Financial Cryptography

FC wordcloud

Courtesy of statistical analysis over this site by Uyen Ng.

A very fast history of cryptocurrencies BBTC -- before Bitcoin

Before Bitcoin, there was cryptocurrency. Indeed, it has a long and deep history. If only for the lessons learnt, it is worth studying, and indeed, in my ABC of Bitcoin investing, I consider not knowing anything before the paper as a red flag. Hence, a very fast history of what came before (also see podcasts 1 and 2).

The first known (to me) attempt at cryptocurrencies occurred in the Netherlands, in the late 1980s, which makes it around 25 years ago or 20BBTC. In the middle of the night, the petrol stations in the remoter areas were being raided for cash, and the operators were unhappy putting guards at risk there. But the petrol stations had to stay open overnight so that the trucks could refuel.

Someone had the bright idea of putting money onto the new-fangled smartcards that were then being trialled, and so electronic cash was born. Drivers of trucks were given these cards instead of cash, and the stations were now safer from robbery.

At the same time the dominant retailer, Albert Heijn, was pushing the banks to invent some way to allow shoppers to pay directly from their bank accounts, which became eventually to be known as POS or point-of-sale.

Even before this, David Chaum, an American Cryptographer had been investigating what it would take to create electronic cash. His views on money and privacy led him to believe that in order to do safe commerce, we would need a token money that would emulate physical coins and paper notes. Specifically, the privacy feature of being able to safely pay someone hand-to-hand, and have that transaction complete safely and privately.

As far back as 1983 or 25BBTC, David Chaum invented the blinding formula, which is an extension of the RSA algorithm still used in the web's encryption. This enables a person to pass a number across to another person, and that number to be modified by the receiver. When the receiver deposits her coin, as Chaum called it, into the bank, it bears the original signature of the mint, but it is not the same number as that which the mint signed. Chaum's invention allowed the coin to be modified untraceably without breaking the signature of the mint, hence the mint or bank was 'blind' to the transaction.

All of this interest and also the Netherlands' historically feverish attitude to privacy probably had a lot to do with David Chaum's decision to migrate to the Netherlands. When working in the late 1980s at CWI, a hotbed of cryptography and mathematics research in Amsterdam, he started DigiCash and proceeded to build his Internet money invention, employing amongst many others names that would later become famous: Stefan Brands, Niels Ferguson, Gary Howland, Marcel "BigMac" van der Peijl, Nick Szabo, and Bryce "Zooko" Wilcox-Ahearn.

The invention of blinded cash was extraordinary and it caused an unprecedented wave of press attention. Unfortunately, David Chaum and his company made some missteps, and fell foul of the central bank (De Nederlandsche Bank or DNB). The private compromise that they agreed to was that Digicash's e-cash product would only be sold to banks. This accommodation then led the company on a merry dance attempting to field a viable digital cash through many banks, ending up eventually in bankruptcy in 1998. The amount of attention in the press brought very exciting deals to the table, with Microsoft, Deutsche Bank and others, but David Chaum was unable to use them to get to the next level.

On the coattails of Digicash there were hundreds of startups per year working on this space, including my own efforts. In the mid 1990s, the attention switched from Europe to North America for two factors: the Netscape IPO had released a huge amount of VC interest, and also Europe had brought in the first regulatory clampdown on digital cash: the 1994 EU Report on Prepaid Cards, which morphed into a reaction against DigiCash.

Yet, the first great wave of cryptocurrencies spluttered and died, and was instead overtaken by a second wave of web-based monies. First Virtual was a first brief spurt of excitement, to be almost immediately replaced by Paypal which did more or less the same thing.

The difference? Paypal allowed the money to go from person to person, where as FV had insisted that to accept money you must "be a merchant," which was a popular restriction from banks and regulators, but people hated it. Paypal also leapt forward by proposing its system as being a hand-to-hand cash, literally: the first versions were on the Palm Pilot, which was extraordinarily popular with geeks. But this geek-focus was quickly abandoned as Paypal discovered that what people -- real users -- really wanted was money on the web browser. Also, having found a willing userbase in ebay community, its future was more or less guaranteed as long as it avoided the bank/regulatory minefield laid out for it.

As Paypal proved the web became the protocol of choice, even for money, so Chaum's ideas were more or less forgotten in the wider western marketplace, although the tradition was alive in Russia with WebMoney, and there were isolated pockets of interest in the crypto communities. In contrast, several ventures started up chasing a variant of Paypal's web-hybrid: gold on the web. The company that succeeded initially was called e-gold, an American-based operation that had its corporation in Nevis in the Caribbean.

e-gold was a fairly simple idea: you send in your physical gold or 'junk' silver, and they would credit e-gold to your account. Or you could buy new e-gold, by sending a wire to Florida, and they would buy and hold the physical gold. By tramping the streets and winning customers over, the founder managed to get the company into the black and up and growing by around 1999. As e-gold the currency issuer was offshore, it did not require US onshore approval, and this enabled it for a time to target the huge American market of 'goldbugs' and also a growing worldwide community of Internet traders who needed to do cross-border payments. With its popularity on the increase, the independent exchange market exploded into life in 2000, and its future seemed set.

e-gold however ran into trouble for its libertarian ideal of allowing anyone to have an account. While in theory this is a fine concept, the steady stream of ponzis, HYIPs, 'games' and other scams attracted the attention of the Feds. In 2005, e-gold's Florida offices were raided and that was the end of the currency as an effective force. The Feds also proceeded to mop up any of the competitors and exchange operations they could lay their hands on, ensuring the end of the second great wave of new monies.

In retrospect, 9/11 marked a huge shift in focus. Beforehand, the USA was fairly liberal about alternative monies, seeing them as potential business, innovation for the future. After 9/11 the view switched dramatically, albeit slowly; all cryptocurrencies were assumed to be hotbeds of terrorists and drugs dealers, and therefore valid targets for total control. It's probably fair to speculate that e-gold didn't react so well to the shift. Meanwhile, over in Europe, they were going the other way. It had become abundantly clear that the attempt to shutdown cryptocurrencies was too successful, Internet business preferred to base itself in the USA, and there had never been any evidence of the bad things they were scared of. Successive generations of the eMoney law were enacted to open up the field, but being Europeans they never really understood what a startup was, and the less-high barriers remained deal killers.

Which brings us forward to 2008, and the first public posting of the Bitcoin paper by Satoshi Nakamoto.

What's all this worth? The best way I can make this point is an appeal to authority:

Satoshi Nakamoto wrote, on releasing the code:
> You know, I think there were a lot more people interested in the 90's,
> but after more than a decade of failed Trusted Third Party based systems
> (Digicash, etc), they see it as a lost cause. I hope they can make the
> distinction that this is the first time I know of that we're trying a
> non-trust-based system.

Bitcoin is a result of history; when decisions were made, they rebounded along time and into the design. Nakamoto may have been the mother of Bitcoin, but it is a child of many fathers: David Chaum's blinded coins and the fateful compromise with DNB, e-gold's anonymous accounts and the post-9/11 realpolitik, the cypherpunks and their libertarian ideals, the banks and their industrial control policies, these were the whole cloth out of which Nakamoto cut the invention.

And, finally it must be stressed, most all successes and missteps we see here in the growing Bitcoin sector have been seen before. History is not just humming and rhyming, it's singing loudly.

The Year of the Platypus - 2007 predicted

What is to happen in the coming year?

(Apologies for being behind on the routine end-of-year predictions, but I was AFI -- away from Internet -- and too depressed with predictions to make the journey. Still, duty calls!)

1. More depression for those who believe that security is important per se, and more profits for those who correctly balance risks with costs. We've pretty much buried the idea that security is a science and a business; the question is, can we integrate business and security?

2. This is allied with ongoing confusion as to what is illegal and what is not on the net.
   • KPMG shows that you can be too big to be criminal.
   • Online Gambling: you can do it but you can't pay for it. 'It' in this case is sports betting, but not poker, and only if you are listed on the London bourse, but not if three quarters of a year have passed...
   • Encrypted disks are great if are in the employ of the USG (see in boring link on crypto bakeoff), but not so great if you're hit with RIP. What does the US Ambassador to Great Britain do with his private emails?
   • Or online payments are another; if we don't like you we'll accuse you of supporting child pornography and let you argue it before the judge. Closer to Financial Cryptography -- e-gold is the issuer that refuses to die. The real dirty secret is that the Feds are so deep into e-gold at this stage they won't kill it, even as they are trying to kill it. This is -- I can reveal from first hand -- something that the founder predicted. Unfortunately under this scenario, the integrity of gold, the privacy of the user base, and the founder are all optional; something that I predicted. Sometimes it is annoying to be right, but it downright sucks if you are still part of the scenario.

   In echoes of the Sony versus Cuthbert mess of 2005, it all adds up to: "it's OK if you can get away with it," a message much reinforced by politics. There are no rules you can rely on, and everyone struggles to keep up with the results.

   For this reason, I dub 2007 the year of the platypus! What more confabulated animal is there than our world?




3. I think it is time to predict a boost in human integrity products. It can't have escaped the world's notice that much of our current strife is based on deception being so deeply institutionalised that it's now come around to bite us. There's a market waiting to be developed: how to cut down the deception in the process.

   The crying direct need is for such a product or process in employment processes. That's old news given Michael Spence's seminal work on signals about 30 years back, but what is curious is why nobody has really stepped in to look at it? A serious idea for b-school types or economists? How do we get away from Spencarian Signalling and put integrity back into employment interviews?

   1

4. Phones will continue to evolve and also become much more open. Currently, what holds them back is the closed architecture and infrastructure, but more signs are that emerging that this will be challenged. Good news, as it keeps the major players honest and fresh to have at least some "leakage."

   Some evidence: an open phone, this phone called me on Skype, a Cordless phoneset delivered with Skype, and today's news: Apple's iPhone does wifi and runs OSX.

   Expect cellphone cross-over to wifi as routine by the end of 2007. The ability to redirect calls to the net dramatically changes the competitive position of the telcos, and the open platforms make software development a low cost reality.

5. Payments and Chat. The one to watch is Skype, forget the rest as they don't have the security base. If Skype succeeds, they will change the scene, and even if they fail, but others might get the idea as to why it is good to secure the infrastructure.

   Why do I say that? "Been there, done that!" Chat goes with payments like Molotov with cocktails, Eddy with Patsy, Blue with Danube, but to see that you have to see the full design. The blue touchpaper has been lit, stand well back.

6. Any Company An Issuer. Well, actually this happened in 2006 and before, but it is now time to realise the core lesson here: all companies can now be issuers of money. They do this by the expediency of pre-paid gift cards.

   This is very significant, historically. Very Very Signficant: it is the end of the central bank monopoly on the control of issuance of money. As CBs are no longer the only issuers of money, we can historically mark the 20th century as the century of central banking, and the future is now refreshingly open.

   Of course, we will see much hand-wringing and bemoaning of the lack of control. Also a stream of pointless and annoying regulations, audits requirements, quasii-bank statii and what-have-you. But the genie is out of the bottle.

7. Which leads to a resurgance of local community currency issues. This can now be clearly demonstrated as something that is quite reasonable to do. That is, if a company can sell you a gift card, then a community can, too.

   And, it is also important to remember one of last year's very significant events, something so awesome that I never wrote it up on the blog: the Nobel Prize for Peace was awarded to Mohammad Yunus and the Grameen Bank. The significance of that event to financial cryptography is simple: their work is FC work, they just did it without our help.

