Open Transactions is certainly interesting. How do you prevent someone from just creating more coins though ?
I love good questions.
This is actually two
1. How do you prevent the issuer from just creating more coins?
2. How do you prevent a transaction server from just creating more coins?1. How do you prevent the issuer from just creating more coins?
The issuer can create as many coins as he wants: he is the issuer. Presumably he has an adequate supply of real-world gold/bitcoins/etc in his possession, in order to redeem the units he issues according to the terms of the contract he used to issue them.
One thing the issuer cannot do is issue coins without signing for them in the process. The receipts are unforgeable. But the rest from there (enforcement, storage and auditing of physical gold, etc) is more a governance issue than a technical one. It's between you and the issuer, and the jurisdiction.
With Bitcoin there is a great solution possible, which I have been discussing here for months now: Use multisig transactions (ON the blockchain itself) to enable the storage of Bitcoins in voting pools.
This way, no single issuer or transaction server has the ability the move funds out of the pool until the other pool members have taken a vote. (For example, if MyBitcoin had been storing their reserves in a blockchain pool, then everyone would have been able to recover their funds, when the site disappeared, instead of losing their money...)
A fitting solution that the Bitcoin "issuer" on any OT server should actually be a pool of voters on the Blockchain. I can't wait to implement this protocol.2. How do you prevent a transaction server from just creating more coins?
A transaction server (issuers can release units of their currency onto multiple servers)
is already unable to forge a receipt in a transaction with you or any other legitimate user. This is because the user must form the receipt first, and sign it, and only then does the server verify and countersign. The server will reject your transaction if your receipt is false, and the server cannot change or fake the receipt later, because the server cannot forge your signature.
Here is the weakness: the server can create a "dummy account" and sign a false receipt for it (collusion between server and account) and thus create units in that account which could later be spent into the general population. However, it is impossible to spend such units without having them show up on an audit. Therefore there must be an auditing protocol between the transaction server and the issuer to insure the total number of units in circulation is the same as the number on the issuer's last signed receipt.If you combine an auditing protocol, with OT's unforgeable receipts, and Bitcoin voting pools, it makes it possible to run "low trust transaction servers" for Bitcoin on OT -- which could even operate anonymously!
And provide Bitcoin-backed markets and exchanges,
Bitcoin-backed untraceable cash,
Bitcoin-backed scriptable smart contracts,
etc where the users can feel safer knowing that the server will be unable to steal their coins.