Re: Ecash without a mint, or - making anonymous payments practical
>On Mon, 27 Sep 1999 [EMAIL PROTECTED] wrote: >> One small final comment: physical cash is not really anonymous (bills have >> serial numbers, and certainly coins may contain secret marks. Why? At 02:47 PM 09/27/1999 -0700, bram wrote: >I believe at least part of the reason is to make heists difficult It also makes basic counterfeiting more difficult - the counterfeiter not only needs to make good-looking banknotes, but needs to put unique serial numbers, rather than taking a single banknote and copying it many times. One effect of changing technology is that serial numbers on cash did not provide much traceability in the past, but they do in the future. There have been various proposals to put bar-coded numbers on cash to make scanning faster and easier, but that's becoming less necessary. OCR technology for reading numbers has become much more affordable, and (either now or in the near future) it would not be difficult to make ATMs which record serial numbers of cash when dispensing it. Recording serial numbers used to be a slow manual process used mainly for kidnap ransom and similar transactions - now it's almost practical for drug payments and soon for everyday transactions. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Ecash without a mint, or - making anonymous payments practical
On Mon, 27 Sep 1999 [EMAIL PROTECTED] wrote: > One small final comment: physical cash is not really anonymous (bills have > serial numbers, and certainly coins may contain secret marks. Why? I believe at least part of the reason is to make heists difficult - Places which have loads of nice new bills almost always have them with sequential serial numbers. There have been many cases of a huge heist getting pulled off successfully and then the robbers were unable to dispose of the cash they got because it was too easy to trace. -Bram
Re: Ecash without a mint, or - making anonymous payments practical
Steve takes an issue with me for my belief that anonymous payments will involve overhead that may make them less popular than non-anonymous payments. He says, > There is no reason to expect anonymous system will be more expensive than > the current book-entry variety, in fact quite the contrary. Of course, it doesn't make any sense that adding any requirement, esp. a non-trivial one such as anonymity, will result in a less expensive system. In particular anonymity does not remove the technical requirements of book-keeping to prevent duplication. But, I don't see the point in arguing about this. Let us implement the best systems - with and without anonymity - and then compare. Again: I'm _not_ against anonymity, on the contrary (even done a bit of research in this area). However my main goal is to facilitate commerce in digital goods and services. I think this is a difficult goal as it is without adding the anonymity requirement. I feel better knowing that this will not prevent anonymity solutions, since the hybrid approach allows them to be an extension of the basic payment scheme. One small final comment: physical cash is not really anonymous (bills have serial numbers, and certainly coins may contain secret marks. Why? Best Regards, Amir Herzberg Manager, E-Business and Security Technologies IBM Research - Haifa Lab (Tel Aviv Office) http://www.hrl.il.ibm.com New e-mail: [EMAIL PROTECTED] New Lotus notes mail: amir herzberg/haifa/ibm@IBMIL
Re: Ecash without a mint, or - making anonymous payments practical
Amir Herzberg writes: > (btw, I really wonder what's the point of having a technical discussion > incognito... I hope this is not for a really good/bad reason such as > you are living in some dark country) Yes, regrettably many of us do live in a dark country. Public discussions of cryptographic technology in a forum which is transmitted overseas are outlawed, at least if the discussions might lead to the development of cryptographic software (which would be the case for any but the most abstract topics). Such discussions entail the provision of technical assistance to foreigners and are forbidden by section 744.9 of the United States Code of Federal Regulations. Regarding the benefits of combining anonymous and non-anonymous payment systems: > Second, and more essential, there are some important advantages e.g. in > efficiency to non-anonymous payment mechanisms. Some people have been loudly arguing the opposite, that anonymous payment systems are inherently more efficient than non anonymous ones. For one thing, anonymous systems would tend to have lower record keeping costs because there are fewer records to keep. Also, transactions close and clear immediately because there can be no way to reverse them due to their untraceability. Of course these general considerations don't necessarily dominate the specific details of any particular payment system, and indeed proposed anonymous systems like DigiCash had a spent coin list and other overhead which could make them more costly.