   The reason I know this is because around 2001-2003 I was involved in a company that tried to do it. The application epitomised by Grameen Bank, financial lending from large western sources to small 3rd world borrowers, is pure FC at its finest. (As RAH would say, of course, you can only do it with a system that shows 2 orders of magnitude savings in costs.)

8. In 2007, we finally accept that we lost the battle to keep the world secure by ethical anonymity; the safety of the masses can no longer rely on their relative obscurity. What convinces me is not the biometric passport, the headline breaches of public trust in the name of war on today's bogeyman, but the gullibility of the average parent Sure there's always a good reason, but aren't all suppressions of liberty for good reasons?

9. The DRM wars have been won and lost. We will see a string of stories about how hollywood is selling alongside pirates and how piracy suppliers don't recommend piracy. The majors have got the message; they can't beat this thing, and they may as well evolve.

   This doesn't mean the end of RIAA raids and other dirty tricks. The war goes on, and battles will still be fought to keep the lid on territorial submissions. It also doesn't mean the end of cash cow economics. But it does mean lots of experiments ... on both sides ... as IP owners loosen their control on their property and p2p entrepreneurs get to grips with business models.

10. AES will suffer a big embarrassment. Switch to AES256 as Pareto-secure, and re-invigorate the research for Pareto-complete algorithms. The reason for this? When an encryption algorithm breaks, the mere sniff of weakness destroys all trust. Expect that odor to waft around in 2007.

11. Hashes will limp along under a cloud but nobody much will care, except the cryptobureaucrats. Mostly, this is because of implementation issues, where protocols implementors ignored the signs and did not switch forward to longer hashes. The reason for this? It ultimately doesn't matter, even when a hash algorithm is suspect, it still works well enough. Hashes don't smell, they are Pareto-secure for most applications.

12. Vista will "fail". Not in obvious, journalistic terms, but in long term trend market share. The reason? Not because they didn't try, they tried really hard, with feeling this time. I award them full points for effort. But...

    a. It's because Microsoft didn't understand the core weakness of security: marketing comes first. There is now sufficient evidence that they've allowed marketing to take over and drive fundamental architectural decisions which clash with security requirements we were promised. Specifically, they prayed to the false god of DRM, and the god took them for a ride. It is also the god of perpetual mirth, notching out Bachanus for hilarity. Contrast with Apple's approach, if you still aren't seeing it.

    b. It's because the industrial criminal sector migrated through the easy ones and are now adept at the sophisticated ones. They can now take on new opportunities faster than responses. MITB is "game over" unless Vista is more secure than the market place will accept. Microsoft is stuck between a rock and a hard place; BCG says "cash cow."

    c. It's because the economics of the OS has shifted. The third world cannot afford those prices, so they will go Vista if they can steal it, or Linux of they can't (which means they can switch easily to Mac when they can afford it). Given that most all growth is in non-1st world markets, that's kind of important to the overall game plan. Again, another rock and hard place for Microsoft.

13. Hence, the operating system market will continue to migrate to a more "regular" market.

    z.b. Mac OSX and Macs will continue to acquire "all" real growth in marketshare in the 1st world, where people can afford it. Microsoft may see a buzz of pent-up activity burst through on the release in Vista, but with discouraging real take up, where it counts.

    z.c. Linux up. *BSD stable or down, but up if we include OSX. Better if they can keep up their reputation as being the serious man's free Unix, the professional's alternative to Linux. Worse if they don't keep up with the application install blues; perhaps they should look at stealing Apple's pkg system.

    z.d This will add costs to software developers as they are forced to support more platforms, but will also improve the overall security through diversity and also the recovery of competition. This might become the way consumers pay for security, who knows?

14. On that old hobby horse: Phishing:
    • The certificate market is moribund and distracted. Notwithstanding the basic economic flaws, the major and minor cert providers will dance around the Extended Validation certs until they all realise the game, and they all realise that all realise the game, and they all realise that they all realise that ...

    • And still no concentration on the underlying systemic issues of the faulty operating system and the faulty browser... That really can't happen until certain unnamed manufacturers get their teeth kicked in by courts, press, or phishers. I do not predict this, because I have a perfect record of getting that one wrong.

    • Real retail payments security is now to be done by analysing the transactions at the backend. "In the interim, we'll look more closely." Until the secure terminal market shakes out (cellphones? PDAS? they're trying them all) there isn't much choice; and to be fair, this is how credit cards built their success, so why change something that works?

    
    

That's it, folks! Have a happy if confused year, evolutionarily speaking.

The year of the Bull: The predictable rampage in review ...

Last year I made a bunch of predictions. They were mostly accurate, so I'll not mail out this one; I'll just update if something comes along.

(Warning. Read this only alongside last year's predictions.)

1. Government intervention ... and in spades! You really truly don't want to read evidence of that, it's way too depressing for the holiday season, characteristically of good cheer and humour.

2. Anti-virus manufacturing reputations: darkened by "the MITB conspiracy" and shattered by "the Sony Affair." They are part of the problem as well as part of the solution.

3. Firefox crossed GP 1, 2, 3.

3.c I never saw any mention of that from Mozilla :-) I wonder how else they will develop their governance and discipline?

OTOH, Mozo employed a Chief Security something or other, Window S. A very welcome step, but the hard work within is unlikely to be really recognised.

4. Gift card rollouts abound. It would be worth a post about the rise of corporate money (I first "discovered" this in 2003 or so), but central bankers won't read it, and others won't need it. Evidence: 1 ... Hyperion Consulting are in the business, so take their comments seriously (unless you are a central banker).

5. Gold issuers are cowboys. Where's that wired link again?

6. Mac share up 30% in US ... 1 while PC sales increased 0%. I guess that means from 5% to 6.5%, which is a shade under 7-8% predicted.

6.b Yes, I'm typing on it! Yes, the UI is hateful. Its "intuitive" reputation is just doublespeak. I've also found the application poverty to be depressing, which surprised me. KDE and FreeBSD are much better equiped, IMO, once you get over the hurdle of installing the monolith in your bathroom. E.g. there have been no piccies posted on FC in ages ... coz I can't figure out how to shrink an image on Mac OSX.

OTOH, Mac OSX does seem easier to keep up to date than the others.

7. google up. But no adverts in cat herders. Instead, it seems that their policies are still working, as long as their hiring maintains its quality. Like the USD, we know it will fail, we just don't know when. (There was a long blog post on their hiring strategy but I don't have it to hand.)

8. MS security problems? Still unsorted. Vista now falls into the legend to become next year's predictions...

9. Mac OSX wasn't troubled, security wise: 1.

10. The perfect phish and realtime phishes -- so I got two out of three. No class action suits on phishing, as yet, and I didn't predict MITB. "Sorry 'bout dat" as they say in Mexico.

11. No mention of SSL as part of any security solution during the year 2006. That I saw. But who would dare show me? (Disclosure: I am now perversely conflicted. I audit an SSL security provider ... life is full of challenges!)

12. 2 factor on phones finally happened, YES! Banks in Europe have been rushing these out, faster than they can say "Europa". Why? Because of MITB. OOPS! Did I say I didn't predict MITB?

13. DRM? Yup, nothing much happened except more of the same.

Wanna dispute the point? Dispute this: 2.
The end-beneficiary of file-sharing continues to enjoy its leading arbitrage status. Obscurely, there is more in the soap opera of DRM, the hypist's favourite security drama, to follow, after the break.

How many people are turned away by the FC certificate?

Peter Gutmann asks:

Do you have any figures on how many security people your self-signed certificate is turning away? I'd be interested in knowing whether the indistinguishable-from-placebo effect of SSL certs also extends to a site used mainly by security people.

I have no idea! Anybody?

4th April, 1984

Winston wrote in his diary, some 22 years ago:

as he stumbled into the immoral task of pouring his overburdened thoughts onto paper. I say approximately, because there are a number of uncertainties in the source, not least the date. A bit later on, Winston meets an editor of the new dictionary in the canteen, who has this to say:

"It's a beautiful thing, the destruction of words. Of course the great wastage is in the verbs and adjectives, but there are hundreds of nouns that can be got rid of as well. It isn't only the synonyms; there are also the antonyms. After all, what justification is there for a word which is simply the opposite of some other word? A word contains its opposite in itself. Take 'good,' for instance. If you have a word like 'good,' then what need is there for a word like 'bad'? 'Ungood' will do just as well -- better, because it's an exact opposite, which the other is not. Or again, if you want a stronger version of 'good,' what sense is there in having a whole string of vague useless words like 'excellent' and 'splendid' and all the rest of them? 'Plusgood' covers the meaning, or 'doubleplusgood' if you want something stronger still. Of course we use those forms already, but in the final version of Newspeak there'll be nothing else. In the end the whole notion of goodness and badness will be covered by only six words -- in reality, only one word. Don't you see the beauty of that, Winston? It was B.B.'s idea originally, of course," he added as an afterthought.

George Orwell's 1984 remains the definitive word on how a population is suppressed for the benefit of a ruling class, for one agenda or other. The techniques that he describes are so powerful that they literally cut across ideologies, and it seems, across time and experience.

The message of 1984 rose in public consciousness as the year itself approached - recall the film, the songs? But then it started to fade, almost immediately afterwards. Choosing a year in the future as the title might have seemed like a brilliant literary device 40 years earlier, but are we paying the cost now?

Prof. Iang

Adam reports that the other Iang made professor. Top banana!

(Naming and name clashes are an ever-present issue in our field. It adds clarity to the conversation when we even have clashes at the meta level... Or so I claim.)

new cert for FC

Installing new SSL server certs is like visiting the in-laws for Christmas dinner. It's so painful, you dread it for weeks in advance. Afterwards, the relief flows through you as you know you don't have to do that for another year or two.

The eagle-eyed will notice a new certificate for Financial Cryptography, as of a week back. There have been a number of improvements: it now includes all the AltSubjectNames according to the VHostsTaskForce recommendation. It's also installed with the new Class 3 root, which is the CAcert "high-verification" root (meaning that the identity of the issuer -- me -- was checked at least to 50 points worth).

(You will need to reset your Trustbar. You should need to reset your Petname. Weird - for me, Petname is stuck on the old name transferred to the new cert???)

Getting the right setup only took 3 goes. One effort failed completely. Second time, the script I used did not include the CommonName as well in the AltServerName list. Apache barfed on that version, giving an uninterpretable error. Re-rolled with the right list, this time it worked.

There are still issues. Hopefully by the time this one expires, 2 years from now, these other problems will be solved as well:

• Apache and browsers will hopefully implement ServerNameIndication (SNI) which is the standard for sharing one SSL server over many web sites as Virtual Hosts. Like much of the planet, I have one IP# for too many web sites to administrate. Sharing virtual hosts is needed not to please me, but because it feeds into the fight against phishing. I already got hit with a request to add another domain name - which means a whole other cert, dammit.
• We'll be a bit closer to point, click, configure. CAcert's process for setting this all up is still slow and cumbersome, but at least the doco is mostly there within 10 minutes or so of it being needed. The entire process took most of my last saturday, and I won't be satisfied until the time takes less than a minute, like Skype or SSH. Crypto is meant to help protect us, not slow us down and burn up our weekends.
• Although CAs make a statement to some effect, users still don't know it. Firefox tells me the site name on the bottom, but not who said that unless I mouse-over. Safari doesn't even do that, it is still on the old model of a tiny padlock hidden somewhere. Konqueror proudly announces how many bits of crypto blah blah protection I've got. So basically users trust their browser or they are SOL.

Readers sometimes ask why FC uses CAcert instead of forking out bux to the commercial companies. It's not a political statement, I'd frankly rather we could just use crypto without the hassle (names of well designed cryptosystems available on request). Here's some of my reasons for using CAcert:

1. I have a bunch of sites. They all benefit from a bit of SSL, but even at the low prices of certificate manufacturing shops, that all adds up. Also, one needs to factor in errors, reworks, extra domains added in, etc. With CAcert, it is only my time going down the drain every time something doesn't work out, not my wallet.
2. CAcert have an identity program that makes sense, at least in principle (an audit process has started recently). They use what they call a web of trust and have each issuer of class 3 (identified) certs checked out by two or more people, face to face. It's not that I care to be checked out like that - in fact I despise and loathe the idea that to use crypto you have to know me - but if we are going to make a statement about identity, let's at least make a statement that means something. As a Financial Cryptographer, it behoves to take part in a process that is coherent, to the extent possible; in the past, I've used credit cards, but because I know that is a meaningless identity check, I feel stupid doing it. (FTR, I myself have 55 points which means the certificate points to an identity that was verified by at least 2 independent assurers, each of whom have at least 100 points, and are therefore verified by 4 people each, as a minimum.)
3. CAcert is building a membership structure that harkens back to the good old days of the net. Members work for each other. The doco is patchy and the accents are odd, but the lists are not antagonistic to the honest user who lacks a PhD in mathematics. Security for the common man. And you get free certs. As there's no interest in how many certs are sold, concentration on core security is more likely. In fact, over on the CAcert lists, it's possible to propose some interesting security ideas and get some thoughtful response. Very refreshing.
4. Readers will recall the age-old scandal of phishing. One core weapon in the fight against phishing is to get as much traffic onto SSL as possible, and then tools like Trustbar, Petname and maybe Ping's new design can better protect users. It's a virtuous cycle - more SSL means more certs means more tools and more protection. For ordinary users. So it pays for us financial cryptographers to keep the pressure on for more SSL. CAcert is definately there to help that process. Who else is? Whatever your views on whether High Authentication will work, it is hardly designed to increase the amount off SSL in use.

Of course, not all is light, joy and bounty. Far from it, CAcert is only the least worst of a bad bunch, but if we want to address phishing something must be done. A couple of notable flaws in the CAcert process: Their docs are all scattered around and their processes have not been beaten up. The linkage from the relying party to the cert to the signer to the statement to the CPS is unclear (but that's common of all).

( Note to FC readers: CAcert's root is currently only being distributed into various Linux distros and now FreeBSD! For other platforms, you will need to travel to CAcert's root page to install the root into their browser by hand -- for Firefox users, click on the line that says Class 3 PKI Key Root Certificate (PEM Format) if want to be part of the CAcert community. For Safari, Konqueror, Opera, IE7 users ... I don't know. I tried to load the root into Safari but failed. )

Brickbats and Plaudits

Occasionally people actually write in to say how they love or hate the blog or the various other rants! Rather than lose these, I'll publish them here in most recent order:

From Chat, Hasan says:

Here's an unexpected comment from Frank Trotter:

The post on Diamond Governance sparked some contoversy! I'll dogmatically work up an unprejudiced reply :)

Christmas Day - the first day of this entry - is probably a good day to post good news:

This is a dynamic entry.

IFCA's Discussion Maillist for Financial Cryptography

Hello and welcome to all on the IFCA discussion list.

As Ray posted this last weekend, he has invited me to take a more active role in the list. Although termed 'moderator' I would like to think of it is more of an encouraging role than moderating role.

To that end, I've added the IFCA discussion list to the notifications list on the Financial Cryptography blog that I keep at http://financialcryptography.com/ . This means that any blog posts will be forwarded to the list, one of which you will just have seen. On long term average, that's about one per day.

For those who follow the blog - this means we now have a more conventional forum on which to discuss the posts. We've all recognised that the blog's comment mechanism is less dynamic than a mail list, as we don't get to see other people's posts. Hopefully the IFCA discussion list will rectify that lack.

If you wish to subscribe or unsubscribe from the IFCA discussion list, here are the vital statistics as copied from every post:

> fc-discuss mailing list
> fc-discuss@ifca.ai
> http://mail.ifca.ai/mailman/listinfo/fc-discuss

Ray has installed the familiar MailMan interface which allows easy follow-your-nose administration. If you are subscribed to both you will see two copies each post, so let me know if you want to unsubscribe from the blog list (which is manually administered only).

New Machine for FC

FC is now mounted on a new machine. It's faster and so is the network. This might even work, if you can see this, it probably is! Let us know of any problems.

A Pennyworth of thoughts

In emerging countries, the plan is simple: first, let the people sort out the money. Second, teach them about governance. China is now in the second phase as the grapple with a series of expensive lessons as the new breed of capitalistic bank managers calculates the difference between their salaries and poor governance.

And over in the Germany, the unlikeliest of things: a task market approach to jobs. Seems like some wicked Austrian (economics) person has set up a market for employers to post jobs, and the auction principle takes the price down down down until the lowest bidder wins the job.

Goldmoney continues to grow, but lack of any data on customers remains a huge problem for the sector. Here's a clue - not all is well with users as they suffer inordinate delays in getting access to their money, where inordinate means 2 months! The reason for the delay relates to goldmoney's desire to be a responsible member of the financial community, or at least to get the regulators of their backs. Sadly, it means their customers don't get to feel as though it is their money.

Statistically, there have to be some people who've worked out that the problem with today's identity theft is the 'identity' part. Here's an article by Hiawatha Bray who has figured it out.

In more perceived shift to open security, banks are being exorted to get it off their chests, and reveal their security problems. One part of us knows that could be a long story, another part of us is shocked that they have any problems at all. Nothing gets fixed on security until we bring the divergent viewpoints back to reality.

Open Peer Review

Following on from discussions on peer reviewed papers, I checked an up and coming conference (Econ & Security), and the call for papers had closed. Adam points out we should invent an open peer review process, so as my curiosity is piqued, here is a proposal of sorts.

Take a paper and blog it in some fashion. (Perhaps limit the blog entry to the abstract and a link to the full paper.) Then, open the blog entry for comments and trackbacks.

Hey presto, we have peer review but not peer gatekeeping. (So far this was all Adam's idea.) We can also include substantial milestones such as major review periods, closing off one blog entry and shifting to another when the author has enough material to rewrite.

Reputation is built in as over time, the volume of attention should indicate the importance of the work. Let's draw a line in the sand and say that papers should be licensed under a Creative Commons licence.

Now, blogs already do this. But they are spontaneous, free flowing and full of spelling errors. So in order to turn the blog more to a weighty forum suited to the gravity of academia, we could put some links on the blog front page indicating the papers under spotlight.

Has anyone got an FC paper ready to roll? As Digital Money and FC-conference have just passed, and Econ&Security is closed, there seems to be a bit of a hole for the next 6 months in the peer review process. I would point out that the workshop in Electronic Contracting is open for another month. Oops, no, it's closed too. Double-oops. It's cancelled for lack of critical mass! Well, that just goes to show how hard the conference game is - having been there myself.

Having said that, in general, most of these conferences presume that Internet discussion does not count as publication. So you can have the best of both worlds, you can take advantage of a blog peer-review forum to hone your argument, then go for old world dead tree publication as well. (As long as you are careful not to muck up the licensing...)

A Fistful of Pennies...

Having read the 1st chapter of Simson Garfinkel's dissertation I'm bursting to ask a simple question: what's the working title? But Simson's blog won't take the comments he asks for. Maybe a trackback will work?

Bob says the Tampa Tribune reports "More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday." Well of course, how else do people fix up the minor errors in their tax filings?

In London police have foiled a cyber cracker who used key logging software to infiltrate Sumitomo bank. Nice to see that old fashioned security work did the job, and there is no cover-up. However, I'm unsure what people mean by "massive" when a hacker can choose for himself how many zeros to type in...

I've changed the name of the category "Security" on the blog to "Risks & Security." I'm not quite brave enough to ditch the word security, as exhorted to by Cubicle. We'll see how this floats.

News just in from the second Workshop on Electronic Contracts (WEC) is that it has been cancelled through "not reaching critical mass." It got a good start at the first one, where my Ricardian Contract was presented by Mark Miller. The conference game is quite hard - things can click together, and they can just as easily fall apart.

And in closing, there is a special on Internet Organised Crime. I haven't read it but there are a dozen articles there.

Lessig says 'never again' to copyright demons

In a slightly related development reported by Adam, doyen of the anti-copyright revolution, Lawrence Lessig has said he won't distribute his work any more unless under a decent sharing licence. Hear hear! I would like to do the same; and would encourage the various publishers to get with the programme.

Lessig chooses the Creative Commons Attribution-Noncommercial licence as his line in the sand. I'll think about that. I have a paper that is now ready to consider the wider peer review - the Pareto-secure one. Maybe it's time to test these theories with real words and works.

FC itself is currently under the straight Attribution licence, which likewise is attributed to the Creative Commons effort.

More Pennies

Stefan posted a bunch of materials on a phone based ecash system.

On Identity theft, America's cartoonists are striking back. Click here and then send me your credit card number....

On the HCI thread of how users view web security, Chris points out that "Simson Garfinkel's dissertation is worth looking at in this context." This relates to the earlier two papers on what users think on web security.

Scott reports ``Visa International has published a white paper titled "Financial Flows and Supply Chain Efficiency" (sorry, in PDF) authored by Professor Warren H. Hausman of Stanford University.'' It's interesting if somewhat self-serving, and feeds into the whole message is the payment thread.

Stefan via Adam pointed me to a new blog on risks called Not Bad For a Cubicle. I shall pretend to know what that means, especially as the blogger in question claims knowledge of FC ... but meanwhile, the author takes task with persistent but poor usage of the word security, where 'risks' should be preferred. This makes a lot of sense. Maybe I should change all uses of the word over?

Because it's more secure becomes ... because it's less risky! Nice. But, wait! That would mean I'd have to change the name of my new paper over to Pareto-risk-free ... Hmm, let's think about this some more.

Pennies

Small things I have come across recently:

Vonage chooses VeriSign's managed subpoena service!. See NetDiscovery one and two for background.

Adam points to a new security blog called Be Careful Out There. He suggests that browsers need to change and takes aim at security gurus. His claim that the RSA conference is a Solipsistic Oligopoly resonates with Adam's pointer to this post on Own OODA Observation Loops comment.

In the financial applications world, JPM points at Zopa which claims to be the first lending and borrowing exchange. How, one asks, is this going to work without a qualification of the borrower? And if that is unanswered, how much can I borrow!

Another payment niche player in the remittances business. This is something that's sitting there waiting to go, the majors are too fat and stuck in their ways and will get shaken down.

Threats department: IM threats growing 50% per month, Luckily these are unstandardised and disparate systems, so they can migrate and evolve. Oh, and Choicepoint made the Economist with What's in a name?. Congrats, I think.

Finally, Senge on learning says that too little listening is done, and info without learning is wasted. After reading, there will be a test...

PayPal plus eBay - it's FC, not banking

FCers will recognise the confusion in this article by Kevin Kelleher about how to analyse eBay + Paypal:

"Here's a little-known fact about eBay (EBAY:Nasdaq) : It's not one of the most successful e-commerce companies in the world.

It's actually two of the most successful e-commerce companies in the world -- eBay, the global network of auction and retail sites, and PayPal, its online-payment technology subsidiary that fuels the bulk of eBay transactions. Of the two, PayPal may emerge as the bigger phenomenon in the long run."

FCers see further than trying to model a payment system as a bank; it is a financial cryptography system that happens to have branded its Value structure. The Finance component is the auction, and the fact that the two companies grew up apart and together is simple reflection of the FC observation that you need both the finance and the value.

FC discussion list

For those who prefer a more traditional mailing list forum, Ray reminds me of a discussion list for matters FC! Subscribe here:

http://mail.ifca.ai/mailman/listinfo/fc-discuss

I shall forward this post out to there. One question: should I forward all the FC blog posts to there?

What is FC (iv) - The Payment is the Message

So pick an application, any application. "Here's one I just happened to have prepared earlier." Let's Start at the Top.

Imagine a decent payment system. I mean a really decent one, with reliable payments and proper client server architecture. So rule out Paypal, the IGs, and any online bank. But, include SWIFT, settlement systems, and the like. Well, maybe, you be the judge on that one.

What's going on with these systems is that they are message based. And, indeed, they can be used as messaging systems. When you send your wire through the monetary black hole also known as New York New York, your two losing banks sends messages over the same system to try and find the money. (This happens in excess of 50% for my international dollar wires.) Eventually the messages meet in the middle and some clerk remembers to crank the handle or feed the mouse to get the wheels of banking rolling again.

It's terribly unreliable, but it *is* messaging and the messaging is analogous to proper reliable messaging systems. It's used in exactly the same way as you or I use an instant messaging client or a mail client. Except it also does payments...

So what would it be like to add instant messaging to an Internet payments system? Or, to add payments to an Internet chat system? Well, for one, it would mean that we'd never lose another payment through human error, because the system that is used to do the human layer - that protocol known as conversation - is the same as that of the payments layer. While I'm chatting with my counterparty, I fill the box with the number and hit PAY. My computer does the rest, including guaranteeing that the right person gets it, instantly.

For another, once we have a messaging system, we can send invoices. As I'm working, I click on "Invoice", select "template #3", add an amount, and hit send. While I'm chatting, the invoice pops up on my counterparty's chat window. Her window happens to know what it is, and asks her "Pay now? Or Pay later? Or reject?" Couldn't be easier ...

In fact, once payments and IMs are intermingled, whole vistas are opened up. Pausing for breath here, it may well be that the reason EDI, ITP, and a squillion other ventures with too many acronyms didn't work was because they lacked two things: a payment system and a messaging system.

So that's my application. And here's my requirement: The Payment Is The Message. Or, The Message Is The Payment!

How to build this? That's the challenge of FC. Clearly, not from scratch. One either takes a payment system and adds chat, or, one takes a chat system and adds payments. I chose the former, because a) I had a payment system, and b) the reliability of payments dominates the reliability of chat. So it was a case of detuning in a lot of respects, which is easier than .. rebuilding.

Now, the requirement above says we have to make a payment system act like a messaging system. This immediately creates for us a few derivative requirements. Firstly, a client has to talk to a client in live form, which means a server has to talk to a client, in live, unsolicited form. Secondly, a client has to accept those unsolicited live messages coming in. Thirdly, the messages want to be of open, user-supplied format, somewhat.

To date, most payment systems have been "pull" in that the client goes to the server and pulls the data down. Our derivative requirements above break the pull model. To deal with "push" requires the server to be able to send a stream of unsolicited messages to the client, which means a further requirement on the secure protocol: datagrams. As we aren't going to compromise security, this means crypto datagrams, flying in both directions, which means a new crypto protocol, because there isn't a convenient secure crypto datagram protocol. (There is now: SDP1 is used in SOX :-)

Further, payment clients are generally far too "pull" oriented. This means proper multithreading and integration with GUIs. (Ours didn't cut it, and had to be rewritten. That took an age. This also means that certain client technologies are going to suck at the future landscape of payments, and we are entering a new age of client confusion as capabilities fail to converge with desires. But that's another rant.)

So, having isolated our requirements, and driven them down into layers of requirements, all that is left is implementation. Skip forward to the present, and I can now demo chat over payments. Or was it payments over chat? Either way, we are now well placed for phase 2: experimenting with invoicing, p2p trading, and p3p activities.

Adding instant messaging to the Ricardo payment system was no easy task. It involved the two quite mammoth changes mentioned above. But, the result is simply awesome. I don't think it's an exaggeration to say that this is a major result for Financial Cryptography - setting the requirement as the payment is the message is the payment is like the missing link in ecommerce evolution.

Suddenly, everything that people were dreaming of in the mid 90s becomes easy. Suddenly, not being able to reliably intermingle payments with messages looks very honky indeed.

And this is where FC gets its magic. It's a top-down application concept. Start with the application - the finance layer - and set your application goals. In this case, it was to add messaging to a payment system. Then, drive those goals as requirements down until you have a working concept.

Just as a total coincidence, we ended up with new crypto in there. Writing SDP1 was fun! But it was also totally application driven - and in fact it wasn't until we got to the point of actually needing it that we knew that crypto datagrams needed to be done. It was so small and trivial in the application scope of things, it got left out of the high level architecture as too trivial to mention.

That's what FC is: take an application of financial importance. Set goals, break them down, go deep down. Goals, Requirements, Layers, ... Probably, your journey ends with crypto. Sometimes it doesn't, but that doesn't matter. What matters is that what is *required* in an FC application is found and implemented.

And maybe we snuck some crypto in there for fun.

FC exile finds home as Caribbean Brit

Vince Cate (writes Ray Hirschfeld) created a stir a number of years ago by relocating to the Caribbean island nation of Anguilla, purchasing a Mozambique passport-of-convenience, and renouncing his US citizenship in the name of cryptographic and tax freedom.

Last Thursday I attended a ceremony (the first of its kind in Anguilla) at which he received his certificate of British citizenship.

But Vince's solemn affirmation of allegiance to Queen Elizabeth, her heirs and successors was done for practical rather than ideological reasons. Since giving up his citizenship, the US has refused to grant him a visa to visit his family there, or even to accompany his wife to St. Thomas for her recent kidney surgery. Now as a British citizen he expects to qualify for the US visa waiver program.

Is this the end of an era, a defining cypherpunk moment?

What is FC (iii) - Start from the Top.

In terms of definitions for FC, applying crypto to banking and finance doesn't work. Mostly because those doors are simply closed to us, but also because that's simply not how it is done. And this brings us to the big difference between Bob's view and FC7.

In Bob's view, we use crypto on anything that's important. Valuable - which is much more open than, say, the 'bank' view. But this is still bottom-up thinking and it is in the implicit assumption of crypto that the trouble lies.

Applications are driven top down. That means, we start from the application, develop its requirements and then construct the application by looking downwards to successively more detailed and more technical layers. Of course, we bounce up and down and around all the time, but the core process is tied to the application, and its proxy, the requirements. The requirements drive downwards, and the APIs drive upwards.

Which means that the application drives the crypto, not the other way around. Hence it follows that FC might include some crypto, or it might not - it all depends on the app! In contrast, if we assume crypto from the beginning, we're building inventions looking for a market, not solving real world problems.

This is at heart one of the major design failures in many systems. For example, PKI/SSL/HTTPS assumed crypto, and assumed the crypto had to be perfect. Now we've got phishing - thanks guys. DigiCash is the same: start from an admittedly wonderful formula, and build a money system around it. Conventional and accepted systems building practices have it that this methodology won't work, and it didn't for DigiCash. Another example is digital signatures. Are we seeing the pattern here? Assume we are using digital signatures. Further assume they have to be the same as pen&ink signatures.... Build a system out of that! Oops.

Any systems methodology keeps an open mind on the technologies used, and that's how it is with FC7. Unlike the other definitions, it doesn't apply crypto, it starts with the application - which we call the finance layer - and then drives down. Because we *include* crypto as the last layer, and because we like crypto and know it very well, chances are there'll be a good component of it. But don't stake your rep on that; if we can get away with just using a grab bag of big random numbers, why wouldn't we?

And this is where FC7 differs from Bob H's view. The process remains security-oriented in nature. The people doing it are all steeped in crypto, we all love to add in more crypto if we can possibly justify it. But the goal we drive for is the goal of an application and our solution is fundamentally measured on meeting that goal; Indeed, elegance is not found in sexy formulas, but in how little crypto is included to meet that goal, and how precisely it is placed.

The good news about FC7 is it is a darn sight more powerful than either the 'important' view, and a darn sight more interesting than the banking view. You can build anything this way - just start with an 'important' application (using Bob's term) and lay our your requirements. Then build down.

Try it - it's fun. There's nothing more satisfying than starting with a great financially motivated idea, and then building it down through the layers until you have a cohesive, end-to-end financial cryptography architecture. It's so much fun I really shouldn't share it!

What is FC? (ii) - Debunking the 'Bank' View

Yesterday I outlined 3 views on "what FC is," yet there were some obvious differences. If I can call a token money system using big random numbers as FC, and the academics say that FC is crypto applied to banking problems, then we have a conflict. Banks don't buy random numbers! Which then is the more useful view?

I shall answer this by elimination, and in the process, debunk the 'bank' view. Mostly because it is easier to do that than to prove the alternate!

Firstly, banks do not buy crypto. What they buy is security. They buy secure systems from reputable suppliers, all of them called IBM. (Remember SET?) So whatever it is that banks do, that could be FC but it isn't crypto.

Banks buy systems and processes. Sometimes those systems have some crypto in them, and sometimes not. IBM are experienced in creating a complete process, and if their architecture calls for crypto, then that's what will be in there. But, it's entirely optional, it all depends on the requirements.

This is because applications are driven top-down. Requirements are laid out and they are driven down through various layers, with each layer attempting to cover as much as possible. By the time we get down to the murky depths of crypto, most all decent architects would be somewhat depressed if their crypto needs were exotic. As well as potentially out of a job; any architects who started out thinking about crypto would be totally irresponsible. Systems are built to requirements, not cool formulas.

Further, even when we get to adding in some crypto, the quantity in any given system is generally quite low. Maybe about 1% of the lines of code in a software system. (If the key exchange stuff is done properly, a couple of pages in the manual.) So, what's all the fuss about?

Finally, there is a further problem with banks - they don't do anything that other banks aren't doing. This chicken&egg problem is called 'herding' and it's an economics term of art. From this, we can conclude that banks don't do exotic crypto.

Which leaves us where? If FC is crypto as applied to banking systems, we've got some real issues in making that 'interesting': It's small. It's bottom-up. It's not sellable and it's not wanted. It's also not professionally responsible.

(Which all to a large extent explains the rise and fall of companies like DigiCash. But that's off the topic.)

It is in fact far far better to say that FC has nothing to do with the banks. The key is to turn all that around and look at other opportunities. Payment systems run by non-banks are fruitful applications. (And by non-banks I mean not-anything-like-banks.) Non-payment systems run by anyone are also important - think about trading, contract formation, reputational systems, identity, and new methods of accounting.

Or, consider it this way. The reputational auctions that Paypal helped, otherwise known as eBay, were as interesting as the payments. A large part of that success was because there wasn't a bank involved, as seen by the consistent exits by the banks.

(Next: Start from the top.)

What is Financial Cryptography? - a rant in 4 parts

Recent discussions have brought up that old confusion, just exactly what is FC?

I put down my view of that in FC7. Whether that's a good view only time will tell, and whilst not universally accepted, criticisms seem to be limited to "why isn't this or that in the layers?"

The question of FC is at the core of what the FC conference, starting this week, should be about. It's about why people should go and what they should expect to find at the conference, so the definition is something to think about. Here's my attempt to map it out.

First spot goes to Bob H who invented the term. Now, I don't know that he ever defined it directly, but he did define it by elimination: financial cryptography is the only cryptography that's important. That's a reversable definition - if it matters, it's FC.

Bob's definition does several things for us. Firstly, it establishes a value metric - there has to be a value involved, in order to 'be important.' Thus, it eliminates the military, government and 'national security' applications, which are 'beyond valuation' and it also eliminates things like encrypting messages for fun or paranoia which might be termed 'beneath valuation'. This simplifies things a lot as we can work from an assumption that an application is doing something of value.

Secondly, it has to be crypto. (Why that's important becomes clearer later.)

The academic view is much less well thought out. There is a sort of shared assumption that "banks and banking" are the target for FC. So, according to this view, the crypto should protect coins (Chaumian money) or ATM networks or wire transfers or something. Indeed, over on Wikipedia, it says "Financial cryptography is the use of cryptography in banking and similar financial applications." And it lists ... exactly those applications.

The third view has to be FC7. This is the 7 layer model that stretches out crypto and finance, finding an additional 5 layers in between. Those layers are either obvious like software engineering (2) or subtle like governance (5). They are either basic and boring like accounting (4) or open to much interpretation like Rights (3).

7. Finance	Applications for financial users, markets
6. Value	Instruments that carry monetary or other value
5. Governance	Protection of the system from non-technical threats
4. Accounting	Containing value in defined and manageable places
3. Rights	Units of authentication, with ownership of units of value
2. Software Engineering	Moving instructions over the net
1. Cryptography	Stating mathematical truths for sharing between parties

What's not so obvious is the corollary of FC7 that if you don't address all 7 layers in your system, your survival rate is low. But, this doesn't mean heavyweight employment. Indeed, a lightweight crypto layer is entirely acceptable, and one can even get by without any crypto at all, in some stretch of theory! A simple example of this would be a payment system using big random numbers as coins. It's hardly crypto, but it is drawing from the cryptographic thought process within an overall architecture.

Which brings us back to the academic view that FC is crypto as used in or by banks, and the Bob view that FC is crypto that values. Are these complimentary or orthogonal? Exclusive or intersecting? That's for another post!

FC - top picks for papers

My counter to Peter Wayner's article kicked up a bit of a storm, regretfully carried on in the hallowed but private halls of IFCA's internal mail forums. (Yes, I did ask when they'll put up a forum for members and others to discuss matters FC.) One thing that was curious was the volume of response; finally it twigged to me, the conference starts on Monday!

Well, I'm not there, I'm sitting in the snow. You're not there either if you're reading this. Here's my list of top picks for those talks that might have made the trip worthwhile.

But before I get onto that, I have to report: shock! horror! every paper is online ! Thank you organisers, thank you papers committee, thank you all! We can now read these papers, and fame and fortune for the authors is assured:

Protecting Secret Data from Insider Attacks
David Dagon and Wenke Lee and Richard Lipton (Georgia Institute of Technology)

Trust and Swindling on the Internet
Bezalel Gavish (Southern Methodist University)

Risk Assurance for Hedge Funds using Zero Knowledge Proofs
Michael Szydlo

Probabilistic Escrow of Financial Transactions with Cumulative Threshold Disclosure
Stanislaw Jarecki (UC Irvine) and Vitaly Shmatikov (UT Austin)

A User-Friendly Approach to Human Authentication of Messages
Jeff King and Andre dos Santos (Georgia Institute of Technology)

Panel: Phishing - Organizer: Steve Myers
Tentative panelists: Drew Dean, Stuart Stubblebine, Richard Clayton, Steve Myers, Mike Szydlo

Cybercash on Vacation - ruminations on FC

Peter Wayner has written a downbeat piece on the history of the Financial Cryptography conference. He asks a bunch of people why FC hasn't taken off, and gets a lottery of answers. I think he's wrong...

The ideas have infiltrated into places, but few have noticed. PayPal did find some sustenance in the process, as did the gold currencies, and certain of the ideas that were talked about are now internalised. They simply didn't tell the FCers. Other more conventional plays such as ETFs have simply adopted the models from those players, and again, they've not recognised where they came from. Either publically or privately.

The reason for this lack of feedback on success - and hence the apparant lack of success - is because the FC organisers lack one thing: perspective. They were either academics, security guys, geeks, cryptographers or netizens. Often they were 2 or even 3 of those, but rarely did they have a straightforward business ability to integrate the ideas into other spheres. It was this integration that I wrote about in the 7 layers paper, and it is this integration that people like Dave Birch speak of in the conferences he runs.

When business people attend the 'vacational conference' of FC, what they see are a lot of different ideas expressed as fomulas, and it is left to them to construct them into business context. The fact that they didn't then credit FC with their successes is a foregone conclusion, as the FC community isn't capable of understanding the perspective that they are offering. That doesn't mean it wasn't there, it is just that until organisers stop treating FC as a forum to present new equations, they won't have the language to recognise what it's about.

Journal of Internet Banking and Commerce

Recent grumbles in the comments to the recent FC papers post brought to mind an old journal called JIBC. I'd lost my "subscription" reminder to it many years ago and I guess I just assumed it had stopped. But, no, a little googling and I found it: the Journal of Internet Banking and Commerce. It is still pushing out 2-3 editions per year.

Back in the very early years, JIBC was there and publishing before things like the Financial Cryptography term had even been coined by Bob Hettinga. So I'm happy to come back and cheer them into the last year of their decade, given that the the first edition of this venerable journal was January 1996!

Some highlights include a regular column by Dave Birch, an article asking Why does SSL dominate the e-payment market ?, and an article predicting the return of digital cash in Waves Of Multimedia Banking Development.

JIBC published my second paper in 1997, the Critique on the 1994 EU Report on Prepaid Cards. Sometimes papers work out well, the lessons in that one are still useful in comparison to where Europe is now. So say I, at least.

Happy New Year

May 2005 be better than 2004, 2003, 2002, 2001 and so on. The previous years have been graded to determine the mean and referenced to 1999 as a benchmark for happiness. All claims and wishes are based on objective results and cannot be understood to be a promise by the party wishing a Happy anything. This wishing contract has been reviewed by the attorney of the wisher and those wishing to serve legal action based on acceptance of this wish will kindly be directed to the sender's office for service. If an error should occur in transmission such as swishing versus wishing then the reciever has the option to carry on at will without holding the sender liable. The wishing versus the swishing debate is now in Congressional review and updates will be provided. In addition to the Wishing/Swishing issue the Phishing issue has been determined to be a 2004 problem that will not be carried into the 2005 year. So all those wishing/swishing/ phishing in 2005 should stop immediately and simply wish a Happy New Year. (Written by Jimbo!)

New job quiz: what's this post mean then?

A lot of discussions have been circulating about how to separate out the good guys who know stuff from the chaff that talks the talk but can't walk, even before the google cats test circulated. I recently figured out a great test for any payment systems person. Hand the prospective engineer any relevant post as written by Lynn Wheeler (and Anne, allegedly) and ask the candidate to explain it. If they can, hire them because they've obviously done enough to see what he's on about! If they can't, scratch that candidate, as they haven't got that "been there, done that" track record.

But, even better, I came across this little gem buried deep in one prospective employment exam. I'm not sure how to use this, yet, but I'm thinking on it.... Comments welcome!

Anne & Lynn Wheeler writes:

[huge snip...]

a little tale out of school. after the initial encrypting modem testings, all products from the company with phone jacks had deeply recessed contacts. one of the first testers for this home/travel/hotel encrypting modem was a corporate VP ... who apparently had been an EE in some prior lifetime. He was trying to test out the modem and stuck his tongue on the contacts to see if there was any current. unfortunately, the phone decided to ring at that moment. the result was an edict that all phone jack contacts had to be recessed so that people (especially corporate VPs) were unable to touch them with their tongue.

FC'05 (the conference) posts the programme!

FC'05 - the Financial Cryptography conference to be held in Dominica, first week of March - has posted a preliminary programme. I haven't seen it announced yet, so maybe this is a 'leak' :-)

There are lots of interesting papers, and it looks like this year they may have actually brought in more relevant stuff. Also, two panels:

A Panel on Phishing! Well, it makes sense. The only thing that will protect users from being phished will be good relationship management ... as based on caching of certs. That's finance and crypto, right there.

And, a Panel on Financial Technology in the Developing World. Another fine topic where much has been done, much could be done, and much more is being asked of us.

The Arab Cryptanalysts

Simon Singh's The Code Book is a very readable account of the development of cryptography over the ages [1]. It seems to skate over much material, but Singh shows an ability to pick out the salient events in history, and open them up. Here is an extract entitled "The Arab Cryptanalysts [2]."

Curiously it mirrors the evolution of financial cryptography: only after a significant array of other disciplines were brought to bear by the enlightened scholars of the Islamic world, for a wide range of motives and interests, was the invention of frequency analysis discovered and applied to cryptograms. Thus, the monoalphabetic cipher fell, and cryptanalysis was born.

[1] Simon Singh, The Code Book, 1999
[2] Ibid, "The Arab Cryptanalysts", pp 14-20.

The Medici Effect

Frans Johansson on the Medici Effect

By exploring the intersections between different disciplines and cultures, one may discover the next groundbreaking ideas.

Frans Johansson is a consultant and author of the new book, "The Medici Effect," published by Harvard Business School Press. He was previously a cofounder and CEO of Inka.net, a Boston-based enterprise software company, and vice president of business development of Dola Health Systems, a company operating in Baltimore and Sweden. Born and raised in Sweden, he currently resides in New York City.

UBIQUITY: Let's start at the beginning: what is this "Medici Effect" you write about?

JOHANSSON: The book talks about the fact that we have the greatest chance of coming up with groundbreaking insights at the intersection of different disciplines or cultures. The Medici Effect refers to the exponential increase in ideas that you can generate when you combine two different fields.

UBIQUITY: Give us an example or two.

JOHANSSON: Let's take an example I'm particularly fond of — the example of ants and truck drivers, which I talk about in one of the chapters. So there is this telecommunications engineer that has been is trying to figure out how to efficiently route telecom messages through a haphazard routing system. And one day the communications engineer met an ecologist, who studies social insects, like wasps and ants. And they started talking, and the ecologist described how ants search for food. As it turned out, the ant's search strategy turned out to be very applicable to the routing of telecom message packets. Once the engineer realized this, he decided to explore this particular intersection between ant ecology and computer search algorithms, so he spent three years looking at the connection between the way social insects behave and the way you can use computers to optimize particular types of search algorithms. And that has now lead to an entirely new field called swarm intelligence, which essentially came out of the intersection of the study of social insects and computer search algorithms. This methodology has been used in everything from helping truck drivers find their way around the Swiss Alps to helping unmanned aerial vehicles search for terrorists in Afghanistan.

UBIQUITY: And you called it the "Medici Effect" for what reason?

JOHANSSON: The title alludes to what the Medici family accomplished in Florence during the 1500s: they sponsored people from lots of different disciplines — architects, painters, sculptors, philosophers, scientists — from all over Europe, even actually as far away as China, and brought them all together in Florence. And it's through their interactions that Florence essentially became the epicenter of one of the most creative eras in Europe's history, the Renaissance. One of the most famous innovators they sponsored was, of course, Leonardo Da Vinci, but there were many others in Florence who found connections between their various crafts, which ultimately allowed them to set off the creative explosion.

UBIQUITY: Tell us about your own education.

JOHANSSON: Undergraduate work at Brown University. Then I started a company and ran it for a couple of years, before going to Harvard Business School for an MBA.

UBIQUITY: Would it be accurate to say that Brown University — or any number of other universities — are attempts to emulate the Medici Effect?

JOHANSSON: Well, yes, Brown University is a particularly interesting example, I think. When I was there, I got the feeling that they were going out of their way to try to get their students to explore a field outside of their majors. Cornell University does a very good job of the same thing, and so do a lot of the other universities. It's sort of at the heart, if you will, of the philosophy for a Liberal Arts education — although things have changed greatly during this century. I mean if you really wanted to succeed in academia beyond an undergraduate education, you had to specialize in many ways. But at Brown, they gave you room to do things differently. And actually, while I was there, I started an interdisciplinary science magazine called The Catalyst, which became quite successful, and it's still around, very much so. I think the latest issue was sent to all the incoming students at the university, and I know one of the Deans said it's one of the things that best expresses the idea of Brown, because it essentially bridges the various sciences and also bridges the gap between the sciences and humanities.

UBIQUITY: Congratulations. That's quite a success.

JOHANSSON: Thank you. Actually, I look at that magazine today, and I think it has had a far greater impact than the software company I co-founded. Because people that have worked on that magazine — former editors, lay-out editors, or contributors — have gone on to work at places like Science magazine, the Discovery Channel, and so on. So in that sense, the influence extends further than it did with my years of heading up the software company.

UBIQUITY: Thinking for a moment not about the students, but about the faculty, is it not true that interdisciplinary collaboration can often be very difficult because of the way that universities are organized in terms of tenure systems that reward specialization?

JOHANSSON: Yes, I agree whole-heartedly. You have a system where in order to succeed, professors have to publish x number of papers. In order to do that, they publish in an ever-increasing plethora of hyper-specialized journals to satisfy this particular tenure demand. And also the way the funding system has worked in the past, a lot of it has been very specialized. But things are changing. Look at the NIH or NSF, for instance, how they are setting up their funding requirements. A lot of the new grants have to do with interdisciplinary work. And I think that over time, this is going to filter through to the academic world as well. It would have to, essentially, because universities need their professors to pull in money. And so if they have to work across fields to do it they will. This has already started to happen at an undergraduate level. I mentioned in the book that one of the big differences between a course catalog today and say thirty years ago, is that today it has many more hyphens. Undergraduates can major in not just physics, or applied math, or psychology, they can major in applied math-psychology, they can major in applied math-economics, they can major in geology-physics. These hyphens can even extend in to three-word combinations. So undergraduate programs have been leading the way, in that sense.

UBIQUITY: What was your own undergraduate major?

JOHANSSON: Environmental science, which is obviously a very interdisciplinary major. But when I came in, I was thinking I was going to major in fictional writing, actually.

UBIQUITY: Really.

JOHANSSON: Yeah, I had written a novel in high school. It got sold, but never got published, which just made me very sad. But it gave me the hunger to continue writing. But once at college I wanted to focus on something that leveraged the capabilities Brown had in the sciences, so I chose environmental science mostly because of my passion for fishing.

UBIQUITY: What kind of fishing?

JOHANSSON: All kinds. Fly fishing, deep sea fishing, even fishing in lakes and rivers. Eels at midnight and that type of stuff. There hasn't been much time to do that as of late, but yes, all kinds of fishing. I've always enjoyed it. So, I used to write articles on the science of fishing: there was a gap between scientists doing research and people interested in that research actually hearing about the results. I wanted to fill that gap.

UBIQUITY: Do you think that your interest in fishing has made any contributions to your ideas on innovation?

JOHANSSON: Oh, good question. Probably in the sense that it has allowed me to understand the importance of community. I think it's very easy when you're in business to disregard certain aspects of the community around you. But with an interest in fishing and environmental issues, you develop a sense that certain things clearly happen through grassroots activities — certain things can spread in that type of way doesn't necessarily happen in a planned corporate way. And so I think that has added to the ways I look at how to spread an idea.

UBIQUITY: You talk in the book about three driving forces for innovation. What are they? Start with computational power as a driving force for innovation. What does that add to the equation?

JOHANSSON: Computational power adds two things. One is that it has enabled us to communicate a lot more easily with people who are far away — and across disciplines. So you can connect with somebody that's on the other side of the world and you can work with them. If you're talking about a discovery that happened in a particular field, then within hours, if it's enticing enough, a lot more people can know about it than in the past — not just those around you or those within your field. This makes it possible for people to access ideas across disciplines and cultures and increases the possibilities of combining different concepts. So that's an obvious effect of increased computational power.

Another effect that's a little bit less obvious has to do with how computational power enables us to do things differently. The example I used in the book comes from the animation industry, where they use computers to draw the figures, for instance in movies like Shrek or in Finding Nemo. The interesting thing about this technology is that it has allowed these companies to hire animators that are not necessarily experts at drawing but that are great at acting. These new types of animators take acting lessons, rather than drawing classes.

Of course, you see such computational leaps in other fields as well — in biotechnology for instance, where people who couldn't have entered this field before can now be part of a team that explores new drug combinations. Computational power has essentially not just enabled us to do things faster, but to also to do things differently.

UBIQUITY: Talk about how it's possible for the actor to take over the role of the artist. How does it work?

JOHANSSON: Because of the added computational power, it's far, far easier for Pixar to create 3-D figures. Not only does that decrease the need for animators to continuously draw frame after frame since the computers can do some of that, but, these 3D characters have a much, much greater ability to display emotion. So in the case of Shrek, for instance, you're literally looking at a figure with feelings. You can follow the figure's eyeballs, eye wrinkles, you could follow the person's facial movements far more easily than in the 2-D animation. Computation has made it possible for these animators to add an acting quality to the animation, because they essentially draw this figure more realistically. And they do it far fewer times than was necessary in the traditional 2-D movie, and so what the animators focus on is: How can I make an impression with this figure? How can I enable this animated figure to display a truly human emotion?

UBIQUITY: Let's move on to the other two driving forces of innovation.

JOHANSSON: Yes. Another driving force is the convergence of science. In many ways traditional scientific fields have run their course where new discoveries now require huge resources or incredible specialization. Most physicists, for instance, find that it's essentially impossible for them to work without a huge team, sometimes hundreds of people, and to go in and explore a particular, very narrow aspect within their field . But those scientists who intersect physics with something else, let's say biology or psychology, have a far better chance of generating a new insight: they can become leaders in a new field that emerges from this intersection. And so scientists that want to lead the way are essentially going to have to merge or establish science fields with another one. Alan Leshner, the CEO of AAAS, says in the book that disciplinary science has died. Single-author papers are rare today. It's almost always multiple authors from different fields.

UBIQUITY: And your third driving force for innovation is the movement of people.

JOHANSSON: The movement of people has increased to a level where it was maybe about 100 years ago. And essentially, by doing that, it is creating diverse communities all over the world. And diverse communities provide huge opportunities for businesses and artists to tap in to whole new markets. And not just that — clever companies like L'Oreal or MTV make sure that their product innovations literally come from exploring the intersections between different cultures. You may not think that there are any connections between Latin music and country music. But instruments and the role of vocals play very similar roles in both types of music. What if one explored such an intersection? There could be something interesting coming out of it. The same with L'Oreal and how they go about launching new products where they bring very diverse teams together to try to come up with radically new ideas.

UBIQUITY: As the author of "The Medici Effect," how do you think you can help an individual reader see the world differently — or him- or herself differently? After reading the book, the person wakes up the next day and goes out the door and does, well, what?

JOHANSSON: That was probably one of the biggest things that I tried to make sure that this book did. I wanted to explain why stepping in to these intersections is effective. First, I think that the insight that stepping into an intersection between different fields can increase the chances of generating a groundbreaking idea is very important and affects a reader's way to view the world. Second, there's the question of how to execute these intersectional ideas. You have to prepare for failure, you have to be able to break away from your established networks, and you have to manage risks differently. The book talks about this in great detail. And then finally the third piece of the puzzle is to explain why all this works, so that when you wake up the next morning after you finish the book, ideally you will be thinking about the world a little bit differently. When you come in to the office, for instance, you will be more aware of the potentials of how other fields or other cultures could relate towards what you're doing — and if you saw an opportunity, you would have a better chance of executing it.

UBIQUITY: Let's do a thought experiment, and maybe an imagination experiment, and ask you to think of any 100 people that you can either pick from people you know or that you've known in the past, and then try to rate these people in terms of their ability to do the kinds of things you're recommending. How would they rate?

JOHANSSON: Also a very good question. I would be speculating here, so I'll just go with the flow on this one. This is not exactly from my research. But I think that the book deals with two types of recommendations, those that are more long-term in nature and those that are short-term. I think people's ability to do the things I recommend are related to how well they can stay committed to these two types of strategies. You can easily decide to go "intersection hunting", for instance, which is a tactic that can be done almost immediately upon reading the book. But will you go intersection hunting next month or the next year? Even if you were very successful you may forget such a tactic until you reread the book. On the other hand, long-term strategies such as broadening your cultural experience or learning differently require more forethought, but once you get into that mode of thinking you will probably stick with it since it becomes a way of life instead of an afternoon tactic to solve a specific problem.

UBIQUITY: Say something about execution issues.

JOHANSSON: I talk a lot about how you have to plan failure, and I do that to help the reader understand that it's okay for an idea not to work. But here again, people are different, just innately. Some people will become very depressed if they fail, whereas others will instead see it as a learning experience and move on. And I'm not sure, I think the jury's out on how easy it is to change that particular tendency — whether or not you're going to view a failure as a learning experience or are you going to view it as a depressing aspect of your life. My hope is that most people will view it as a learning experience and the book certainly makes that case very vividly. It also looks at how one should manage risks differently at the intersection of fields compared to within fields and what you need to do to break away from an established field. Readers that take these ideas to heart and consider the recommendations will have a better chance to execute intersectional ideas.

UBIQUITY: And having asked how the book will change the reader, let's end with this question: has the writing of the book changed the author?

JOHANSSON: Yes, it has, substantially. It's done a number of things. First of all, writing the book has been an individual effort but has helped me appreciate the differences in approach between individual and group efforts. I think that writing the book has just given me a lot better understanding of what that means. The second thing it has done for me is it has made me very interested in writing more books. I found the process of writing fascinating — I really enjoyed it, and I'm going to continue that. Finally, and most importantly, it has given me an incredible number of new ideas. I woke up one morning and realized that I've just always taken it as a truth that when you step into intersections and combine different cultures or disciplines, you have a greater chance of an insight. I wondered: is that really true? And so that was the whole reason for starting this project. I just wanted to know if it was true, and I did a lot of research for it, I did a lot of interviews. And yeah, it is true, that was my unabashed conclusion — it is absolutely, most positively true. And so with that, it has meant that the Medici Effect is in almost every aspect of my life now. I can't help but to see intersections everywhere — and that's pretty cool.

Source: Ubiquity, Volume 5, Issue 31, Oct. 6 - 12, http://www.acm.org/ubiquity/

Big Brother Awards

Naming and shaming was at its finest last night as the Big Brother awards were presented to Britain's worst by Privacy International. The winners included British Gas, the US VISIT fingerprinting programme, and the British Minister for Children, see the articles below for details.

It's hard to measure conclusive success for these awards, as no doubt the winners will pretend to shrug their shoulders and carry on their evil works. But it seems to give some pause for thought: I bumped into a couple of people there who were potential winners, and even though not directly addressed by this year's lists, there was an almost masochistic sense of wanting to see and experience that which was beyond the pale. So I'd conclude that there is a significant knock-on effect - companies know of and are scared of the awards.

It occurrs to me that there is room for an award or two in our field. Maybe not FC, which is too small and fragmented as a discipline ... but certainly in the application of cryptography itself.

Negative awards could include

• Worst security implementation - worst product that was being passed off as a crypto solution.
• Most egregious failure of security responsibility - what organisation was not using crypto when it should be.
• Biggest public-sector impediment to security - what rule or act this year caused the most crypto insecurity.
• Biggest FUD vendor - the company that did the most to scare people into using product.

Positive awards also should be given. I'd suggest:

• Best open source or free product - the one that did the most to wisely and successfully deploy good crypto.
• Lifetime achievement award - for the hacker or implementor who did the most to advocate and push good stuff out there, in spite of the odds.
• Most accessible academic contribution - for the one paper that we could read and should read.

I'm sure there are lots of other ideas. What we need is a credible but independent crypto / infosec body to mount and deal such an award. Any takers?

Here's a couple of articles on the awards, FTR:
http://news.google.com/url?ntc=5M4B0&q=http://www.theregister.co.uk/2004/07/29/big_brother_awards/
http://management.silicon.com/government/0,39024677,39122716,00.htm

Proceedings of 1st Annual BuggyWhip Conference

Not very much to do with FC, except perhaps a belated message to the conference of the same name, but the NYT has published a pre-mortem on the dying Journals trade [1]. Of course, long predicted (I forget when), it should come as no surprise to anyone with an email address that expensive, published, peer-reviewed journals of academic papers are going the way of the buggy whip.

By PAMELA BURDMAN

When Dr. Miguel Nicolelis, a neurobiologist at Duke University, decided to release a groundbreaking study in an upstart online journal, his colleagues were flabbergasted. The research, demonstrating how brain implants enabled monkeys to operate a robotic arm, was a shoo-in for acceptance in premier journals like Nature or Science.

"Usually you want to publish your best work in well-established journals to have the widest possible penetration," Dr. Nicolelis said. "My idea was the opposite. We need to open up the dissemination of scientific results." The journal Dr. Nicolelis chose - PLoS Biology, a publication of the Public Library of Science - aims to do just that by putting peer-reviewed scientific papers online free, at the Web site www.plosbiology.org.

The high subscription cost of prestigious peer-reviewed journals has been a running sore point with scholars, whose tenure and prominence depend on publishing in them. But since the Public Library of Science, which was started by a group of prominent scientists, began publishing last year, this new model has been gaining attention and currency within academia.

More than money and success is at stake. Free and widespread distribution of new research has the potential to redefine the way scientific and intellectual developments are recorded, circulated and preserved for years to come.

"Society pays for science," said Dr. Nicolelis, whose article in the October issue of PLoS got worldwide attention. "We have the technology, we have the expertise. Why is it that the only thing that has remained the same for 50 years is the way we publish our results? The whole system needs overhaul."

At the big-sticker end are publications like The Journal of Comparative Neurology, for which a one-year institutional subscription has a list price of $17,995. Access to Brain Research goes for $21,269, around the price of a Toyota Camry XLE.

According to the Association of Research Libraries, journal prices went up 215 percent from 1986 to 2003, while the consumer price index rose 63 percent.

Though the highest-priced journals are in the sciences, libraries have had to offset those price increases by buying fewer books, often in other disciplines like literature and the humanities, association officials and librarians at the University of California said.

For those plotting end runs around for-profit publishers, a prime target is the Amsterdam-based Elsevier, which publishes some 1,800 journals in science, medicine and technology, including Brain Research.

"Elsevier doesn't write a single article," said Dr. Lawrence H. Pitts, a neurosurgeon at the University of California at San Francisco and chairman of the faculty senate of the 10-campus system. "Faculty write the articles for them, faculty review the articles for them and faculty mostly edit the journals for them, and then we get to buy the journals back from a company that makes a very large profit."

Similar sentiments motivated the editors and entire editorial board, 27 people in all, of Elsevier's Journal of Algorithms to defect en masse recently to start a nonprofit competitor, ACM - Transactions on Algorithms - said David S. Johnson, one of the editors.

Elsevier's managing director, John Regazzi, says the problem is not Elsevier's prices, but tight university budgets that can't meet the increasing volume of research worthy of publication. "Very few of our customers pay list price across all of their collections," he said. "If you look at the full cost of what an institution pays and you look at the number of downloads by users of the system, you're basically looking at $2 to $3 articles. We have a wide range of options for how universities can decide to subscribe." The company's pretax profit for the last three years has been between 30 and 34 percent, Mr. Regazzi said.

But more and more academics are viewing traditional publishers as obstacles to wide dissemination of studies paid for by public monies. Several open access alternatives are being hotly debated in academic online discussion groups and in the mainstream science press. The criticism even extends to some nonprofit publications, like the journal Science, which nearly tripled prices for its largest subscribers over the last two years.

Late last year, two scientists at the University of California at San Francisco called for a global boycott by authors and editors of six molecular biology journals published by Elsevier. They timed the campaign to coincide with the moment that the the University of California system was renegotiating its contract with the company.

"The mission and mandate of scientific publishing is to provide a formal record of scientific discovery, not to make publishing companies rich or editors famous," said one of the organizers, Keith R. Yamamoto, a prominent microbiologist and the vice dean for research.

Since University of California professors write, vet and edit a significant portion of Elsevier's wares, a deal was struck. The public university system reduced its bulk cost for online and print access to about 1,200 journals from $10.3 million last year to just $7.7 million annually for the next five years, according to published reports confirmed by Daniel Greenstein, the librarian of the university system. Other prestigious, but smaller universities are pursuing a different strategy.

"We have been cutting Elsevier journals and other for-profit journals as their prices have risen higher than inflation," said Michael Keller, the university librarian at Stanford. "The result is a fairly limited list - 400 Elsevier subscriptions."

PLoS became a publisher last year following a failed campaign to persuade journals to open up articles within six months of publication, said Michael B. Eisen, a computational biologist at Berkeley. Mr. Eisen is a co-founder of PLoS, with the biologist Dr. Patrick O. Brown of Stanford and Dr. Harold E. Varmus, a Nobel laureate who is chief executive of Memorial Sloan-Kettering Cancer Center in New York and former director of the National Institutes of Health.

The editors of PLoS follow normal peer review procedures. For revenue, they rely on author fees of up to $1,500 per article (typically drawn from research monies), voluntary university memberships, and grants. Although these voluntary university memberships can run into the thousands, Mr. Eisen said, the advantage is unlimited public access to priceless intellectual heritage.

But Mr. Keller of the Stanford libraries, who produces the online versions of Science and about 360 other nonprofit journals through Stanford's HighWire Press, argues that the voluntary memberships are just subscriptions in disguise.

Dr. Nicolelis's appearance in PloS Biology's debut issue helped vindicate this new model. PLoS has since attracted papers from leading lights in science like Dr. Robert Sapolsky, a Stanford researcher and a winner of a MacArthur "genius" award. Wired magazine also favored the founders with an award in April for "cracking the spine of the science cartel."

Traditional publishers hint that despite their new cachet, open access publications aren't sustainable in the long run. PLoS Biology and the new PLoS Medicine, due out this fall, are heavily subsidized by grants.

Dr. Alan I. Leshner, chief executive of the American Association for the Advancement of Science, says his publication, Science, already coping with the loss of print subscribers and advertisers, would have to charge authors $10,000 an article to survive in the open access mode. He also noted that revenues from Science - which was started by Thomas Edison - support some of association's programs, including one to provide free access to scientists in the developing world.

"I agree with the motivation," Dr. Leshner said, but added, "We just can't throw away a business model developed by Thomas Edison in 1880 based on `Trust me, it will work.' "

But to others, old models are precisely the problem. "Surely the combination of uncertainty and hope associated with this unproved model is vastly superior to the certainty and hopelessness that surrounds the current and failed commercial one," Mr. Greenstein of the University of California system wrote as part of a running debate about open access publishing on nature.com.

The pressure is beginning to have an effect. More publishers have begun opening their archives 6 to 12 months after publication. Molecular Biology of the Cell, published by the American Society for Cell Biology, now opens up its archives after two months, and as its editor-in-chief, Mr. Yamamoto hopes to convert the journal to open access soon. Even Elsevier made a recent concession to university libraries that are moving into digital publishing and archiving, offering blanket permission for authors to post their journal articles on their own institutions' Web sites.

"We're watching open access very carefully," Mr. Regazzi said. "We're trying to learn from it."

NeuClear - new wiki site

Pelle writes: The old NeuClear web site has been replaced by a much improved collaborative wiki style web site.

I am trying to document the concepts, applications as well as legal and governance aspects of NeuClear.

Please feel free to register, comment and even write articles or snippets.

If there is interest I will setup a general purpose financial cryptography space within the site.

Dutch Retail Payments

Long time comrade from the dynamic payments market of the Netherlands, Simon Lelieveldt, runs a blog on Dutch retail payments at
http://www.simonl.org/blogger.htm to brand and establish his growing consultancy business.

Simon worked for the Dutch Central Bank (DNB - De Nederlands Bank) for time immemorial in the electronic payments area. It's no exaggeration to say that the Dutch market was possibly the original melting pot for electronic payments - they were the most advanced in smart card money, and DigiCash BV was based there. It is maybe one country of a very few where everyone has a smart card money product (although use remains low) and has serious competition in non-bank payments products.

This core background led Simon on to the BIS Task Force on the Security of Electronic Money - their blue report was notably one of the very few documents produced by regulators that was worth chopping trees down for.

FCers will recall he was one of the key note speakers in Anguilla, 1997 , representing all of the Central Banks.

[Enhyper Knowledgebase] News for 30-Dec-2003

Six Degrees of Kevin Bacon

The game, "Six Degrees of Kevin Bacon," is explained by Alberto-Laszlo Barabási in his new book, Linked. For a synopsis, see Gene Callahan's review .

The game is a fascinating one to computer scientists and financial cryptographers. If we were actors, we'd be only two degrees from Kevin Bacon.

Anguilla is the home of Financial Cryptography, and it is a favourite haunt of Kevin and his brother Michael.

FC really took its roots in the tiny island, through the first four conferences known by the same name. There, the very odd mix of geeks and academics blended in effortlessly into the relaxed island life of one of the Caribbean's misfits.

Anguilla was historically populated by escaped slaves, and escaped the plantation history of the Caribbean as nothing much can grow there. She is thus fiercely independent. But she has little of the baggage of suppression of the other islands, and no necessary need to lord it over the white visitors as revenge for centuries of slavery and plantations.

From abject poverty, this slightly open view allowed her, with a little help from British tax breaks and Canadian airport grants to create an island devoted to unspoiled tourism. By a quirk of fate, the locals banned franchises like MacDonalds and cruise ships; and only high-end, expensive resorts were permitted.

By universal acclaim, the Dune Preserve is the favourite place of visitors seeking that special beach therapy that other islands have on the posters only. Bankie Banks, who runs the Dune, also hosts the Moonsplash festival where the Bacon Brothers play most Marches, under a full moon.

And, Bankie Banks, who is in trouble as much as he is out, has almost certainly played in a movie sometime. If not, somebody will do it sometime!

Which leaves us all, in the FC community, 2 degrees from Kevin Bacon, if only we can get ourselves into a movie.

