Voting Begins For Canadian Digital Currency App 84
An anonymous reader writes "The Royal Canadian mint has been pursuing the creation of mintchip, a digital currency for Canada, through a publicly held app contest. App development and consideration is now complete, and the public can now vote on which phone or desktop digital payment apps should be endorsed and publicized by the mint. There has been multiple arguments that the mintchip could easily have the same security, privacy, and traceability concerns as current digital payment, rather than actually introducing the benefits of cash."
*facepalm* (Score:1, Insightful)
As a Canadian, I'd like to apologize for the insecure, amateur-hour embarrassment that is MintChip. Hopefully it will go away quietly.
Also, electronic voting? Seems fitting...
Re:There already is a tried and tested one. (Score:2, Insightful)
Because there's no way the government can control that. You say that's an advantage? Well, the government thinks otherwise.
Re:*facepalm* (Score:5, Insightful)
Okay, so I just read the Bitcoin-fan objections to MintChip, and it seems it boils down to two points that they see as negatives: the currency is controlled by the Royal Canadian Mint, so they can make new digital coins, and if you can crack the secure chip then you can potentially double spend. However, these two points are what gives gives MintChip it's real world advantages: the currency is linked to a real currency and controlled by an authority that is overseen by the democratic institutions of the nation state, so it has value. Double spending is an unfortunate reality of allowing offline transactions, but in the real world being able to do offline transactions (like real cash) is very desirable.
Many encryption enthusiasts miss one important point when it comes to digital cash: security and convenience are a tradeoff, and the public will usually value convenience over security. With the right equipment, it is possible to copy and double-spend real cash. These are issues that society already has to deal with. The question is not whether it is possible to defraud digital cash - the question is whether it is worth a criminal's time to do so. A potential criminal is not going to use an electron tunnelling microscope to extract the cash from a micropayment card that is intended for payments of less than $10. Yes, it is theoretically possible, but in practice there are more profitable ways for criminals to make money.
Now, if there were an easy way to "empty" a payment card though some stupid exploit, then I can understand that being a problem, but that assumes that there is such an exploit. I would be willing to bet that a system that has been checked by the world's best cryptographers, using open protocols, would be more secure than physical cash notes. Not perfect, but more secure, and that is all we can really ask for. In the real world, it is trivially easy to steal the cash from someone's wallet. Digital cash doesn't need to be perfect, it just needs to be better than that.
Re:Mintchip is designed to track you (Score:4, Insightful)
If you are identifying people from a population of 30 million you need ceil(log2(30 000 000)) bits for your person identifier; which is 25 bits in this case. However you are likely to need to identify corporations as distinct from persons, which will probably take another bit or so. 26 bits per trading entity into a 24-byte (192-bit) TAC goes 7.4 times.
No matter how you put those IDs into the TAC you can never fit more than 7.4 at a time. So if you are a criminal (or privacy nut) who wants to use this system, make sure there are 8 trades between you and any other party you interact with if you want deniability if someone has access only to the TAC used for the final transaction to you. This is not a very plausible tracking scheme because for practical reasons you will need a timestamp and other gubbins to be encoded in the TAC.
Of course, if you have access to all the TACs you only need to fit two IDs in there at a time to build a chain. This is IMO very plausible.