Sandy hinted that I should explain my 'crypto point-of-sale' idea. So I will. The idea is a mostly a social structure, adjoining existing (or soon-to-be) pieces of technology and setting them in a particular environment. The technological pieces are 1. the Newton -- one for the buyer, one for the seller 2. one radio data link for the seller's machine, either a. a cell phone, cellular modem, and a corresponding host b. a cellular data service 3. the Internet 4. packet forwarding services 5. an online bank 6. public keys 7. authenticated Diffie-Hellman key exchange Or, to be short, "two Newtons, one radio". Preparations in the form of assertions about the time of transaction: 1. The seller has an account at the online bank. This entails that the bank and the customers have each other's public keys. 2. The buyer has an account at the online bank with funds sufficient for purchase. 3. The seller has an arrangement with a packet forwarding service. This may not need to be instantiated before transaction (i.e. software vending machine), although it will likely be cheaper to do so. 4. Software as described below is installed on all the machines mentioned. Steps in the transaction: 1. The Newton has an infrared interface with a range of about three feet. The buyer and the seller start an infrared connection between their two Newtons. A Diffie-Hellman key exchange protocol over that link is the first step in securing the link against eavesdropping. Regular D-H is good enough in this case because there is no way to put a machine in the middle of the infrared link. I suppose someone with a very powerful IR beacon could spoof one of the machines, but likely not both. Regular D-H also means that there is no need for the buyer and the seller to have each other's public keys at transaction time. 2. The seller establishes a data connection with his packet forwarder on the Internet. This allows the seller to (at minimum) instantiate multiple outgoing TCP connections from the forwarding machine. 3. If necessary, the seller allows the buyer to go online by allowing the seller's Newton to forward packets for the buyer's Newton. The buyer, if not in possession of enough digital notes, can go online with the bank and purchase notes now. The flow of data is buyer's Newton -> seller's Newton -> forwarding machine -> bank. The buyer goes online by instantiating outgoing TCP connections from the forwarding service hired by the seller. The buyer connects to the bank. This secure connection uses an authenticated D-H key exchange, which prevents the interposition attack. Public keys are necessary for this protocol, but the bank and its customers have already exchanged them. 4. The buyer, now with digital notes in hand, so to speak, offers them to the seller for payment. The seller, as part of this protocol, goes online with the bank to check the validity of the notes. The seller also uses the authenticated D-H key exchange. The bank OK's the notes (presumably) and credit is made to the seller's account. Advantages, or, why should I use this? 1. The radio means that business need not be conducted indoors, where the telephones are usually wired. Of course, if you have a wired telephone, you can also use the basic schema of the system, allowing the same software on the buyer's machine to be used for a wide variety of transactions. 2. Only one party to the transaction needs the relatively expensive radio link but that both parties, if necessary, can use it. Since the seller is in business, the cost of the radio link is just a cost of business. 3. The buyer, on the other hand, has not bought a single-purpose machine. Many existing projects have created single purpose computers which purpose is to do money transactions. A single purpose machine is too expensive to use for just transactions, especially when its so easy to use the manufacturing for general purposes. 4. In situations where paper cash in not convenient, this protocol allows for the instantaneity and anonymity of cash without its physicality. Signals cost a lot less to move than paper, in several different ways. Comments are welcome. Eric From: hughes@ah.com (Eric Hughes)