Bitcoin Forum
October 26, 2025, 02:14:41 AM *
News: Pumpkin carving contest
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Open Transactions: untraceable digital cash  (Read 17430 times)
fellowtraveler (OP)
Sr. Member
****
Offline Offline

Activity: 440
Merit: 252


View Profile
August 17, 2010, 08:58:05 PM
 #1


Hello, I have recently written an open-source, digital cash library with a working server and test client. I think there is much potential for integration with a project like yours.  Or at least you might see value in raiding my code for Bitcoin. 

Here are some details about my release:



WHAT IS Open Transactions ?

-- It's a solid, easy-to-use, CRYPTO and DIGITAL CASH LIBRARY.
-- Including an operational CLIENT and SERVER.
-- It's OPEN SOURCE, and encapsulates a COMPLETE PROTOCOL for transactions.
-- It's object-oriented, and written in C++ using OpenSSL.
-- With a high-level API in C++, as well as Java! (JNI interface)
-- Easy Makefiles for Mac OS X and **LINUX**
-- Featuring:
................UNTRACEABLE DIGITAL CASH (real blinded tokens.)
................SECURE NUMBERED ACCOUNTS (an account is a public key.)
................TRIPLE-SIGNED RECEIPTS
................BASKET CURRENCIES
................SIGNED XML CONTRACTS
................MANY DIGITAL INSTRUMENTS: Cheques, Cash, Vouchers, etc..

          --------------------------

ARTICLES...

Wiki:    http://github.com/FellowTraveler/Open-Transactions/wiki

Chart of instruments:
http://github.com/FellowTraveler/Open-Transactions/wiki/Instruments

Sample cheque and voucher:
http://github.com/FellowTraveler/Open-Transactions/wiki/Sample-Cheque

Untraceable digital cash (bearer certificate):
http://github.com/FellowTraveler/Open-Transactions/wiki/Sample-Cash

Sample mint:
http://github.com/FellowTraveler/Open-Transactions/wiki/Sample-Mint

Sample currency contract:
http://github.com/FellowTraveler/Open-Transactions/wiki/Sample-Currency-Contract

        --------------------------

IN OVERVIEW, THE SOFTWARE FEATURES:

-- UNTRACEABLE DIGITAL CASH: Fully implemented! Cash withdrawals of any asset
type, using Lucre. (Ben Laurie's implementation of Wagner's variant on
Chaumian blinding.) Once cash is withdrawn, the server has no way of tracking
it or linking it back to its next deposit.

REPEAT: Digital Bearer Certificates--with denominations, mints, expiring
tokens, spent token database, the works--fully-operational and ready to
integrate with your mixnets, your digital gold currency (or silver), your
anonymous network nodes, your bittorrent clients, your remailers, your secure
voip apps, your nym servers, your snazzy, new, file-sharing client, and your
censorship-resistant, distributed data store. This is what you have been
waiting for! Real, open-source, digital cash.

As well as...

-- ANONYMOUS, NUMBERED ACCOUNTS, secured by public key cryptography. Your PGP
key is your account, and the hash of it is your User ID. No other information
is stored. Each user can create an unlimited number of asset accounts, of any
type, each with its own randomly-generated ID. As long as you connect over Tor
and take other similar precautions, there's no way to connect any of those
accounts to you. (See PKTP and DMT for examples of this concept.) You can also
create as many User IDs as you wish, each with its own key, and with your
wallet software managing all your user IDs and asset accounts across multiple
transaction servers and multiple asset types.

-- It's like PGP FOR MONEY. The idea is to build this so that it supports many
cash algorithms, not just Lucre. I'd like to add Chaum's version, Brands'
version, etc. So that, just like PGP, the software should support as many of
the top algorithms as possible, and make it easy to swap them out when
necessary.

-- TRIPLE-SIGNED RECEIPTS for account-to-account transfers. This allows the
client and server to agree on balances while simultaneously not storing any
transaction history. (Client may choose to store his own transaction history.)
No money can ever be transferred or withdrawn without an authorizing signature
from the account owner. See Bill St. Clair's excellent Trubanc for an example
of this.

