Digital Marketplaces Unleashed
Page 55
36.2.6 Infinite Hops
The basic definition of the ultimate digital money shall allow an infinite (practically a large) number of hops between peers. The size of the ultimate digital money token shall not change, neither shall it add signatures or traceable information when changing its holder. This does not exclude the option of a controllable number of hops. The popularity of block‐cipher based approaches cannot stand this criteria because it is the nature of a block‐cipher to accumulate signatures on every hop.
36.2.7 Off‐line “Change”
A major quality of the ultimate digital money would be its ability to be off‐line‐splittable. This is a difficult claim that most available solutions do not satisfy. Off‐line split associates the idea that a digital coin/bill can be split into the “exact change” and the remainder. The “exact change” can be spent whereas the remainder will stay with the payee. The typical problem on most digital money implementations is, that the split amounts need to be re‐signed whereas the signing key is of course not allowed to stay on the user’s side.
The ultimate digital money shall allow unrestricted off‐line splits up to the granularity of the smallest represented value (for the $ or Euro this would be 1 cent).
36.2.8 Online and Off‐line Operations Possible
Despite the fact that the ultimate digital money shall be off‐line capable, it shall also be online‐compatible. Money draft through a Smart Phone shall be possible and also any other banking operations (money transfer). In particular the ultimate digital money shall allow the exchange of digital money with paper based money (ATM draft) and vice versa.
36.2.9 No Forgery Possible
The ultimate digital money shall not be forgeable. This is a basic claim yet it is important to be named since the ultimate digital money shall also be allowed to be copied!
36.2.10 No Double Spending Possible
A copy, however, shall not be able to be used to pay twice with the same bill – this would turn a copy into forgery. The ultimate digital money shall solve this paradox.
36.2.11 No Risk to the Issuer Bank
The ultimate digital money will be risk‐free for the issuing bank. This idea comprises that any duplication, forgery or theft will not lead to any financial damage of the issuer of the digital money. Although this claim may appear to be irritating, this is already partly fulfilled by the present paper based money (= bank notes/coins). Of course managing fake bank notes will not be entirely cost‐free for the central bank, however, faking a banknote does not paralyze or kill an entire currency. In particular a fake bank note does not harm the issuing (central) bank nor any private or bank association.
The ultimate digital money would even improve the situation such that any duplication or (attempt of) generation will intrinsically give neither trouble nor cost to the issuing bank or instance and also cannot harm the digital money system itself.
36.2.12 Shall Not Use Cryptography
One of the hardest claims to the ultimate digital money is, that its representation is not depending on cryptology. While cryptology will be vital to many aspects of handling digital money (storage, transfer, exchange, online etc.). the actual representation of a digital money value shall be free from cryptography and hence not being attackable by cryptology.
The background of this claim is the idea that even if galactical numbers of security are used (e. g. 78,400 bit RSA) it will be hard to convince an issuing instance or central bank that there is no risk to the bank. This is given through the long‐term existence of money (can be traded after 30 years) and the unpredictability of possible attacks through unforeseeable technology (e. g. Quantum Cryptography).
A central bank will still have a hard time to issue 100 Bio. units of digital money if they risk a security breach which today is still out of imagination. As the possible catastrophe is too large, even the security level of nuclear plants will not be convincing to central banks. So the ultimate solution to the ultimate digital money is not to use cryptography at all for the representation of digital money.
As secure cryptography is … there will be enough press out that puts it in question nevertheless. For instance a recent revelation regarding the NSA claims that the old work horses, AES, RSA, etc. have been compromised [2]. Such article does not prove the claim of broken cryptography, however, it can be sufficiently scaring to a decision maker with a potential victim as heavy as a digital money.
36.2.13 Additional Services
If money gets digital, the ultimate digital money shall allow to attach information to allow additional services. This can be qualities for privileges, spending limits, closed group application or purpose of spending – the range shall not be restricted, yet the representation of the ultimate digital money shall allow to attach attributes and these attributes shall be as secure as the digital money itself.
36.2.14 Backing Up Money
One of the qualities of digital money shall be that it can be copied by its legitimate owner, in particular for the purpose of backup. It shall even be possible that the legitimate owner of digital amount shall keep the same “bill” in different devices (backup or duplication) and s(he) would still be able to spent even parts of the “bill”, from any device without having to communicate from one to the other.
The backup idea will be attractive to many users because for the first time in the history of money you would be able to backup money and if the “purse” (= Smart Phone /PC) gets broken, then the money does still exist and can be spent without any administrative interventions.
Account based systems provide this idea of course, but the challenge to the ultimate digital money is to solve this problem without any association to an account.