Re: Ecash without a mint, or - making anonymous payments practical
At 01:36 PM 9/26/99 +0300, [EMAIL PROTECTED] wrote: >There are two reasons. First, as you say below, there is simply the reality of >there being multiple systems. Second, and more essential, there are some >important advantages e.g. in efficiency to non-anonymous payment mechanisms. >BTW, non-anonymous here does not necessarily mean `identity-based`, but rather, >payment mechanism which do not offer complete, secure anonymity. The problem is >of course that if such non-anonymous payment mechanisms are common, it may I wonder, if anonymous systems should get the lion's share of attention so that the shoe is on the other foot, how will you see this situation? >become difficult to convince merchants to support also an anonymous payment >mechanism (with relatively few customers - assuming most customers will not be >willing to `pay` for the anonymity). There is no reason to expect anonymous system will be more expensive than the current book-entry variety, in fact quite the contrary. Furthermore customers choosing the >anonymous mechanism may attract attention to themselves (I guess the use of >`anonymous` for e-mail is a good example!). No more than cash. --Steve
Re: Ecash without a mint, or - making anonymous payments practical
[EMAIL PROTECTED] wrote: > > Anonymous says, (btw, I really wonder what's the point of having a technical > discussion incognito... I hope this is not for a really good/bad reason such as > you are living in some dark country), Frankly, I'm somewhat surprised. There are several really obvious reasons for having technical discussions anonymously: a) You don't have to live with any embarassing mistakes you may make b) If you are discouraged from having the discussion (e.g. by NDA, contract, disapproving boss), you still can c) You don't necessarily give away what your company is up to d) Men in black 'copters find it harder to know who to spirit away :-) But what most surprises me is that you think identity matters _at all_ in a technical discussion. Surely the discussion stands or falls on its merit, and nothing else? Now, if only I'd thought of a) before! Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
Re: Ecash without a mint, or - making anonymous payments practical
Anonymous says, (btw, I really wonder what's the point of having a technical discussion incognito... I hope this is not for a really good/bad reason such as you are living in some dark country), > Hmmm... sounds like you are saying that if you had an anonymous payment > system you could use it to buy "checks" in your non-anonymous system. > But if you already had the ability to make anonymous payments, why bother > with your system? I can go to the bank and buy a cashier's check for > cash, then make a payment with it, but I could just as easily have paid > with cash directly. There are two reasons. First, as you say below, there is simply the reality of there being multiple systems. Second, and more essential, there are some important advantages e.g. in efficiency to non-anonymous payment mechanisms. BTW, non-anonymous here does not necessarily mean `identity-based`, but rather, payment mechanism which do not offer complete, secure anonymity. The problem is of course that if such non-anonymous payment mechanisms are common, it may become difficult to convince merchants to support also an anonymous payment mechanism (with relatively few customers - assuming most customers will not be willing to `pay` for the anonymity). Furthermore customers choosing the anonymous mechanism may attract attention to themselves (I guess the use of `anonymous` for e-mail is a good example!). So I think my simple hybrid proposal makes sense. > Of course in practice it is helpful to have money changers who can > convert between different payment systems, since there are so many > competing proposals in the world. Agreed. > > We actually will have the necessary APIs in merchant and buyer to allow > > integration of such an anonymous payment mechanism with the next release > > of IBM Micro Payment (1.3, next month). We may later on implement this > > ourselves if customers are interested, but frankly I prefer to see others > > implementing it; for one reason, as you know, there are multiple patents > > regarding anonymous payments, so it will be a pain to do this (in IBM). > http://www.ecoin.net/mmdh is a project based on Wagner blinding which > is thought to escape patent protection. Perhaps this would be a good > starting point for a blind payment system. Are your APIs going to > be public? Thanks for the pointer. Of course, as long as the anonymity is provided by somebody else, I don't need even to worry about the patents... so much the better... And yes, of course we're going to publish our APIs. We actually published also the APIs for version 1.2 (see the manuals in our site) but then, version 1.3 is almost a complete re-write of the system and in particular we've dramatically improved the APIs - so better wait for them. We hope to be able to publish them in time for the IETF BOF on Micro Payments (BTW I'm still looking for presentations and interest in this event - let me know if you want to present, or event just confirm to me that there is interest in the BOF and in at least us proposing our protocols). Discussions of the BOF are in [EMAIL PROTECTED] Best Regards, Amir Herzberg Manager, E-Business and Security Technologies IBM Research - Haifa Lab (Tel Aviv Office) http://www.hrl.il.ibm.com New e-mail: [EMAIL PROTECTED] New Lotus notes mail: amir herzberg/haifa/ibm@IBMIL Anonymous <[EMAIL PROTECTED]> on 24/09/99 00:44:47 Please respond to Anonymous <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], micropay@IBMIL cc:(bcc: Amir Herzberg/Haifa/IBM) Subject: Re: Ecash without a mint, or - making anonymous payments practical Amir Herzberg says, > Anonymous says, > > > It is still worth considering how to create anonymous payment systems > > which could be more compatible with other elements of present day society. > > I think we can do this, indeed, we can achieve an even stronger goal: > a payment mechanism that will support anonymous payments for people > so wishing, while allowing other people to use non-anonymous payments > (which will always have some advantages), without allowing merchants to > identify the anonymity-seekers. Yes, of course you could add identification to an anonymous payment system simply by having people reveal their identities. Anonymity infrastructures offer users the option to hide their identities, but they can't stop people from revealing pseudonyms or true names. > The method is simple and can use any anonymous payment mechanism. Consider > for simplicity a buyer, seller and a billing server (payment system > provider - bank, telco, etc. - `billing system` is the term we use > for this party in IBM Micro Payments). The payment system supports > pre-certified payments, which are payments (to the seller) signed > directly by the bi
