Re: Anonymous digital cash, on top of bitcoin from Melvin Carvalho on 2013-10-30 (public-webpayments@w3.org from October 2013)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 30 Oct 2013 09:49:28 +0100
To: Niels Möller <nisse@lysator.liu.se>
Cc: Web Payments <public-webpayments@w3.org>
Message-ID: <CAKaEYhLmfSjH_VKgk2dHE9JgDvPb_uJjvN1wtXd7L__VA+MP0A@mail.gmail.com>
On 29 October 2013 08:50, Niels Möller <nisse@lysator.liu.se> wrote:

> Some years ago, for my masters thesis I wrote a prototype system for
> anonymous offline digital cash (a technically solved problem). But it
> was a bit difficult to make it useful in practice without cooperating
> with some established bank, and to banks, anonymity is a very
> unattractive feature.
>

Are you familiar with?

http://opentransactions.org/wiki/index.php?title=About


>
> Today we have bitcoins. I'm not very familiar with how it works, but the
> main feature is that it is decentralized, with no single bank or
> government in control. It is pseudonymous, but *not* anonymous. There's
> the global public database of all transactions ever.
>
> The other day, it striked me that it's possible to create a system for
> anonymous digital cash, with gateways to bitcoin rather than gateways to
> traditional banks. To review how a digital cash system can work, the
> system I worked with (Stefan Brands') was based on the following three
> protocols:
>
> 1. Withdrawal. User withdraws coins from his/her account at the bank.
>    The protocol forces the user's identity to be encoded in into the
>    coins.
>
> 2. Payment. Paying with the coin involves a proof-of-knowledge,
>    constructed. The user's identity is unconditionally hidden, as long
>    as each coin is used only once, but the identity is leaked if the
>    same coin is spent twice. The bank is not a party to this protocol
>    (so it's an "offline" system).
>
> 3. Deposit. The receiver of the coin gives the bank something close to a
>    transcript of the payment transaction. Bank checks for double
>    spending (and can derive the identity of any double-spender), and
>    credits the receivers account.
>
> So coins are single use (not transferable). It's anonymous in the way
> that any party observing only the withdrawals and deposits, e.g., the
> bank, cannot link which coin withdrawal corresponds to which later
> deposit. Traffic analysis may still be possible, depending on volume and
> other circumstances.
>
> Now, to make this system interoperate with bitcoins, add the following
> features:
>
> *  Transfer bitcoins to the bank, and have them credited to your account
>    (or if you like, to anybody else's account).
>
> *  Withdraw bitcoins from your account.
>
> *  Make it possible to do the deposit protocol, without any account at
>    the bank. Instead of crediting an account, the bank gives back
>    bitcoins.
>
> *  Let the bank accept payments (i.e., play the receiver role for the
>    payment protocol) for coins issued by other banks. And credit an
>    account of the payer's choice. Since the other bank is untrusted,
>    there will be some delay while our bank deposits the coins at the
>    other bank and gets bitcoins back.
>
> These additional transaction types are no more anonymous than bitcoin is,
> but that's the price for interoperability, I guess.
>
> Now, anyone can set up such a bank service, without any cooperation with
> any traditional bank or payment processor. Users need to trust the banks
> they choose to deposit money with, obviously, but different banks need
> not trust eachother, and banks don't need to know any "real names" of
> their users.
>
> Some questions:
>
> *  In which jurisdictions is such a service legal? I'm fairly sure it was
>    legal an Sweden some 15 years ago (spoke to a lawyer at my
>    university, and apparently banking regulations don't apply until you
>    start to lend out other people's money, which makes sense). But I'm
>    not sure it still is, with the more recent "money laundering" laws.
>
> *  Any existing organization who could be trusted and willing to run a
>    bank issuing anonymous digital coins? EFF? Mozilla? flattr?
>
> *  Is this on-topic for the web-payments group? I'm not sure if you
>    consider anonymity to be a very important feature.
>
> *  Are there any other *anonymous* payment systems in the works which I
>    should know about? I haven't been active in the area for some years.
>
> Regards,
> /Niels
>
> --
> Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
> Internet email is subject to wholesale government surveillance.
>
>
>
>
Received on Wednesday, 30 October 2013 08:49:56 UTC