36.2.15 Instant Invalidation
Directly associated to the backup idea is the instant invalidation. A user would want to invalidate money that s(he) has stored on a device that gets stolen. By returning the backup copy of the stolen money to a financial institution, the user would expect to receive the same amount of fresh money whereas the money in the stolen device is invalidated without having access to the device.
At best, this shall be possible even without having to call an emergency number or the intervention of authorities.
36.2.16 Limited Bad Press
A killer of a digital money system can be a bad reputation which comes from bad press which comes from flaws in the system. The ultimate digital money shall survive successful attacks without raising attraction to bad press. This can be achieved by limiting the maximum possible damage. If for instance a person is robbed today and his/her purse is stolen, there will not be bad press about the systems of bank notes because such a thing cannot be avoided and is not something expected to be solved by the money system. The same shall be possible if the ultimate digital money as being attacked by hacking or typical system attacks. Bad press will not develop if the damage compares to the rather small damage of a stolen purse. Finally the “loss of confidence” will not occur if the attack cannot lead to disastrous results.
36.3 The Evolution of Digital Money
A view on the history of digital money is necessary to understand the basic principles of today’s money systems. Digital money became public around 1990 and about 23 years later it has seen a high public attention through the availability of systems that could be implemented on the growing number of Smart Phones.
36.3.1 DigiCash
One cannot think of the history of digital money without mentioning DigiCash in the first row. DigiCash Inc. was an electronic money corporation founded by David Chaum in 1990. DigiCash transactions were unique in that they were anonymous due to a number of cryptographic protocols developed by its founder. The company failed, but not because of technical reasons.
Digicash is a payment scheme relying entirely on software, i.�
��e. no hardware token is necessary. In addition, one of its most important goals is anonymity.
The so‐called “blind‐signature” scheme guarantees the anonymity. The bank signs coins without knowing their serial number and assigns them to an owner.
A payment between a spender and a receiver involves the bank as a third party: The coins the spender is willing to pay are transferred to the bank. The bank maintains a database of already spent coins. In this way, double‐spending is prevented: The bank will refuse the payment if it realizes that any of the coins in the current transaction is already stored in the database. In spite of that, anonymity is granted, because the bank does not know to whom the coin has been issued at the beginning. In fact, the anonymity is complete, which also means that a thief can steal a coin and spend it without problems.
This implies that each coin can be spent only once. The receiver cannot use it anymore; it must be reimbursed to him by the bank (usually, in the form of conventional money).
This shows the characteristics of the payment scheme: It is anonymous, only software is needed – no secure token, but it involves the bank as a third party for each transaction (which has to maintain a database for digital coins).
Therefore the absence of an online connection cannot be fulfilled: Either the receiver of the payment must have the payment verified immediately (which definitely requires an online connection to the bank), or he must do it off‐line after the transaction, in which case he would possibly realize a fraud too late. Thus, “peer‐to‐peer” payments are not possible or insecure.
36.3.2 Mondex
Mondex was founded in 1990 as an electronic purse with money directly stored in a smart card (and not a background system), with the possibility of a direct transfer of money between purses [3].
The security model for the MONDEX system was confidential. MONDEX didn’t succeed in the long run because of concerns of the banks against purse‐to‐purse transactions. In particular MONDEX required a SmartCard and a small secure device, the “MONDEX wallet” to execute peer-2-peer payments between two persons.
The attraction of MONDEX was made by its ability of off‐line transactions, its major acceptance flaw in the user acceptance came from the fact that people did not want to carry separate electronic devices. Today the Smart Phone is such a device, but its versatility is way beyond that of the MONDEX wallet.
Hence the transport in electronic devices is back and now possible, however, the security level of MONDEX cannot be expected a priori from today’s Smart Phones. The current technology discussed the Trusted Execution Environment which is a step further into the direction of secure Smart Phones.
36.3.3 FairCASH
FairCash is a payment scheme based on digital coins and hardware‐based electronic wallets (so‐called “CASTORs”, Cask for Storage and Transport of access restricted secrets). By using “P2P‐Teleportation”, electronic value is transferred from the spender to the receiver (i. e. the spender’s wallet to the receiver’s wallet).
FairCASH fulfills the principles of anonymity, peer‐to‐peer and transferability, but it has principally the same drawback as “Token money”: It relies on the security of the “CASTOR”, a secure element where the coins are stored. If an attacker manages to create copies of the coins inside his wallet, there is no way to stop or detect him.