Re: Ecash without a mint, or - making anonymous payments practical
Amir Herzberg says, > Anonymous says, > > > It is still worth considering how to create anonymous payment systems > > which could be more compatible with other elements of present day society. > > I think we can do this, indeed, we can achieve an even stronger goal: > a payment mechanism that will support anonymous payments for people > so wishing, while allowing other people to use non-anonymous payments > (which will always have some advantages), without allowing merchants to > identify the anonymity-seekers. Yes, of course you could add identification to an anonymous payment system simply by having people reveal their identities. Anonymity infrastructures offer users the option to hide their identities, but they can't stop people from revealing pseudonyms or true names. > The method is simple and can use any anonymous payment mechanism. Consider > for simplicity a buyer, seller and a billing server (payment system > provider - bank, telco, etc. - `billing system` is the term we use > for this party in IBM Micro Payments). The payment system supports > pre-certified payments, which are payments (to the seller) signed > directly by the billing server. In this case, the buyer's identity > obviously does not need to appear in the pre-certified payment (it > is simply a payment - like a check - from billing server to seller). > So all the buyer really does is `buy` this pre-certified payment. Now, > obviously, if the billing system allows, the buyer may use anonymous > payment protocol to buy the pre-certified payment, in which case (and > assuming all communication is anonymized) we have complete anonymity > (from billing system and from seller). Hmmm... sounds like you are saying that if you had an anonymous payment system you could use it to buy "checks" in your non-anonymous system. But if you already had the ability to make anonymous payments, why bother with your system? I can go to the bank and buy a cashier's check for cash, then make a payment with it, but I could just as easily have paid with cash directly. Of course in practice it is helpful to have money changers who can convert between different payment systems, since there are so many competing proposals in the world. So it would be useful if you could in fact accept some kind of anonymous payment system and translate it into your own currency. This is more of a financial problem than a technical one, though. > We actually will have the necessary APIs in merchant and buyer to allow > integration of such an anonymous payment mechanism with the next release > of IBM Micro Payment (1.3, next month). We may later on implement this > ourselves if customers are interested, but frankly I prefer to see others > implementing it; for one reason, as you know, there are multiple patents > regarding anonymous payments, so it will be a pain to do this (in IBM). http://www.ecoin.net/mmdh is a project based on Wagner blinding which is thought to escape patent protection. Perhaps this would be a good starting point for a blind payment system. Are your APIs going to be public?
Re: Ecash without a mint, or - making anonymous payments practical
Anonymous says, > It is still worth considering how to create anonymous payment systems > which could be more compatible with other elements of present day society. I think we can do this, indeed, we can achieve an even stronger goal: a payment mechanism that will support anonymous payments for people so wishing, while allowing other people to use non-anonymous payments (which will always have some advantages), without allowing merchants to identify the anonymity-seekers. The method is simple and can use any anonymous payment mechanism. Consider for simplicity a buyer, seller and a billing server (payment system provider - bank, telco, etc. - `billing system` is the term we use for this party in IBM Micro Payments). The payment system supports pre-certified payments, which are payments (to the seller) signed directly by the billing server. In this case, the buyer's identity obviously does not need to appear in the pre-certified payment (it is simply a payment - like a check - from billing server to seller). So all the buyer really does is `buy` this pre-certified payment. Now, obviously, if the billing system allows, the buyer may use anonymous payment protocol to buy the pre-certified payment, in which case (and assuming all communication is anonymized) we have complete anonymity (from billing system and from seller). We actually will have the necessary APIs in merchant and buyer to allow integration of such an anonymous payment mechanism with the next release of IBM Micro Payment (1.3, next month). We may later on implement this ourselves if customers are interested, but frankly I prefer to see others implementing it; for one reason, as you know, there are multiple patents regarding anonymous payments, so it will be a pain to do this (in IBM). Best Regards, Amir Herzberg Manager, E-Business and Security Technologies IBM Research - Haifa Lab (Tel Aviv Office) http://www.hrl.il.ibm.com New e-mail: [EMAIL PROTECTED] New Lotus notes mail: amir herzberg/haifa/ibm@IBMIL