Author

Topic: Congress ECASH Act for offline digital cash (Read 216 times)

legendary
Activity: 4522
Merit: 3426
April 01, 2022, 12:34:29 AM
#15
... the treasury has to create billions of UTXO and put a utxo on billions of devices. for the initial value creation.. There are no UTXOs.

... simple right each device has a privkey locked to it which is associated to the public key of the UTXO.. There are key pairs, but they are unrelated to UTXOs.

and each TXID is unique and also special because it can only have been made by the treasury.. right? There are no TXIDs.

...i can EASILY.. clone the data and put that exact data on multiple device.. AS-IS How do you gain access to the data in order to clone it?

i do not think you are understanding the problem

That is because nothing you have written has any relevance to what I described. Of the 6 steps I listed above, which is the one that has the problem that I don't understand?
legendary
Activity: 4424
Merit: 4794
i do not think you are understanding the problem
and i guess trying to translate ot to something existing like debit cards as an analogy of something common people do understand is a little over your head

so lets go to basics and only talk in 'bitcoin speak'
firstly..
you have to understand the initial production of value.. the treasury has to create billions of UTXO and put a utxo on billions of devices. for the initial value creation..

lets say the treasury not only done some premined UTXO but also mined the utxo with a secret nonce only they keep. meaning the TXID is a hash with a secret that people dont know but the treasury does..

simple right each device has a privkey locked to it which is associated to the public key of the UTXO..
and each TXID is unique and also special because it can only have been made by the treasury.. right?
meaning only that device can sign that utxo..
thats your thought right....
lets say all of this data is then encrypted along with the app in a special encryption that only self decrypts within the app.

now here is the thing.. without me having any pre knowledge of the private key or the public key or even the UTXO.. or the mined hash nonce or even the data encryption...  i can EASILY.. clone the data and put that exact data on multiple device.. AS-IS

it does not matter how its encoded. because you are NOT trying to decode it.
your not trying to find the private key or the secret nonces or the data's encryption key

your just COPYING IT
you do not need to re-engineer/reverse engineer the firmware software that deencodes it. you just copy the whole thing in its entirety in its encrypted form. no fiddling needed.. sofware firmware in all

in a situation of no network, no audit, no checking between middlemen/services
i can spend my UTXO with you.. and then on another device spend that with someone else.
heck in such a 'offline system' i can just use the same device multiple times with different people. because they are not checking with each other that its been spend before


P.S to mods.. nice april fools. shame the 'smart answers' are not a permanent feature
legendary
Activity: 4522
Merit: 3426
If a device must use a private key to prove its authenticity, then you need the private key.
but you.. HUMAN do not need to know that private key or enter it at every instance.
EG card cloners.

This has nothing to do with credit cards. There would be no magnetic strip. There would be no name, account number, CVV, or expiration date.

This is about two devices communicating and transacting securely. If a person wanted to counterfeit or spoof one of these devices, they would need to access the private keys contained in a device. The private keys are used by the device for authentication as well as to set up a secure communication channel.

Only the device itself has this information. The person holding one of these devices does not have access to any of this information, nor do they need it.

Here is an explanation of how I think it might work:

  • 1. Two devices connect to each other.
  • 2. Each device sends a challenge to the other device to be signed and then verifies the signature. The signature proves authenticity because only authentic devices have the necessary private key.
  • 3. The two devices set up a secure channel.
  • 4. A person enters the amount to send or receive.
  • 5. One device credits itself with the amount and the other device debits the amount.
  • 6. Done. The devices are disconnected.

I'm not an expert, so maybe it isn't that really simple. For example, what happens if the devices are disconnected in the middle of step 5? It seems like it needs to be atomic somehow.
legendary
Activity: 4424
Merit: 4794
If a device must use a private key to prove its authenticity, then you need the private key.

