Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Canada The Almighty Buck News

Voting Begins For Canadian Digital Currency App 84

An anonymous reader writes "The Royal Canadian mint has been pursuing the creation of mintchip, a digital currency for Canada, through a publicly held app contest. App development and consideration is now complete, and the public can now vote on which phone or desktop digital payment apps should be endorsed and publicized by the mint. There has been multiple arguments that the mintchip could easily have the same security, privacy, and traceability concerns as current digital payment, rather than actually introducing the benefits of cash."
This discussion has been archived. No new comments can be posted.

Voting Begins For Canadian Digital Currency App

Comments Filter:
  • *facepalm* (Score:1, Insightful)

    by Anonymous Coward

    As a Canadian, I'd like to apologize for the insecure, amateur-hour embarrassment that is MintChip. Hopefully it will go away quietly.

    Also, electronic voting? Seems fitting...

    • by cheesecake23 ( 1110663 ) on Thursday August 16, 2012 @05:18AM (#41008195)

      As a Canadian, I'd like to apologize for the insecure, amateur-hour embarrassment that is MintChip. Hopefully it will go away quietly.

      I imagine it will go away as quietly as this wafer-thin MintChip [youtube.com].

    • Considering that Canadians call their currency "loonies", with straight faces, there is no need for apologies . . .

      • Re:*facepalm* (Score:5, Informative)

        by Scott64 ( 1181495 ) on Thursday August 16, 2012 @06:23AM (#41008457)

        We don't "call our currency loonies". The one dollar coin is nicknamed the loonie because there's a loon on it and it rolls off the tongue better than "one dollar coin".

      • Re:*facepalm* (Score:5, Informative)

        by GNU(slash)Nickname ( 761984 ) on Thursday August 16, 2012 @06:33AM (#41008535)

        Considering that Canadians call their currency "loonies", with straight faces, there is no need for apologies . . .

        <pedant>

        We don't call our currency any such thing. Nothing ever costs a "couple of loonies", it costs a "couple of bucks."

        We do, however, call our $1 coin a loonie, based on the picture of the loon it carries. This is much like Americans who often refer to specific denominations by the name of the president pictured on it.

        </pedant>

        • This is much like Americans who often refer to specific denominations by the name of the president pictured on it.

          I don't know if I would say Americans do that "often". In fact, about the only time I've heard that is in rap like, "it's all about the Benjamins", and he wasn't even president.
          One might even say you are a loonie for suggesting such at thing :)

          • Rap did not invent the custom of referencing currency by the portrait of the President on it. It may hav popularized it among some segments of the culture, but it's neither new nor particularly inventive.

            And having spend some time on ponds frequented by loons (the bird kind), beeing called a Loon is not the worst thing to happen to you.

            • I never said rap invented it, just that no one else in the US really refers to currency by the president shown on it. At least that's my anecdotal experience.
          • My anecdotal experience comes from watching American TV and movies. Let's split the difference and call me gullible. :)
          • You read his comment wrong. GNU said 'Americans who often refer" not "Americans often refer" : two different meanings.
            • Did I? Because GNU also said "We do, however, call our $1 coin a loonie". I took this to mean that Canadians, in general, refer to the coin as a loonie. And then the implication would be that Americans, in general, refer to individual bills by president name (which I don't believe to be true).

              If I did misread his comment, then his analogy is not very apt; why compare general Canadian culture to specific subcultures in the US?
        • Maybe in the East (which tends to consider itself separate from the rest of Canada).

          Here in the West, you hear "couple of loonies", "couple of twonies", "a loonie or two", and so forth for values under $5. You'll even see "loonie bin" and "twonie bin" for the value items in some stores.

          Once you get over $5, though, then it's all dollars, bucks, etc.

          • Here in the West, you hear "couple of loonies", "couple of twonies", "a loonie or two", and so forth for values under $5. You'll even see "loonie bin" and "twonie bin" for the value items in some stores.

