Topic: Mint Chip Technical Details - page 2. (Read 6124 times)

But you can use any mint chip you get right? The merchant doesn't get any info from the device so he can't know if it is 'yours'. I guess they could make selling, giving, and losing chips illegal.

I don't see any evidence that they ever intended it to be anonymous or even pseudo-anonymous. The official docs say that "no personal data is exchanged in the transaction", but that means the transaction between the buyer and the merchant. The block diagrams show that the chip's value is loaded from and redeemed to a linked bank account.

So the merchant may not know who you are, but the "trusted agent" surely does, and by extension you are not anonymous to the Mint and the Govt.

Nobody I've seen in Canada requires the chip. Everybody is getting a new card w/a chip but there's still plenty of standard mag stripe readers around in case the customer doesn't have a chip. In fact every single store, and every private street ATM I've ever seen still uses the standard swipe model.

That Yagi-Uda antenna is crazy. I could see somebody like Max Vision setting it up in a hotel in my city and capturing hundreds of cards per hour, and now mintchips.

On the other hand there is a nice talk about some SmartCards in Switzerland (http://www.youtube.com/watch?v=haDWFtMmZRs) where the authors were able to counterfeit and it's not very clear if the issuers did even notice. Similar systems are in use already for years in other countries too and even though it might be possible that there is also fraud going on, I haven't heard of any major arrests or anything like "100k Euro counterfeited in electronic money". More recently there was also a talk at a Chaos Communication Congress about a MIFARE system that was initially used for microtransactions (bus tickets) but got so popular that they decided that they expand it for bigger transactions. As it turned out, the money value there is just an integer stored in plaintext...

Of course here it seems like there's a more sophisticated system, but all in all to be safe you might need to reset your chip after every transaction you got as fast as possible to make sure you are the first one claiming an incoming transaction (I guess that double spends would be resolved like this).

Anyways, even though offline transactions are allowed and possible, you can only do a couple hundred of them, then you need to "Reset", most likely giving the transaction log to a central authority and not just deleting it. This means even if you manage to get transactions on your MintChip (which has a unique ID) only offline and want to cash out your 500 $ in 2 years the mint knows much earlier your likely balance + money flows, as most of the people will submit their transactions ("I transferred x amount of currency y to MintChip ID z") before that time.

Similar to the blocks in Bitcoin, that set transactions "in stone", the "Reset" mechanism in MintChips seems to be the way to detect and prevent double spending. Maybe they are even OK with double spends, maybe later they'll just include a "blacklist" of evil MintChip IDs that were used in double spends, since it's likely that it will be costly to extract a private key in the first place?

Good question. They're the Mint, so I bet they'll handle that the same way they handle somebody showing up at a bank with a bunch of counterfeit $100 bills: they'll ask you where you got them, and either throw you in jail (if they don't like your story) or tell you to be more careful about who you deal with and maybe direct you to some technology to help detect counterfeits in the future. But they won't let you deposit them or trade your bad money for good.

Quite the opposite, actually.  Getting power into the inductor to activate the chip is the hard part.  Eavesdropping on the RFID handshake from dozens of feet away is easy.  And when I say "easy", I mean don't take your RFID tags to Vegas when Defcon is in town.

perhaps you'd be able to power them on, but it is a two-way session and you are going to have to get a signal from the 5mm (wild ass guess) antenna inside the card back to you reader. gl w/that

besides, canada uses chips already on their cards (at least for debit) that require you to put the card physically in a machine. not a big stretch to think that they might use the same system here

Why didn't it do this then yet after _years_ of existence?

Back to MintChips:
It might still be interesting to use them for buying Bitcoins and use them as "digital cash". One of the questions that remains for me is: "Is it theoretically possible that transactions get reversed under any circumstance?".

If for example my chip has been loaded with double-spent Dollars without my knowledge, would I be denied that money at the next reset or not?

Steve jobs, via proxy: I approve this message.

Apple should not only accept Bitcoin, but should be creating hardware and apps if they want to stay relevant. Bitcoin will likely do to iTunes what mp3s did to Musicland.

Rebuttal

I can imagine three primary scenarios:
1) transactions secured by the bitcoin network as usual (subject to transactions fees, and waiting for confirmations, etc)
2) transactions using a privately issued coinage that is backed by bitcoin (enables near instant confirmations, zero fee micro transactions)
3) offline transactions using a privately issued coinage that is backed by bitcoin and using a mintchip like device for security (instant confirmation, zero fees, disconnected operation)

People would be able to select the type of transaction that's most appropriate for the features they need and the risk they're willing to assume. 

