End the War on Freedom

Jon Matonis at The Monetary Future - an introduction and list of papers on electronic money. I repeated the paper links below. Once I find a system I like, and can understand, I'll add it to Trubanc. I want off-line trades to be a possibility, and for verification and reminting to be possible without an account, using a simple RESTful interface. Of course, you'll also be able to deposit and withdraw digital cash to and from your account, if you have one. If you have your favorite system, especially if you know where to find code for it, please comment or email (address at bottom of page).

David Chaum's home page

David Chaum, Amos Fiat, Moni Naor, "Untraceable Electronic Cash," Advances in Cryptology - CRYPTO '88, LNCS 403, pp. 319-327, 1990).

Cryptographer's World

Shaghayegh Bakhtiari, Ahmad Baraani, Mohammad-Reza Khayyambashi, "MobiCash: A New Anonymous Mobile Payment System Implemented by Elliptic Curve Cryptography," csie, vol. 3, pp.286-290, 2009 WRI World Congress on Computer Science and Information Engineering, 2009

Aline Gouget, "Recent Advances in Electronic Cash Design," CARDIS 2008, LNCS 5189, pp. 290-293, Smart Card Research and Advanced Applications 8th International Federation for Information Processing Conference, London, UK, September 8-11, 2008

Shangping Wang, Zhiqiang Chen, Xiaofeng Wang, "A New Certificateless Electronic Cash Scheme with Multiple Banks Based on Group Signatures," isecs, pp.362-366, 2008 International Symposium on Electronic Commerce and Security, 2008

Man Ho Au, Willy Susilo, Yi Mu, "Practical Anonymous Divisible E-Cash from Bounded Accumulators," FC 2008, LNCS 5143, pp. 287-301, Financial Cryptography and Data Security 12th International Conference, Cozumel, Mexico, January 28-31, 2008

Sebastien Canard, Aline Gouget, Jacques Traore, "Improvement of Efficiency in (Unconditional) Anonymous Transferable E-Cash," FC 2008, LNCS 5143, pp. 202-214, Financial Cryptography and Data Security 12th International Conference, Cozumel, Mexico, January 28-31, 2008

Debasish Jena, Sanjay Kumar Jena, Banshidhar Majhi, "A Novel Blind Signature Scheme Based on Nyberg-Rueppel Signature Scheme and Applying in Off-Line Digital Cash," icit, pp.19-22, 10th International Conference on Information Technology (ICIT 2007), 2007

Ling Zhang, Jian ping Yin, Yu bin Zhan, "An Anonymous Digital Cash and Fair Payment Protocol Utilizing Smart Card in Mobile Environments," gccw, pp.335-340, Fifth International Conference on Grid and Cooperative Computing Workshops, 2006

Chun-I Fan, Yu-Kuang Liang, Bo-Wei Lin, "Fair Transaction Protocols Based on Electronic Cash," pdcat, pp.383-388, Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06), 2006

Yoshikazu Hanatani, Yuichi Komano, Kazuo Ohta, Noboru Kunihiro, "Provably Secure Electronic Cash Based on Blind Multisignature Schemes," FC 2006, LNCS 4107, pp. 236-250, Financial Cryptography and Data Security 10th International Conference, Anguilla, British West Indies, February 27-March 2, 2006

Hyun Ju Lee, Mun Suk Choi, Chung Sei Rhee, "Traceability of Double Spending in Secure Electronic Cash System," iccnmc, pp.330, 2003 International Conference on Computer Networks and Mobile Computing (ICCNMC'03), 2003

L. Jean Camp, "An Atomicity-Generating Protocol for Anonymous Currencies," IEEE Transactions on Software Engineering, vol. 27, no. 3, pp. 272-278, Mar. 2001

Moses Liskov, Silvio Micali, "Amortized E-Cash," FC 2001, LNCS 2339, pp. 1-20, Financial Cryptography and Data Security 5th International Conference, Grand Cayman, British West Indies, February 19-22, 2001

H. Wang, Y. Zhang, "Untraceable Off-Line Electronic Cash Flow in E-Commerce," acsc, pp.191, Australasian Computer Science Conference (ACSC '01), 2001

Hua Wang, Yanchun Zhang, "A Protocol for Untraceable Electronic Cash," WAIM 2000, LNCS 1846, pp. 189-197, Web-Age Information Management First International Conference, Shanghai, China, June 21-23, 2000

Tomas Sander, Amnon Ta-Shma, "On Anonymous Electronic Cash and Crime," ISW'99, LNCS 1729, pp. 202-206, Second International Workshop, ISW’99, Kuala Lumpur, Malaysia, November 6-7, 1999

Tim Ebringer, Peter Thorne, "Engineering an eCash System," ISW'99, LNCS 1729, pp. 32-36, Second International Workshop, ISW’99, Kuala Lumpur, Malaysia, November 6-7, 1999

