Big IF there.  The only entities which can load/unload chips are trusted brokers.

Initially I thought of that being a non-issue as currency could circulate internal perpetually however w/ 500 tx limit everything goes through brokers initially and eventually so the govt has a complete list of all tx (albeit delayed up to 500 tx per user).

Thus I am not sure the claim of even even psuedo-anonymity can be made. 

It would be trivial for the govt to put all tx in database, link that to ID information on each mint user, load amounts, and unload amounts and build a complete tx record of every single user.   Given the potential I don't see how the central bank says "no" the first time the Canadian IRS or Police want that information.

The Bitcoin comparison would be if Mt.Gox collected ID on all users (sadly they pretty much do), the only place you could buy Bitcoins was Mt.Gox, and the only place you could sell them was Mt.Gox and every 500 tx you had to turn over your entire tx log (tighly coupled to your ID) to Mt.Gox to otherwise any Bitcoins you hold would become worthless.  Oh and there is no internal (anonymous) mining of coins, all mining is done by Mt.Gox.

Of course you did just like you paid for all the bank's profit and all the merchants losses.  You paid for all of that in the form of higher prices.  Still it is an awesome model which VISA developed.  All the cost is obfuscated so customer just sees it as "free" and convenient.  Once you get a large enough network effect businesses are forced to play, cost goes up but is still hidden from the consumer.  As long as the consumer is happy VISA is happy.

I never said it would be useless but it surely won't be free.  

The designers finally released some more data on limitations


http://mintchipchallenge.com/forum_topics/859

So if they stick w/ a $500 max balance and $100 max tx is more interesting that the marketing talk about micro transactions.

Looks like every 500 tx though you will need to have a Trusted Broker download the log, erase the chip storage, and reset the starting balance to end prior ending balance ("reset").    

Now about that claim of anonymity ...

They make meters which measure both current & voltage.  I will see if i can find a link.  I am assuming you are in US (NEMA wiring 240V split phase)?

Here is one system which is pretty comprehensive.
http://www.theenergydetective.com/

Here is a more bare bones (but could be connected to a PC for custom logging)
http://www.ekmmetering.com/ekm-metering-products/electric-meters-kwh-meters/basic-kwh-meter-100a-120-240-volt-3-wire-60hz-ekm-25ids.html

You also keep making this distinction w/ offline & online where none exists.  It doesn't matter if the receiver is online or not.  There is no central ledger that an online receiver can consult.

The ONLY things the receiver has access to are:
a) sender's public key
b) the signed tx (signed by sender's private key)
c) a nonce (to prevent casual double spend - simply keep giving receiver the same exact signed tx over and over)

If the private key remains a secret then the system is impossible to forget or brute force.  Everything about the system is based on condition that sender will never be able to gain access to the private key.  If that remains true then double spend (more correctly counterfeiting) is impossible and the system works.

The tx history can't be used to validate if a tx is valid without access to the entire tx of the sender.  So while receiver may have tx record of prior tx from the sender that provides no security.

Payer would lose the change if tx was either destroyed or given to miner.

Totally off topic but if the BFL Single is showing as not installed nothing you do in cgminer is going to work.  Before your run around chasing your tail you might want to check the BFL threads.

cgminer doesn't install any drivers it simply "talks" to the Single over the USB port.  Not installed = nothing for cgminer to talk too.

I don't recall anyone saying 0-confirm would be immune to all attacks.

It would make double spends even on 0-confirms less economical. 

I mean there isn't blank and white.  Either you can transfer $1B anonymously via 0-confirm or the incremental value is worthless.

Finney attack is just one method of a double spend and require significant resources to achieve.

How inefficient are your rigs?

(1 MH/s) / (3000 MH / KW) * 24 hour * 30 days = 0.24 kWh

At $0.10 per kWh that's 2.4 cents.
At $0.05 per kWh that's 1.2 cents.

Priced higher is present a larger risk and lower profit to the purchaser.  I mean we are talking zero sum game here. 

Reputation matters and will always matter.

By your logic multi-sig escrow is also useless because all buyers will always screw over the merchant just ... because? despite having no financial gain (and lose of reputation) from the attack.

