Adam Back writes:
> A smart card based cash system based on Stefan's secret key credentials can
> be built which offers a full set of choices to users, in terms of payer and
> payee untraceability.
This is a pointless discussion. Smart card based ecash is not going to
work in the United States, not for at least ten years. Stores that are
only now installing point of sale terminals for ATM/debit cards are not
going to turn around and retrofit their equipment to put in smart card
readers.
The place where ecash will be used first is ONLINE electronic commerce.
A cash substitute for online purchases will be attractive if it can
be inexpensive and also protects privacy. But a payment system which
requires you to buy and install a smartcard reader for your PC is not
going to fly. How many purchases do you think are made with AmEx Blue?
They GAVE the readers away. Probably not 10% of the giveaways were even
hooked up.
You can bet that ZKS will not come out with a smartcard based payment
system. They are a software and services company. Creating an ecash
add-on to their privacy software makes business sense. Trying to sell
smartcards does not.
Furthermore, smartcard systems are inherently insecure. People are
constantly coming up with new attacks against them. Side channel
analysis is very difficult to block for all possibilities. More
invasive attacks are even harder to deal with.
Yes, Brands has his system set up so that even breaking the smartcard
still protects the system as a whole; you can't forge money. But any
protections which you depended on the smartcard to provide will be lost.
Relying on smartcard programming to let you do only a certain number
of payee untraceable transactions is not going to work. In the first
place, nobody is going to use smartcards. In the second place, even if
you did, the extortionist would just provide you instructions on where
to go to get your smartcard rechipped or dumped so that you could break
the restriction programmed into it for your benefit. There is no risk
to him, all risk is born by the victim.
In short all this talk of smartcards is a red herring unless you are
looking out 10 or more years. Perhaps the implicit assumption is that
ecash is such a late and weak entrant in the payment race that it has
no chance to succeed for that long, anyway?
