Domain: mintchipchallenge.com
Stories and comments across the archive that link to mintchipchallenge.com.
Comments · 9
-
Re:Mintchip is designed to track you
The system keeps track of what funding sources you've been "in contact" with, kinda like Bitcoin's idea of "taint"
You imply that the sender and the receiver is somehow linked to a physical entity, aka a person. The documentation states that these IDs are MintChip IDs (http://developer.mintchipchallenge.com/devguide/developing/common/mintchip-id.html). It's obvious that the Canadian Mint (or trusted broker) would have to some way to link my identity to this MintChip ID that they generate. From what I read, the idea is that I could go a trusted broker, hand over $20 no questions asked or identity given, and walk out with a MintChip. This is an anonymous transaction. Any following transactions involving that anonymous MintChip ID could tracked through the MintChip existence, but that tracking information only lists anonymous MintChip IDs and value/money exchanges. Such information is useful to ensure the integrity of the system, but useless in tracking real world entities as it's still anonymous. As long as the system is linked only to a physical MintChip (not a person), and there is no personal information provided in obtaining a MintChip, then it is the same as hard currency.
I can see the upsides for the Canadian Mint. I can also understand their view if the systems fails somehow. In their eyes, hacking the MintChip would be the same as counterfeiting except really difficult and not worth it if the MintChip can only hold a balance of $500 and can only do transactions $25 or so. Of course, this means that a MintChip is exactly like cash thus has the same problems for us consumers. Not so for the Canadian Mint.
-
Re:We have a choice?
I'm one of the contestants in the MintChip Challenge. Basically the idea was to explore what you can do with the MintChip, and all of these apps are prototypes, some more rough than others. The MintChip itself is still in an R&D phase. We had a little over 3 months to come up with our entries and most of us have day jobs as well. I had a great time working on my app and I explore different ways of transferring money between chips. One of the concepts I am demonstrating is sending money anonymously to someone you don't know through Game Center. I haven't seen this idea presented before, either by any of the other contestants in the contest, or elsewhere. I think it's pretty neat to be able to send a gift of as little as 1 cent to a stranger. Who doesn't need money these days?
;)
Here is my app:
http://mintchipchallenge.com/submissions/9448-mintchipd
Please watch the video and of course I would always appreciate votes. -
Shameless self-plug
As you'll see by my low UID, I've been on Slashdot for a while. I'm going to shamelessly self-plug my entry, called taab. You can visit our site at http://taab.co./ Check it out, and watch the promo video. I'm hoping it can handle the Slashdot effect! You can vote for our entry here: http://mintchipchallenge.com/submissions/9458-taab And I'm more than willing to answer any questions you may have, including my experiences with the MintChip platform.
-
Mintchip is designed to track you
it's about time I clear my conscience...
The system keeps track of what funding sources you've been "in contact" with, kinda like Bitcoin's idea of "taint"
The implementation is quite clever, involving some modular arithmetic and the 24-byte "Transaction Authentication Code" detailed in the Mintchip Messages documentation. Or I should say, revealed... of course they're not telling you what the TAC does because they don't want to admit it's true purpose. It's also not just the TAC, all those supposedly random nonces generated by the hardware aren't going to be as random as you'd think. Basically you can use them as an additional way of stenographically hiding data between transactions that goes way beyond what they document.
I can't reveal too many details on how it works as they'd probably figure out who I am, but essentially that's enough bits to encode a probabalistic record of every Sender ID that has transfered funds that ended up in your balance. Then when you resend your balance, you "infect" subsequent Mintchip balances with that record.
I'll give an toy example to prove the point: lets suppose you assigned prime number to every user of the system. If the TAC were simply multiplied by each prime from every payer, you could then factor the resulting large product of primes to determine who the payers were. The actual implementation is more involved, and probabalistic, but you get the idea. Sure it essentially becomes a brute forcing problem, but when you have a rough idea of who might be paying who, brute forcing is a lot easier than you'd think. Canada's population is only a bit over 30 million...
Don't trust closed hardware or software. You have been warned. This may look like a anonymous Bitcoin competitor, but the mint isn't stupid, and they're not going to give back any of the anonymity cash provided that the government wants so badly to get rid of.
-
Re:Good luck with that!
Maybe Bitcoinica will offer a store credit good for their own non-transferable virtual currency?