-- ANYONE AN ISSUER. Any user can design and issue his own currency: Simply
upload the currency contract to any server. Anyone else with a copy of that
contract can open an asset account in the new currency type. The currency
contract is just an XML file with your digital signature on it. Hashing that
file produces the currency ID, which is therefore unique and consistent across
all servers. It's impossible to change any details of the contract, including
the URL, the signature, or the public key, without entirely changing the
contract's ID. To those in the know, this means that Open Transactions
supports the 'Ricardian Contract'.

-- BASKET CURRENCIES. Open Transactions can distribute a single currency
across MULTIPLE ISSUERS. How is this possible? Users can define basket
currencies, which the server treats the same as any other currency, but which,
behind the scenes, are each simply a list of 5, 10, or 100 OTHER currency
contracts. The issuance is delegated to a basket of other currencies. Users
can easily define baskets, open accounts based on basket types, and exchange
in and out of these basket currencies using the client software. Baskets are
an important example of the distribution of risk that I believe is necessary
to make digital cash unstoppable online.

-- DISTRIBUTION OF RISK ACROSS MULTIPLE TRANSACTION SERVERS, IN MULTIPLE
JURISDICTIONS. The wallet software can store an entire list of transaction
servers. Every new server contract that you import to the wallet puts a new
server on the list. There will be many such servers, run by multiple entities
and run in multiple jurisdictions. Many will run openly and with full access
to their local court system. Others will run on anonymous networks. Users will
be able to individually choose a server for a certain transaction or even
distribute their assets transparently across a list of different servers.

-- DISTRIBUTED ACCOUNTS. Your wallet software could display a single asset
account to you, which it is actually distributing across a list of 10 or 100
servers behind the scenes, using the open transactions protocol. Of course,
you choose the servers, the number, the algorithm, etc. and it's a trust
market. In the future, this software will eventually merge into the next
generation of anonymous networks. You can be a part of it.

-- SEPARATION OF POWERS. The entities operating the servers are not actually
issuing any currencies. Meanwhile the Issuers are not operating any
transaction servers. Neither one of them is performing exchanges in or out of
the normal banking system, since those services are handled by exchange
providers in the various local jurisdictions (all separate entities.) This
provides a lot more legal legitimacy and protection to all of the entities
involved. Meanwhile all risk is distributed. The issuers distribute their risk
across multiple storage companies, and the users distribute their risk across
multiple issuers (using basket currencies) and across multiple transaction
servers (via their wallet software.)

The idea of separation of powers was first highlighted to me by Loom where
there are many different issuers on a single server. This led me to explore
further along the idea of separating and distributing risk across multiple
issuers, and multiple servers, which is what led to the development of Open
Transactions.

This product includes software developed by Ben Laurie for use in the Lucre
project.


co-founder, Monetas
creator, Open-Transactions
em3rgentOrdr
Sr. Member
****
Offline Offline

Activity: 434
Merit: 252


youtube.com/ericfontainejazz now accepts bitcoin


View Profile WWW
August 19, 2010, 02:41:32 AM
 #2

Fascinating.  Unlike bitcoin, which is pseudonymous, OpenTransactions is claimed to be actually anonymous.  I will have to study it some more, though. 

Are you aware of any potential drawbacks or flaws or weaknesses?

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
fellowtraveler (OP)
Sr. Member
****
Offline Offline

Activity: 440
Merit: 252


View Profile
August 19, 2010, 03:22:34 AM
Last edit: August 19, 2010, 03:36:36 AM by fellowtraveler
 #3

Fascinating.  Unlike bitcoin, which is pseudonymous, OpenTransactions is claimed to be actually anonymous.  I will have to study it some more, though.  

Are you aware of any potential drawbacks or flaws or weaknesses?

The accounts are numbered (they are PGP keys) so in this respect, they are pseudonymous.

