Monday, July 18, 2011

On Future Currency

Copies of Tokens

As all airlines know, there is nothing inherently wrong if they were to sell multiple tickets for the same airline seat.  Just as in the quantum mechanics example of Schrodinger's Cat, the world continues with a superposition of two (or more) people believing they will fly on the plane.  My customers are happy up until two of them actually show up and try to sit in the same seat.  At that point, the quantum wave function collapses and a single reality is restored.  One of the cats lives, the others die.  My only problem is dealing with the dead cats by explaining the fine print in the contract. 

Replicating Money

Likewise, I see nothing inherently wrong with copying currency.  U. S. paper money already has unique serial numbers.  In this age of telecommunications and cryptography this serial number concept simply needs to be extended. 

The Federal Reserve needs to issue notes with cryptographic serial numbers and maintain an on-line verification facility.  At any time I can have this master system confirm the validity of my note.  For a transaction I can exchange it for one or more brand-new notes with newly created numbers while simultaneously invalidating my old bill.  The key here is that the long, un-guessable number is the real “currency”.  You could print it on your own printer.  You could make backup copies to your heart’s content.  As soon as the first person uses the currency, however, all the copies are no longer valid.
By using a cryptographic aspect to the serial number I can still perform off-line operations, confirming that this is real, U. S. currency.  I just do not have absolute confidence that I can cash it in until I can contact the validation system.

This virtual currency is exactly what happens today with a personal check.  If I have $100 in the bank, I can still write $100 checks to each of five different people.  The first one to the bank wins.

Making the cryptographic serial number un-guessable is important, not only to allow some degree of off-line verification, but to prevent trial-and-error theft of other people’s cash.  This is similar to having a set of rules that can be used to make up new words.  The rules can be used to determine if something looks like a real word.  But you still need a dictionary to be sure that the word exists, and what it means.  The short serial numbers used today are an open invitation to forgers who simply print bills with numbers similar to a known good bill. 

For example, one could use a sixty-letter-and-digit serial number in place of the current eleven-character format.  This could give you a 300-bit value that would include a public-key signature to prove authenticity.
Now, suppose you want to send money to your daughter at college.  Just read the number off of a bill from your purse to her over the phone.  Western Union, eat your heart out!

You would want to be careful about leaving your cash laying around.  Someone could steal it just by copying the number.  But the same is true with modern currency - if you leave it laying around it will probably get stolen. 

You could carry your entire bank account on an encrypted thumb drive.  And leave a backup copy at home.  If it gets lost or stolen, you lose nothing.  And the “bills” that you spent before losing the drive are just “no longer valid” on the backup copies.  The encryption makes the lost drive useless to anyone who finds it.
Very few people can remember a sixty-character value after just glancing at it.  Lots of people, however, can remember the five to nine digits on the end of your checking account number.  I am surprised that more so-called identity theft isn’t perpetrated by simply printing bogus checks on account numbers you see at the grocery store. 

Doing bill-by-bill verification against a master database would not be inherently more difficult than current credit card verification.  There would be a higher volume of simpler transactions, though. 

Something similar to this is already in use by the U. S. Postal Service.  Various companies offer “print your own postage” programs.  These generate a barcode that is scanned by the post office to verify payment of postage.  The barcode can be printed or copied any number of times but the first time it is used (scanned at the post office) the other copies become invalid.

* * *

Now let’s see how this idea stacks up.
  • The Bureau of Engraving and Printing might or might not like it.  They do not actually get to print anything anymore and get turned into database administrators.  On the other hand, they were fighting a losing battle against the counterfeiters, anyway.
  • North Korea would hate it.  No more super notes.
  • The Secret Service would love it.  No more super notes.
  • Banks would love it.  They do not have to deal with cash anymore.
  • Retailers would love it.  A simple scanner could read the “bills” that customers could print on ordinary paper.  Just like handling coupons.  And no theft or robbery problems. 
  • Drug dealers would love it.  No more unwieldy suitcases of cash. 
  • The ACLU would hate it.  Big Brother might track the serial numbers. 
  • Your daughter would love it.  Instant party time.
* * *

This Verify-Invalidate-and-Replace strategy could be applied to almost any value token.  Airline tickets.  Concert Tickets.  E-Commerce specie. Each scenario would require a method for dealing with fraudulent sales, but detecting the fraud would be greatly simplified. 

A variation of this single-use verification and replacement strategy could be used to replace personal identifiers such as Social Security numbers, credit card or bank account numbers.  Using the ability to make duplicates invalid would prevent most of the current forms of identity theft. 

Note that what I am talking about here is not one of the elaborate cryptographic security schemes developed in academic circles.  Yes, it is a variation of a public-key system.  But, no, it does not require users digital signatures or encrypted transactions (beyond basic network communication security such as SSL).  It is not invulnerable, but it also does not suffer from the key management and key revocation issues that plague those academic systems.

The generally temporary nature of a particular token (“bill”) and the possibility of local “trusted issuing authorities” fit in with my general theme of Replicator Technology.  Each community, country or colony could have its own Issuance and Verification center.  This provides the local, autonomous operation that I look for.  And a simple communication link with other authorities could provide exchange of payments and allow honoring of another colony’s money.

No comments:

Post a Comment