That was exactly my first thought, but I now think the idea is doable. I think it can be done if there is a trusted third party.
The trusted third party manufactures devices that can communicate with each other securely to transfer dollars between them. The device would also need to have a way to prove that it is authentic. Of course, the device would need to be tamper-proof. It is assumed that the device won't send more dollars than it has, and it correctly credits dollars that it receives and debits dollars that it sends.
I think that is all it takes.
if its just about having a trusted device manufacturer. and not where the value needs a trusted third party multisig co-signer to validate the value at its creation. then thats flawed
first lets deal with the hardware trust... ever heard of card cloning.
even mastercard cant solve card cloning.
credit card scammers do not need to un-hash the secret key of a debit card. they just need to duplicate the binary onto multiple devices as-is.
heck you dont even need to purchase a mastercard plastic debit card from mastercard. you can get OEM(unbranded) cards from anywhere. heck you can even use your phone to broadcast the 'tap to pay' data
no bruteforce necessary of the key.. just duplicate the data as-is.
it does not matter if its stored on magnetic strip, simcard chip or nfc ring loop chip.. data is data.
EG most people think people car alarm fobs/dongles are secure because each device is encrypted to only send out a signal that the specific car is also aware of. but that requires a pairing of devices where both sender and recipient are pre-setup and contracted together from the start.. and can check each others validity. and only the two can communicate/understand each other. which then limits its operability only be between 2 people..
also if i have access to a fob. i dont need to bruteforce the encryption. i can just duplicate the chip data as is and put it on many fobs and then have many car alarm fobs.
(EG no one can brute force your phone that has encryption from the outside. but they can clone the phone and have many instances of the same phone)
thus it then becomes up to the users to ensure no one else has that same fob/phone/housekey or access to your fob/phone/housekey. which then creates the flaw of passing the value on. because the old recipient could have duplicated it, passed on one copy whilst keeping one copy(yep change your house door locks guys when you buy/rent a new house, the old owner/tenant might still have the keys to steal your wife's underwear)
EG without network auditing.. without vendor pairing. without processing through only one vendor
if mastercard creates value onto a card.. but visa also could accepts the value without checking with mastercard. then people can not only make multiple cards to spend through many retailers...
which would then require the retailers to check with visa that visa has not seen customers making multiple attempts in other retailers..
but also spend value once with mastercard. once with visa and once with american express and once with diners club. and 4x the value spent.. unless.. visa, mastercard, american express, diners club also inter-communicate
but.. because visa is not communicating in a no network/offline scenario that they received/processed a payment via a mastercard. then expect flaws
the next option is a middleman being a liquidity provider and co-signer where they give the customer the liquidity and are part of the signing/authorisation process so funds flow/route through them and only them. in a network.. that only accepts single spends through them
debit card cloning only allows one payment to be accepted by mastercard.. because mastercard is part of the payment route.. you can only make a mastercard payment via a retailer that is linked to mastercard.. no mastercard service, no way of paying the retailer with mastercard..
but even then, that means the real owner loses out because a cloner has spent their value. which is where even mastercard, a trusted vendor of debit cards has its flaws where it cant stop cloning. and so funds get spent by scammers.
yep even now, decades on.. mastercard cannot prevent card cloning..
EG bitcoin hardware wallets. do not care if private keys are on multiple devices. because the important thing is people trust the blockchain to then validate a winning recipient. by only logging/accounting for only one recipient in the ledger. but that still requires people to ensure no one steals and then clones their devices/keys. because once confirmed.. there is no refund policy..
mastercard cant stop cloning, so instead they offer refunds if scammed.
which in-of-itself can then get scammed by people making genuine payments for goods, getting the goods and then claiming they got scammed to get a refund, and then re-spend that value again
anyway i digress..
it does not matter if i have a dozen wallets with the same key... as long as only i have those dozen wallets. i have to ensure no one clones my wallet, because if they do. i lose my value
..
the next flaw to overcome. is if there is no network enforcement of the locked funds of the partnership between customer and vendor, then the vendor can assign the same value over multiple accounts
(fractional reserve)
so the next thing would be to publicly announce each account so that everyone can check that the value lock is not duplicated. and then also enforce that each lock is confirmed into a unique partnership only spendable by a proven lock of both partners, where there is a path/route/taint to show the value of the individual account is assigned by true previous taint of its initial value creation/mined coin/premine
this then becomes a choice of.. does it have one central auditor at the top. in private thus customers dont see the liquidity paths.. or do the public see it where there is no central auditor. but requires the public to enforce the rules of no duplicity. or do the vendors in the middle audit each other and their customers
a certain network(i shall not name) allows:
a 'feature' (quoted loosely) where locks can be created from unconfirmed txids.
but also
account(channel) openings where one partner was not part of the confirmation of the txid, even if it were confirmed txid value(new channels but using 3 year old funding locks).
(hint: if a network gives out liquidity/value without a confirmation process involving your pubkey at the channel opening session, calling it 'instant inbound liquidity' then expect double spend possibility)
yep. if you open a channel with a partner. but the funding lock is not fresh and not involving your public key in a confirmed tx. where the funding lock is X years old.. expect that value to be at risk. because you are not linked to it in any hard rule
these 'features'(as they call it) of giving value where there is no co-partner involvement in the lock. then also requires by default not only publicly announcing every account(channel) lock ID to ensure no duplicates. but also a hard rule to reject any instance of seeing duplicates.
(yet. the network i shall not name does not enforce the latter, heck even the broadcasting of channel ID's is not enforced as a hard rule.. they noticed the flaw of privacy, so started to take away private channels by default. but still not enforced the rejection of channels that are duplicated)
