Voting Begins For Canadian Digital Currency App

An anonymous reader writes "The Royal Canadian mint has been pursuing the creation of mintchip, a digital currency for Canada, through a publicly held app contest. App development and consideration is now complete, and the public can now vote on which phone or desktop digital payment apps should be endorsed and publicized by the mint. There has been multiple arguments that the mintchip could easily have the same security, privacy, and traceability concerns as current digital payment, rather than actually introducing the benefits of cash."

Re:lol fraud

[Nerdfest]

So far, I was under the impression that our digital currency was Tim Horton's Gift Cards, and they've stayed relatively secure.

Re:*facepalm*

[cheesecake23]

As a Canadian, I'd like to apologize for the insecure, amateur-hour embarrassment that is MintChip. Hopefully it will go away quietly.

I imagine it will go away as quietly as this wafer-thin MintChip.

Re:There already is a tried and tested one.

Because there's no way the government can control that. You say that's an advantage? Well, the government thinks otherwise.

Bypass the Bankers

[tchdab1]

I'm terribly impressed that Canada is working on electronic payment systems that don't "donate" a portion of every transaction to the likes of Visa, Mastercard, Paypal, etc. Electronic payments and the defacto currency behind them are real, but "legal tender" offered by host countries has not kept pace with the technology and habits of citizens who use it. Let's hope Canadians can work through the problems with this, and we neandertals in the USA can learn from them. Next in line: national credit cards and checking accounts.

Re:*facepalm*

[Scott64]

We don't "call our currency loonies". The one dollar coin is nicknamed the loonie because there's a loon on it and it rolls off the tongue better than "one dollar coin".

Mintchip is designed to track you

it's about time I clear my conscience...

The system keeps track of what funding sources you've been "in contact" with, kinda like Bitcoin's idea of "taint"

The implementation is quite clever, involving some modular arithmetic and the 24-byte "Transaction Authentication Code" detailed in the Mintchip Messages documentation. Or I should say, revealed... of course they're not telling you what the TAC does because they don't want to admit it's true purpose. It's also not just the TAC, all those supposedly random nonces generated by the hardware aren't going to be as random as you'd think. Basically you can use them as an additional way of stenographically hiding data between transactions that goes way beyond what they document.

I can't reveal too many details on how it works as they'd probably figure out who I am, but essentially that's enough bits to encode a probabalistic record of every Sender ID that has transfered funds that ended up in your balance. Then when you resend your balance, you "infect" subsequent Mintchip balances with that record.

I'll give an toy example to prove the point: lets suppose you assigned prime number to every user of the system. If the TAC were simply multiplied by each prime from every payer, you could then factor the resulting large product of primes to determine who the payers were. The actual implementation is more involved, and probabalistic, but you get the idea. Sure it essentially becomes a brute forcing problem, but when you have a rough idea of who might be paying who, brute forcing is a lot easier than you'd think. Canada's population is only a bit over 30 million...

Don't trust closed hardware or software. You have been warned. This may look like a anonymous Bitcoin competitor, but the mint isn't stupid, and they're not going to give back any of the anonymity cash provided that the government wants so badly to get rid of.

Re:Mintchip is designed to track you

[WillerZ]

If you are identifying people from a population of 30 million you need ceil(log2(30 000 000)) bits for your person identifier; which is 25 bits in this case. However you are likely to need to identify corporations as distinct from persons, which will probably take another bit or so. 26 bits per trading entity into a 24-byte (192-bit) TAC goes 7.4 times.

No matter how you put those IDs into the TAC you can never fit more than 7.4 at a time. So if you are a criminal (or privacy nut) who wants to use this system, make sure there are 8 trades between you and any other party you interact with if you want deniability if someone has access only to the TAC used for the final transaction to you. This is not a very plausible tracking scheme because for practical reasons you will need a timestamp and other gubbins to be encoded in the TAC.

Of course, if you have access to all the TACs you only need to fit two IDs in there at a time to build a chain. This is IMO very plausible.

Re:Mintchip is designed to track you

[IamTheRealMike]

But I wonder if the government really, in its heart, wants to do that. The complete eradication of anonymous transactions changes the game entirely, and it would alter society in ways that are hard to predict.