The digital cash is untraceable. Meaning, you can see that account# 38272 exchanged a token, but you don't know where it came from, and you won't know where he spends it. (Because the token was blinded when the bank first issued it.) In fact, you don't even know if he's just exchanging the same token over and over again because he's bored. To learn more about this, google about Chaumian blinding.

Then by adding an HTTPS interface, you gain full anonymity for cash token exchanges (as long as the user connects over Tor). But of course, in this case the user doesn't have access to cheques, transfers, or cashier's cheques, since he is now operating "cash-only".


co-founder, Monetas
creator, Open-Transactions
Red
Full Member
***
Offline Offline

Activity: 210
Merit: 116


View Profile
August 19, 2010, 03:28:14 AM
 #4

Yes this is interesting. I need to do more research befor I can say anything interesting too! Kudos though!
 
Anonymous
Guest

August 19, 2010, 04:29:56 AM
 #5

The only problem with this system is that you called it digital "cash".I like everything else about it though. Smiley

fellowtraveler (OP)
Sr. Member
****
Offline Offline

Activity: 440
Merit: 252


View Profile
August 19, 2010, 04:54:44 AM
 #6

The only problem with this system is that you called it digital "cash".I like everything else about it though. Smiley

Cash is the most accurate analogy.

When you withdraw cash from the bank, and then later someone else deposits it, the bank has a record of a withdrawal and a deposit, but they don't know that it's the SAME cash, and they don't know who had it in between, or how many hands it passed through along the way. They simply can't trace it.  These traits are also true of digital cash.

The other digital instruments are much the same as the physical equivalents:
- account transfer (a PGP-signed message, given directly to the bank, transferring funds to some other account),
- digital cheque (a signed message, given to the recipient, authorizing bank to transfer funds when presented),
- digital vouchers (like a cashier’s cheque. Funds are transferred to bank, who then issues a cheque. Bank becomes payer.),
- digital cash (Like a real cash withdrawal. Funds are transferred to bank, who then issues blinded, untraceable, bearer certificates),

Remember, physical cash is not the actual value, it is only a transfer mechanism. YOU have to trust your government that your physical cash is BACKED with real value. (Good luck.)

Digital cash is also NOT actual value, it is ONLY a transfer mechanism. YOU have to trust the issuer of that cash, and the contract he used to issue it, if it is backed with real value.  And that is why Open Transactions is designed as best possible to distribute risk across multiple issuers (through basket currencies) as well as distributing risk in other ways (across multiple transaction servers, across a diversity of jurisdictions, etc)

In Open Transactions, anyone can issue a currency type and the users can decide what they want to trade and who they want to trust.

 

co-founder, Monetas
creator, Open-Transactions
Anonymous
Guest

August 19, 2010, 06:15:24 AM
 #7

The only problem with this system is that you called it digital "cash".I like everything else about it though. Smiley

Cash is the most accurate analogy.

When you withdraw cash from the bank, and then later someone else deposits it, the bank has a record of a withdrawal and a deposit, but they don't know that it's the SAME cash, and they don't know who had it in between, or how many hands it passed through along the way. They simply can't trace it.  These traits are also true of digital cash.

The other digital instruments are much the same as the physical equivalents:
- account transfer (a PGP-signed message, given directly to the bank, transferring funds to some other account),
- digital cheque (a signed message, given to the recipient, authorizing bank to transfer funds when presented),
- digital vouchers (like a cashier’s cheque. Funds are transferred to bank, who then issues a cheque. Bank becomes payer.),
- digital cash (Like a real cash withdrawal. Funds are transferred to bank, who then issues blinded, untraceable, bearer certificates),

Remember, physical cash is not the actual value, it is only a transfer mechanism. YOU have to trust your government that your physical cash is BACKED with real value. (Good luck.)