Shingo Miyazaki, Kouichi Sakurai, "A More Efficient Untraceable E-Cash System with Partially Blind Signatures Based on the Discrete Logarithm Problem," FC 1998, LNCS 1465, pp. 296-308, Financial Cryptography and Data Security Second International Conference, Anguilla, British West Indies, February 23-25, 1998

Markus Jakobsson, Ari Juels, "X-Cash: Executable Digital Cash," FC 1998, LNCS 1465, pp. 16-27, Financial Cryptography and Data Security Second International Conference, Anguilla, British West Indies, February 23-25, 1998

Khanh Quoc Nguyen, Yi Mu, Vijay Varadharajan, "A New Digital Cash Scheme Based on Blind Nyberg-Rueppel Digital Signature," ISW'97, LNCS 1396, pp. 313-320, Information Security First International Workshop, Tatsunokuchi, Ishikawa, Japan, September 17-19, 1997

Stig F. Mjølsnes, Rolf Michelsen, "Open Transnational System for Digital Currency Payments," hicss, vol. 5, pp.198, 30th Hawaii International Conference on System Sciences (HICSS) Volume 5: Advanced Technology Track, 1997

Osamu Watanabe, Osamu Yamashita, "An Improvement of the Digital Cash Protocol of Okamoto and Ohta," Algorithms and Computation, 7th International Symposium, ISAAC '96 Osaka, Japan, December 16-18, 1996

Daniel R. Simon, "Anonymous Communication and Anonymous Cash," CRYPTO ’96, LNCS 1109, pp. 61-73, Advances in Cryptology — CRYPTO ’96 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996

Hua Yu, Zhongtao Wang, "Final Report on Anonymous Digital Cash," 1995

Tatsuaki Okamoto, "An Efficient Divisible Electronic Cash Scheme," CRYPTO ’95, LNCS 963, pp. 438-451, Advances in Cryptology — CRYPT0 ’95 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27-31, 1995

Ernie Brickell, Peter Gemmell, David Kravitz, "Trustee-Based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change," Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms, 1995

Stefan Brands, "Electronic Cash on the Internet," sndss, pp.64, 1995 Symposium on Network and Distributed System Security (SNDSS'95), 1995

Yacov Yacobi, "Efficient Electronic Money," ASIACRYPT'94, LNCS 917, pp. 151-163, Advances in Cryptology — ASIACRYPT'94 4th International Conferences on the Theory and Applications of Cryptology, Wollongong, Australia, November 28 - December 1, 1994

Tony Eng, Tatsuaki Okamoto, "Single-Term Divisible Electronic Coins," EUROCRYPT ’94, LNCS 950, pp. 306-319, Advances in Cryptology — EUROCRYPT '94 Workshop on the Theory and Application of Cryptographic Techniques Perugia, Italy, May 9-12, 1994

Stefan Brands, "Untraceable Off-line Cash in Wallet with Observers," CRYPTO ’93, LNCS 773, pp. 302-318, Advances in Cryptology — CRYPTO ’93 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22-26, 1993

Tatsuaki Okamoto, Kazuo Ohta, "Universal Electronic Cash," Advances in Cryptology — CRYPTO ’91, LNCS 576, pp. 324-337, 1991

Barry Hayes, "Anonymous One-Time Signatures and Flexible Untraceable Electronic Cash," AUSCRYPT '90, LNCS 453, pp. 294-305, Advances in Cryptology — AUSCRYPT '90 International Conference on Cryptology, Sydney, Australia, January 8-11, 1990

Trubanc is an anonymous, digitally-signed vault and trading system. Like Loom, it allows anyone to issue assets (digital currencies). Unlike Loom, which relies entirely on (very good) obscurity for security, Trubanc's digital signatures allow the bank and the customer to prove to each other that they agreed at a particular time on their balances. It does this while allowing destruction of transaction history for closed trades. Trubanc will initially provide server-based trading. Eventually, it will provide digital checks and bearer certificates.

I started working on Trubanc in August of 2008. I announced a public beta of the PHP implementation in December and added storage fees in March of 2009. In late March, I started converting the PHP to Common Lisp. Today, I'm announcing the first public beta of that implementation. Trubanc.com is now running the Lisp client and server, and you can download the client/server binary, and use it on your PC as a client, or on your own server, as your own Trubanc.

The client binary works in Windows, Linux, FreeBSD, and Mac OS X. I haven't yet built all 8 combinations of 32/64 bit and OS, but I've built the ones most requested by my early testers, and will build the others on request.

Client binaries are at trubanc.com/download. Client installation and usage instructions are at trubanc.com/client.html. Server installation and configuration instructions are at trubanc.com/server.html. Please help me test it.

After you've installed the client, send email to bill at billstclair dot com, encrypted with my PGP public key, and including yours, if you want privacy, and I'll send you a coupon with some usage tokens for a test account.

I have added storage fees to Trubanc.

