Topic: Mint Chip Technical Details - page 3. (Read 6124 times)

You also keep making this distinction w/ offline & online where none exists.  It doesn't matter if the receiver is online or not.  There is no central ledger that an online receiver can consult.

The ONLY things the receiver has access to are:
a) sender's public key
b) the signed tx (signed by sender's private key)
c) a nonce (to prevent casual double spend - simply keep giving receiver the same exact signed tx over and over)

If the private key remains a secret then the system is impossible to forget or brute force.  Everything about the system is based on condition that sender will never be able to gain access to the private key.  If that remains true then double spend (more correctly counterfeiting) is impossible and the system works.

The tx history can't be used to validate if a tx is valid without access to the entire tx of the sender.  So while receiver may have tx record of prior tx from the sender that provides no security.

It's not like the card needs to hold the whole block chain. A 2GB microSD card can hold plenty of transaction data. Most transactions probably only do a few hops before they make their way back to the "trusted issuer".

I'm not saying this is how they would do it. I'm just saying that there are ways they could do it, and I don't think they're so stupid as to release a system that can be hacked to allow infinite double-spends.

Maybe they don't even allow re-spends? Maybe you can only spend the money you got loaded onto the card from your bank account, and that money can only be redeemed by you or the person you directly spend it to (unless you go online so that the trusted issuer can validate your balance).

In other words: Canadian Mint -> Trusted Issuer -> You -> Coffee Shop -> Trusted Issuer

I guess I should have said in realtime.  Online or offline doesn't really matter.  At the point of the fraud the fraud is undetectable.

Also tracing counterfeiting after the fact doesn't really help to prevent the fraud.  Imagine is counterfeit bills were so flawless than even US Treasury official would say they are valid.  Sure when checking serial # at the central bank they could realize that there are duplicate bills but that doesn't help enable detection/prevention at the point of fraud.

For example I buy a stolen mintchip (so any ID attached to the load and prior tx is not my own).  I extract the private key and counterfeit funds.   If I used those funds to purchase say Bitcoins anonymously there is now no trail which leads back or forward to me.

Receiver needs the same chip, the MintChip.  TX are only between MintChips.* 

* (loading and unloading chips is done only between a Mintchip and a broker)  

That information isn't provided in the very limited docs provided.  My assumption would be that all valid public keys have some cryptological property that allows identification.


Not as far as I can tell.  Brokers however are a special case.  Brokers don't use a MintChip.  They simply issue "load" and "unload" tx  to "mint" and "destroy" funds at will.   They have a cert/key? issued by the Royal Mint and the Royal Mint CA is available to all chips.  Each chip is able to validate 1) the cert from a broker is valid 2) the load/unload tx is valid (because it is signed by trusted broker).

MintChip uses the term "trusted broker" so my guess is that the regulations to be a "trusted broker" would be similar to being a bank or other financial services company.

How would that scale? I suppose these chips have very limited memory, they can't keep such a record.

The system described by Death&Taxes really need a way to detect double-spends (done by someone who manage to access the private key of a chip), or it risks failing hard. And if this is tied to the CAD as I understand, potential hyperinflation of the Canadian currency could follow. I suppose they would "shut down MintChip" before such thing happens, but I can't see how you do it without damaging all legitimate owners of MintChips.

The Royal Canadian Mint better know what they are doing.... so far, to me, it seems they are taking a huge risk.

I bet double-spends can be detected, just not if you're doing an offline transaction.

One way this could be done is for each transaction to carry around all of its inputs (to use the Bitcoin terminology), right back to the original input that loaded value onto the chip. Then, the double-spends get detected when chips are eventually "cashed in". The double-spends can be investigated and prosecuted by regular means (i.e. police evidence gathering rather than cryptographic techniques).

That, combined with the low transaction size limit and the high cost of extracting the key, is probably sufficient in practise to keep fraud low.

Would be nice to know what "inferences" D&T had to make to spread his FUD lol

Does a receiver need a special chip? How does it vet the valid senders from invalid ones? Is there a stored list of every valid public key somewhere? Essentially what is the mechanism that stops someone from imitating a broker.

To answer the OP direct question this is my understanding by reading the spec and API docs.  Everything is closed source and some low level details are simply not provided so assumptions and inferences which may later prove to be incorrect had to be made.

How it works?
The blockchain is the cornerstone technology for Bitcoin.  Without the blockchain nothing is possible.  The equivelent in MintChip system is the physical MintChip ("the chip").  The chip is a physically hardened tamper resistant cryptographic processor.  It will be available in a variety of formats (SD card, USB stick, crypto module) but the internal chip is the same.

The chip has four key functions:
a) protects a private key from extraction (and provide access to the corresponding public key).
b) sign outgoing tx w/ private key
c) verify incoming tx as valid
d) process tx to update an internal record of current balance and enforce rules based on that internal balance value (i.e. can't spend money you don't have).

Like in Bitcoin the private key "controls" the funds but unlike in Bitcoin the private key is kept private even from the user.  The private key is known only to the chip.  The entire security model works around the inability for anyone even the owner/user to ever know the private key.

There is no central ledger (either private like in Paypal or distributed like in Bitcoin).  Duplicate tx (double spends) in Bitcoin can be easily made as the user has access to private key.  To prevent that Bitcoin uses the distributed consensus created by the blockchain and forwarding rules by nodes to make double spend attempts "easy but uneconomical".