Digital cash is also NOT actual value, it is ONLY a transfer mechanism. YOU have to trust the issuer of that cash, and the contract he used to issue it, if it is backed with real value.  And that is why Open Transactions is designed as best possible to distribute risk across multiple issuers (through basket currencies) as well as distributing risk in other ways (across multiple transaction servers, across a diversity of jurisdictions, etc)

In Open Transactions, anyone can issue a currency type and the users can decide what they want to trade and who they want to trust.

 


I meant that governments dont like it when you mention "cash" and anonymous,untraceable pgp transactions in the same sentence Smiley.Not that it isnt analogous to currency!

chaord
Full Member
***
Offline Offline

Activity: 218
Merit: 101


View Profile
August 20, 2010, 02:35:18 AM
 #8

FellowTraveler:

I was hoping that more people would comment in this thread, and I'm wondering if I'm missing something.  Perhaps you could elaborate on exactly how you envision integration of your library with the Bitcoin project?  It looks to me like the two projects could be quite complementary.  I would be curious to know (since I'm not a developer for either) what features are unique to each project?  Which aspects of each project is superior?  Thanks.
mizerydearia
Hero Member
*****
Offline Offline

Activity: 574
Merit: 513



View Profile
August 20, 2010, 03:16:38 AM
 #9

I, for one, welcome our new anonymous, untraceable pgp transaction cash overlords!
fresno
Member
**
Offline Offline

Activity: 94
Merit: 10


View Profile
August 20, 2010, 03:18:30 AM
 #10

I'm dubious, and here's why. You contract says:

"DIGITAL SILVER GRAMS are payable to bearer in physical silver grams, at any exchange provider supporting our contract..."

Is there one within, say, fifty miles of where I live?

"Silver Grams are audited monthly by highly trusted people."

Do I know any of them?

"Make sure this contract is enforceable in your jurisdiction."

Or it's not enforceable. Right?

"Silver and its maker, God, are solely liable to perform according to the conditions specified in this contract."

Aren't the exchange providers, or the highly trusted people liable as well?

"Any server operator using this contract will not issue any more silver digital currency than he actually has in physical silver."

But who's to stop him if he's not liable, and the contract is not enforceable in my jurisdiction?

Anonymous
Guest

August 20, 2010, 04:13:59 AM
 #11

What if you could encrypt your bitcoin transaction with pgp before you sent it out which would then be unencrypted using your key on the other end?
chaord
Full Member
***
Offline Offline

Activity: 218
Merit: 101


View Profile
August 20, 2010, 04:23:15 AM
 #12

What if you could encrypt your bitcoin transaction with pgp before you sent it out which would then be unencrypted using your key on the other end?
Yeah, I was thinking the same thing.  I think it would be pretty neat to actually send someone some bitcoins via email so that they can seed their account.  Sending coins over the social networks like Facebook would be pretty cool too.  Bottom line, I'm all for bringing Bitcoin to the masses ASAP Smiley
Anonymous
Guest

August 20, 2010, 06:41:42 AM
 #13

What if you could encrypt your bitcoin transaction with pgp before you sent it out which would then be unencrypted using your key on the other end?
Yeah, I was thinking the same thing.  I think it would be pretty neat to actually send someone some bitcoins via email so that they can seed their account.  Sending coins over the social networks like Facebook would be pretty cool too.  Bottom line, I'm all for bringing Bitcoin to the masses ASAP Smiley

Set up a series of mybitcoin accounts and send people the login details.They dont even need a client to use it that way. Smiley

https://www.mybitcoin.com/open-account.php


fellowtraveler (OP)
Sr. Member
****
Offline Offline

Activity: 440
Merit: 252


View Profile
August 20, 2010, 10:10:19 AM
 #14

I'm dubious, and here's why. You contract says:

"DIGITAL SILVER GRAMS are payable to bearer in physical silver grams, at any exchange provider supporting our contract..."

Is there one within, say, fifty miles of where I live?

"Silver Grams are audited monthly by highly trusted people."

Do I know any of them?

"Make sure this contract is enforceable in your jurisdiction."

Or it's not enforceable. Right?

"Silver and its maker, God, are solely liable to perform according to the conditions specified in this contract."

