Call for Founders: Digital Bearer Settlement Email List and

New Message Reply About this list Date view Thread view Subject view Author view

gary@aaa-mainstreet.nl
16 Mar 1998 04:11:13 -0000


> Even a "foriegn" ATM transaction is effectively a loan settled over
> the finanancial ziggurat. That's what those "inflated" ATM fees pay
> for, for the most part: the time value of the money "lent" to you by
> the owner of the machine plus, the cost of running the machine
> itself, and the opportunity cost of not lending it elsewhere. Even

The cost is more likely related to what the customer is prepared
to pay - it's just one part of a big system, and does not necessarily
have to be financially viable by itself.

> Note, finally, that communications networks these days are becoming
> more geodesic (defined: "the straightest line across sphere") and
> less hierarchical, because Moore's Law makes the cost of switching
> information fall by half every 18 months. The internet is the mother
> of all geodesic networks. It's now almost always cheaper to add an
> automated "switch" and break up information into more immediately
> usable pieces for the people who need it most than it is to aggregate
> information and pass it up and then down through a hierarchical
> organization/market/network.

Really? I'm not saying you're wrong here, but this does seem a little
difficult to believe. Comments on this anyone?

> That goes for financial information as
> well: cash, equity, debt, or any derivative thereof. So, how do you
> clear and settle transactions even if you can now execute them
> geodesically? With digital bearer settlement.

The only way we'll see "point to point" transactions is with the
use of stored value smart cards like Mondex, or perhaps a system
where individuals issue their own currency ("trustbucks").

> The Invention of Digital Bearer Settlement
>
> In the mid 1980's cryptographer David Chaum invented a cryptographic
> protocol which would change all that, at least it would when a
> ubiquitous geodesic internetwork made the technology practical.
> Chaum's invention was the blind signature protocol. Using blind
> signatures and on-line reissuance to prevent "double spending", it
> became possible to create unique unforgeable binary objects which
> could be exchanged anonymously and which could still be assigned any
> financial value, as long as the issuing party honors the object's
> implicit promise at redemption. Since Chaum's invention of blind
> signatures there has been an explosion of new cryptographic digital
> bearer settlement protocols, created by some of the best minds in
> cryptography, ranging in designed scale from large macroproject
> financing technology to micro-, or possibly even pico-payment
> systems.

Blind signatures has *nothing* to do with "bearer certificates".
Blind signatures allow the creation of what can be considered
"bankers cheques" (as they are called in the UK) - essentially
a cheque from the bank. The blinding allows the purchase of
these cheques in such a manner that the bank cannot determine
the "serial number" on the cheque, and therefore cannot tie up
withdrawls with deposits. This "bankers cheque" is no more a
bearer device than is a personal cheque.

Sure, physical cheques, both personal and bankers, are bearer
instruments (or at least can be in some circumstances). Digital
cheques, whether banker, personal or any other, *cannot ever*
be a bearer device, since it is simply a chunk of information
that can be copied. The only way to obtain bearer decices in
the electronic world is by the introduction of something
physical into the system, such as a smart card (e.g. stored value
cards like Mondex).

> Put simply, it is now technologically possible to create digital
> bearer certificates representing cash, debt, equity, or any
> derivative thereof.

Completely and utterly wrong. Never has been possible, and never will
be.

> These systems will probably be able to handle
> transactions from very large gigadollar bond issues down to
> bandwidth-purchase transactions in the thousandth or maybe millionth
> of a cent range.

This raises an interesting question - what is the smallest
transaaction likely to be practical. A millionth of a cent
seems very impractical. Comments anyone?

> These cryptographic objects are true digital bearer
> certificates, which, like the paper bearer certificates of old, can
> be traded, cleared, and settled instantly, without years of audit
> trails to prevent non-repudiation, without clearinghouses -- though
> requiring on-line validation/reissue in higher-value cases -- and
> with the minimum possible number of financial intermediaries. For
> instance, in a secondary market transaction for a digital bearer
> bond, the buyer, the seller, and the underwriters of the bond and the
> cash exchanged for it can all effect the trade instantly, with
> completely manageable transaction risk, without either party needing
> to know anything about the other except the reputation of the bond
> and the cash traded for it. All with a cryptographic protocol which
> unmasks any forger mathematically before any fraudulent trade can
> finish execution.

Not true. *All* payment systems require validation of the
"certificate" with the issuer of the currency, assuming you aren't
talking about systems involving physical security (e.g. stored value
smart cards) or trust, which i don't believe you are. In addition,
any trade will always involve a degree of risk with regard to the
trader, but this is manageable, like you say.

> A comparable book-entry bond transaction, taking place in
> "meatspace", would require up to 6 or 7 different financial
> intermediaries besides the buyer and the seller, and would still take
> at least 24 hours to clear at a minimum. And, of course, it would
> also require the implicit physical force of a nation-state to prevent
> repudiation of the trade until everything cleared and settled. Not to
> mention 7 years of audit trails for various regulatory agencies --
> including the tax man. Oddly enough, the closer you get to instant
> settlement, the more costly, and risky, all this becomes relative to
> digital bearer settlement.

HANG ON!!!!! You are comparing *meat space bookentry* with your
electronic system. Compare it to an electronic book entry system,
and you'll find that there is *no way* that it is less efficient
that your system. In addition, the electronic book entry system
works.

> Hence my persistant -- but still unvalidated :-) -- claim that
> digital bearer settlement will prove to be at least 3 orders of
> magnitude cheaper than even electronic book-entry settlement.

