Imagine if the P2P technology could be applied to the task of laundering electronic money (e-cash). This article explains some of the principles of electronic currency -- and shows how these can be exploited by a large-scale distributed money anonymising system.
Background
Some electronic money systems on trial today use a 'stored currency' approach. This means your chip-card actually stores the money -- unlike a credit card (which is merely an identification device). The advantage of 'storing currency' is that money can change hands without the need for a connection to the bank. One of the requirements for true e-cash is that it's just as convenient as today's paper-cash.
When a bank loads money onto a smart-card (e.g. a Mondex), it does far more than set a variable on the chip. That would be far too easy to hax0r. It's actually downloading a series of virtual currency tokens onto the chip's memory. Each one of these 'tokens' is the equivalent of a coin or note of currency.
Each token is a string of data that contains at least this information:
- The quantity of money that the token represents
- A serial number
- An issuer's identification (e.g. The Bank of England)
- A date and time of issuing.
- A digital signature that binds all the information together, this makes the token very hard to tamper with.
Like real money, you can't just split a one-dollar token into two fifty-cent tokens. That would be as absurd as tearing a dollar-bill in half. The security on these tokens makes them relatively difficult to forge, so within reason they are immutable. The same tokens that get put in your card get put back into the bank when you spend from your card.
Compared to real money, tracking the movement of these tokens is easy. Dollar bills and pound notes are expensive to trace -- their serial numbers must be scanned in (an inaccurate process). If you wanted to track the money that somebody was spending you would have to ensure they were given marked notes, or notes with consecutive serial numbers.
None of this applies to electronic money; which given a not unthinkable database could be made to recognise the very moment a particular individual spends a token from their card.
How a P2P netowrk could conceal your spending:
One of the first electronic cash applications we are likely to see is a peer-to-peer method for exchanging the money the bank downloads onto your card for anonymous currency.
It could work like this:
Supposing Mr X is an arms buyer for a freedom fighter organisation. He wishes to acquire some 'Industrial Machinery' for his brothers back home. He withdraws a large sum of money from the accounts of one of the businesses that front for his organisation.
Before he can spend the money Mr X needs to convert the 'marked money' on his chip-card for the equivalent of 'used money'. He attaches the chip-card he used to hold the money to his pocket computer. He attaches a brand-new, unmarked, empty chip-card (bought from a vending machine) to the computer's spare slot.
Next the computer makes a secure connection to the Internet; and then over this secure connection, it makes a series of connections to the p2p money exchange network. On this network are other likeminded people who need to anonymise their money and people who make a profit from exchanging their legitimate currency for Mr X's tokens.
Each node on the network makes a direct connection to a handful of other nodes on the network. Mr X's application issues a series of requests to these neighbour nodes to swap currency tokens. His neighbour nodes might choose to action this 'request for swap' or alternatively pass the request on to one of their neighbours.
One at a time, Mr X's computer is able to swap each token on his bank-card for another token from the network. This swapped token is loaded not onto his original card, but the second, new, anonymous card.
At the end of the process, the 'marked' money in the original bank-card has been transformed into anonymous money in an unmarked smart card. He is now free to spend this money in whatever way he wants, secure in the knowledge that this money is now billions of times harder to trace than the money he first withdrew from his bank.
All the banks know is that the money withdrawn by Mr X (a suspected terrorist), re-surfaced hours later in a million different transactions all over the globe - none of these in any way related to the transaction that Mr X wishes to conceal.
Questions without answers:
How is duplication of tokens prevented? I do know of systems which deal with this by having tokens only be good for exchange between a pair of parties, so anyone trying to respend money gets nabbed. - Rose Thorn