The design presented in [4] is sophisticated, but it doesn’t estimate the consequences on the payment scheme as a whole if an attack would nevertheless succeed. If these consequences are unknown, it is also impossible to estimate the ratio of benefit to effort for breaking the system, which is the crucial factor for determining the risk of a successful attack.
36.3.4 Google Wallet and Others
Although no digital cash in the strict sense of the definition, payment schemes offered by strong market players like Google, PayPal and others deserve some attention. Google Wallet [5] is a means for contactless payment, which is currently tied to certain technologies (NFC‐capable mobile phones and Google’s operating system Android). In addition, the user needs a Master card issued by the Citibank or a prepaid card from Google. Therefore, the focus of the concept is rather on the convenient contactless payment procedure than on the advantages of digital cash. Besides, privacy concerns arise because Google could (and will) relatively easily collect data about the consumer’s behavior. Data about the purchased goods are not readily available, but the person and the place and date of payment are.
Facebook Credits [6] (deprecated in 2012) are a similar example for a scheme which does not put privacy at the top of the priority list. It can be expected that other big players will enter the market soon, however the concepts they offer despite a huge advertisement power and the availability of a lot of potential customers cannot compensate the fact that the offered systems are way apart from the idea of ultimate digital money.
The characteristics of “pure” digital cash, for example the possibility to pass cash from one end user to another one, are not in the focus of these schemes.
36.3.5 BitCoin
Satoshi Nakamoto proposed a payment scheme called Bitcoin [7] which is “peer‐to‐peer”, thus fulfilling the requirement of “transferability”. BitCoin is completely independent of an issuing authority like a bank, which makes it attractive to numerous users, but also raises legal and even political issues. In this sense, it is also a reaction to recent financial crashes, inflations and other considerations how to be independent from official banking and state economy. The basis for the Bitcoin concept is the so‐called “b‐money”. A digital coin is designed as a chain of digital signatures. The owner of a coin can be recognized by the owner’s public key contained in the coin. The transfer of a coin from A to B is achieved by adding B’s public key to the coin and signing it with A’s private key. Double‐spending is prevented by storing all previous transactions in the network of peers. Before each transaction get closed the coin’s validity will be checked. The potential trust in the validity of a received BitCoin depends on the number of confirmations collected in a 10‐minute (or longer = better) confirmation cycle minutes which makes BitCoin unusable for the purpose of a typical purchase scenario by digital money (seconds).
Some disadvantages of this payment scheme are documented in [8] and [9]. The major drawback, however, for the serious user who is not considering money as an object of speculation is the idea that Bitcoin does notrepresent a currency but pretends to be a currency on its own.
Fig. 36.1 shows the Bitcoin exchange rate from January 2013 (Black graph). → http://www.coindesk.com/. Although the value was growing from below $20 to a peak of $220 in April, only users who like to gamble on the stock anyway would be enthusiastic about such a rapid change. But what about those who bought in April 2013? They already lost $60 on average until today which is more than 30% of the selling price. And in November the peak raised to 1300 USD falling by 600 USD within about 4 weeks.
Fig. 36.1Bitcoin Exchange rate 2013–2014
Some people pray Bitcoin for being revolutionary, however, they could pray for any other object of speculation except for the fact that Bitcoins are much easier to transfer than papers from the stock exchange.
As common digital money, Bitcoin has never had a chance to exist – it does not get even any close to the idea of ultimate digital money yet it might still have a standing as an electronic token that can be used for speculative actions.
36.4 Finding the Ultimate Digital Money
During our research we scanned many digital money schemes, first we dropped all the account based systems since by definition they would not qualify for a versatile global use.
In Africa it is known that many people do not have bank accounts (a native friend of mine confirmed this and told me that this is due to lack of trust to banks while in ho
useholds there are the most sophisticated hidden corners where (older) people hide their valuables).
The next powerful filter was the off‐line‐option claim. Many suggested schemes did not pass and when we added the third and very hard claim of off‐line‐exchange capability we had already reduced the candidates down to less than five.
It was quite easy to apply the next hurdle which was the demand for a copyable implementation which should still prevent double‐spending. As we had already planned to weaken our claims for the ultimate digital money we were prepared that final stroke of demanding the representation of the ultimate digital money without cryptography filtered out everything.
Everything … but one.
As a matter of fact the last system was not created in a small Gallic village in the North West of France but a candidate who started to become more and more fascinating and finally showed up as the only idea that actually qualified for any of our claims on the way to the ultimate digital money.
It did even have features which exceeded our claims and at the same time it was so simple that at a first glance we were even a bit disappointed that a.) it had not been our idea and b.) that our hard claims could be answered with a system that was simpler that we could have imagined. But maybe that is the idea of geniality.