With no central ledger each chip uses the public key of the sending chip, the signature or the tx, and a nonce to ensure that tx can't be faked.  If the tx is valid then the chip assumes it had to have been created by the sender's chip.  Given the private key is known only to the chip normally that is a valid assumption. If someone could extract the private key from the chip they could fake txs at will.  Essentially print money from nothing. For the system work nobody can ever extract the private key from any MintChip under any circumstances until the end of time.

Given the track record of "secret of a chip" systems it is an inevitability that someone will eventually be able to extract a private key and "counterfeit" funds.   Unlike physical counterfeiting there would be no incremental cost and counterfeit txs would be indistinguishable from valid txs.  Much like 51% attack is the Achilles heel of Bitcoin the extraction of private key from "the chip" is the Achilles heel of MintChip.

The "nobody not even user can know the secret key" limitation of MintChip creates some unique non-counterfeiting limitations:
a) deterministic wallets are impossible.  your chip is the wallet there is no exceptions.
b) backups of funds are impossible.  funds on lost/damaged chips are lost forever.
c) impossible to make "strongcoin" like limited trust ewallet services.  An ewallet provide will need physical access to "your chip" and thus 100% implicit trust is required.
d) unlike in Bitcoin double spends can't be detected.  Thus if fraud occurs the funds in circulation will be larger than the reserves held.  How this will be handled is unknown (central bank prints to cover the increase? fees remove funds from circulation?  exchange rate between physical CAD : mintchip CAD drops below 1:1?)

Wouldn't the negatives you just outlined also apply for buying Bitcoins.

1) Seller is exposed to potential counterfeiting
2) Buyer's acqusistion price includes those high fees.
3) Both parties are limited to a small number of coins.



The best thing about MintChip is increasing awareness of Bitcoin.  The first time someone runs into an artificial limit set by a central bank they will ask "Why?" and hopefully it is something like "Why does MintChip have a limit on tx but Bitcoin doesn't?"  or "Why do I need to buy this $10 chip only from the central bank but with Bitcoin I can use any free wallet?" or "Why does the value of my MintChips continually go down due to inflation but Bitcoin works with a predetermined minting rate?"

Android, Team Fortress 2

MintChip has a poor security scheme and will be counterfeited. It will probably have high fees from brokers. It will have limited use, what can you buy for ten bucks? It is vaporware and is probably a FUD against what we have planned for Bitcoin.

The list of negatives for MintChip go on and on. At least it will be good for buying Bitcoin.

The design docs seem to indicate the chips will enforce a hard limit on the amount of funds which can be stored on each chip.  Of course the chips aren't free either.

So yeah I guess if you decide to buy 100 mintchips (at what $10 ea?) then pay a broker a fee for 100 loads on your 100 chips (will you even be able to do that, will broker's ask for detailed ID and limit one person to 1 active chip?) and hook them into a rats nets of usb cables and hub and use them to process 100x the enforced limit.

I doubt many people will do that.

What is the limit?  Well it is closed source and the specs don't state but I guarantee a limit will be enforced if no other reason than AML.  Also remember if a chip is hacked the amount of funds the central bank loses is directly related to the size of the chip (and # of tx that can be completed before blocking the hack) so there is another reason to limit both the max value on the chip and the max tx size.

What makes you think MintChip will be free?  Name on instance where a monopoly gives away its product for free?

I am imagining
1) you pay for the mint chip
2) you pay to load the chip or unload the chip
3) you pay a tx fee on each tx.
4) when central bank declares chip v1.0 obsolete you pay for a new chip and also pay an upgrade fee to transfer value from old chips to new chips.

Ya, that's right


so what? because its like cash you can exchange it in a decentralized manner


ok, i have to agree with you, absolute power corrupts absolutely.


you mean people on their forum picking at some "flaws" of bitcoin? (this goes both way) did the mint itself directly shit talked bitcoin?


all I'm saying is "COOL digital money!  " this makes the bitcoin world and the fiat world come closer, this is a good thing. we all know bitcion is better,but we can't live without money... so ill take want i can get

MintChip is cool end of story.

what


mintchip is not decentralized


it's not out to get me, just currently incompetent. it is specifically designed for future forced updates. If you hack it to hold BTC, then your hack is gone once it force updates and coins lost unless you back up all the keys.


lol. they completely shit talked bitcoin claiming it was basically doomed while stealing a lot of it's innovations, making it closed source and centralized, claiming they invented something totally awesome which is in reality, a mundane portable wallet to buy a $2 coffee with, secured with questionable cert authority 1990s technology and most likely visa paywave chip junk.

chips are cheep if they are mass produced, question is will Apple want to support it? why not just us the chips in the cloud?

Who is paying for all those chips that are going to be placed in smartphones? I'm sure they're not cheap.

~Bruno~

If you wana use Mint Chip for transactions over 10,000$, go ahead.
If you wana to use a cloud cluster merchant payment gateway instead of using a decentralized p2p exchange, go head.
If you wana microwave your mintchip with money on it... go ahead.
If you wana trade 100BTC on the street for cash, go ahead!

but the money in my bank account is safe right?

you have to stop thinking the government is out to get you...