"The government" is a huge thing full of people who disagree strongly on almost everything. In any given government you will find every angle on this issue. Law enforcement typically wants more power and more tracking not because they're evil or anything, but because they're judged on how well they tackle crime and naturally want any tools they can get. Financial regulators definitely want more power because it's their job to build the AML system and their personal career advancement basically depends on ever-increasing reach and complexity of their rules. Then you have people in intelligence services, they may or may not want to see this sort of thing because they want the ability to run large black programs and covert ops, which is more or less at odds with every value flow being identified and investigated.

Then finally you have politicians who are the least consistent and predictable of the lot, mostly because they're trying to figure out and respond to the general publics views on these issues, and those views are themselves mixed. Currently cash is still an everyday thing and for practical reasons it's rare to use it for large transactions anyway, so the effective elimination of cash for those transactions doesn't raise many eyebrows and many would support it on anti-crime grounds. Attempting to push the system a lot further will, IMHO, encounter heavy resistance as existing e-payment systems aren't very good: high fees, poor security/usability, inflexible protocols and high fraud rates are all common. And societies attitudes towards governments and government tracking evolve over time too.

Re:Mintchip is designed to track you

[Robbat2]

You missed something critical posted by the AC. He said you have to assign a unique prime number to each user. Not simply a number.
The 30 millionith prime is 573259391. The 50 millionith prime is 982451653. I couldn't find the 60 millionith prime anywhere, and another 20M should be enough room for the corporations. In either case ceil(log2(573259391)) == ceil(log2(982451653)) == 30. The beauty of this is you can multiply two large primes, take the modulo and somebody with the primes can still verify/extract them later: This isn't very different from doing RSA crypto with very short primes...

Re:*facepalm*

[GNU(slash)Nickname]

Considering that Canadians call their currency "loonies", with straight faces, there is no need for apologies . . .

<pedant>

We don't call our currency any such thing. Nothing ever costs a "couple of loonies", it costs a "couple of bucks."

We do, however, call our $1 coin a loonie, based on the picture of the loon it carries. This is much like Americans who often refer to specific denominations by the name of the president pictured on it.

</pedant>

We have a choice?

[TheSkepticalOptimist]

Just headed over thinking I would do my part as a Canadian to pick something that might be relevant in a few years, but its just a collection of EVERY finance app available on all platforms, I mean, they could have weened it down to maybe the top 10 apps, instead of a huge collection of crapware.

But you just know in spite of being offered a choice (which is a change from the usual Canadian government of picking "innovation" for us), Canada is notorious for seeing the successful products and services used everywhere else in the world and then offering it to Canadians with significantly less features and a pale imitation of the one the world uses, you know, like Netflix.

Re:*facepalm*

[chrb]

As a Canadian, I'd like to apologize for the insecure, amateur-hour embarrassment that is MintChip.

Perhaps you (or the people who are moderating you up) would like to expand on why MintChip is bad? Instant and irrevocable digital payments with no transaction fee sounds like a step up from many of the existing micropayment systems. The fact that it is a national standard means that it is going to be much more widely adopted than anything a private company would likely achieve (see CDMA vs GSM; GSM took off globally after being legally mandated as the common standard for the European Union).

I even think the app contest is quite an interesting approach - certainly much better than the usual "contract a single company to make an app". The summary does not make it clear, but the app is merely a front-end to a MicroSD card that also contains a secure IC for digital cash functions. The contest was not to create the underlying encryption protocols, these already exist, and the security therefore does not lie in the app itself. It sounds as though the MintChip protocol itself is more secure than Visa's NFC-based Contactless Payments.

Re:*facepalm*

[chrb]

Okay, so I just read the Bitcoin-fan objections to MintChip, and it seems it boils down to two points that they see as negatives: the currency is controlled by the Royal Canadian Mint, so they can make new digital coins, and if you can crack the secure chip then you can potentially double spend. However, these two points are what gives gives MintChip it's real world advantages: the currency is linked to a real currency and controlled by an authority that is overseen by the democratic institutions of the nation state, so it has value. Double spending is an unfortunate reality of allowing offline transactions, but in the real world being able to do offline transactions (like real cash) is very desirable.

Many encryption enthusiasts miss one important point when it comes to digital cash: security and convenience are a tradeoff, and the public will usually value convenience over security. With the right equipment, it is possible to copy and double-spend real cash. These are issues that society already has to deal with. The question is not whether it is possible to defraud digital cash - the question is whether it is worth a criminal's time to do so. A potential criminal is not going to use an electron tunnelling microscope to extract the cash from a micropayment card that is intended for payments of less than $10. Yes, it is theoretically possible, but in practice there are more profitable ways for criminals to make money.