Transferability is the very point of Bitcoin. Sure it'd be nice to have a stack of gold, but good luck sending that over the internet without involving any trusted third parties. Look what happened to e-Gold services, all shutdown by the Feds. Possibly the only alternative will be trusted devices such as the in-development MintChip, although the final version is likely to be restricted to very small amounts and not as anonymous as claimed.
Of course, hilariously on the MintChip Challenge website, the most commented upon idea for what you could do with MintChip is buy Bitcoins...
My favorite quote on that page:
Bitcoins? Are there people that still think that isn't [a] bad idea? Eve ISK would be a better investment.
-
Re:Good luck with that!
Maybe Bitcoinica will offer a store credit good for their own non-transferable virtual currency?
Transferability is the very point of Bitcoin. Sure it'd be nice to have a stack of gold, but good luck sending that over the internet without involving any trusted third parties. Look what happened to e-Gold services, all shutdown by the Feds. Possibly the only alternative will be trusted devices such as the in-development MintChip, although the final version is likely to be restricted to very small amounts and not as anonymous as claimed.
Of course, hilariously on the MintChip Challenge website, the most commented upon idea for what you could do with MintChip is buy Bitcoins...
-
Re:Security Through Obscurity
Furthermore, the Mint is currently not publishing details on how the cryptography works. I would assume that the system relies on the assertion that the paying chip will only generate a MintChip Value Message with a valid Transaction Authentication Code after decrementing the value stored on the card.
-
Re:Security Through Obscurity
Furthermore, the Mint is currently not publishing details on how the cryptography works. I would assume that the system relies on the assertion that the paying chip will only generate a MintChip Value Message with a valid Transaction Authentication Code after decrementing the value stored on the card.
-
Obscure, Proprietary, Patented
Let me repeat that, the security of offline transactions is based entirely on a secret which is on every single mintchip.
I don't think that's true. I had a look at some of their protocol documentation---which isn't all that detailed---and it looks like they're probably using PKCS#7 signatures and X.509 certificates.
Unfortunately, they aren't willing to publish enough information to actually analyze the security of the system to determine whether it's trustworthy (nothing about how the chip itself is secured, for example), but they have released enough information that we can figure out some limits on its security, and it doesn't look all that great. I'll probably get modded down for karma-whoring here, but here's what I posted on that forum, after looking at the limited documentation they provided on their website:
Let me get this straight: MintChip is a proprietary, patented, centralized, unpublished cryptosystem, where a trusted-third-party (the Mint) signs a certificate saying "this private key was stored in a tamper-resistant hardware token that is designed not to double-spend", so we're supposed to just be able to assume that any valid MintChip transaction signatures are trustworthy, even offline. As soon as one person extracts a private key from a MintChip token (which they will, given that there's a monetary incentive), the fundamental assumption that the whole system relies upon is destroyed.
Your organization appears to know this, which explains why you emphasize that MintChip is intended for "low value" transactions.
Fine, so the security of the whole system depends on the security of these hardware tokens, and yet you're "not in a position to release" any tangible information about them? Why should anyone invest in this system? Because you're The Mint?
You have the threat model wrong, too. Why on earth would you want to emulate cash? Cash is easy to counterfeit. It only remains useful because there's a high risk vs. payoff associated with uttering counterfeit cash. On the other hand, MintChip is supposed to be used online, so even if we detect a counterfeit, there's not much chance that the fraudster will actually go to jail. There's also a much larger number of potential fraudsters (basically, everyone connected to the Internet).
MintChip also doesn't deliver on its privacy claims. "No personal data is exchanged in the transaction." That's not true at all. According to your documentation, every MintChip has a *single*, 16-digit ID that's generated by the central authority and used in all transactions, so there's no reason why these IDs couldn't be tracked the way companies already track credit card numbers.
The funny thing is that this all could have been implemented on top of Bitcoin. Make some tamper-resistant hardware with some Bitcoin private keys inside it, and sign a certificate saying "the keys for these addresses are in tamper-proof hardware". For low-value transactions, they could be accepted at face value, but if we wanted greater certainty, we could inject the transaction into the Bitcoin network and wait for a few confirmations to avoid double-spend fraud.
Way back in 1999, Bruce Schneier posted a list of nine cryptography "snake oil" warning signs (http://www.schneier.com/crypto-gram-9902.html#snakeoil). I see 3 of the 9 warning signs here already.