Utter nonsense. Electronic book entry settlement will *always*
be at least as efficient as your system. The reason for this is
that there is only one instruction involved when communicating to
the issuer of the currency - the electronic cheque - which consists
of a signed isntruction asking the bank to transfer $X from account
Y to account Z. Your system requires (at least in the usual
circumstances) a withdrawal (a signed request to the bank to
get a certificate for $X, using funds from account Y), and a deposit (a request that the bank
verify and deposit these coins into account Z). So, in the usual
case, book entry requires *one* communication with the bank
(depositing the e-cheque), but the "bearer" system requires
two communications with the bank (a withdrawl *and* a deposit).

Then there are other efficiency issues to consider, such as the
double spending database - the issuer of the currency must maintain
a database of *every* coin deposited *ever*!!! This is an enormous
burden, simple to achieve unlinkability of transactions, which can
be achieved in more efficient ways, such as temporary anonymous
accounts. Sure, there are optimisations available to reduce the
size of the coin database (such as giving coins a certain lifetime)
but this often shifts the problem elsewhere (in the case of
expiring coins, the customers are now forced to regularly deposit
old coins and withdraw new ones). An electronic bearer certificate that
must be deposited and withdrawn every month seems to lack
certain properties of the real world bearer instruments that you are
trying to claim your system offers.

There are other downsides too. Take the "perfect crime" example,
where ransom payments are demanded using unlinkable "bearer"
certificates. This is a serious problem, and there is only
one solution (ignore claims of "one way anonymity" from Digicash -
these claims apply to their *software* not the protocols, and
kidnappers are not likely to use the software that reveals their
id ...). The *only* solution is to use a trusted third party
(an "ombudsman") to allow for revokability of the untraceability.
No bank in it's right mind will use unconditionally untraceable
protocols when it is aware of the issues and when the system
is large enough to pervent statistical tracing of the ransom
payments). So now that we have a trusted third party in the
system, why bother with blinding at all? Just rely on the
trusted third party to provide the unlinkability, since that is after all
what you *ARE* going to get at the end of the day.

Another downside is the lack of receipts from the merchant.
For example, with credit cards, when I buy something, I get a record
of that purchase on my monthly statement. I can use this
statement to prove that I paid the merchant. In electronic
versions of such systems, I may have an electronically signed
document that I can use to prove to a third party (such as a court of
law) that I made a purchase. All this can be done *without the involvement
of the issuer*. This is *impossible* with "bearer" certicate schemes,
since the issuer does not know who to send the receipt to, since it cannot pair up
withdrawls to deposits.

> Divide
> the transaction cost by a thousand, in other words, and that might be
> cost of digital bearer settlement compared to even the most advanced
> book-entry methods possible.

We were running a bond trading system for a year using book entry
style technology. And I assure you that it was more efficient
(from many angles) than "brearer" certificate systems (speaking as someone
who worked at Digicash for a while).

> That's why I think this technology is so
> important, and not just because of its remarkable implications for
> our own personal financial privacy. Economic reality is never
> optional, just like it wasn't when the New York Stock Exchange
> transaction glut in the late 60's resulted in the eventual death of
> physical bearer settlement in the early 1980's. If digital bearer
> settlement actually works, the entire financial landscape is going to
> change. Tectonically.

The only way it might work is with hardware based devices like
Mondex. This makes use of a decentralised database, and is more applicable
to your geodisic bearer certicate system stuff - but if you're thinking
of a software only solution, it can never work.

I don't mean to be offensive here, Bob, but I did try to get
these points across to you at FC97. Why don't you step back,
work out what your requirements are, and see if they can be
fulfilled by something simpler, even if it uses book entry
technology. For instance, passwords can be considered
"bearer instruments" as long as they get changed after every
transaction. So use a book entry system with anonymous accounts
and passwords (like Sparbuchs and passwords, except that Sparbuchs
are physical devices), and see if that fulfils your requirements
of your "bearer" certificate system. If not, try looking at Mondex
or other stored value smart cards (or perhaps consider creating
such a sytem from Secure-ID cards!).

> Remember, the primary reason biometric identity is required for
> book-entry settlement is the lack of security of the actual
> book-entries themselves. At their heart, book-entries are simply
> database fields which require strong access controls, physical
> biometrics, an extensive legal and requlatory apparatus, and, of
> course, police to enforce those laws and regulations against the
> fraudulent "revision", shall we say, of data. The consequence of not

The payment system that ian and I developed was book entry, but there
was no way that a database field could simply be changed in the manner
that you state. Every deposit and withdrawal of phydical cash, and every electronic
cheque and transfer, leads to an electronic receipt. These receipts are signed,
so there is no scope for repudiation. The value of the book entry database field
can be regenmerated from these signed receipts. Should the bank make
a mistake and decrease a customers field, the customer can *prove* (to
a third party, if needs be, without the co-operation of the bank) that
the balance is wrong. Should the account get accidentally increased,
the bank can then later rectify this mistake, and can prove to the
customer what the real balance should be. So please don't criticise
book entries for lack of security - they are *very* secure, and
usually provably so to third parties without the aid of the customer or bank.

> following all of those procedures to the letter can be disasterous,
> as the Leeson affair at Barings can attest. The costs of such a

Bob, what has a rogue trader, and a bank with poor security
practices, got to do with this? I assure you that untraceable
systems such as those you are promoting will prove to be a far
greater tool for the leesons of this world, than book entry systems
with a signed transaction trail.

> <http://www.shipwright.com/>. And again, when I beat to death the
> phrase "digital commerce *is* financial cryptography", because it

Not strictly true - credit cards and first virtual are both popular
forms of Internet commerce. Neither use cryptography. But, yes, I
mostly agree.


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:00 ADT