Mint Chip Technical Details

[Steve]

That information isn't provided in the very limited docs provided.  My assumption would be that all valid public keys have some cryptological property that allows identification.

IIUC they do. All chips (not just brokers) have a cert connected to the MintChip CA chain.

Cryptographically it's very straightforward and traditional. There is no support for anything resembling contracts or other complex transactions. You sign messages saying "increment your balance by X", and that's about it.

I'd like to see MintChip gain some of the features of Bitcoin, protocol wise. Cryptography based currencies are a new design space and can use some competition around different approaches. My gut feeling is that a hybrid solution would be best - using hardened chips can help Bitcoin, by making zero-conf offline transactions dramatically less risky, and a block chain can help MintChip by removing the "key leak = system doom" failure mode that undermines it today.

I can imagine three primary scenarios:
1) transactions secured by the bitcoin network as usual (subject to transactions fees, and waiting for confirmations, etc)
2) transactions using a privately issued coinage that is backed by bitcoin (enables near instant confirmations, zero fee micro transactions)
3) offline transactions using a privately issued coinage that is backed by bitcoin and using a mintchip like device for security (instant confirmation, zero fees, disconnected operation)

People would be able to select the type of transaction that's most appropriate for the features they need and the risk they're willing to assume. 

P.S. I really hate that some of the regulatory uncertainty is likely stifling innovation in this area.

[1713940823]

1713940823

[1713940823]

1713940823

[1713940823]

1713940823

[1713940823]

1713940823

[1713940823]

1713940823

[kjj]

I'm going to assume it's exactly like the Visa/MC chips where it generates a unique handshake per transaction and somebody standing 10ft from you holding a RF reader bought from ebay can steal your coins and spend them without you ever knowing.

you need to be about an inch away but otherwise 100% accurate

Rebuttal

[cbeast]

...I bet before the end of the year either Apple will finally approve a Bitcoin app or there will be a nifty HTML5-based web wallet I can use on my iPhone...

Apple should not only accept Bitcoin, but should be creating hardware and apps if they want to stay relevant. Bitcoin will likely do to iTunes what mp3s did to Musicland.

[Phinnaeus Gage]

...I bet before the end of the year either Apple will finally approve a Bitcoin app or there will be a nifty HTML5-based web wallet I can use on my iPhone...

Apple should not only accept Bitcoin, but should be creating hardware and apps if they want to stay relevant. Bitcoin will likely do to iTunes what mp3s did to Musicland.

Steve jobs, via proxy: I approve this message.

[Sukrim]

...I bet before the end of the year either Apple will finally approve a Bitcoin app or there will be a nifty HTML5-based web wallet I can use on my iPhone...

Apple should not only accept Bitcoin, but should be creating hardware and apps if they want to stay relevant. Bitcoin will likely do to iTunes what mp3s did to Musicland.

Why didn't it do this then yet after _years_ of existence?

Back to MintChips:
It might still be interesting to use them for buying Bitcoins and use them as "digital cash". One of the questions that remains for me is: "Is it theoretically possible that transactions get reversed under any circumstance?".

If for example my chip has been loaded with double-spent Dollars without my knowledge, would I be denied that money at the next reset or not?

[Etlase2]

Rebuttal

perhaps you'd be able to power them on, but it is a two-way session and you are going to have to get a signal from the 5mm (wild ass guess) antenna inside the card back to you reader. gl w/that

besides, canada uses chips already on their cards (at least for debit) that require you to put the card physically in a machine. not a big stretch to think that they might use the same system here

[kjj]

Rebuttal

perhaps you'd be able to power them on, but it is a two-way session and you are going to have to get a signal from the 5mm (wild ass guess) antenna inside the card back to you reader. gl w/that

besides, canada uses chips already on their cards (at least for debit) that require you to put the card physically in a machine. not a big stretch to think that they might use the same system here

Quite the opposite, actually.  Getting power into the inductor to activate the chip is the hard part.  Eavesdropping on the RFID handshake from dozens of feet away is easy.  And when I say "easy", I mean don't take your RFID tags to Vegas when Defcon is in town.

[Gavin Andresen]

If for example my chip has been loaded with double-spent Dollars without my knowledge, would I be denied that money at the next reset or not?

Good question. They're the Mint, so I bet they'll handle that the same way they handle somebody showing up at a bank with a bunch of counterfeit $100 bills: they'll ask you where you got them, and either throw you in jail (if they don't like your story) or tell you to be more careful about who you deal with and maybe direct you to some technology to help detect counterfeits in the future. But they won't let you deposit them or trade your bad money for good.