Generally speaking 0-confirm tx will be either low value, traceable, or reversible.

Say a porn site accepted 0-confirm tx.  You double spend they detect it immediately and cut off your access.  You lose full purchase price, merchant loses 1-10 minute of website access.  The same thing would apply for essentially any "service over time" (advertising, webhosting, VPN access, etc).

0-confirm will never be used to transfer $1B in bearer bonds via tor network.

What he paid for the farm is utterly irrelevant.  What the farm is worth today is what matters.  If the NPV of his farm is $0.50 per MH and his electrical cost is $0.02 per MH/s per month he has a long time before the deal is unprofitable.  He also can close out the deal by buying it back at 105% of market value which will decline significantly over the next year (due to difficulty & reward cut).

Getting the cash up front gives him capital to buy next generation of hashing power so when the farm is obsolete he already has replacement that has been running for a year.

But as you indicated that attack ALREADY exists.  0-confirm irreversible tx which are anonymous and available on demand that also  have high enough value to make Finney attack worthwhile are essentially non-existent. 

Hopefully in time the cost to have even 1% of network hashing power makes that even less of an academical risk.

The price of the bond is higher than his hardware cost and his anticipated electrical cost over the effective lifespan of the bond. If he is right he comes out ahead.  If he is wrong he comes out behind.

Hypothetically if you buy a 1 MH/s contract from you for 100 BTC upfront would you?  
Would you consider it losing money even if you needed to pay ~$0.01 per month in electricity?
If 100 BTC if profitable and 0 BTC is unprofitable obviously there is an equilibrium somewhere in the middle right?

Change "something". A bitcoin block header consists of:

There is no requirement to change the block header a particular way to attempt another hash but usually when you exhaust the nonce range you either

1) change extra nonce value in coinbase which results in a new merkle tree hash
2) change the timestamp

Pools usually do both to improve efficiency.

Each worker has a different merkle root and the pool allows the worker locally to increment time (n-time-rolling).

I guess I should have said in realtime.  Online or offline doesn't really matter.  At the point of the fraud the fraud is undetectable.

Also tracing counterfeiting after the fact doesn't really help to prevent the fraud.  Imagine is counterfeit bills were so flawless than even US Treasury official would say they are valid.  Sure when checking serial # at the central bank they could realize that there are duplicate bills but that doesn't help enable detection/prevention at the point of fraud.

For example I buy a stolen mintchip (so any ID attached to the load and prior tx is not my own).  I extract the private key and counterfeit funds.   If I used those funds to purchase say Bitcoins anonymously there is now no trail which leads back or forward to me.

Receiver needs the same chip, the MintChip.  TX are only between MintChips.* 

* (loading and unloading chips is done only between a Mintchip and a broker)  

That information isn't provided in the very limited docs provided.  My assumption would be that all valid public keys have some cryptological property that allows identification.


Not as far as I can tell.  Brokers however are a special case.  Brokers don't use a MintChip.  They simply issue "load" and "unload" tx  to "mint" and "destroy" funds at will.   They have a cert/key? issued by the Royal Mint and the Royal Mint CA is available to all chips.  Each chip is able to validate 1) the cert from a broker is valid 2) the load/unload tx is valid (because it is signed by trusted broker).

MintChip uses the term "trusted broker" so my guess is that the regulations to be a "trusted broker" would be similar to being a bank or other financial services company.

"Throttle and shutdown".

cgminer has 3 temp values.
target - temps above target throttles clock
overheat - temps above overheat drops clock to minimum defined (or stock if not defined) and puts fan at 100%.
shutdown - cgminer idles GPU thread (shows as "REST" or "OFF").

To answer the OP direct question this is my understanding by reading the spec and API docs.  Everything is closed source and some low level details are simply not provided so assumptions and inferences which may later prove to be incorrect had to be made.

How it works?
The blockchain is the cornerstone technology for Bitcoin.  Without the blockchain nothing is possible.  The equivelent in MintChip system is the physical MintChip ("the chip").  The chip is a physically hardened tamper resistant cryptographic processor.  It will be available in a variety of formats (SD card, USB stick, crypto module) but the internal chip is the same.