but you.. HUMAN do not need to know that private key or enter it at every instance.
EG card cloners.
the card needs to have the lengthy mastercard number starting with a 5, the expiry and the CVV number, and imagine IF that data was encoded in a way to not be clear text on magnetic strip/simcard/NFC

but here is the thing. the HUMAN does not need to know those 3 pieces of information in clear text up-front to then clone a card. they just copy/paste whatever binary data they grab from one device and put it onto another device as-is, already encrypted..  without needing to crack the encryption to make it cleartext

cloning a card does not need to make the data clear text and then encrypt it again on new device. you just copy the encrypted data without having to know the encryption key
legendary
Activity: 4522
Merit: 3426
That was exactly my first thought, but I now think the idea is doable. I think it can be done if there is a trusted third party.
The trusted third party manufactures devices that can communicate with each other securely to transfer dollars between them. The device would also need to have a way to prove that it is authentic. Of course, the device would need to be tamper-proof. It is assumed that the device won't send more dollars than it has, and it correctly credits dollars that it receives and debits dollars that it sends.
if its just about having a trusted device manufacturer. and not where the value needs a trusted third party multisig co-signer to validate the value at its creation. then thats flawed
first lets deal with the hardware trust... ever heard of card cloning.
even mastercard cant solve card cloning.
...
I'm not talking about a credit card. I'm thinking of a device like a hardware wallet with private keys that cannot be extracted from the device.

point is...... you dont need to extract the private key

If a device must use a private key to prove its authenticity, then you need the private key.
legendary
Activity: 4424
Merit: 4794
That was exactly my first thought, but I now think the idea is doable. I think it can be done if there is a trusted third party.
The trusted third party manufactures devices that can communicate with each other securely to transfer dollars between them. The device would also need to have a way to prove that it is authentic. Of course, the device would need to be tamper-proof. It is assumed that the device won't send more dollars than it has, and it correctly credits dollars that it receives and debits dollars that it sends.
if its just about having a trusted device manufacturer. and not where the value needs a trusted third party multisig co-signer to validate the value at its creation. then thats flawed
first lets deal with the hardware trust... ever heard of card cloning.
even mastercard cant solve card cloning.
...

I'm not talking about a credit card. I'm thinking of a device like a hardware wallet with private keys that cannot be extracted from the device.

point is...... you dont need to extract the private key

you just need to copy ALL data, in any encrypted format into several chips as-is.. it doesnt matter what the device is. take sybil attacks. there is no PoD(proof of device) the recipient only know what it has been told and what it can be told is anything you want to tell them electronically

EG i made adjustments to my full node. it has ectra checks and does different things to core. yet if you look at the useragent it appears as a standard bitcoin core client

. then with multiple devices imitating the original.. like card cloning.. you can use that card/device/fob/widget while the 'real' owner thinks they have their card/device/fob/widget still..

take cloning a bitcoin hardware wallet. i dont need to know your full privatekey/seed. i can just cone the chip data as is. and then just try the 4 number pin 9999 times to then get signing authority
thus i can easily then sign transactions without needing to know the privkey or brute every word library 204812.. instead i can do it in 104

if the device doesnt even have 2FA (a pin number) where it just auto-pilot/auto-pays without consent/acceptance. EG tap-to-pay. then i dont even need to do the pin number thing 104
i simply just spend with as many different vendors as i please knowing none of them check each other due to "offline"

the next points from that, is if the value of that device is not audited by any network or vendor, not just for the stored value validity, but also the spend value validity.. , then you can then double, triple, multiple spend the same value..
like counterfeit cheques or even cash. if none of the references or bank balance is ever checked, then they are all deemed as of value and all accepted on first sight.
EG whats the point of a bank note serial number if no one checks that the serial is unique or unspent

the cypherpunks were dealing with this issue from the 1990's+ and it all had issues. this 'offline e-cash' idea is not a new idea. its an old one that gov representatives are just now trying to comprehend without having gone through the flaws of the last 30+ years of existing trials.. the reason why bitcoin and blockchains was such a success is that the network wide audit system is the only solution to e-cash

i know some are thinking 'cascasius' coins with a privkey hidden in a tamper proof thing.
but thats not 'electronic' thats old school physical money
take casino chips, they dont prevent counterfit chips by just having unique ID's in each chip with an RFID to communicate that. they prevent counterfitting by having a database to check if other casino's have accepted that same ID


so if your thinking of a physical device that holds a signed UTXO that has been split by some treasury department over billions of devices, where that ID is unique and fixed for life.. and people just swap devices or trade UTXO electronically like bluetooth swapped trading cards. then you need to look into the cypherpunk research of the 1990-2010 research and trials and fails
legendary
Activity: 4522
Merit: 3426
That was exactly my first thought, but I now think the idea is doable. I think it can be done if there is a trusted third party.
The trusted third party manufactures devices that can communicate with each other securely to transfer dollars between them. The device would also need to have a way to prove that it is authentic. Of course, the device would need to be tamper-proof. It is assumed that the device won't send more dollars than it has, and it correctly credits dollars that it receives and debits dollars that it sends.
if its just about having a trusted device manufacturer. and not where the value needs a trusted third party multisig co-signer to validate the value at its creation. then thats flawed
first lets deal with the hardware trust... ever heard of card cloning.
even mastercard cant solve card cloning.
...