            I don't know what West you're talking about, but in the Edmonton area (where I've lived my entire life), I've never heard anyone talk like that unless they were specifically referring to the coins (rather than the dollar amount).

            • I don't know what West you're talking about, but in the Edmonton area (where I've lived my entire life), I've never heard anyone talk like that unless they were specifically referring to the coins (rather than the dollar amount).

              Hm, perhaps it's more of a BC thing. In the lower mainland, a mix of terminology is used (to the point where you might see a store called "A Buck or Two" advertising items "for as low as a loonie!").

            • Considering the anymosity between BC and AB right now over the whole Northern Gateway pipeline, "the West" is really only BC. ;)

              Just like how "Canada" is really only ON.

        • The best is we call the one dollar coin a Loonie, because it has a picture of a "Loon" (which is a bird).

          So what do we call the two dollar coin that came after that has a fracking POLAR BEAR on it? A Twonie... or Toonie, I don't even know how one would spell it.

    • It'll probably be like the electronic mailboxes (not to be confused with regular e-mail) that they rolled out just before the 2000s. Thirteen years later, and they're just starting to half-assedly advertise the service again.
    • Re:*facepalm* (Score:5, Interesting)

      by chrb ( 1083577 ) on Thursday August 16, 2012 @07:22AM (#41008871)

      As a Canadian, I'd like to apologize for the insecure, amateur-hour embarrassment that is MintChip.

      Perhaps you (or the people who are moderating you up) would like to expand on why MintChip is bad? Instant and irrevocable digital payments with no transaction fee sounds like a step up from many of the existing micropayment systems. The fact that it is a national standard means that it is going to be much more widely adopted than anything a private company would likely achieve (see CDMA vs GSM; GSM took off globally after being legally mandated as the common standard for the European Union).

      I even think the app contest is quite an interesting approach - certainly much better than the usual "contract a single company to make an app". The summary does not make it clear, but the app is merely a front-end to a MicroSD card that also contains a secure IC for digital cash functions. The contest was not to create the underlying encryption protocols, these already exist, and the security therefore does not lie in the app itself. It sounds as though the MintChip protocol itself is more secure than Visa's NFC-based Contactless Payments.

      • Re:*facepalm* (Score:5, Insightful)

        by chrb ( 1083577 ) on Thursday August 16, 2012 @07:40AM (#41009059)

        Okay, so I just read the Bitcoin-fan objections to MintChip, and it seems it boils down to two points that they see as negatives: the currency is controlled by the Royal Canadian Mint, so they can make new digital coins, and if you can crack the secure chip then you can potentially double spend. However, these two points are what gives gives MintChip it's real world advantages: the currency is linked to a real currency and controlled by an authority that is overseen by the democratic institutions of the nation state, so it has value. Double spending is an unfortunate reality of allowing offline transactions, but in the real world being able to do offline transactions (like real cash) is very desirable.

        Many encryption enthusiasts miss one important point when it comes to digital cash: security and convenience are a tradeoff, and the public will usually value convenience over security. With the right equipment, it is possible to copy and double-spend real cash. These are issues that society already has to deal with. The question is not whether it is possible to defraud digital cash - the question is whether it is worth a criminal's time to do so. A potential criminal is not going to use an electron tunnelling microscope to extract the cash from a micropayment card that is intended for payments of less than $10. Yes, it is theoretically possible, but in practice there are more profitable ways for criminals to make money.

        Now, if there were an easy way to "empty" a payment card though some stupid exploit, then I can understand that being a problem, but that assumes that there is such an exploit. I would be willing to bet that a system that has been checked by the world's best cryptographers, using open protocols, would be more secure than physical cash notes. Not perfect, but more secure, and that is all we can really ask for. In the real world, it is trivially easy to steal the cash from someone's wallet. Digital cash doesn't need to be perfect, it just needs to be better than that.

