95 21:44:22 PDT
To: CYPHERPUNKS@toad.com
Subject: Cyphernomicon, and a section on Escrow and Reputations
Message-ID: <ac6d2ced00021004ee17@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I've been asked by two people in e-mail what the "Cyphernomicon" I referred
to in a recent message is. It's been a while since I mentioned it, so I'll
give some details.

In late 1993 I foolishly committed to doing a "Cypherpunks FAQ," as several
earlier attempts had gone nowhere. And since the most frequently asked
question of all is always "Where's the FAQ?," followed closely by "How come
there isn't a FAQ?," the need was there. (As it turns out, the people most
in need of a FAQ seldom read FAQs, but this is another story.)

I finished my first release, a megabyte-sized file done in MORE, a powerful
outline processor (which enabled me to maintain notes, make
cross-references, and generally manage such a huge writing project). I
released it last year, and put it in my anonymous ftp account at
ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom
is often very crowded, though.

I know of a couple of alternative places. A very nice job of HTMLizing it
was done by Jonathan Rochkind, a Cypherpunk, and is located at the URL

http://www.oberlin.edu/~brchkind/cyphernomicon/

Another URL, which is just one large file, is

http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ


The recent thread about the dangers of anonymity and the role of escrow
agents as possible fixes is a good excuse to include one of my
sub-sub-subsections, to also illustrate the structure and expected
contents.

Enjoy it. But, please, don't nag me with suggestions that I should do, or
should have done, the thing in HTML, or using your favorite tool set.

--Tim May


Crypto Anarchy:
Escrow Agents and Reputations



  16.24.1. Escrow Agents as a way to deal with contract renegging
           - On-line clearing has the possible danger implicit in all
              trades that Alice will hand over the money, Bob will verify
              that it has cleared into hisaccount (in older terms, Bob
              would await word that his Swiss bank account has just been
              credited), and then Bob will fail to complete his end of
              the bargain. If the transaction is truly anonymous, over
              computer lines, then of course Bob just hangs up his modem
              and the connection is broken. This situation is as old as
              time, and has always involved protcols in which trust,
              repeat business, etc., are factors. Or escrow agents.
           - Long before the "key escrow" of Clipper, true escrow was
              planned. Escrow as in escrow agents. Or bonding agents.
           - Alice and Bob want to conduct a transaction. Neither trusts
              the other;
              indeed, they are unknown to each other. In steps "Esther's
              Escrow Service." She is _also utraceable_, but has
              established a digitally-signed presence and a good
              reputation for fairness. Her business is in being an escrow
              agent, like a bonding agency, not in "burning" either
              party. (The math of this is interesting: as long as the
              profits to be gained from any small set of transactions is
              less than her "reputation capital," it is in her interest
              to forego the profits from burning and be honest. It is
              also possible to arrange that Esther cannot profit from
              burning either Alice or Bob or both of them, e.g., by
              suitably encrypting the escrowed stuff.)
           - Alice can put her part of the transaction into escrow with
              Esther, Bob can do the same, and then Esther can release
              the items to the parties when conditions are met, when both
              parties agree, when adjudication of some sort occurs, etc.
              (There a dozen issues here, of course, about how disputes
              are settled, about how parties satisfy themselves that
              Esther has the items she says she has, etc.)
  16.24.2. Use of escrow services as a substute for government
           + as in underworld deals, international deals, etc.
             - "Machinery of Freedom" (Friedman), "The Enterprise of
                Law" (Benson)
           - "It is important to note in any case that the use of third-
              party escrow as a substitute for Government regulation was
              a feature of the Northern European semi-anarchies of
              Iceland and Ireland that have informed modern libertarian
              thought." [Duncan Frissell, 1994-08-30]
  16.24.3. Several people have raised the issue of someone in an
            anonymous transaction simply taking the money and not
            performing the service (or the flip side). This is where
            _intermediaries_ come into the picture, just as in the real
            worl (bonds, escrow agents, etc.).
  16.24.4. Alice and Bob wish to conduct an anonymous transaction; each
            is unknown to the other (no physical knowledge, no pseudonym
            reputation knowledge). These "mutually suspicious agents," in
            1960s- and 70s-era computer science lingo, must arrange
            methods to conduct business while not trusting the other.
  16.24.5. Various cryptographic protocols have been developed for such
            things as "bit commitment" (useful in playing poker over the
            phone, for example). I don't know of progress made at the
            granularity of anonymous transactions, though. (Though the
            cryptographic protocol building blocks at lower levels--such
            as bit commitment and blobs--will presumably be used
            eventually at higher levels, in markets.)
  16.24.6. I believe there is evidence we can shorten the cycle by
            borrowing noncryptographic protocols (heresy to purists!) and
            adapting them. Reputations, for example. And escrow agents (a
            form of reputation, in that the "value" of a bonding entity
            or escrow agent lies in reputation capital).
  16.24.7. if a single escrow agent is suspected of being untrustworthy
            (in a reputation capital sense), then can use _multiple_
            escrows
           - with various protocols, caveat emptor
           - n-out-of-m voting schemes, where n escrow agents out of m
              are required to complete a transaction
           - hard to compromise them all, especially if they have no
              idea whether they are being "legitimately bribed" or merely
              pinged by a reputation-rating service
           - Hunch: the work of Chaum, Bos, and the Pfaltzmanns on DC-
              nets may be direcly applicable here...issues of collusion,
              sets of colluders, detection of collusion, etc.




---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







Thread