The chip has four key functions:
a) protects a private key from extraction (and provide access to the corresponding public key).
b) sign outgoing tx w/ private key
c) verify incoming tx as valid
d) process tx to update an internal record of current balance and enforce rules based on that internal balance value (i.e. can't spend money you don't have).

Like in Bitcoin the private key "controls" the funds but unlike in Bitcoin the private key is kept private even from the user.  The private key is known only to the chip.  The entire security model works around the inability for anyone even the owner/user to ever know the private key.

There is no central ledger (either private like in Paypal or distributed like in Bitcoin).  Duplicate tx (double spends) in Bitcoin can be easily made as the user has access to private key.  To prevent that Bitcoin uses the distributed consensus created by the blockchain and forwarding rules by nodes to make double spend attempts "easy but uneconomical".

With no central ledger each chip uses the public key of the sending chip, the signature or the tx, and a nonce to ensure that tx can't be faked.  If the tx is valid then the chip assumes it had to have been created by the sender's chip.  Given the private key is known only to the chip normally that is a valid assumption. If someone could extract the private key from the chip they could fake txs at will.  Essentially print money from nothing. For the system work nobody can ever extract the private key from any MintChip under any circumstances until the end of time.

Given the track record of "secret of a chip" systems it is an inevitability that someone will eventually be able to extract a private key and "counterfeit" funds.   Unlike physical counterfeiting there would be no incremental cost and counterfeit txs would be indistinguishable from valid txs.  Much like 51% attack is the Achilles heel of Bitcoin the extraction of private key from "the chip" is the Achilles heel of MintChip.

The "nobody not even user can know the secret key" limitation of MintChip creates some unique non-counterfeiting limitations:
a) deterministic wallets are impossible.  your chip is the wallet there is no exceptions.
b) backups of funds are impossible.  funds on lost/damaged chips are lost forever.
c) impossible to make "strongcoin" like limited trust ewallet services.  An ewallet provide will need physical access to "your chip" and thus 100% implicit trust is required.
d) unlike in Bitcoin double spends can't be detected.  Thus if fraud occurs the funds in circulation will be larger than the reserves held.  How this will be handled is unknown (central bank prints to cover the increase? fees remove funds from circulation?  exchange rate between physical CAD : mintchip CAD drops below 1:1?)

Wouldn't the negatives you just outlined also apply for buying Bitcoins.

1) Seller is exposed to potential counterfeiting
2) Buyer's acqusistion price includes those high fees.
3) Both parties are limited to a small number of coins.



The best thing about MintChip is increasing awareness of Bitcoin.  The first time someone runs into an artificial limit set by a central bank they will ask "Why?" and hopefully it is something like "Why does MintChip have a limit on tx but Bitcoin doesn't?"  or "Why do I need to buy this $10 chip only from the central bank but with Bitcoin I can use any free wallet?" or "Why does the value of my MintChips continually go down due to inflation but Bitcoin works with a predetermined minting rate?"

The design docs seem to indicate the chips will enforce a hard limit on the amount of funds which can be stored on each chip.  Of course the chips aren't free either.

So yeah I guess if you decide to buy 100 mintchips (at what $10 ea?) then pay a broker a fee for 100 loads on your 100 chips (will you even be able to do that, will broker's ask for detailed ID and limit one person to 1 active chip?) and hook them into a rats nets of usb cables and hub and use them to process 100x the enforced limit.

I doubt many people will do that.

What is the limit?  Well it is closed source and the specs don't state but I guarantee a limit will be enforced if no other reason than AML.  Also remember if a chip is hacked the amount of funds the central bank loses is directly related to the size of the chip (and # of tx that can be completed before blocking the hack) so there is another reason to limit both the max value on the chip and the max tx size.

What makes you think MintChip will be free?  Name on instance where a monopoly gives away its product for free?

I am imagining
1) you pay for the mint chip
2) you pay to load the chip or unload the chip
3) you pay a tx fee on each tx.
4) when central bank declares chip v1.0 obsolete you pay for a new chip and also pay an upgrade fee to transfer value from old chips to new chips.