        • I think the stakes are way too high. The system can either support anonymous transactions, XOR it can verify that you actually have as much money as it says you do on the card. If it's truly anonymous, then there's no record of money changing hands. However, if there is no record of transactions, then the only source of how much money you have on the card is contained within the card. This is fine for things like transit passes, and photocopy machines, because it isn't worth the thief's time to scam the
          • If they figure out how to counterfeit digital bits, then the digital money will be indistinguishable from the real deal.

            Real money *IS* digital money: fictitious numbers held within databases. Cash is only a small percentage of the money, and it is just as fictitious. It's not like a small bit of paper with the ruler's picture is actually worth $20. The closest things to real worth is the nickel and the penny (which is being eliminated because it costs too much to produce). Everything else is just a token.

            Since all we are exchanging is tokens, does it really matter if these tokens are made of metal or paper, or bits on

        • by CAIMLAS ( 41445 )

          Now, if there were an easy way to "empty" a payment card though some stupid exploit, then I can understand that being a problem, but that assumes that there is such an exploit.

          You must be new around here.

          We're dealing with hardware based encryption, not something which can be updated like software. There most certainly is a flaw, as there is in all encryption methods. They will be found out not because the criminals want to spend that $10, but because they want to spend that $10 - over, and over, and over again.

          The basic premise, as I understand it, is that the MintChip is basically a hardware crypto key. It's used as an authentication token via something like RFID, bluetooth, or

        • However, these two points are what gives gives MintChip it's real world advantages: the currency is linked to a real currency and controlled by an authority that is overseen by the democratic institutions of the nation state, so it has value. Double spending is an unfortunate reality of allowing offline transactions, but in the real world being able to do offline transactions (like real cash) is very desirable.

          Hi, Bitcoin fan here (actually, a Bitcoin developer).

          First up, let me say that I'm very happy to s

    • Also, the only criteria I have for deciding who to vote for is by watching a video about the app. I don't get to download and try out the app, so I don't know if it will even run well on my phone. Also, I'm not all "everything should be open source for ever and always" but it seems to me that something like this which is handling monetary transactions on my phone should either be open source, or under heavy government scrutiny. We shouldn't just let anybody put together some closed source app and claim i
    • Electronic money is used for tracking. They want cash dead, so little people can't hide. Big people will, of course, perform illegal acts with secret funds as they always do.

      Electronic voting is used for cheating. Nothing wrong with the Canadian paper ballot system, except that it is impossible to cheat when two parties are staring at your every counted ballot. Your conservatives want to take over the counting just enough to insure they cannot lose in the future. Not that it seems necessary, as they are ins

      • Ditto. While Bitcoin was attractive for those who wanted to mint their own, electronic voting is most attractive because it lets you mint votes.

        That, by the way, is why electronic voting is not ready for use. Period. Where it works currently is where it has not been cracked, and all the options ;'m aware of in the U.S. are crackable by high-schoolers working IBM's global help desks.

    • by CAIMLAS ( 41445 )

      I don't expect it to gain any traction. Remember the firearm/gun owner registry? That went over so well.

    • Also, electronic voting? Seems fitting...

      Especially electronic voting that requires you to come back and vote again every day for a month if you want to see your preferred project succeed. Ridiculous.

  • by Anonymous Coward

    Taking bets on how long it'll take fraudsters to crash the Canadian economy if this gets implemented

  • Bypass the Bankers (Score:5, Interesting)

    by tchdab1 ( 164848 ) on Thursday August 16, 2012 @06:00AM (#41008355) Homepage

    I'm terribly impressed that Canada is working on electronic payment systems that don't "donate" a portion of every transaction to the likes of Visa, Mastercard, Paypal, etc. Electronic payments and the defacto currency behind them are real, but "legal tender" offered by host countries has not kept pace with the technology and habits of citizens who use it. Let's hope Canadians can work through the problems with this, and we neandertals in the USA can learn from them. Next in line: national credit cards and checking accounts.

    • by Anonymous Coward

      Socialist!

    • by tlhIngan ( 30335 )

      I'm terribly impressed that Canada is working on electronic payment systems that don't "donate" a portion of every transaction to the likes of Visa, Mastercard, Paypal, etc. Electronic payments and the defacto currency behind them are real, but "legal tender" offered by host countries has not kept pace with the technology and habits of citizens who use it. Let's hope Canadians can work through the problems with this, and we neandertals in the USA can learn from them. Next in line: national credit cards and

  • by Anonymous Coward on Thursday August 16, 2012 @06:29AM (#41008501)

    it's about time I clear my conscience...

    The system keeps track of what funding sources you've been "in contact" with, kinda like Bitcoin's idea of "taint"

    The implementation is quite clever, involving some modular arithmetic and the 24-byte "Transaction Authentication Code" detailed in the Mintchip Messages [mintchipchallenge.com] documentation. Or I should say, revealed... of course they're not telling you what the TAC does because they don't want to admit it's true purpose. It's also not just the TAC, all those supposedly random nonces generated by the hardware aren't going to be as random as you'd think. Basically you can use them as an additional way of stenographically hiding data between transactions that goes way beyond what they document.

    I can't reveal too many details on how it works as they'd probably figure out who I am, but essentially that's enough bits to encode a probabalistic record of every Sender ID that has transfered funds that ended up in your balance. Then when you resend your balance, you "infect" subsequent Mintchip balances with that record.

    I'll give an toy example to prove the point: lets suppose you assigned prime number to every user of the system. If the TAC were simply multiplied by each prime from every payer, you could then factor the resulting large product of primes to determine who the payers were. The actual implementation is more involved, and probabalistic, but you get the idea. Sure it essentially becomes a brute forcing problem, but when you have a rough idea of who might be paying who, brute forcing is a lot easier than you'd think. Canada's population is only a bit over 30 million...

    Don't trust closed hardware or software. You have been warned. This may look like a anonymous Bitcoin competitor, but the mint isn't stupid, and they're not going to give back any of the anonymity cash provided that the government wants so badly to get rid of.

    • Huh, mod parent up...any cryptographers in here who can give a second opinion?

      • by WillerZ ( 814133 ) on Thursday August 16, 2012 @09:02AM (#41010239) Homepage

        If you are identifying people from a population of 30 million you need ceil(log2(30 000 000)) bits for your person identifier; which is 25 bits in this case. However you are likely to need to identify corporations as distinct from persons, which will probably take another bit or so. 26 bits per trading entity into a 24-byte (192-bit) TAC goes 7.4 times.

        No matter how you put those IDs into the TAC you can never fit more than 7.4 at a time. So if you are a criminal (or privacy nut) who wants to use this system, make sure there are 8 trades between you and any other party you interact with if you want deniability if someone has access only to the TAC used for the final transaction to you. This is not a very plausible tracking scheme because for practical reasons you will need a timestamp and other gubbins to be encoded in the TAC.

        Of course, if you have access to all the TACs you only need to fit two IDs in there at a time to build a chain. This is IMO very plausible.

        • by MobyDisk ( 75490 )

          Also, it sounds like they wouldn't need to have enough bits to strictly guarantee uniqueness. If they could just track it down to a handful of possibilities, they can make a good guess. "And then the drug money went to either a 73-year old Grandmother in Saskatoon, or a 19-year old convicted felon in Vancouver."

        • by Robbat2 ( 148889 )

          You missed something critical posted by the AC. He said you have to assign a unique prime number to each user. Not simply a number.
          The 30 millionith prime is 573259391. The 50 millionith prime is 982451653. I couldn't find the 60 millionith prime anywhere, and another 20M should be enough room for the corporations. In either case ceil(log2(573259391)) == ceil(log2(982451653)) == 30. The beauty of this is you can multiply two large primes, take the modulo and somebody with the primes can still verify/extract

        • you can never fit more than 7.4 at a time

          You can't fit more than 7.4 discrete IDs in a single transaction, but they're taking a statistical approach. If they can collect data from thousands of transactions within a dozen hops from you, it's plausible to correlate who you are and who you're transacting with. It might take a lot of data points to prove beyond a reasonable doubt, but far fewer to get a warrant signed.

