February 27, 2005

What is Financial Cryptography? - a rant in 4 parts

Recent discussions have brought up that old confusion, just exactly what is FC?

I put down my view of that in FC7. Whether that's a good view only time will tell, and whilst not universally accepted, criticisms seem to be limited to "why isn't this or that in the layers?"

The question of FC is at the core of what the FC conference, starting this week, should be about. It's about why people should go and what they should expect to find at the conference, so the definition is something to think about. Here's my attempt to map it out.

First spot goes to Bob H who invented the term. Now, I don't know that he ever defined it directly, but he did define it by elimination: financial cryptography is the only cryptography that's important. That's a reversable definition - if it matters, it's FC.

Bob's definition does several things for us. Firstly, it establishes a value metric - there has to be a value involved, in order to 'be important.' Thus, it eliminates the military, government and 'national security' applications, which are 'beyond valuation' and it also eliminates things like encrypting messages for fun or paranoia which might be termed 'beneath valuation'. This simplifies things a lot as we can work from an assumption that an application is doing something of value.

Secondly, it has to be crypto. (Why that's important becomes clearer later.)

The academic view is much less well thought out. There is a sort of shared assumption that "banks and banking" are the target for FC. So, according to this view, the crypto should protect coins (Chaumian money) or ATM networks or wire transfers or something. Indeed, over on Wikipedia, it says "Financial cryptography is the use of cryptography in banking and similar financial applications." And it lists ... exactly those applications.

The third view has to be FC7. This is the 7 layer model that stretches out crypto and finance, finding an additional 5 layers in between. Those layers are either obvious like software engineering (2) or subtle like governance (5). They are either basic and boring like accounting (4) or open to much interpretation like Rights (3).

7. Finance Applications for financial users, markets
6. Value Instruments that carry monetary or other value
5. Governance Protection of the system from non-technical threats
4. Accounting Containing value in defined and manageable places
3. Rights Units of authentication, with ownership of units of value
2. Software Engineering Moving instructions over the net
1. Cryptography Stating mathematical truths for sharing between parties
Financial Cryptography in 7 Layers

What's not so obvious is the corollary of FC7 that if you don't address all 7 layers in your system, your survival rate is low. But, this doesn't mean heavyweight employment. Indeed, a lightweight crypto layer is entirely acceptable, and one can even get by without any crypto at all, in some stretch of theory! A simple example of this would be a payment system using big random numbers as coins. It's hardly crypto, but it is drawing from the cryptographic thought process within an overall architecture.

Which brings us back to the academic view that FC is crypto as used in or by banks, and the Bob view that FC is crypto that values. Are these complimentary or orthogonal? Exclusive or intersecting? That's for another post!

Posted by iang at February 27, 2005 05:11 PM | TrackBack
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.