Aren't the exchange providers, or the highly trusted people liable as well?

"Any server operator using this contract will not issue any more silver digital currency than he actually has in physical silver."

But who's to stop him if he's not liable, and the contract is not enforceable in my jurisdiction?


Sorry to confuse you -- that silver contract is only a sample used for testing. Obviously the users will have to issue the real currencies, and choose which ones they want to trade in.  I'm not issuing any currencies myself, I merely wrote the code.


co-founder, Monetas
creator, Open-Transactions
fellowtraveler (OP)
Sr. Member
****
Offline Offline

Activity: 440
Merit: 252


View Profile
August 20, 2010, 10:30:11 AM
 #15

FellowTraveler:

I was hoping that more people would comment in this thread, and I'm wondering if I'm missing something.  Perhaps you could elaborate on exactly how you envision integration of your library with the Bitcoin project?  It looks to me like the two projects could be quite complementary.  I would be curious to know (since I'm not a developer for either) what features are unique to each project?  Which aspects of each project is superior?  Thanks.


Biggest advantage of Bitcoin, IMO:
-- Decentralized and distributed.

Unlike this, Open Transactions still has a client and a server. But I have designed it still to distribute risk as best as possible (using basket currencies to distribute risk across issuers, using wallet software to distribute accounts across multiple servers, etc.)

Ultimately, fully-decentralized and distributed is where things are going, so Open Transactions will evolve to become more and more like this. In my opinion, this will happen first on the client side. An OT client could be written that is also a Bitcoin node, and even also a Ripple node as well.  In fact, over the long time I think it will also merge with anonymous networks. I think there is a lot of potential for development on the client/node/wallet side where all these sorts of technologies will start to be tied together.

Another advantage of Bitcoin:
-- Currency backing cannot be counterfeited.

Bitcoin is curiously similar to gold -- perfectly fungible, evenly divisible, stores value in some esoteric way (so far), can't be counterfeited, can't be printed en masse by national governments...


Disadvantages of Bitcoin:
-- more traceable (then again not EVERY instrument has to be untraceable)
-- no choice of backing

With Bitcoin you can't choose to issue a currency based on gold, or based on silver, or based on a basket of dollars, bitcoins, and gold. You are restricted to one backing: computing power. This is all well and good, and in fact I think it's a really cool idea, but it also means that there will still be a demand for software that allows people to issue specific currency contracts and trade in them--especially if they have the option to do so untraceably.

As I said before, I think for my own project, the best place for Bitcoin is some sort of integration with my client side. 

What kind of value I can offer to Bitcoin? Like I said before, maybe you will find something useful in my code that you can raid for your own project. Open Transactions is an entire Crypto and Digital Cash library, so it's possible someone will have some other use for the classes in the library that I haven't even thought of. That's why I want to get it out into the hands of people like you.

co-founder, Monetas
creator, Open-Transactions
fresno
Member
**
Offline Offline

Activity: 94
Merit: 10


View Profile
August 20, 2010, 01:38:02 PM
 #16

Come on people. This guy is trying to introduce us to his program. Let's give him a little respect and talk about IT.

You want to get this kind of reception when we go to other projects?

Red
Full Member
***
Offline Offline

Activity: 210
Merit: 116


View Profile
August 20, 2010, 04:10:14 PM
 #17

Truly traveller it is veer interesting and much more up my alley than bitcoin. However there is so much more to analyze and learn than with bitcoin.

It makes one feel a little slow and behind the curve.

-----

So let's start with a noob question. Is it in use anywhere? Is there annother community forum somewhere that I can go  and lurk in?
fellowtraveler (OP)
Sr. Member
****
Offline Offline

Activity: 440
Merit: 252


View Profile
August 21, 2010, 08:09:37 AM
 #18

Truly traveller it is veer interesting and much more up my alley than bitcoin. However there is so much more to analyze and learn than with bitcoin.

It makes one feel a little slow and behind the curve.

