Untraceable Digital Cash, Information Markets, and BlackNet

("Governmental and Social Implications of Digital Money" panel at<br>CFP<br>'97)

Tim May

Corralitos, CA

tcmay@got.net

1. Introduction

In agonizing over what to include in my 8 or 10 minutes of talking, and<br>my<br>handful of pages here, I realized it would be best to concentrate on a<br>specific example rather than speak in generalities or try to educate folks<br>about what digital cash is, how it works, how regulators and law<br>enforcement types will try to control it, etc. I use an experimental--and<br>controversial--experiment I released on the Net several years ago,<br>BlackNet, as this example.

2. Anonymous Digital Cash

The focus here is on true, untraceable digital cash, offering both<br>payer and payee untraceability (anonymity). Mundane digital money,<br>exemplified by on-line banking, ATM cards, smartcards, etc., is not<br>interesting or important for CFP purposes. Payer-untraceable (but<br>payee-traceable) digital cash can also be interesting, but not nearly as<br>interesting and important as fully untraceable digital cash.

The implications of general digital money for national economic or<br>monetary policy is also not the focus here. I'm neither an economist nor a<br>policy expert, so effects on M1, M2, velocity of money, balance of<br>payments, etc., are for others to think about. I don't expect<br>earth-shattering effects anytime soon.

Digital cash will of course take many forms. Some digital cash will be<br>similar to small denomination coins. Some will be more similar to<br>cashier's checks, certificates of deposit, wire transfers, etc. The<br>"ecology of digital money" is yet to be evolved.

3. Is Digital Cash Really Coming?

Whether digital cash is going to be deployed or not, whether it will be<br>allowed to come or not, how various countries will react, etc., is of<br>course unknown to any of us at this time. The best we can do is to look at<br>some probable implications, and discuss the difficulties involved in<br>trying to control it. (I am especially dubious about static analysis, as<br>in analyzing what happens if digital cash is "allowed" or is "banned." The<br>actual future development will involve partial restrictions, workarounds,<br>moves, and countermoves. Digital cash will not develop in a regulatory<br>vacuum, nor will simple acts of legislation stop it. The best we can do<br>here is to discuss some likely implications if certain aspects of digital<br>cash are deployed.

4. The Technology is Here

Technologically, digital cash is already here. Early versions are<br>already available from banks such as Deutsche Bank and Mark Twain Bank,<br>both affiliated with DigiCash, Amsterdam, the company founded by digital<br>cash inventor David Chaum. These current versions are not necessarily both<br>payer and payee anonymous, but they can be made fully anonymous with some<br>simple additional steps. (On-line clearing offers major advantages.<br>Anonymous bank accounts--offered of course in various countries--also make<br>for a straightforward form of full anonymity.)

The original papers of David Chaum discussed full payer- and<br>payee-untraceability in the context of on-line clearing, using his<br>patented blinding algorithm. (Blinding of numbers submitted to a mint is<br>the key idea to ensure untraceability. Chaum's various papers discuss this<br>in detail.) More recently, Chaum appears to be pushing for a<br>"banker-friendly" (or perhaps regulator-friendly) system in which part of<br>the untraceability is sacrificed. However, nothing in the basic theory<br>makes full untraceability unachievable, and several proposals have been<br>floated to provide true digital cash.

5. "Anyone a Mint"

Recent work by Ian Goldberg of UC Berkeley, and similar work by Doug<br>Barnes, Hal Finney, and others, makes a truly anonymous digital cash<br>system possible. Goldberg's scheme allows "e-cashiers" and<br>"e-moneychangers" to disintermediate the process and ensure<br>untraceability. Importantly, anyone can essentially become a "mint" of<br>digital cash. (This has another implication: the Chaum patents apply to<br>the blinding operation, done by the "customer," so any particular mint<br>need not license the patent; the customer is supposed to license the<br>patent, as it he doing the blinding operation, but he is untraceable by<br>the mint and others, using remailers.)

"Anyone a mint" means that the artificial distinction between the parts<br>of the "Customer--Shop--Mint" circuit can be removed, with peer-to-peer<br>transfers. As with real cash, peers can exchange digital cash with each<br>other, and there is not necessarily a special status for "shops," or even<br>"mints." One way to look at this is that one-way anonymity between the<br>Customer and the Shop can be supplemented with similar one-way anonymity<br>between the Mint and the Shop: 1-way + 1-way = 2-way. The details of how<br>this is accomplished are important, and should be available soon by<br>searching on the keywords.

6. Implications of Anyone Becoming a Mint

This has profound implications. It means that anyone can mint digital<br>cash (not out...