Interesting post on Slashdot today:
it's about time I clear my conscience...
The system keeps track of what funding sources you've been "in contact" with, kinda like Bitcoin's idea of "taint"
The implementation is quite clever, involving some modular arithmetic and the 24-byte "Transaction Authentication Code" detailed in the Mintchip Messages [mintchipchallenge.com] documentation. Or I should say, revealed... of course they're not telling you what the TAC does because they don't want to admit it's true purpose. It's also not just the TAC, all those supposedly random nonces generated by the hardware aren't going to be as random as you'd think. Basically you can use them as an additional way of stenographically hiding data between transactions that goes way beyond what they document.
I can't reveal too many details on how it works as they'd probably figure out who I am, but essentially that's enough bits to encode a probabalistic record of every Sender ID that has transfered funds that ended up in your balance. Then when you resend your balance, you "infect" subsequent Mintchip balances with that record.
I'll give an toy example to prove the point: lets suppose you assigned prime number to every user of the system. If the TAC were simply multiplied by each prime from every payer, you could then factor the resulting large product of primes to determine who the payers were. The actual implementation is more involved, and probabalistic, but you get the idea. Sure it essentially becomes a brute forcing problem, but when you have a rough idea of who might be paying who, brute forcing is a lot easier than you'd think. Canada's population is only a bit over 30 million...
Don't trust closed hardware or software. You have been warned. This may look like a anonymous Bitcoin competitor, but the mint isn't stupid, and they're not going to give back any of the anonymity cash provided that the government wants so badly to get rid of.
-
http://news.slashdot.org/comments.pl?sid=3051283&cid=41008501Also reddit discussion here:
http://www.reddit.com/r/canada/comments/ybn40/mintchip_is_designed_to_track_you_anonymous/Sounds like the crypto is plausible, although who knows if the guy is legit. Nothing we didn't already suspect of course, but it's a clear way it could be done.