I'm not talking about a credit card. I'm thinking of a device like a hardware wallet with private keys that cannot be extracted from the device.

It seems to ignore the whole double spend problem lol, or I guess in this case the create free money problem. As soon as people became able to hack these devices they could presumably load them up with as much money as they want,
If implemented, this will definitely end up being half-offline half-online. Meaning you pay with your offline device but the receiver has to connect to their centralized server and check if you have real balance then accept the payment Smiley

The receiver doesn't have to check anything if the sender is not capable of sending more than it holds and communication between sender and receiver is secure.
legendary
Activity: 4424
Merit: 4794
That was exactly my first thought, but I now think the idea is doable. I think it can be done if there is a trusted third party.

The trusted third party manufactures devices that can communicate with each other securely to transfer dollars between them. The device would also need to have a way to prove that it is authentic. Of course, the device would need to be tamper-proof. It is assumed that the device won't send more dollars than it has, and it correctly credits dollars that it receives and debits dollars that it sends.

I think that is all it takes.

if its just about having a trusted device manufacturer. and not where the value needs a trusted third party multisig co-signer to validate the value at its creation. then thats flawed

first lets deal with the hardware trust... ever heard of card cloning.
even mastercard cant solve card cloning.

credit card scammers do not need to un-hash the secret key of a debit card. they just need to duplicate the binary onto multiple devices as-is.
heck you dont even need to purchase a mastercard plastic debit card from mastercard. you can get OEM(unbranded) cards from anywhere. heck you can even use your phone to broadcast the 'tap to pay' data

no bruteforce necessary of the key.. just duplicate the data as-is.
it does not matter if its stored on magnetic strip, simcard chip or nfc ring loop chip.. data is data.

EG most people think people car alarm fobs/dongles are secure because each device is encrypted to only send out a signal that the specific car is also aware of. but that requires a pairing of devices where both sender and recipient are pre-setup and contracted together from the start.. and can check each others validity. and only the two can communicate/understand each other. which then limits its operability only be between 2 people..
also if i have access to a fob. i dont need to bruteforce the encryption. i can just duplicate the chip data as is and put it on many fobs and then have many car alarm fobs.
(EG no one can brute force your phone that has encryption from the outside. but they can clone the phone and have many instances of the same phone)

thus it then becomes up to the users to ensure no one else has that same fob/phone/housekey or access to your fob/phone/housekey. which then creates the flaw of passing the value on. because the old recipient could have duplicated it, passed on one copy whilst keeping one copy(yep change your house door locks guys when you buy/rent a new house, the old owner/tenant might still have the keys to steal your wife's underwear)

EG without network auditing.. without vendor pairing. without processing through only one vendor
if mastercard creates value onto a card.. but visa also could accepts the value without checking with mastercard. then people can not only make multiple cards to spend through many retailers...
which would then require the retailers to check with visa that visa has not seen customers making multiple attempts in other retailers..

but also spend value once with mastercard. once with visa and once with american express and once with diners club. and 4x the value spent.. unless.. visa, mastercard, american express, diners club also inter-communicate
but.. because visa is not communicating in a no network/offline scenario that they received/processed a payment via a mastercard. then expect flaws

the next option is a middleman being a liquidity provider and co-signer where they give the customer the liquidity and are part of the signing/authorisation process so funds flow/route through them and only them. in a network.. that only accepts single spends through them

debit card cloning only allows one payment to be accepted by mastercard.. because mastercard is part of the payment route.. you can only make a mastercard payment via a retailer that is linked to mastercard.. no mastercard service, no way of paying the retailer with mastercard..

but even then, that means the real owner loses out because a cloner has spent their value. which is where even mastercard, a trusted vendor of debit cards has its flaws where it cant stop cloning. and so funds get spent by scammers.

yep even now, decades on.. mastercard cannot prevent card cloning..

