Date: Wed, 5 Mar 1997 21:32:28 -0500
From: Robert Hettinga <firstname.lastname@example.org>
Subject: Financial Times report on FC97
FiTi's web page is <http://www.live.co.uk/Ftvfr.htm>, by the way...
Oh. Duncan says, this morning, when he gave me permission to zing this
around the net a bit,
> I gather that Moti Yung wasn't there - my mistake - so we'll need to
> correct that. Ray says that David Kravitz also gave the Monday talk
> (distress cash)
--- begin forwarded text
From: "Duncan Goldie-Scot" <email@example.com>
To: "Robert Hettinga" <firstname.lastname@example.org>
Subject: Re: Good to meet you and thanks for the invite to FC97
Date: Tue, 4 Mar 1997 20:39:21 -0000
> Great. Let me know when it's up, and I'll spread the word. Do you have a
> text version?
Financial Cryptography '97 - Anguilla
by Alex van Someren
The first Financial Cryptography conference, held in late February 1997 in
the Caribbean tax haven of Anguilla, proved to be a worthwhile forum for
serious work in the field of electronic money; this despite the dubious
honour of being rated the top 'deductible junket' in the January '97 issue
of Wired magazine.
The five-day programme of presentations on electronic commerce, e-money and
state-of-the-art cryptography was eclectic but concentrated on genuine
technical issues and was pleasingly free from the ravings of the extremist
privacy lobbyists so ubiquitous on the Internet.
The first day of proceedings concentrated on anonymity and unlinkability in
electronic transactions. Of particular interest was the Janus system
developed by researchers at Bell Labs (Lucent Technologies, Murray Hill'
NJ, USA) for proxying Internet services including Web browsing. Janus
automates the process of completing application forms for subscription
services at web sites, removing the need to invent new username/password
pairs for each service while at the same time preserving the anonymity of
the user. Besides the anonymity issue, Janus has the potential to remove
several repetitive typing burdens on regular Internet users.
Moti Yung (BTEC/CertCo, New York, NY, USA) presented a proposal in which
e-cash anonymity could be controlled by the user. For example, he
introduced the notion of 'distress cash'. A user might have two pin
numbers, one of which guarantees anonymity while the other, if coerced by a
robber to reveal the pin code, would revoke anonymity and allow e-cash
Also notable was work by a team including staff of AT&T Labs (Murray Hill'
NJ, USA) and the US Navy Research Laboratory (Washington, DC, USA) on
unlinkable serial transactions. They proposed a system to allow membership
groups to be established in which members could prove the validity of their
membership without disclosing details of their identity or previous
transactions - such systems have considerable potential application in
electronic voting systems, for example, or for preventing Encyclopaedia
Britannica building a record of the pages you have visited.
On day two Simon Lelieveldt (Dutch National Bank, Amsterdam, NL) gave a
valuable insider's view on the recent Bank for International Settlements
report on the security of electronic money. One interesting conclusion by
the BIS was the acceptance that it is possible to achieve better security
in electronic money systems than is offered by non-electronic systems in
present use. He offered no general guidelines on preferred technical
solutions and stressed that the bank could only evaluate detailed
implementation plans and the likely consequences of any particular scheme.
David Birch (Hyperion Consulting, UK) gave a rousing dissertation on the
global denationalisation of money and presented some compelling statistics
underlining the trend towards the disappearance of specie and the emergence
of self-issued 'loyalty' currencies from supermarkets and other major
retailers. He also drew attention to the catalytic social potentials of
global electronic networks for the development of wholly new markets for
(and of) services and the need for real deployment of viable micropayment
systems in support of these markets. In particular he stressed the
important role that smart cards will play and invited developers to study
Microsoft's specifications for smart card readers linked to PCs.
Fault induction attacks
One of the big encryption news stories last year was about fault induced
attacks. Bellcore published a paper claiming that submitting smart cards
to microwaves and studying the mistakes the card made would make it
possible to reverse engineer the cards. At the time it received some
exaggerated press comment, largely as a result of the original Bellcore
David Maher (AT&T, Mountain View, CA, USA) downplayed the threat of such
attacks, with particular reference to Mondex. He also revealed that the
roll-out version of Mondex uses public key digital signatures. Ultimately
it is the multi-layered security procedures which provide the protection:
David Maher was less willing to defend the 'security through obscurity'
whereby the Mondex protocols have not been published for public scrutiny.
Day three began with renowned cryptographer Ronald Rivest (MIT, Boston, MA'
USA and the R in RSA) giving a keynote speech setting out some perspectives
on financial cryptography and clearly demonstrating that his skill in pure
mathematics is matched only by his expertise in the applying the same.
Later, in his entertaining rump session, he proposed lottery tickets as a
form of cash and proved that there is a place in cryptography for humour as
well as mathematics.
Several speakers had applied themselves to the development of flexible
micropayment systems and the possible trade-offs afforded to their
deployment by using statistical sampling techniques in defence from the
dangers of double-spending - most transactions are offline but there is
sampling based on the assumed risk attached to each transaction. In
particular, Yacov Yacobi (Microsoft, Redmond, USA) described an interesting
approach to reducing the need for online processing of e-cash transactions'
a widely-perceived obstacle to their successful deployment because of its
Law based approaches to security
Attention on day four focused on legal issues and the potential abuses of
e-money for money laundering. A paper by Markus Jacobsson (UCSD, La Jolla'
CA, USA) and Moti Yung (BTEC/CertCo, New York, NY, USA) described a
technique making ingenious use of diversity and multi-party distribution to
increase the level of trust in e-money systems.
Their approach would require the co-operation of several banks or
regulators to originate and revoke anonymity in an electronic cash system'
a method more likely to be acceptable to civil liberties supporters than
many of its predecessors.
Edward Radlo (Fenwick & West, Palo Alto, CA, USA) delivered the latest
update of his on-going study of legal issues in cryptography from a U.S.
perspective - the airing of American feelings about Export Control
legislation and the First Amendment was largely limited to this session.
He believes that the FBI is now the main advocate of both strong export and
Peter Swire (Ohio State University, Ohio, USA) suggested a contract model
for preserving consumer privacy, especially in the area of bank databases.
Michael Froomkin (University Miami School of Law, FL, USA) took the
argument a stage further by developing a model in which a large number of
certification authorities (CAs) provide graded certificates which are
trustworthy either to the extent of the procedural checks that the CA
carries out before granting a certificate or relies on customer trust of
known CAs. He believes that CAs should be forced to accept limited
liability to pre-agreed levels.
Author Peter Wayner delivered an interesting perspective on the money
laundering business in his evening session. He described a number of
ingenious schemes which have been used, many based on the false pricing of
otherwise conventional contracts. This was followed by a rump session of
short informal presentations.
In one, the US NRL team revisited their fascinating proposal first
presented at the Workshop on Information Hiding in May 1996 (Cambridge'
UK), for a multi-layered 'Onion routing' technique for networks which is
highly resistant to traffic analysis. This involves layerings of
encryption that resist eavesdropping and traffic analysis. The scheme
would rely on having a large number of 'onion routers' on the Internet
In another, consultant Adam Shostack (Boston, MA, USA) invoked Clausewitz
in his argument that cryptography is the ultimate post-modernist munition'
shared by anarchists and nations alike.
Gold Certification Authority
The final day included a plea from Paul Lampru (VeriFone, Atlanta, GA, USA)
for a 'Gold Certification Authority' standard to facilitate the public
deployment of e-money in support of healthcare and social security systems
- substantial civil liberties concerns were raised by the audience as a
Theodore Goldstein (Sun/Javasoft, Mountain View, CA, USA) described the
security model underlying the Java electronic commerce framework (JCEF)
which would allow different financial services to work together. The full
specification for JECF is at http://java.sun.com/commerce. Sun's
open-minded attitude towards peer review of their software source code won
him a heartfelt and spontaneous round of applause.
Barbara Fox (Microsoft, Redmond, WA, USA) described a 'Grand Unified
Meta-Protocol (GUMP)' to reduce reinvention in the design of protocols for
e-commerce systems; she blamed working with physics graduates for an
acronym surely worthy of, if not deserved by, Microsoft.
David Kravitz (CertCo, NY, USA) presented a scheme for providing partial
anonymity for customers by shielding customer names from merchants.
Overall the conference was well attended, although representatives of banks
were notably absent, and its content was wide-ranging and highly topical.
Although the choice of location does not perhaps present the most
appropriate optics, Financial Cryptography is a conference which deserves
to succeed and which has got off to an auspicious start - the organisers
and programme committee are entitled to feel that they have made a real
contribution to the advancement of electronic commerce as we enter its
all-important deployment phase.
Alex van Someren is a founder and Managing Director of nCipher Corporation
Ltd., a start-up company delivering solutions for electronic commerce
systems. nCipher is based in Cambridge, UK and is affiliated with Newbridge
Networks Corporation. http://www.ncipher.com - mailto:email@example.com
One of the many interesting side discussions at Financial Cryptography '97
worked through some of the potential of a global Internet stock exchange.
The starting point is that the existing markets are inefficient on a number
of levels. They tend to be parochial - US investors invest in the US; UK
investors invest in the UK. In any case, regulatory hurdles make it
difficult for people to invest directly in cross-border IPOs. The markets
are also too expensive - investors pay out exorbitant fees to mutual funds
and brokers for what is generally agreed to be an indifferent service. The
markets are lop-sided in their information flows - professional analysts
are either briefed by company finance directors or, at least, have better
access to professional sources of information. Finally, they are
ineffective at raising money for entrepreneurs. An Internet stock exchange
could eventually help correct (partially at least) these problems providing
a low cost mechanism for Internet based IPOs and subsequent trading. There
would have to be some specified level of due diligence and, to protect the
small investor, a requirement that investors prove they have the competence
and resources to make risky investments. All investors would have equal
access to the company news pages with simultaneous news alerts being
emailed to interested investors as they are released. Whichever investors
backed such a global exchange would have a strong economic incentive to
protect its reputation - outside the clutches of the SEC, state regulators
and, in the UK, the myriad of SROs. This model imagines an exchange with
its own clearing and settlement house which would hold electronic share
certificates and client accounts. Ian Grigg of software house Systemics
(firstname.lastname@example.org) suggested an interesting alternative. Why not have
independent issuing houses whose reputations and thus business prospects
would stand or fall on their track record? They would issue clients with
digital stock certificates which could, when the markets became
sufficiently liquid, be traded on any of a number of competing Internet
based stock exchanges. As it is assumed that these exchanges would be
automated price/time order matching systems, there would be no role for
brokers. However, there would be a role for independent market makers to
quote a bid/ask spread on illiquid stocks and also for the usual gamut of
would-be gurus peddling their charts and analyses of prospects. It quickly
becomes apparent that we don't really need all these expensively paid
brokers with their marble halls and $1m bonuses or any of the mutual funds
with their thousands of door-stepping salesmen. If an investor wants to
track the market, he can download a routine to build the appropriate index
(or unitised indices for the small investor). As Simon Fedida
(email@example.com) pointed out last month, there are already
companies offering quantitative analysis routines for the private investor.
Does this all sound a far-fetched flight of fancy? We'll find out more
next month with reports on the progress of plans for Internet stock
exchanges in the US.
Financial Times Virtual Finance Report
172 Tachbrook Street
London SW1V 2NE
Tel: +44 171 834 2460
Fax: +44 171 976 6592
Type Bits/KeyID Date User ID
pub 1024/4E138C75 1997/03/04 Duncan Goldie-Scot <firstname.lastname@example.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
--- end forwarded text
Robert Hettinga (email@example.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Never attribute to conspiracy what can be
explained by stupidity." -- Jerry Pournelle
The e$ Home Page: http://www.shipwright.com/rah/
To unsubscribe from the dcsb list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write: unsubscribe dcsb
Or, to subscribe, write: subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu