- From: Niels Möller <nisse@lysator.liu.se>
- Date: Tue, 29 Oct 2013 08:50:34 +0100
- To: public-webpayments@w3.org
Some years ago, for my masters thesis I wrote a prototype system for anonymous offline digital cash (a technically solved problem). But it was a bit difficult to make it useful in practice without cooperating with some established bank, and to banks, anonymity is a very unattractive feature. Today we have bitcoins. I'm not very familiar with how it works, but the main feature is that it is decentralized, with no single bank or government in control. It is pseudonymous, but *not* anonymous. There's the global public database of all transactions ever. The other day, it striked me that it's possible to create a system for anonymous digital cash, with gateways to bitcoin rather than gateways to traditional banks. To review how a digital cash system can work, the system I worked with (Stefan Brands') was based on the following three protocols: 1. Withdrawal. User withdraws coins from his/her account at the bank. The protocol forces the user's identity to be encoded in into the coins. 2. Payment. Paying with the coin involves a proof-of-knowledge, constructed. The user's identity is unconditionally hidden, as long as each coin is used only once, but the identity is leaked if the same coin is spent twice. The bank is not a party to this protocol (so it's an "offline" system). 3. Deposit. The receiver of the coin gives the bank something close to a transcript of the payment transaction. Bank checks for double spending (and can derive the identity of any double-spender), and credits the receivers account. So coins are single use (not transferable). It's anonymous in the way that any party observing only the withdrawals and deposits, e.g., the bank, cannot link which coin withdrawal corresponds to which later deposit. Traffic analysis may still be possible, depending on volume and other circumstances. Now, to make this system interoperate with bitcoins, add the following features: * Transfer bitcoins to the bank, and have them credited to your account (or if you like, to anybody else's account). * Withdraw bitcoins from your account. * Make it possible to do the deposit protocol, without any account at the bank. Instead of crediting an account, the bank gives back bitcoins. * Let the bank accept payments (i.e., play the receiver role for the payment protocol) for coins issued by other banks. And credit an account of the payer's choice. Since the other bank is untrusted, there will be some delay while our bank deposits the coins at the other bank and gets bitcoins back. These additional transaction types are no more anonymous than bitcoin is, but that's the price for interoperability, I guess. Now, anyone can set up such a bank service, without any cooperation with any traditional bank or payment processor. Users need to trust the banks they choose to deposit money with, obviously, but different banks need not trust eachother, and banks don't need to know any "real names" of their users. Some questions: * In which jurisdictions is such a service legal? I'm fairly sure it was legal an Sweden some 15 years ago (spoke to a lawyer at my university, and apparently banking regulations don't apply until you start to lend out other people's money, which makes sense). But I'm not sure it still is, with the more recent "money laundering" laws. * Any existing organization who could be trusted and willing to run a bank issuing anonymous digital coins? EFF? Mozilla? flattr? * Is this on-topic for the web-payments group? I'm not sure if you consider anonymity to be a very important feature. * Are there any other *anonymous* payment systems in the works which I should know about? I haven't been active in the area for some years. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance.
Received on Wednesday, 30 October 2013 08:28:50 UTC