EG bitcoin hardware wallets. do not care if private keys are on multiple devices. because the important thing is people trust the blockchain to then validate a winning recipient. by only logging/accounting for only one recipient in the ledger. but that still requires people to ensure no one steals and then clones their devices/keys. because once confirmed.. there is no refund policy..
mastercard cant stop cloning, so instead they offer refunds if scammed.
which in-of-itself can then get scammed by people making genuine payments for goods, getting the goods and then claiming they got scammed to get a refund, and then re-spend that value again

anyway i digress..
it does not matter if i have a dozen wallets with the same key... as long as only i have those dozen wallets. i have to ensure no one clones my wallet, because if they do. i lose my value
..
the next flaw to overcome. is if there is no network enforcement of the locked funds of the partnership between customer and vendor, then the vendor can assign the same value over multiple accounts
(fractional reserve)
so the next thing would be to publicly announce each account so that everyone can check that the value lock is not duplicated. and then also enforce that each lock is confirmed into a unique partnership only spendable by a proven lock of both partners, where there is a path/route/taint to show the value of the individual account is assigned by true previous taint of its initial value creation/mined coin/premine

this then becomes a choice of.. does it have one central auditor at the top. in private thus customers dont see the liquidity paths.. or do the public see it where there is no central auditor. but requires the public to enforce the rules of no duplicity. or do the vendors in the middle audit each other and their customers

a certain network(i shall not name) allows:
a 'feature' (quoted loosely) where locks can be created from unconfirmed txids.
but also
account(channel) openings where one partner was not part of the confirmation of the txid, even if it were confirmed txid value(new channels but using 3 year old funding locks).

(hint: if a network gives out liquidity/value without a confirmation process involving your pubkey at the channel opening session, calling it 'instant inbound liquidity' then expect double spend possibility)
yep. if you open a channel with a partner. but the funding lock is not fresh and not involving your public key in a confirmed tx. where the funding lock is X years old.. expect that value to be at risk. because you are not linked to it in any hard rule

these 'features'(as they call it) of giving value where there is no co-partner involvement in the lock. then also requires by default not only publicly announcing every account(channel) lock ID to ensure no duplicates. but also a hard rule to reject any instance of seeing duplicates.
(yet. the network i shall not name does not enforce the latter, heck even the broadcasting of channel ID's is not enforced as a hard rule.. they noticed the flaw of privacy, so started to take away private channels by default. but still not enforced the rejection of channels that are duplicated)
legendary
Activity: 3472
Merit: 10611
Seems like they want a competitor to Bitcoin that isn't a CBDC,
If that's the case then its good news because they still haven't been capable of understanding that the problem is the first "C" not the rest of it meaning anything that is centralized doesn't even fall into the same category as bitcoin to even start competing with it.

It seems to ignore the whole double spend problem lol, or I guess in this case the create free money problem. As soon as people became able to hack these devices they could presumably load them up with as much money as they want,
If implemented, this will definitely end up being half-offline half-online. Meaning you pay with your offline device but the receiver has to connect to their centralized server and check if you have real balance then accept the payment Smiley
legendary
Activity: 4522
Merit: 3426
yeah exactly. I don't think you can solve double spend offline. Hence, Bitcoin.
...
That was exactly my first thought, but I now think the idea is doable. I think it can be done if there is a trusted third party.
The trusted third party manufactures devices that can communicate with each other securely to transfer dollars between them. The device would also need to have a way to prove that it is authentic. Of course, the device would need to be tamper-proof. It is assumed that the device won't send more dollars than it has, and it correctly credits dollars that it receives and debits dollars that it sends.
But as I pointed out, once people are able to hack the device it's game over. Hence this sort of system is dead on arrival. The security of the monetary system in such a setup revolves around the device security. It is not a wise thing to base the security of a monetary system on the security of a device. All devices are hackable. The fiat banking system solved this by have a large, expensive, slow network of verifying organizations. Bitcoin solved this by having a network of proper incentives. Relying on devices not being hacked is not a solution to the problem.

...

I agree that the system's security depends on device security, but I'm not convinced that it means that it is DOA. Are hardware wallets DOA? The security of the bitcoins in a hardware wallet depends completely on the device's security.

Anyway, I am not an expert. Those are just my thoughts.


hero member
Activity: 2240
Merit: 848
yeah exactly. I don't think you can solve double spend offline. Hence, Bitcoin.
...

That was exactly my first thought, but I now think the idea is doable. I think it can be done if there is a trusted third party.

The trusted third party manufactures devices that can communicate with each other securely to transfer dollars between them. The device would also need to have a way to prove that it is authentic. Of course, the device would need to be tamper-proof. It is assumed that the device won't send more dollars than it has, and it correctly credits dollars that it receives and debits dollars that it sends.

