Re: Governance of anonymous financial services
At 08:23 PM 3/29/2007, Allen wrote: Steve, I assume that you mean the owner of the on-line financial service when you say operator, correct? In which case what exactly are the auditors going to be looking at when comes time to audit but the operator's identity, whereabouts, the servers and a portion of the assets are undisclosed? As we have seen in the prosecutions of large corporation officers knowing their identity is no guarantee that stakeholders will not be defrauded. Can you explain why knowing the server whereabouts is required? Certainly there are cryptographically sound ways (e.g., time stamps from independent and trusted sources, hash chaining, etc.) that anon DBC mints can provide transaction logs that can be publicly examined and verified without ever touching the server. In a basic sense auditing is to see if the reality behind the books matches the books. That the number of sheaves of wheat you have in the warehouse match the number you have in the office. If you can not locate the reality what are you verifying? The scenario described and method I proposed I think do address the identification of assets. I maintain that random sampling can, when properly carried out, provide a mathematically sound confidence of the total size of assets. I think, rather than governance, this goes to the heart of trust in relationships. Governance to me is more the process of verifying that the trust is not misplaced and that audits are simply one way, but only one of many ways, of quantifying the level of trust one can have in the relationship. Agreed. Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Governance of anonymous financial services
Steve Schear writes: Here is the situation. An on-line financial service, for example a DBC (Digital Bearer Certificate), operator wishes his meat space identity, physical whereabouts, the transaction servers and at least some of the location(s) of the service's asset backing to remain secret... Pretty tough to do much with crypto in this situation. My rpow.net software was an attempt to create what Nick Szabo called bit gold, transferrable certificates that had intrinsic rarity. It uses trusted computing concepts to create RSA signatures that are backed by hash collisions. Unfortunately rarity does not automatically translate into value, so even though the system was highly inflation-resistant it was not too successful in attracting users. The service provides frequent, maybe even real-time, data on its asset backing versus currency in circulation. The operator wishes to provide some assurance to his clients that the backing and the amount of currency in circulation are in close agreement. The mint's backing need not be in a single location nor in the sole possession of the operator. Maybe he could publish a picture of the backing commodities, and design the system so that everyone could see how much money was in circulation? Keep in mind that this is only part of the trust picture. Showing that the backing is there won't prevent this anonymous operator from absconding with the funds in the future. That would be one of my concerns if I were a user. If the backing is distributed among a multitude of holders (e.g., in a fashion similar to how Lloyds backs their insurance empire), who's identities are kept secret until audit time and then only a few, randomly selected, names and claimed deposit amounts are revealed to the auditors, might this statistical sampling and the totals projected from the results be a reasonable replacement for 'full asset' audit? To protect the identities of the holders could a complete list of the hashes of each name and claimed deposit be revealed to the auditors, who then select M of N hashes whereupon the operator reveals only those identities and claimed deposits work cryptographically? One problem is the holders could collude and play a shell game. Suppose that 30% of the holders were going to be asked to reveal their assets, then the company could back only 30% of the currency, and redistribute the assets to the selected holders before the auditors come. Hal - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Governance of anonymous financial services
Ian G wrote: E.g., Ricardian contracts (my stuff) take the user agreement as a document and bind it into each transaction by means of the hash of the contract; they also ensure various other benefits such as the contract being available and readable to all at all times, and the acceptability of same, by the simple expedient of coding the decimalisation into the contract. Ensuring that the contract is readable, applicable and is available to all is a huge win in any court case. Other governance tricks: the usage of signed receipts can be used to construct a full audit of the digital system. Also, signed receipts are strong evidence of a transaction, which leads by some logic to a new regime which we call triple entry accounting. This dramatically changes the practice of accounting (which feeds into governance). With DB side, one trick is to use psuedonym accounts for the basis, and this allows no-loss protocols to be created. Again, this is useful for governance, because if you have a lossy protocol, you have a potential for fraud. we had done something analogous in the x9.59 financial standard. the x9a10 financial standard group had been given the requirement to preserve the financial infrastructure for all retail payments. http://www.garlic.com/~lynn/x959.html#x959 digital signature on the transaction itself provided for end-to-end strong authentication (armoring payment transaction as countermeasure to various kinds of replay attacks ... as have been in the news recently related to large data breaches and then being able to subsequently use the information for fraudulent transactions). one of the problems was that some of the other attempts at PKI-related payments protocols in that period ... were creating enormous (two orders of magnitude) processing and payload bloat http://www.garlic.com/~lynn/subpubkey.html#bloat one of the implied x9a10 requirements was efficiency, i.e. mechanism that could be deployed in ALL environments (internet, point-of-sale, cellphone, etc) ... and needed to be highly concerned about processing and payload efficiency. the actual transaction is digitally signed ... and it is also the thing that is authorized, logged, archived, audited, etc. so part of x9.59 provided for a hash of the receipt (contract, bill-of-materials, sku data, level 3 data, etc) as part of the digitally signed payload (as opposed to including the whole receipt). Then in any subsequent dispute, if both parties didn't produce identical receipts ... the hash from the audited/logged/archived transaction could be used to determine the valid/correct receipt. While the receipt wasn't part of the actual audited/archived/logged transaction, the process provided a mechanism (in cases of disputes) for establishing the legitimate receipt. we claimed privacy agnostic for x9.59 ... i.e. there was an account number in protocol but the degree that any jurisdiction required a binding between an account number and an individual was outside the x9.59 protocol. x9.59 was designed so that it could be used for credit, debit, stored value, ach, etc. In many jurisdictions, credit debit can have some know you customer requirements for financial institutions (binding between individuals and account numbers) ... however there was 1) no requirement to divulge such bindings during retail transactions and 2) x9.59 applies equally well to stored-value retail transactions (where there is much less frequently a requirement imposed for know your customer. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: *AEI-SPAM-MARK* Re: Governance of anonymous financial services
On Fri, 30 Mar 2007, Ian G wrote: The reserve assets' location(s) is fairly important from a customer trust perspective. People look at the overall safety and make their own judgements. One person might decide that New York is safe and another will find that a horrible thought (for those who follow this arcane field, there was a big bust of a dodgy operator in NY some months back). Having said that, once a system is up and running, and is robust, it seems that moving the assets from one continent to another has not been a source of concern to many users. The issuer himself is pretty important. His physical location isn't so important -- everyone flies around these days -- but nobody has ever been able to gain trust in a system to date without reference to a real meatspace hook. And for good reason ... how do you take him to court? (And if you are thinking of extra-jurisdictional transactions, how do you beat him to a pulp with a baseball bat?) There's another point: Suppose you come up with an ideal system which preserves secrecy in the way you'd like. How are you going to convince assorted government agencies (eg the US Treasury Dept and its kin in other countries) that your System won't be used for money laundering, terrorist financing, or other nefarious purposes? [N.b. I am *not* trying to start a flame war here, and in particular I am *not* accusing anyone on this mailing list of nefarious purposes. Rather, I'm asking a serious question about the practicality of anonymous (crypto-enabled) financial services in the 21st century, namely, will governments be willing to allow them to operate?] ciao, -- -- Jonathan Thornburg -- remove -animal to reply [EMAIL PROTECTED] School of Mathematics, U of Southampton, England Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
