pseudonymous decentralized marketplace
lcs Mixmaster Remailer
mix at anon.lcs.mit.edu
Thu Jul 12 13:40:24 EDT 2001
Bear writes:
> I've been attempting to design a decentralized auction/
> exchange system that permits pseudonymous participants.
There is a lot of work in the field on auction protocols. See the
excellent list of links at
http://www.tml.hut.fi/~helger/crypto/link/protocols/auctions.html.
However I don't think most of these deal with the issue of payment, they
assume some kind of pre-existing infrastructure for that. Mostly they
are worried about collecting bids and revealing only the highest bidder.
> The problem I'm running into is that while all kinds of
> e-cash protocols exist that protect the anonymity of
> the buyer and a lot protect the anonymity of the seller,
> there are none that protect the anonymity of the currency
> issuer, which would be ideal in this circumstance. With
> the techniques I know of, the issuer can have only "Nym"
> protection.
>
> The basic problem with anonymizing the issuers (beyond
> technique alone) would be how the scrip gets redeemed
> when you don't necessarily know whom the issuer is.
Not knowing the issuer isn't a problem: you presumably have some way
of reaching him like a remailer reply block or a broadcast channel
where he listens. The problem is that it doesn't really make sense to
anonymously redeem currency which is based on physical interactions.
If someone's currency is redeemable for them painting your house, you're
going to meet the painter.
If the currency is based on goods and services, then if the issuer is
anonymous, the goods/services must be such that they can be delivered
anonymously. They could be customized information goods: Alice will write
you a porn novel customized for your kinks; Bob will produce a painting
from a photograph. Or some physical goods could work, small items which
could be sent through the mail with reasonable anonymity for the sender
(although not for the receiver).
An alternative to the multitude of individualized currencies is a single
electronic money, managed in a distributed way. Wei Dai's b-money,
http://www.eskimo.com/~weidai/bmoney.txt, uses distributed servers
which each keep track of how much money each nym has, producing a global
consensus. Or you could use any of the e-cash systems out there and
distribute the bank functions with secret sharing so that people work
cooperatively to manage currency exchanges.
But let's step out of the fantasy world for a moment. What people
really want is to be able to use their existing money in the auction.
They don't want to be juggling exchange rates between BobBucks and
DorisDollars and a hundred other currencies.
The problem is that there aren't any very good ways of paying for goods
anonymously using ordinary money, and of course the governments are
working hard to keep it that way.
You might be able to use a multi-stage system. Convert your dollars
to e-gold (http://www.e-gold.com) which although not anonymous is at
least somewhat pseudonymous. Use your e-gold to buy e-cash, then trade
in your e-cash for new untraceable bills anonymously. These should
be clean for use in an auction. Let there be several cash issuers so
there is no single point of failure. That will satisfy your customers'
needs much better than a heap of ideosyncratic currencies.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list