pseudonymous decentralized marketplace
Ray Dillinger
bear at sonic.net
Wed Jul 11 16:37:09 EDT 2001
I've been attempting to design a decentralized auction/
exchange system that permits pseudonymous participants.
By 'decentralized', I mean that NO central server, or
subset of individual servers, controls access to any
resource the system cannot work without; that there
is no single point of failure.
A consequence of this is that every ability that exists
in any node, must exist in every node. So the whole
problem of currency issue gets the slightly weird
solution of "everybody has to be able to print their
own money."
The sticking point is that this basically means the
system will be without any single universal "currency".
A lot of E-cash techniques are usable, but what you wind
up trading is certificates that represent goods or
services offered by individuals in the system -- Alice
the Farmer might issue certificates for bushels of
wheat, while Bob the Carpenter might issue a bunch of
certificates that say "collect a thousand of these and
I'll redeem them for a new 10x10 meter deck on your house"
and Carol the moneychanger might promise to redeem hers
for one US dollar each, just for the amusement value of
"redeeming" something in a system where hard currencies
are the norm with a fiat currency. So these would be
effectively a sort of digital merchants scrip, reducing
back down to barter.
Exchange rates between the currencies issued by different
participants would fluctuate according to trust and
commodity values, and I'm okay with that. Given the
nature of the trust/reputation thing, I'd expect only
a very small percentage of the participants to *actually*
issue their own currency, as they wouldn't get good
acceptance/exchange values until widely known, but
everybody would have the ability.
The problem I'm running into is that while all kinds of
e-cash protocols exist that protect the anonymity of
the buyer and a lot protect the anonymity of the seller,
there are none that protect the anonymity of the currency
issuer, which would be ideal in this circumstance. With
the techniques I know of, the issuer can have only "Nym"
protection.
The basic problem with anonymizing the issuers (beyond
technique alone) would be how the scrip gets redeemed
when you don't necessarily know whom the issuer is.
Can anybody recommend appropriate reading?
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list