P.S. I really hate that some of the regulatory uncertainty is likely stifling innovation in this area.

If they really intended to make something as anonymous as cash, they could have used a blinded signature algorithm like what's done in Open Transactions. Actually, they could become an Open Transaction issuer and server. That would be more anonymous than Bitcoin.

I'm not sure what they want, exactly.

IIUC they do. All chips (not just brokers) have a cert connected to the MintChip CA chain.

Cryptographically it's very straightforward and traditional. There is no support for anything resembling contracts or other complex transactions. You sign messages saying "increment your balance by X", and that's about it.

I'd like to see MintChip gain some of the features of Bitcoin, protocol wise. Cryptography based currencies are a new design space and can use some competition around different approaches. My gut feeling is that a hybrid solution would be best - using hardened chips can help Bitcoin, by making zero-conf offline transactions dramatically less risky, and a block chain can help MintChip by removing the "key leak = system doom" failure mode that undermines it today.

Big IF there.  The only entities which can load/unload chips are trusted brokers.

Initially I thought of that being a non-issue as currency could circulate internal perpetually however w/ 500 tx limit everything goes through brokers initially and eventually so the govt has a complete list of all tx (albeit delayed up to 500 tx per user).

Thus I am not sure the claim of even even psuedo-anonymity can be made. 

It would be trivial for the govt to put all tx in database, link that to ID information on each mint user, load amounts, and unload amounts and build a complete tx record of every single user.   Given the potential I don't see how the central bank says "no" the first time the Canadian IRS or Police want that information.

The Bitcoin comparison would be if Mt.Gox collected ID on all users (sadly they pretty much do), the only place you could buy Bitcoins was Mt.Gox, and the only place you could sell them was Mt.Gox and every 500 tx you had to turn over your entire tx log (tighly coupled to your ID) to Mt.Gox to otherwise any Bitcoins you hold would become worthless.  Oh and there is no internal (anonymous) mining of coins, all mining is done by Mt.Gox.

RE: $100 per-transaction, $500 balance limit:

That makes perfect sense; they probably figured out about how much it will cost to hack a MintChip to get it's private key (dissolve case in acid, put it under an electron microscope, attach electrodes at exactly the right spots, etc...). Do a little calculation involving the cost of hacking one chip, the number of times you can double-spend before you're likely to get caught and the maximum amount per transaction and I bet they figure it doesn't pay.

Especially if online transactions "phone home" to detect double-spends.  If you have to physically walk to 500 different not-online merchants to get away with $50,000 worth of double-spends that's just like counterfeiting $100 bills, and that's an attack Mints have been pretty successfully dealing with for hundreds of years.

RE: anonymity: the anonymity model is similar to Bitcoin. Each physical MintChip is like a Bitcoin keypair, if you can easily buy/load a bunch of them anonymously then it will be hard for Them to track your purchases.

If MintChip fails I bet it is not due to hacking or lack of anonymity, but just due to the inconvenience of needing Yet Another Physical Doohickey. Paper money fits nicely into the wallet I already have, I don't want Yet Another Dongle on my keychain, and I bet before the end of the year either Apple will finally approve a Bitcoin app or there will be a nifty HTML5-based web wallet I can use on my iPhone...

The designers finally released some more data on limitations


their api ref. said the limit for a tx was about 16,000$ not 100$

agreed these limits are ridiculous ... now building a decentralized exchange using mint-chip seems pointless

Heh, thanks D&T i read the mintchip thread and this is starting to look more like a joke to me. I'm really out of comparing points between mintchip and bitcoin, the later is the obvious winner.

Of course you did just like you paid for all the bank's profit and all the merchants losses.  You paid for all of that in the form of higher prices.  Still it is an awesome model which VISA developed.  All the cost is obfuscated so customer just sees it as "free" and convenient.  Once you get a large enough network effect businesses are forced to play, cost goes up but is still hidden from the consumer.  As long as the consumer is happy VISA is happy.

I never said it would be useless but it surely won't be free.  

The designers finally released some more data on limitations


http://mintchipchallenge.com/forum_topics/859

So if they stick w/ a $500 max balance and $100 max tx is more interesting that the marketing talk about micro transactions.

Looks like every 500 tx though you will need to have a Trusted Broker download the log, erase the chip storage, and reset the starting balance to end prior ending balance ("reset").    

Now about that claim of anonymity ...

I never paid for a debit card or lost visa card replacements.

you can speculate that mintchip will be a totally useless and costly if you want ....

i think its more useful to think mintchip will be an improvement on "Chipped money", and will have some degree of success. and then we can have some fun it with it.