[Sukrim]

On the other hand there is a nice talk about some SmartCards in Switzerland (http://www.youtube.com/watch?v=haDWFtMmZRs) where the authors were able to counterfeit and it's not very clear if the issuers did even notice. Similar systems are in use already for years in other countries too and even though it might be possible that there is also fraud going on, I haven't heard of any major arrests or anything like "100k Euro counterfeited in electronic money". More recently there was also a talk at a Chaos Communication Congress about a MIFARE system that was initially used for microtransactions (bus tickets) but got so popular that they decided that they expand it for bigger transactions. As it turned out, the money value there is just an integer stored in plaintext...

Of course here it seems like there's a more sophisticated system, but all in all to be safe you might need to reset your chip after every transaction you got as fast as possible to make sure you are the first one claiming an incoming transaction (I guess that double spends would be resolved like this).

Anyways, even though offline transactions are allowed and possible, you can only do a couple hundred of them, then you need to "Reset", most likely giving the transaction log to a central authority and not just deleting it. This means even if you manage to get transactions on your MintChip (which has a unique ID) only offline and want to cash out your 500 $ in 2 years the mint knows much earlier your likely balance + money flows, as most of the people will submit their transactions ("I transferred x amount of currency y to MintChip ID z") before that time.

Similar to the blocks in Bitcoin, that set transactions "in stone", the "Reset" mechanism in MintChips seems to be the way to detect and prevent double spending. Maybe they are even OK with double spends, maybe later they'll just include a "blacklist" of evil MintChip IDs that were used in double spends, since it's likely that it will be costly to extract a private key in the first place?

[zer0]

Rebuttal

perhaps you'd be able to power them on, but it is a two-way session and you are going to have to get a signal from the 5mm (wild ass guess) antenna inside the card back to you reader. gl w/that

besides, canada uses chips already on their cards (at least for debit) that require you to put the card physically in a machine. not a big stretch to think that they might use the same system here

Nobody I've seen in Canada requires the chip. Everybody is getting a new card w/a chip but there's still plenty of standard mag stripe readers around in case the customer doesn't have a chip. In fact every single store, and every private street ATM I've ever seen still uses the standard swipe model.

That Yagi-Uda antenna is crazy. I could see somebody like Max Vision setting it up in a hotel in my city and capturing hundreds of cards per hour, and now mintchips.

[ribuck]

Thus I am not sure the claim of even even psuedo-anonymity can be made. 

If they really intended to make something as anonymous as cash...

I don't see any evidence that they ever intended it to be anonymous or even pseudo-anonymous. The official docs say that "no personal data is exchanged in the transaction", but that means the transaction between the buyer and the merchant. The block diagrams show that the chip's value is loaded from and redeemed to a linked bank account.

So the merchant may not know who you are, but the "trusted agent" surely does, and by extension you are not anonymous to the Mint and the Govt.

[FreeMoney]

Thus I am not sure the claim of even even psuedo-anonymity can be made. 

If they really intended to make something as anonymous as cash...

I don't see any evidence that they ever intended it to be anonymous or even pseudo-anonymous. The official docs say that "no personal data is exchanged in the transaction", but that means the transaction between the buyer and the merchant. The block diagrams show that the chip's value is loaded from and redeemed to a linked bank account.

So the merchant may not know who you are, but the "trusted agent" surely does, and by extension you are not anonymous to the Mint and the Govt.

But you can use any mint chip you get right? The merchant doesn't get any info from the device so he can't know if it is 'yours'. I guess they could make selling, giving, and losing chips illegal.

[Sukrim]

If I can get a physical MintChip from someone else, I could get cash too...

One could carry 2 chips: 1 to pay, 1 for transferring excess money to. Anyways I guess except for some people who like fancy NFC applications, physical exchange of fiat value is not one of the strongest points of anything but cash money (100% no transaction fees, hard enough to fake for the average person, no limits, quite anonymous).

I personally don't even care that much about anonymity in digital currencies - I have bitcoin for that. My biggest and foremost concern is the chance to end up with less digital money than you paid in fiat money for whatever reason (reversed transaction, double spend reversal after the "Reset" by the bank/mint, horrendous fees, chips being invalidated and me unable to cash back out...). Who assures me that the Canadian Mint won't "do a Dwolla" and suddenly after some time start to reverse transactions or claim they were illegal/invalid after they happened? If this is somehow part of an e-money system I would even buy it if every coin has my face on it - as soon as I buy Bitcoins with it subsequently, it won't matter anyways any more.

