Let's take a look at Daniel Nagy's list of desirable features for an ecash system and see how simple, on-line Chaum ecash fares.
> http://www.epointsystem.org/~nagydani/ICETE2005.pdf > > One of the reasons, in the author s opinion, is that payment systems > based on similar schemes lack some key characteristics of paper-based > cash, rendering them economically infeasible. Let us quickly enumerate > the most important properties of cash: > > 1. "Money doesn't smell." Cash payments are -- potentially -- > _anonymous_ and untraceable by third parties (including the issuer). This is of course the main selling point of Chaum's system, where it excels. I will point out that defining cash as merely "potentially" anonymous leaves a loophole whereby fully non-anonymous systems get to call themselves cash. This underplays the strength of Chaum's system. It is not just "potentially" anonymous, it has a strong degree of anonymity. > 2. Cash payments are final. After the fact, the paying party has no > means to reverse the payment. We call this property of cash > transactions _irreversibility_. Certainly Chaum ecash has this property. Because deposits are unlinkable to withdrawals, there is no way even in principle to reverse a transaction. > 3. Cash payments are _peer-to-peer_. There is no distinction between > merchants and customers; anyone can pay anyone. In particular, anybody > can receive cash payments without contracts with third parties. Again this is precisely how Chaum ecash works. Everyone can receive ecash and everyone can spend it. There is no distinction between buyers and vendors. Of course, transactions do need the aid of the issuer, but that is true of all online payment systems including Daniel's. > 4. Cash allows for "acts of faith" or _naive transactions_. Those who > are not familiar with all the antiforgery measures of a particular > banknote or do not have the necessary equipment to verify them, can > still transact with cash relying on the fact that what they do not > verify is nonetheless verifiable in principle. I have to admit, I don't understand this point, so I can't say to what extent Chaum ecash meets it. In most cases users will simply use their software to perform transactions and no familiarity is necessary with any antiforgery or other technical measures in the payment system. In this sense all users are "naive" and no one is expected to be a technical expert. Chaum ecash works just fine in this model. > 5. The amount of cash issued by the issuing authority is public > information that can be verified through an auditing process. This is the one aspect where Chaum ecash fails. It is a significant strength of Daniel Nagy's system that it allows public audits of the amount of cash outstanding. However note that if the ecash issuer stands ready to buy and sell ecash for "real money" then he has an incentive not to excessively inflate his currency as it would create liabilities which exceed his assets. Similarly, in a state of competition between multiple such ecash issuers, any currency which over-inflates will be at a disadvantage relative to others, as discussed in Dan Selgin's works on "free banking". Daniel Nagy also raised a related point about insider malfeasance, which is also a potential problem with Chaum ecash, but there do exist technologies such as hardware security modules which can protect keys in a highly secure manner and make sure they are used only via authorized protocols. Again, the operators of the ecash system have strong incentives to protect their keys against insider attacks. > The payment system proposed in (D. Chaum, 1988) focuses on the first > characteristic while partially or totally lacking all the others. In summary, I don't think this is true at all. At least the first three characteristics are met perfectly by Chaumian ecash, and possibly the fourth is met in practice as naive users can access the system without excessive complications. Only the fifth point, the ability for outsiders to monitor the amount of cash in circulation, is not satisfied. But even then, the ecash mint software, and procedures and controls followed by the issuer, could be designed to allow third party audits similarly to how paper money cash issuers might be audited today. There do exist technical proposals for ecash systems such as that from Sander and Ta-Shma which allow monitoring the amount of cash which has been issued and redeemed while retaining anonymity and unlinkability, but those are of questionable efficiency with current technology. Perhaps improved versions of such protocols could provide a payment system which would satisfy all of Daniel Nagy's desiderata while retaining the important feature of strong anonymity. CP