One of the drawbacks of Loom is that there's no way to make money from Loom itself, except for small amounts of one-time income from new users for asset tokens. In order to make Trubanc a money-making proposition for the asset issuers, I have added storage fees. I expect that most Trubanc assets will be backed by precious metals in storage. It makes sense for the issuer, who must pay for the space and security of that storage, to be paid a small periodic fee. He can now set a yearly percentage rate charged for all users of his asset.

I'm going to describe the new feature with an example. I'm assuming two users, John and Mary. John creates a gold-backed asset, named "John GoldGrams", with a storage fee of 1%. The market will determine how much storage fee is viable. The Free Lakota Bank charges 1/20,000 per month, or 0.06% per year. C-gold charges 1% per year. E-gold too. Trubanc allows the asset issuer to decide what to charge, and to change it at any time.

Rather than keeping track of an average monthly balance, and assessing the storage charges monthly, Trubanc includes storage charges in every transaction, paid by the holder of the asset. So when you make a spend, you pay the fee on your original balance for the amount of time it's been there. And when you accept a spend from someone else, you pay the fee on the accepted amount, for the time that it's been in your inbox. Trubanc keeps fractional amounts on fees, so that these small amounts can add up for the asset issuer.

John creates his new asset:

To change the fee, fill in the new fee, and press the "Update Storage Fees" button:

Mary sells John her old car, and elects to take payment as 100 John GoldGrams. Here's her inbox after John spends the 100 grams to her:

After accepting the 100 gram spend, in the time it took me to write this, Mary has already lost a little to John's storage fees. She's paid less than 2 hundred thousandths of a gram, about 6 hundredths of a cent, some gold dust:

Mary pays John a gram for a few old CDs, and she loses a little more gold dust:

For the asset issuer, received storage fees are shown under the outbox. Here's John's account after Mary accepts the 100 gram spend and spends back 1 gram:

Clicking the "Move to Inbox" button moves the received fees to the inbox as a spend from the bank for "Storage fees":

Clicking the "Process Inbox" button receives the 1 gram for the CDs plus the gold dust for Mary's storage fees:

There's one more feature I haven't implemented yet. What I demoed above collects fees when balances change. In order to collect storage fees on balances that change infrequently, the asset issuer will be able to run a periodic batch job that visits every account, collecting fees since the last batch job was run and posting them as negative spends (remember, Trubanc can't change a user's balance without his digital signature approving the change, but it CAN post a bank charge as a negative spend).

This code is live at trubanc.com/client. If you want to play with it, just ask, and I'll give you a coupon to create an account or three.

Trubanc is an anonymous, digitally-signed vault and trading system that I've been working on since late July.

I've completed enough of a Trubanc web client to ask you to help me test it. Read the short documentation, ask me for a coupon with some usage tokens (bill at billstclair dot com), and register with the client.

Warning: the client and server are running, without encryption (no https), on a NearlyFreeSpeech.net web server in Arizona. Use it to help me test, but don't put anything of value there. I'm likely to occasionally break things during development, and the feds will likely steal it if they find out about it.

I haven't thought much about encryption for the Trubanc client/server link. I figured I'd just set up SSL on the server, and go with that. Today, I realized that I don't need SSL. Trubanc already has a public key infrastructure all set up. It can do it's own encryption, using the OpenSSL library just as the SSL protocol does. Here's an outline of the encryption protocol, using the same language I use in my server design, from the perspective of the client:

  sent: (<id>,getsessionkey,<bankid>,<reqid>)
  rcvd: (<bankid>,sessionkey,<id>,<pubkey encrypted: [<sessionid>,<sessionkey>]>)

  sent: [<sessionid>,<sessionkey encrypted: message>]
  rcvd: [<sessionid>,<sessionkey encrypted: response>]
           or
        [<sessionid>,unknown] if the <sessionid> isn't registered

  sent: [<sessionid>,
         <sessionkey encrypted: (<id>,closesession,<bankid>,<sessionid>)>]
  rcvd: [<sessionid>,
         <sessionkey encrypted:
           (<bankid>,@closesession,(<id>,closesession,<bankid>,<sessionid>))>]

This should be relatively easy to implement, and won't likely slow things down by much. Yay!

The Trubanc server is working. It's not complete yet, but there's enough there that I've started coding the client. If you click here, you'll see the result of a request for the bank's ID. It's running from a real database, with a couple of testing users in it.

I've also written a simple description of the Trubanc protocol: Trubanc in Plain English.

Yay!

On Monday, I talked about a new idea I had for a Loom-like system with public-key-signed balances. Well, I've been madly writing code since then. I'm calling it Trubanc. There's a design document, and you can peruse the code as I write it. I intend to keep it open source, so that it can be verified. The server is about 1/3 done. When I finish that, and an initial web client, I'll let you know, and you can try it out, with funny money, of course. Exciting!

Trubanc

If you know how, and are willing, I'd love the signature on the logo above to be curved and reduced so that it would fit from about 3 to 5 o'clock near the edge of the coin. The images I started with are here and here. I'll give a GoldNowBanc GoldGram to the first person to submit an image that I like (you'll need a Loom account to take it).