[cbeast]

I think this also shows the importance of developing physical Bitcoin devices that are cheap (or re-useable) and secure.

[Phinnaeus Gage]

Thus I am not sure the claim of even even psuedo-anonymity can be made.  

If they really intended to make something as anonymous as cash...

I don't see any evidence that they ever intended it to be anonymous or even pseudo-anonymous. The official docs say that "no personal data is exchanged in the transaction", but that means the transaction between the buyer and the merchant. The block diagrams show that the chip's value is loaded from and redeemed to a linked bank account.

So the merchant may not know who you are, but the "trusted agent" surely does, and by extension you are not anonymous to the Mint and the Govt.

This is interesting! Let's say I have a MintChip account set up where I fund it via my bank account. I then have another MintChip account not linked to any banking institute. I transfer funds from the first account to the second one. How anonymous/pseudo-anonymous am I now?

~Bruno~

[ribuck]

... I then have another MintChip account not linked to any banking institute ...

I doubt they will issue a MintChip not linked to any banking institute, but we shall have to see.

[Sukrim]

This is interesting! Let's say I have a MintChip account set up where I fund it via my bank account. I then have another MintChip account not linked to any banking institute. I transfer funds from the first account to the second one. How anonymous/pseudo-anonymous am I now?

~Bruno~

I guess you'd hardly be able to get one without any links to anything, but let's assume you have:
Latest 499 transactions of the "linked" chip later, the mint will know you sent X $ to the anonymous chip with ID#12345.
Also any purchase you make with that anonymous chip will likely reach the mint, even if you never ever reset your chip yourself.

You would need a 2nd "unmarked" chip where you transfer the funds from chip #1 and destroy that one afterwards. This way the mint only knows that X $ were sent to Chip #12345 but never got to know the transaction of X$ from #12345 to #23456. In the end though you will have to use that chip with someone who resets his/her chip eventually (merchant accounts for example are most likely even online 24/7) and depending on the transaction design it's likely that then you can backtrace all previous transactions to your "generation transaction" when you gave the bank X $ and received a chip for it. This could work similar to Bitcoin, where you can calculate for every coin that you get in which block it was originally generated.
As soon as all X $ from your generation transaction have reached the bank again, they could "prune" that transaction from their books (or in reality: archive them inhouse and at the NSA). I can only speculate what will happen if someone comes with another valid transaction originating from the same X $ generation transaction after already all X $ were spent - in Bitcoin it would be simply rejected, in MintChip (depending on fees and actual system design) they either won't care about these peanuts and write it off, won't find out because the system is badly designed or won't pay you, risking bad publicity.

* I used "mint" as "central authority" here, it could be a bank or a sub business from the canadian mint in reality. All of the above is speculation and might not reflect the actual system design at all.

[FreeMoney]

If I can get a physical MintChip from someone else, I could get cash too...

One could carry 2 chips: 1 to pay, 1 for transferring excess money to. Anyways I guess except for some people who like fancy NFC applications, physical exchange of fiat value is not one of the strongest points of anything but cash money (100% no transaction fees, hard enough to fake for the average person, no limits, quite anonymous).

I personally don't even care that much about anonymity in digital currencies - I have bitcoin for that. My biggest and foremost concern is the chance to end up with less digital money than you paid in fiat money for whatever reason (reversed transaction, double spend reversal after the "Reset" by the bank/mint, horrendous fees, chips being invalidated and me unable to cash back out...). Who assures me that the Canadian Mint won't "do a Dwolla" and suddenly after some time start to reverse transactions or claim they were illegal/invalid after they happened? If this is somehow part of an e-money system I would even buy it if every coin has my face on it - as soon as I buy Bitcoins with it subsequently, it won't matter anyways any more.

You get it from someone one time and now you have anonymous money that you can use to pay anyone anywhere right? That's way different than cash.

I'm just saying if the chips don't require ID to use there isn't any way for anyone to be sure who is using it now.

[Sukrim]

You leave a much larger "paper trail" though, similar to an IP address. Maybe it can be compared with cookies/unique IDs on websites or the IMEI in GSM phones.

I don't think they are interested in exaclty tying 1 MintChip to 1 physical person but keeping tight profiles and the ability to be able to identify persons if needed or at least follow their paper trail seems to be in the system design. With cash this is also possible btw. but nearly no business I know of cares about logging serial numbers and logging which customer got which bill.

[evoorhees]

I don't think this has been posted yet, but here are devkit photos and some details.

http://burnsmod.com/development/2012/04/14/MintChip-DevKit-Pictures-And-Information/