-----

So let's start with a noob question. Is it in use anywhere? Is there annother community forum somewhere that I can go  and lurk in?

At this point it is only a library (and server, and test client.) so it's really meant for developers only, and future prospective server operators and issuers. Looking at low-level details I can understand how complicated it might seem.

But when a nice Android client is available, or a nice iPad client, then hopefully it will not be something that requires much analysis at all. It should be something that Grandma can use.  She can add new currencies to her wallet, and new ID cards (pgp keys), and she can open new accounts in any currency type, and she can write cheques on those accounts, and she can transfer to other accounts directly, and she can even withdraw in digital cash form, or get a cashier's cheque.  She'll have some Mac app for doing it with drag and drop.

co-founder, Monetas
creator, Open-Transactions
EconomyBuilder
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 21, 2010, 09:23:07 PM
 #19

Blinded cash issuers (using for example this system) and the bitcoin system could make a pretty good combination.  It could be similar to how private banks kept gold reserves and issued bank notes:

* Use bitcoin or a modified bitcoin/RPOW/bitgold like system to create a securely auditable, unforgeable, public, non-anonymous "high power money" analogous to gold.

* Issuers (or "banks") of securely anonymous (blinded) bank notes keep bitcoins as reserves.  By analyzing their public bitcoin chains, any customer can audit the reserves of any of these issuers.

Those who don't care about their privacy or who want to be issuers with trustworthy reserves can use bitcoins directly, while cash customers who like their privacy can use the securely anonymous blinded cash.   That forms a two-tier system, analogous to the old privately issued money system that involved mining and storing gold (bitcoins) and issuing bank notes backed by gold (anonymous cash backed by bitcoin reserves).

The whole system could be far more secure than the old gold-reserve + banknote system, because the "gold" is more difficult to steal but far easier to securely audit, and the "bank notes" far harder to counterfeit and (especially against modern investigation techniques) more difficult to trace/identify users.   The "gold window" for these banks could be far more secure from various threats than in the old private bank note issuers.  And it's all conveniently online.

So my take is to take advantage of the public and basically non-anonymous nature of bitcoin/RPOW type systems to securely audit people who claim to own X of them (such as currency issuers), while using blinded digital cash for transactions where privacy is more important than public audit.
Anonymous
Guest

August 23, 2010, 04:02:32 PM
 #20

Blinded cash issuers (using for example this system) and the bitcoin system could make a pretty good combination.  It could be similar to how private banks kept gold reserves and issued bank notes:

* Use bitcoin or a modified bitcoin/RPOW/bitgold like system to create a securely auditable, unforgeable, public, non-anonymous "high power money" analogous to gold.

* Issuers (or "banks") of securely anonymous (blinded) bank notes keep bitcoins as reserves.  By analyzing their public bitcoin chains, any customer can audit the reserves of any of these issuers.

Those who don't care about their privacy or who want to be issuers with trustworthy reserves can use bitcoins directly, while cash customers who like their privacy can use the securely anonymous blinded cash.   That forms a two-tier system, analogous to the old privately issued money system that involved mining and storing gold (bitcoins) and issuing bank notes backed by gold (anonymous cash backed by bitcoin reserves).

The whole system could be far more secure than the old gold-reserve + banknote system, because the "gold" is more difficult to steal but far easier to securely audit, and the "bank notes" far harder to counterfeit and (especially against modern investigation techniques) more difficult to trace/identify users.   The "gold window" for these banks could be far more secure from various threats than in the old private bank note issuers.  And it's all conveniently online.

So my take is to take advantage of the public and basically non-anonymous nature of bitcoin/RPOW type systems to securely audit people who claim to own X of them (such as currency issuers), while using blinded digital cash for transactions where privacy is more important than public audit.

Thanks for an excellent post.You should post a bitcoin address to receive hash cookies for it  :)One thing is for sure - banks today dont let you go into their vault and see their reserves easily.I wonder how much gold is left in fort knox ? The answer is either zero or it is fool's gold - gold plated tungsten ?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!