NeuClear in the 7 Layer model of Financial Cryptography

Over on the Nuclear Blog , Pelle maps the NeuClear system on to the FC7 model:

"I remember when Ian Grigg presented his paper Financial Cryptography in 7 Layers at FC2000. I thought it was the single most useful paper presented in a conference dominated by academic non deployable variants of Chaumian Blinded Cash. The paper has inspired me ever since."

Go there to see the model in a table, but I've also copied the text below (with some editorial fixes):

The 7 layers is a way of seperating out and understanding the various parts that manage risk and ensure safety in a financial cryptography system like NeuClear.

In his abstract he describes it like this:

"Financial Cryptography is substantially complex, requiring skills drawn from diverse and incompatible, or at least, unfriendly, disciplines. Caught between Central Banking and Cryptography, or between accountants and programmers, there is a grave danger that efforts to construct Financial Cryptography systems will simplify or omit critical disciplines.

This paper presents a model that seeks to encompass the breadth of Financial Cryptography (at the clear expense of the depth of each area). By placing each discipline into a seven layer model of introductory nature, where the relationship between each adjacent layer is clear, this model should assist project, managerial and requirements people."

So its due time really to try to put the NeuClear architecture into perspective using his model.

7. Finance

NeuClear provides a flexible model for financial applications. Transactions can be either simple one way transactions like transfers or more advanced bidirectional transactions such as exchange transactions. The general requirements here are:

- Cheap
- Standardized across Asset Types
- Able to be generalized enough to be used for all kinds of securities
- Non Repudiable (You can not go back on a transaction)
- Realtime (no clearing period)

6. Value

Within NeuClear everything that carries value is an Asset. This is similar to what Ian calls a Ricardian contract. An asset can be a single item or a whole electronic currency. The only real definition is that it is backed by something of value.

5. Governance

Governance models are very important. Seperation of control is key to NeuClear. Ian has defined the 5 parties model which should be applied to any Asset system within NeuClear. The parties are as such:

a. Issuer Essentially the originator or promoter of an asset. To promote trust he contracts with the 3 following parties and does little else.

b. Mint The mint issues assets into the NeuClear System. This could be a trust company, but should be independent from the Issuer. They verify that the value implied in the above layer is actually entered into the system.

c. Operator The operator is like an Application Service Provider. He maintains the site and database in such a manner that neither of the other parties can interfere or otherwise modify the underlying accounting of the value system.

d. Manager The manager is contracted by the Issuer to do the day to day management of the asset. For example requesting that the Mint adds more assets to the system and customer service.

e. Users The users are in many ways the auditors of the system. As long as at least one of the 3 parties directly above is honest, they can monitor the runnings of the Asset live and instantly, to see if anything goes wrong.

4. Accounting

The accounting of the Asset maintains a constant real time view of who owns what within an Asset. It is managed by an AssetController which is a piece of software run on a server somewhere by an operator. The core book keeping is done by NeuClear Ledger a general purpose library for book keeping.

An Asset can be configured to be sent to various AssetControllers at the same time. One of them being the main one for real time purposes, the others being 3rd party auditing asset controllers. This is possible because each transaction is digitally signed and thus can be verified elsewhere. Regular end of day (or end of hour) statements can be exchanged and verified, to make sure that none of the operators are modifying the data.

3. Rights

The key to rights within NeuClear is the NeuClear ID framework. It provides a univeral Identity system for all parties within NeuClear and is universal across asset types. Thus each Identity can be thought of as not only and identifier, but an account, that works across all assets. The Identity model is flexible and supports many different kinds of Identities, including "Ticket" identities, that can be issued as part of a cash transaction at a physical agency as well as SmartCard based Identies that are controlled by the holder of a SmartCard.

2. Software Engineering

Our main software engineering infrastructure is based entirely on open common use standards such as:

+ Http
+ XML
+ XML Signatures

The current implementation uses Java as the main programming language. However it would be relatively straightforward to port it to Microsoft's .NET platform as well.

1. Cryptography

RSA Public Key Cryptography via Sun's JCE Spec

FC04 - accepted papers

The Financial Cryptography 2004 conference has quietly (!) announced their accepted papers:

http://fc04.ifca.ai/program.htm

Click above, or read on for the full programme....

The Ephemeral Pairing Problem
Jaap-Henk Hoepman

Efficient Maximal Privacy in Voting and Anonymous Broadcast
Jens Groth

Practical Anonymity for the Masses with MorphMix
Marc Rennhard and Bernhard Plattner

Call Center Customer Verification by Query-Directed Passwords
Lawrence O'Gorman, Smit Begga, and John Bentley

A Privacy-Friendly Loyalty System Based on Discrete Logarithms over Elliptic Curves
Matthias Enzmann, Marc Fischlin, and Markus Schneider

Identity-based Chameleon Hash and Applications
Giuseppe Ateniese and Breno de Medeiros

Selecting Correlated Random Actions
Vanessa Teague

Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop
S. Stubblebine and P.C. van Oorschot

An Efficient and Usable Multi-Show Non-Transferable Anonymous Credential System
Pino Persiano and Ivan Visconti

Electronic National Lotteries
Elisavet Konstantinou, Vasiliki Liagokou, Paul Spirakis, Yannis C. Stamatiou, and Moti Yung

Mixminion: Strong Anonymity for Financial Cryptography
Nick Matthewson and Roger Dingledine

Interleaving Cryptography and Mechanism Design: The Case of Online Auctions
Edith Elkind and Helger Lipmaa

The Vector-Ballot E-Voting Approach
Aggelos Kiayias and Moti Yung

Microcredits for Verifiable Foreign Service Provider Metering
Craig Gentry and Zulfikar Ramzan

Stopping Timing Attacks in Low-Latency Mix-Based Systems
Brian N. Levine, Michael K. Reiter, and Chenxi Wang

Secure Generalized Vickrey Auction without Third-Party Servers
Makoto Yokoo and Koutarou Suzuki

Provable Unlinkability Against Traffic Analysis
Ron Berman, Amos Fiat, and Amnon Ta-Shma

What is Pseudonymity?

In a recent Declan misinterpretation, discussed over on Larry Lessig''s Blog at the definition of pseudonymity was rasied [1].

Larry Lessig proposes that pseudonymity is a mechanism that hides a real identity, short of presentation of (say) a "warrant". I disagree with this definition, and it's certainly not the one that I've seen having dealt with these things in the last decade or so.

Pseudonymity is achieved when an entity is created that can clearly tie its activities together into one individuality. A Pseudonym, or nym for short, has individuality, distinction, a personality, and a name.

In contrast, Anonymity lacks these facets. It is achieved when it is not possible to tie one activity to another of the same entity.

In further contrast, we have the Real Person, who is fully identified down to the single human being [2]. That means we have three states for source of any event: anonymity, pseudonymity, and identified. And, there are two entities: nyms, and real persons [3].

Larry's definition presupposes the existence of the real person behind every nym.

In practice, that's not what happens - a pseudonymous account at Hotmail or Yahoo includes a bunch of details that may or may not point at a person behind that account. The existence of that information doesn't imply whether there are zero, one, or many people behind that account, and it doesn't imply that last week's people are next week's people. But, it does imply that a single email from the account can be related to all other emails from the same nym.

For example, it has been the case that groups of people have shared the same nym in order to maintain a prolific personality. In a sense, the nym is the set of all emails from that same entity. Their personality is derived solely from the words in those emails, whereas the personality of a real person includes more information outside their words.

In contrast, when an entity (either nymous or real) writes two different emails anonymously, there is no connection between them. A crucial feature of anonymity is that it lacks "distinctive character, individuality, factors of recognition, personality."

Nyms have all that. Nyms have names, they have personalities, built over many actions. They just lack a handle back to any single human.

Why is it crucial to get the distinction clear? Because of systems design: Systems built without a full appreciation of nymity migrate into real identity systems, and repeat the existing failures. Systems built with nymity at their core are capable of solving new and interesting challenges that real identity systems will always fail at.

iang

[1] How does one organise this trackback ping thing then?

[2] What is the proper term for a Real Person and their singular Identity in this context? I don't know.

[3] For sake of brevity, I skip over the interesting application of this to "legal persons" such as corporations.

The Insecurity of FC

Why is there no layer for Security in FC?

(Actually, I get this from time to time. "Why no X? ?!?" It takes a while to develop the answer for each one. This one is about security, but I've also been asked about Law and Economics.)

Security is all pervasive. It is not an add on. It is a requirement built in from the beginning and it infects all modules.

Thus, it is not a layer. It applies to all, although, more particularly, Security will be more present in the lower layers.

Well, perhaps that is not true. It could be said that Security divides into internal and external threats, and the lower layers are more normally about external threats. The Accounting and Governance layers are more normally concerned with the insider threat.

Superficially, security appears to be lower in the stack. But, a true security person recognises that an internal threat is more damning, more dangerous, and more frequent in reality than an external threat. In fact, real security work is often more about insider threats than outsider threats.

So, it's not even possible to be vaguely narrow about Security. Even the upper layers, Finance and Vaue, are critical, as you can't do much security until you understand the application that you are protecting and its concommitant values.

Events Circuit

There are approximately three conferences that specialise in FC that I know of. IFCA's FC, Digital Money Forum, and EFCE (Edinburgh Financial Crypography Engineering). These are listed in an Events Circuit which is located here:

http://www.financialcryptography.com/content/circuit/

in the knowledge base.

Financial Cryptography was the original. Back in '96, Bob Hettinga coined the term, invented the conference, and swept the driveway of snow all in one fine Boston winter's morning.

He conspired with Vince Cate and Ray Hirschfeld to run the first peer-reviewed Financial Conference in 1997 on the Caribbean island of Anguilla. An outstanding success, in many ways the first FC was the only FC, as a large bevy of legal professors and finance wonks turned up to challenge the crypto geeks on a variety of challenging subjects. Later FC conferences reduced themselves to cryptography, security and rights protocols, although the newest - FC'04 - has opened itself up to the temptation of "Systems and Finance Sessions".

Digital Money Forum was started by Dave Birch, one of the foremost FC thinkers. He created a high-level all-aspects approach that brought a lot of diverse people together. The breadth of the conference in many ways mirrors the diversity of FC, although this also works against the conference in impairing the ability to drill down in the short 2 day timeframe. It's by far the best place to get an broad-brushed introduction to the subject.

Rebel FCers Rachel Willmer, Fearghas McKay and Ian Grigg started Edinburgh Financial Cryptography Engineering - EFCE - to concentrate on the technical aspects of FC. As a forum for techies showing stuff, there were a few rules: presenters had to show running code, and presenters got a deep discount on price. EFCE was - for the practical implementor - wildly successful, especially as we measured a 25% deal rate. Less wild, EFCE only ran twice.

A special mention also goes to Bob Hettinga's Digital Commerce Society of Boston's monthly meetings, now apparently on sabatical, and the DBS symposiums in 1997 and 2001.

FC Blogged

Can FC be Blogged? Can Blogs be FCed?
Financial Cryptography is a field of some complexity. It's as if 7 rivers come to one point, the result is a maelstrom of froth and turbulence. Most come boating along with their parasols and glasses of champagne is if it was a fine summer's day at Cambridge.
Only to spin and drown in the whirlpool. But others ride the experience, either through luck, statistics or adriotness. Why are some lucky and not others?

Blogs themselves have their image of chaos. Are they an appropriate tool for FC?
Blogs appear to be a dynamic posting experience modelled after the slashdot forum, with the individualism and customisation of ez.