Governance of anonymous financial services

Steve Schear s.schear at
Fri Mar 30 23:47:24 EDT 2007

At 12:15 PM 3/30/2007, Hal Finney wrote:
> > If the backing is distributed among a multitude of holders (e.g., in a
> > fashion similar to how Lloyds backs their insurance empire), who's
> > identities are kept secret until audit time and then only a few, randomly
> > selected, names and claimed deposit amounts are revealed to the auditors,
> > might this statistical sampling and the totals projected from the results
> > be a reasonable replacement for 'full asset' audit?  To protect the
> > identities of the holders could a complete list of the hashes of each name
> > and claimed deposit be revealed to the auditors, who then select M of N
> > hashes whereupon the operator reveals only those identities and claimed
> > deposits work cryptographically?
>One problem is the holders could collude and play a "shell game".
>Suppose that 30% of the holders were going to be asked to reveal their
>assets, then the company could back only 30% of the currency, and
>redistribute the assets to the selected holders before the auditors come.

How about this method?

1.) Auditors meet at a defined place and time.

2.) Courier arrives and presents a fraction N of M of the backing, once at 
a time, to the auditors

3.) Auditors verify the fraction, account for it and enclose it in a 
container with a unique hard to forge seal

4.) Courier leaves

5.) Step 2-4 are repeated until the total of M has been presented to the 

6.) In the second round, the auditors request the same fractions N of M 
again. Not all N have to be presented, but can be

7.) One after another the couriers with the respective fractions present 
them again to the auditors

8.) The auditors verify the seals, and remove them

9.) The couriers leave

There are two disadvantages to the process:
1.) It takes quite some time.
2.) It is expensive

The advantages are:
1.) It is secure for the auditors and the operators
2.) It presents the full backing


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list