Virtual Cash - Part II

Alan L Tyree1

1996

Introduction

In the first article of this series we saw how the mathematics of public key cryptography could be used to create secure payment mechanisms that are analogous to bank issued notes or to bills of exchange and cheques.2 Because of the emphasis on small payments, the methods are usually referred to in the computing literature as "digital coins".

Public key cryptography combined with the keeping of a register of "spent" coins permits us to identify who "possesses" the coins or, if we think in terms of negotiable instruments, the "holder" of the instrument.

In each case the essential feature of the methods is that public key cryptography allows us to translate some of our "paper" notions such as signature and possession into the realm of pure electronic messages. Using public key cryptography we can be certain that a message has not been altered, we can identify those parties who have agreed to the message by means of adding their digital signature and we can identify a unique person who "possesses" the message.3

Anonymous Transactions

Without going into the cryptographic details, the next step in the process is the introduction of "blind signatures".4 These are cryptographic methods which allow us to ensure that the digital coin is genuine, that it is being received in payment for a particular service and that it has not previously been spent, but it does not allow us to identify the payer or any previous "holder" of the digital coin.

Blind signatures permit, in other words, the electronic equivalent of cash. Payments made by such methods leave no trail. This method is now being trialed in the USA and Europe by the DigiCash group in cooperation with local banks.5

Anonymity can be achieved even without the introduction of "blind signatures" if coin issuers are prepared to exchange valid coins for new ones.6 Consider: a customer A is issued with coins by a bank B. Since each coin is identified by serial number the bank could build a spending profile of the customer by noting which merchants return the identified coins. If, however, B or some other bank is willing to exchange coins for new ones then the owner of the new coins may be unknown since all that is needed is a network address in order to conduct the transaction. The owner of the new coins would be unknown.

The motivation behind these developments is to provide a cheap, secure, anonymous method of making small payments via the internet. Payments as small as a fraction of a cent are contemplated by would-be vendors of small amounts of valuable information. It must be appreciated however that this motivation in no way limits the potential of the end product. There is no obvious limit to the size or number of payments which could be made using the methods. The consequences of this will be examined later.

Summary of "digital coins"

It might be useful at this point to summarise the concept of the "digital coin". A digital coin is a message which is digitally signed7 by the issuing bank or other organisation. The contents of the message identify

The issuing bank maintains some record system which guards against the possibility of double spending the coin. The "holder" of the coin is not necessarily known to the bank. When a coin is "spent" the amount is either credited to the account of the payee or the payee is issued with new coins. In the second case, the bank will not necessarily know the identity of the payee.

What's new?

In some ways it may seem that the problems posed by digital cash do not differ significantly from those raised by the introduction of smart cards.8 Smart card systems such as Mondex which allow the transfer of value from one holders "wallet" to another would, on the face of it, seem to differ from digital cash only in the method of transfer.

It is certainly true that all of the problems raised by smart cards are equally applicable to the introduction of digital cash. These problems have been discussed recently both in this Journal and in a paper issued by the Australian Payments Systems Council. Major issues which must be addressed (or settled by default) include:

There are, however, physical and legal restraints on smart cards that help to solve some of these issues. All of the participants in a smart card scheme must be in some continuing contractual relationship with each other in order to make the system viable. In this sense at least, all smart card systems are "closed".9 In order for a smart card system to be commercially viable the card issuer must be an organisation of significant size, thus preventing, or at least limiting, the proliferation of card issuers. The contractual arrangements reduce the need to worry about the legal nature of the smart card transaction. Most smart card transactions will occur within a single legal jurisdiction.

These restraints do not apply to digital cash. Anyone with a computer could theoretically become an issuer of digital cash. Certainly any bank anywhere in the world could establish itself as an issuer of digital cash. Provided there is some commercial mechanism whereby a merchant can be reasonably assured of obtaining ultimate value these digital coins could be used by anyone anywhere in the world to make purchases over the internet.

Further, the parties need not be in any long term contractual relationship with each other. A holder of digital coins issued by one bank is (or may be) free to exchange them for coins issued by a different bank. Issuers are encouraged to make such exchange arrangements since it increases the value of their own coins. The free exchange of coins makes the whole system more attractive to merchants since it broadens their effective consumer base.

In a system that allows the free exchange of digital coins it may be necessary to determine the legal nature of a digital coin. This is because the relationships may no longer be directly controlled by an express contract. To illustrate, a merchant may confidently accept a credit card or a smart card in payment because he or she knows that the contract that they have with the card issuer will guarantee that they receive value for the transaction. No appeal to the general law is necessary.10

By contrast, a merchant who is offered digital coins in payment may have no contractual arrangement with the issuing bank. If the system is to flourish, the merchant must be able to rely upon some general law which governs the relationship of the parties.