I think that is all it takes.




But as I pointed out, once people are able to hack the device it's game over. Hence this sort of system is dead on arrival. The security of the monetary system in such a setup revolves around the device security. It is not a wise thing to base the security of a monetary system on the security of a device. All devices are hackable. The fiat banking system solved this by have a large, expensive, slow network of verifying organizations. Bitcoin solved this by having a network of proper incentives. Relying on devices not being hacked is not a solution to the problem.

Your idea above means that it wouldn't work offline, because to have trusted third parties the transactions need to be done online. And the whole point of this Ecash Act idea is that the transactions are private and offline. What you are describing is simply Apple Pay/Google Pay/debit cards.

Whoever came up with this idea doesn't understand the problem that Bitcoin solves.
legendary
Activity: 4522
Merit: 3426
yeah exactly. I don't think you can solve double spend offline. Hence, Bitcoin.
...

That was exactly my first thought, but I now think the idea is doable. I think it can be done if there is a trusted third party.

The trusted third party manufactures devices that can communicate with each other securely to transfer dollars between them. The device would also need to have a way to prove that it is authentic. Of course, the device would need to be tamper-proof. It is assumed that the device won't send more dollars than it has, and it correctly credits dollars that it receives and debits dollars that it sends.

I think that is all it takes.

hero member
Activity: 2240
Merit: 848
yeah exactly. I don't think you can solve double spend offline. Hence, Bitcoin.

The other more in-depth article I read even mentioned double spending and tried to say why you wouldn't be able to double spend, but the arguments weren't convincing cuz it seems clear all it would take is hacking these devices and double spending would be unlimited.

I think this is the sort of solution you get when you have government people who don't like the idea of Bitcoin trying to come up with something that competes with it, but they just don't comprehend the problem that Bitcoin solved.

Not to mention there is the problem of losing the device. It's like people losing their bitcoin keys, but way worse. Because with Bitcoin the money isn't stored locally, so you can have a backup, but with this proposed system of local offline private digital money if you lose your device or it breaks that's it - money gone!

When you see government's ideas to compete with Bitcoin: this idea and CBDCs, all it does is prove just how genius and powerful Bitcoin is, because the problems with these things are obvious and you don't need them. Physical cash + Bitcoin solves all problems.
legendary
Activity: 4424
Merit: 4794
the issue with electronic cash. is the thing that the cypherpunks spent a decade trying to figure out pre 2009
.. counterfitting

there would need to be some method to guarantee/audit each payment to ensure someone has not simply copy/pasted the data over multiple devices to create more fake money, to ensure someone doesnt just pay lots of different people using the same 'ecash' reference

although they say they wont use a ledger that stores transaction history data
although they say they wont breach privacy by requesting KYC
although they say they wont have middlemen authorising payments.

what they will need is structured issuance and then auditing to ensure no duplication
which just like the chinese CBDC, its not a blockchain, its smart contract based
and its bottom-level wallet allows payments without KYC
(their system have 3 levels top 2 do require KYC)

the way it works is by smart contracts. where there is a main issuer, which then splits/distributes via smart contracts X amount  to several main wallet (payment service) providers. who then smart contract X amount to its customers, where the wallet provider then audits the values are not double spent

there would need to be some middleman involvement even purely to audit the authenticity of the value. even if they are told not to keep records of who pays who

..
in short. something thats truly 'offline' but also electronic just wont work. because people will just duplicate the data and double spend
hero member
Activity: 2240
Merit: 848
Anyone else see this about the proposed ECASH Act in Congress to make offline digital cash:

https://www.theverge.com/2022/3/28/22999894/ecash-act-digital-currency-us-congress-bill

Yesterday I saw a more in-depth article about it but I can't remember where I saw it. But basically seems like some people in congress want the equivalent of a hardware wallet for digital cash but instead of being crypto it would be more similar to cash - you store it locally on your device (a card, specific device, or phone) and you can transact in-person offline with it using I guess NFC communication.

Seems like they want a competitor to Bitcoin that isn't a CBDC, but from what I can tell the whole idea is a massive fail.

It seems to ignore the whole double spend problem lol, or I guess in this case the create free money problem. As soon as people became able to hack these devices they could presumably load them up with as much money as they want, since the whole idea is to transact privately offline as though it were paper money, and therefore there is no verification on the money. Makes you realize that Congress (and whatever companies are working on this tech) still don't get the genius of Bitcoin and blockchain.
Jump to: