E-money mini-FAQ (release 2.0)

Written by Jim Miller.

Comments to Jim_Miller@suite.com.
This Web page is maintained by Roy Davies. Comments to Roy.Davies@exeter.ac.uk.

Q: How is electronic money (e-money) possible?

A: Public-key cryptography and digital signatures (both blind and non-blind signatures) make e-money possible. It would take too long to go into detail how public-key cryptography and digital signatures work. But the basic gist is that banks and customers would have public-key encryption keys. Public-key encryption keys come in pairs. A private key known only to the owner, and a public key, made available to everyone. Whatever the private key encrypts, the public key can decrypt, and vice verse. Banks and customers use their keys to encrypt (for security) and sign (for identification) blocks of digital data that represent money orders. A bank "signs" money orders using its private key and customers and merchants verify the signed money orders using the bank's widely published public key. Customers sign deposits and withdraws using their private key and the bank uses the customer's public key to verify the signed withdraws and deposits.

Go to the top of the page.


Q: Are there different kinds of e-money?

A: Yes. In general, there are two distinct types of e-money: identified e-money and anonymous e-money (also known as digital cash). Identified e-money contains information revealing the identity of the person who originally withdrew the money from the bank. Also, in much the same manner as credit cards, identified e-money enables the bank to track the money as it moves through the economy. Anonymous e-money works just like real paper cash. Once anonymous e-money is withdrawn from an account, it can be spent or given away without leaving a transaction trail. You create anonymous e-money by using blind signatures rather than non-blind signatures.

[To better understand blind signatures and their use with e-money, I highly recommend reading chapters 1 - 6 of Bruce Schneier's book Applied Cryptography. It is quit e readable, even to the layman He doesn't get into the heavy-duty math until later in the book. Bruce does a very good job of describing the wide variety of interesting things you can do when you combine computers, networks, and cryptography.]

There are two varieties of each type of e-money: online e-money and offline e-money.

Online means you need to interact with a bank (via modem or network) to conduct a transaction with a third party. Offline means you can conduct a transaction without having to directly involve a bank. Offline anonymous e-money (true digital cash) is the most complex form of e-money because of the double-spending problem.

Go to the top of the page.


Q:What is the double-spending problem?

A: Since e-money is just a bunch of bits, a piece of e-money is very easy to duplicate. Since the copy is indistinguishable from the original you might think that counterfeiting would be impossible to detect. A trivial e-money system would allow me to copy of a piece of e-money and spend both copies. I could become a millionaire in a matter of a few minutes. Obviously, real e-money systems must be able to prevent or detect double spending.

Online e-money systems prevent double spending by requiring merchants to contact the bank's computer with every sale. The bank computer maintains a database of all the spent pieces of e-money and can easily indicate to the merchant if a given piece of e-money is still spendable. If the bank computer says the e-money has already been spent, the merchant refuses the sale. This is very similar to the way merchants currently verify credit cards at the point of sale.

Offline e-money systems detect double spending in a couple of different ways. One way is to create a special smart card containing a tamper-proof chip called an Observer (in some systems). Te Observer chip keeps a mini database of all the pieces of e-money spent by that smart card. If the owner of the smart card attempts to copy some e-money and spend it twice, the imbedded Observer chip would detect the attempt and would not allow the transaction. Since the Observer chip is tamper-proof, the owner cannot erase the mini-database without permanently damaging the smart card.

The other way offline e-money systems handle double spending is to structure the e-money and cryptographic protocols to reveal the identity of the double spender by the time the piece of e-money makes it back to the bank. If users of the offline e-money know they will get caught, the incidence of double spending will be minimized (in theory). The advantage of these kinds of offline systems is that they don't require special tamper-proof chips. The entire system can be written in software and can run on ordinary PCs or cheap smart cards.

It is easy to construct this kind of offline system for identified e-money. Identified offline e-money systems can accumulate the complete path the e-money made through the economy. The identified e-money "grows" each time it is spent. The particulars of each transaction are appended to the piece of e-money and travel with it as it moves from person to person, merchant to vender. When the e-money is finally deposited, the bank checks its database to see if the piece of e-money was double spent. If the e-money was copied and spent more than once, it will eventually appear twice in the "spent" database. The bank uses the transaction trails to identify the double spender.

Offline anonymous e-money (sans Observer chip) also grows with each transaction, but the information that is accumulated is of a different nature. The result is the same however. When the anonymous e-money reaches the bank, the bank will be able to examine it's database and determine if the e-money was double spent. The information accumulated along the way will identify the double spender.

The big difference between offline anonymous e-money and offline identified e-money is that the information accumulated with anonymous e-money will only reveal the transaction trail if the e-money is double spent. If the anonymous e-money is not double spent, the bank can not determine the identity of the original spender nor can it reconstruct the path the e-money took through the economy.

With identified e-money, both offline or online, the bank can always reconstruct the path the e-money took through the economy. The bank will know what everyone bought, where they bought it, when they bought it, and how much they paid. And what the bank knows, the IRS [taxation authority] knows.

By the way, did you declare that $20 bill your Grandmother gave you for your birthday? You didn't? Well, you won't have to worry about forgetting those sorts of things when everybody is using fully identified e-money. As a matter of fact, you won't even have to worry about filig a tax return. The IRS will just send you a bill.

Go to the top of the page.


Q: Where can I learn more about electronic money?

A:


This document was written by Jim Miller Jim_Miller@suite.com and put on the Web by Roy Davies Roy.Davies@exter.ac.uk.

There have been Visitor Status Bar visitors to this page since 15 November 1995.


URL: http://www.ex.ac.uk/~RDavies/arian/emoneyfaq.html
[ Top | E-Money Links | Money in General | History of Money by Glyn Davies | Novels Set in the World of Finance | Home ]
Roy Davies - last updated 30 July 1997
E-mail Roy.Davies@exeter.ac.uk