    • People are always worrying about digital currency destroying the anonymity of cash. And certainly the government appears to have a number of motives for doing so, which fall at various points on the good/evil spectrum.

      But I wonder if the government really, in its heart, wants to do that. The complete eradication of anonymous transactions changes the game entirely, and it would alter society in ways that are hard to predict.

      There are a lot of activities that people want to keep secret, but that don't invol

      • But I wonder if the government really, in its heart, wants to do that. The complete eradication of anonymous transactions changes the game entirely, and it would alter society in ways that are hard to predict.

        "The government" is a huge thing full of people who disagree strongly on almost everything. In any given government you will find every angle on this issue. Law enforcement typically wants more power and more tracking not because they're evil or anything, but because they're judged on how well they tac

      • The complete eradication of anonymous transactions changes the game entirely, and it would alter society in ways that are hard to predict.

        The trick is that this doesn't completely eradicate anonymous transactions. If people don't want to be tracked, nothing's stopping them from trading or doing services for a completely different physical currency (such as, say, US Dollars).

        Removing physical currency from a region will make some transactions much harder to hide. If you know everyone that does under-the-table stuff is using US Dollars, you can at least stem the tide of such transactions by looking at people who go out of the country/withdraw t

      • by makomk ( 752139 )

        The Mint would be an idiot to set up Mintchip without some method of tracing transactions. Why? Because it relies on trusted hardware, and when someone inevitably extracts the secrets from one of those pieces of trusted hardware and uses it to print money they need a way to trace those funds back to the compromised device and revoke it.

  • by TheSkepticalOptimist ( 898384 ) on Thursday August 16, 2012 @07:06AM (#41008727)

    Just headed over thinking I would do my part as a Canadian to pick something that might be relevant in a few years, but its just a collection of EVERY finance app available on all platforms, I mean, they could have weened it down to maybe the top 10 apps, instead of a huge collection of crapware.

    But you just know in spite of being offered a choice (which is a change from the usual Canadian government of picking "innovation" for us), Canada is notorious for seeing the successful products and services used everywhere else in the world and then offering it to Canadians with significantly less features and a pale imitation of the one the world uses, you know, like Netflix.

    • by flashme ( 923791 )
      I'm one of the contestants in the MintChip Challenge. Basically the idea was to explore what you can do with the MintChip, and all of these apps are prototypes, some more rough than others. The MintChip itself is still in an R&D phase. We had a little over 3 months to come up with our entries and most of us have day jobs as well. I had a great time working on my app and I explore different ways of transferring money between chips. One of the concepts I am demonstrating is sending money anonymously to so
    • ...its just a collection of EVERY finance app available on all platforms, I mean, they could have weened it down to maybe the top 10 apps, instead of a huge collection of crapware.

      [extreme sarcasm]That's why it's important that everyone vote for the apps that feature pictures of the toughest looking padlocks! That way you know you're voting for the most secure software. Direct democracy triumphs again![/extreme sarcasm]

      (I'm going to go find some Tylenol and hope the next 27 days are Canada's version of the U.S. holiday called "April Fool's Day")

    • by Mozai ( 3547 )

      ... offering it to Canadians with significantly less features and a pale imitation of the one the world uses, you know, like Netflix.

      How is Netflix Canada operationally from Netflix USA? And what does the government of Canada have to do with it?

      I'm guessing you're upset that Netflix Canada has fewer choices in the media catalogue offered. That is not due to the government of Canada nor even the government of your province instructing Netflix to restrict its catalogue -- that's due to the movie distribution companies (usually members of the MPAA) who own the rights to these movies telling Netflix "no u can not haz cheezbrgr."

      Don't yell

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...