Canadian Mint To Create Digital Currency 298
Oldcynic writes "The Canadian mint has allowed 500 developers to enter a contest to create a new digital currency. The currency would allow micro payments using electronic devices. From the article: 'Less than a week after the government announced the penny’s impending death, the Mint quietly unveiled its digital currency called MintChip.
Still in the research and development phase, MintChip will ultimately let people pay each other directly using smartphones, USB sticks, computers, tablets and clouds. The digital currency will be anonymous and good for small transactions — just like cash, the Mint says.
To make sure its technology meets the gold standard in a world where digital transactions are gaining steam, the Mint is holding a contest for software developers to create applications using the MintChip.'" It looks like the Canadian Mint might have a bit of Sweden envy.
Re:Canadian digital currency (Score:5, Informative)
"And unlike BitCoin, a peer-to-peer hosted digital currency with a fluctuating value, MintChip is simply a new way to exchange Canadian dollars. Plus, itâ(TM)s backed by the Canadian government. "
Re:Canadian digital currency (Score:5, Informative)
If I can get my hands on it, I can tamper it. Period.
Ok, not me, but rather, an expert on the subject.
Re:My Ass (Score:2, Informative)
Canada doesn't have software/algorithm patents. Sorry.
Obscure, Proprietary, Patented (Score:5, Informative)
Let me repeat that, the security of offline transactions is based entirely on a secret which is on every single mintchip.
I don't think that's true. I had a look at some of their protocol documentation---which isn't all that detailed---and it looks like they're probably using PKCS#7 signatures and X.509 certificates.
Unfortunately, they aren't willing to publish enough information to actually analyze the security of the system to determine whether it's trustworthy [mintchipchallenge.com] (nothing about how the chip itself is secured, for example), but they have released enough information that we can figure out some limits on its security, and it doesn't look all that great. I'll probably get modded down for karma-whoring here, but here's what I posted on that forum, after looking at the limited documentation they provided on their website:
Let me get this straight: MintChip is a proprietary, patented, centralized, unpublished cryptosystem, where a trusted-third-party (the Mint) signs a certificate saying "this private key was stored in a tamper-resistant hardware token that is designed not to double-spend", so we're supposed to just be able to assume that any valid MintChip transaction signatures are trustworthy, even offline. As soon as one person extracts a private key from a MintChip token (which they will, given that there's a monetary incentive), the fundamental assumption that the whole system relies upon is destroyed.
Your organization appears to know this, which explains why you emphasize that MintChip is intended for "low value" transactions.
Fine, so the security of the whole system depends on the security of these hardware tokens, and yet you're "not in a position to release" any tangible information about them? Why should anyone invest in this system? Because you're The Mint?
You have the threat model wrong, too. Why on earth would you want to emulate cash? Cash is easy to counterfeit. It only remains useful because there's a high risk vs. payoff associated with uttering counterfeit cash. On the other hand, MintChip is supposed to be used online, so even if we detect a counterfeit, there's not much chance that the fraudster will actually go to jail. There's also a much larger number of potential fraudsters (basically, everyone connected to the Internet).
MintChip also doesn't deliver on its privacy claims. "No personal data is exchanged in the transaction." That's not true at all. According to your documentation, every MintChip has a *single*, 16-digit ID that's generated by the central authority and used in all transactions, so there's no reason why these IDs couldn't be tracked the way companies already track credit card numbers.
The funny thing is that this all could have been implemented on top of Bitcoin. Make some tamper-resistant hardware with some Bitcoin private keys inside it, and sign a certificate saying "the keys for these addresses are in tamper-proof hardware". For low-value transactions, they could be accepted at face value, but if we wanted greater certainty, we could inject the transaction into the Bitcoin network and wait for a few confirmations to avoid double-spend fraud.
Way back in 1999, Bruce Schneier posted a list of nine cryptography "snake oil" warning signs (http://www.schneier.com/crypto-gram-9902.html#snakeoil [schneier.com]). I see 3 of the 9 warning signs here already.
Re:A better name (Score:4, Informative)
Re:Obscure, Proprietary, Patented (Score:5, Informative)
Re:stuuuuuuuupidddddddddd (Score:4, Informative)
If the private key is encrypted, or the computer is offline, how are you going to steal the digital decryption key? You can protect bitcoin as well or better than regular money.
Re:What advantage would this have over PayPal? (Score:5, Informative)
What would this service offer that PayPal didn't?>
'It wouldn't be PayPal' is a necessary and sufficient condition for its existence.
Re:My Ass (Score:4, Informative)
Of course there is, just because you are are printing money doesn't mean you don't want to make money. Securency (involved in producing a lot of modern polymer notes [securency.com.au]) certainly hold patents on techniques they use.