From: tzeruch@ceddec.com
Date: Wed, 25 Jun 1997 01:53:12 +0800
To: cypherpunks@Algebra.COM
Subject: Re: Hettinga's e$yllogism
In-Reply-To: <v03020929afd325266f9d@[139.167.130.247]>
Message-ID: <97Jun24.134510edt.32257@brickwall.ceddec.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 22 Jun 1997, Robert Hettinga wrote:

> You just need to tell them that S909 will kill the commercial internet, and
> all the billions that have been invested in it.

More to the point, it will kill the commercial internet within the US.  We
could ban steelmaking for environmental or safety reasons, which would not
stop it, but then our steel producers and automakers would be out of
business.  I think the US may have one, maybe two years before we lose the
entire crypto industry to overseas.  We may still write the academic
articles, but all the software and hardware will be imported.  After all
the problems about losing jobs, we are actively destroying this sector of
high technology.

> >  Digital Commerce *is* Financial Cryptography,
> >  Financial Cryptography *is* Strong Cryptography,
> >  therefore,
> >  Digital Commerce *is* Strong Cryptography.
> >  and, therefore,
> >  No Strong Cryptography, no Digital Commerce.
> 
> ... why wouldn't escrow work ...

Because the government could retroactively reverse transactions.  Currency
is only as good as far as it is trusted.  Would you accept a transaction
that if the government opened the crypto, and found that the person that
sent you the cash was a drug dealer, which meant that all your finances
are thus contaminated with "drug money", and that they would not only
seize the transaction, but all other money?  I think not. 

The goverment could also open the note and spend it before you did (for
things like back taxes).  Assuming it is not a janitor working in the
building housing the escrow computer who is doing it.

In effect, key escrow applied to electronic cash is a lein against every
note that can be executed without your knowledge or consent.

There are technical solutions and problems which I can go into further. 
But, briefly, the goverment will want to track all sides, and anything
will require huge computer resources to store the escrowed keys.  That is
unless getting one key unlocks every $20 digital note issued, and then how
do we insure they will only unlock the ones listed in the original
warrant?  And what about stolen or multiply transacted ecash - you can
only unlock the original payer and final payee - I know, make it illegal
to transfer ecash without reporting the transaction!

>From the original use of the touchstone to insure the quality of gold
coins, all monitary units had to have an authentication mechanism.  If the
crypto is weak, notes are easy to forge (analogous to why there are so
many hard to print things on $100 bills).  If you can't tell counterfeit
cash from real cash, you don't accept it, electronic or otherwise.  This
is why the $yllogism works.  Just note that locations that can't verify
checks don't accept them. 

If the government can declare "authentic" currency to have no value
(especially retroactively), the same rule applies, which is why key escrow
is equally damaging.