The Crypto Winter
Tim May
tcmay at got.net
Mon Nov 19 11:46:45 PST 2001
On Monday, November 19, 2001, at 10:29 AM, Adam Shostack wrote:
> | 6. The failure to get true digital money. Call it what you like,
> | "digital cash" or "ecash" or even one of Hettinga's pet names, but the
> | fact is that for both political and technical reasons we don't have
> | digital cash. This has ripple effects for nearly all of the constructs
> [...]
> | This failure to get workable untraceable digital cash (true 2-way
> | untraceable, not the bastardized, banker-friendly, government-friendly
> | one-way untraceable form) is the _deep_ reason things are stagnating.
>
> Sad as it makes me, I don't know of any system which allows 2-way
> untracability and fraud prevention. Can you point me to one? With
> trustworthy reputation systems, you might be able to get away from
> this problem. I don't know of any reputation system that I'd trust
> for a multi-hundred dollar transaction today.
Doesn't the Barnes/Goldberg "moneychanging" protocol effectively
symmetrize the untraceability?
Even if the protocol is payer-untraceable-but-payee-traceable, the
moneychanging protocol makes both untraceable. (Alice-Bob-Charles.)
I'm not handwaving here, I hope, but the lack of blackboards and enough
time (on all of our parts) to make sure our notation is correct, makes
it tough to argue. Folks should go back to several articles written by
Ian, Doug, and others. Circa 1996-7, as I recall. Also, some demos as CP
physical meetings.
There are issues of one party receiving part or all of the items being
transferred and then burning the other party. And if the items, whether
ecash or software or whatever, require later authorization/turn on to
complete the transaction, there are further burning opportunities. (Note
that this is not a problem unique to digital cash. There are always
prospects for a merchant taking the money and then saying "Bye," or "I
already gave you the stuff." Or delivering defective products. This is a
kind of "handover deadlock" which, nonetheless, has not halted commerce
of various kinds. Even at flea markets, where the sellers and buyers are
largely anonymous. I realize that digital commerce systems have higher
requirements, for the same (basic ontology of the world) reasons that
security flaws in digital systems may be exploited far more rapidly and
devastatingly than, for example, a security flaw at my house.)
My _intuition_ is that an ecology of agents each exchanging digital
money, even if the system in only uni-directionally untraceable, with
"anyone a mint," goes a long way toward solving the problem. Squares the
circle, so to speak. Throw in escrow agents and intermediate holders,
bonded with nyms, and I see no particular reason why two-way
untraceability is not feasible.
But let me make a meta-point:
We know that David Chaum, for various reasons, initially claimed two-way
untraceability. We also know that he later emphasized offline clearing
and "monitors" to deal with double-spending and repudiation problems. He
also appeared to emphasize payer-untraceability (so that Alice could not
have her purchases tracked by BobCo Enterprises) and claimed at one
point that he could not see any need for payee-untraceability.
(I refuted this to his face at a CFP, circa '97, by citing Bob the
Seller of Birth Control Information, facing arrest and whatnot if caught
selling banned information. This is just one of a huge class of
situations where sellers are as much at risk as buyers. David had no
answer, saying "Hmmmhhh...I'll think about it," or words to that effect.
Him being an obviously very bright thinker, and him having spent many
years thinking about these issues, I was and still am at a loss to
understand why he would think payee untraceability is not needed.)
So, here's the punchline,
Regardless of companies trying to make money, not be run out of business
by money laundering laws, trying to be banker- and Homeland
Fascism-friendly, IS THERE A FUNDAMENTAL REASON WHY TWO-WAY
UNTRACEABILITY IS NOT "POSSIBLE."
I believe counterexamples have already been developed, showing there is
nothing wired into the nature of mathematics that makes two-way
untraceability impossible. I'll save these examples for later.
--Tim May
"As my father told me long ago, the objective is not to convince someone
with your arguments but to provide the arguments with which he later
convinces himself." -- David Friedman
More information about the cypherpunks-legacy
mailing list