Now, if there were an easy way to "empty" a payment card though some stupid exploit, then I can understand that being a problem, but that assumes that there is such an exploit. I would be willing to bet that a system that has been checked by the world's best cryptographers, using open protocols, would be more secure than physical cash notes. Not perfect, but more secure, and that is all we can really ask for. In the real world, it is trivially easy to steal the cash from someone's wallet. Digital cash doesn't need to be perfect, it just needs to be better than that.

Re:*facepalm*

[CastrTroy]

Also, the only criteria I have for deciding who to vote for is by watching a video about the app. I don't get to download and try out the app, so I don't know if it will even run well on my phone. Also, I'm not all "everything should be open source for ever and always" but it seems to me that something like this which is handling monetary transactions on my phone should either be open source, or under heavy government scrutiny. We shouldn't just let anybody put together some closed source app and claim it's doing everything right, especially going by the wonderful screen shots provided. Some of the apps look like they were developed by high school kids.

Re:*facepalm*

[CastrTroy]

I think the stakes are way too high. The system can either support anonymous transactions, XOR it can verify that you actually have as much money as it says you do on the card. If it's truly anonymous, then there's no record of money changing hands. However, if there is no record of transactions, then the only source of how much money you have on the card is contained within the card. This is fine for things like transit passes, and photocopy machines, because it isn't worth the thief's time to scam the system for free rides on the bus. But when you can effectively create real cash out of thin air, then that is just too much incentive for people to defraud the system. If there is a way to double-spend cash, then it would probably be trivial to move up to triple-spend or million-spend. Cash works just fine for anonymous transactions, and we have enough trouble with people counterfeiting that. If they figure out how to counterfeit digital bits, then the digital money will be indistinguishable from the real deal.

Re:*facepalm*

[IamTheRealMike]

However, these two points are what gives gives MintChip it's real world advantages: the currency is linked to a real currency and controlled by an authority that is overseen by the democratic institutions of the nation state, so it has value. Double spending is an unfortunate reality of allowing offline transactions, but in the real world being able to do offline transactions (like real cash) is very desirable.

Hi, Bitcoin fan here (actually, a Bitcoin developer).

First up, let me say that I'm very happy to see MintChip and would happily have beers with the developers any day. I don't think it's stupid at all. MintChip is great because it's the first time a major government institution has stepped up and said, hey you know, cash has some pretty cool advantages, maybe we should replicate that in the digital world. Every other government simply wants to eliminate cash entirely (and free, irreversible, private transactions along with it) for tax collection / crime prevention / power / control reasons.

That said, I'd like to address your points.

Let's tackle your second point first, offline transactions. You can do offline transactions with Bitcoin. In fact, I implemented this in the Android wallet software along with Andreas at a recent hackathon in Berlin. The support hasn't shipped yet, it needs some polish and tuning, but basically it lets you send transactions to the recipient phone via Bluetooth. If the recipient has internet they can then relay it, or they can just keep it around until one of you reaches an internet access point. This obviously opens up the potential for double spends, but if you trust the sender to not defraud you, the system does work fine. One way you could get that trust, if you don't know the sender, would be via secure hardware (eg the sending phone could do a remote attestation to the receiving phone). There haven't been many use cases for remote attestation on phones in the past so unfortunately Androids generally can't do it, but there's no technical reason it can't be added. MintChip requires deployment of new hardware anyway, so they're equivalent in this respect.

As to your first point, I think it's fairly critical to point out that in most modern countries, issuance of the currency is explicitly not under the control of democratic institutions! That's the whole point of having an independent central bank with unelected heads. Historically the power to print money, when owned by governments, has been used to buy support or votes (eg by printing money then using it to fund work creation schemes in areas of the country suffering unemployment). This kind of inflation is effectively a silent tax on savers, but people don't tend to realize that, so it makes for very effective politics. When governments are forced to stop doing this you get "austerity" which is almost universally described in the press as painful, but what it actually means is, governments are under pressure to stop buying votes with newly created money.

The fact that whoever gets elected will naturally feel a desire to print money in order to pay for their campaign trail promises is the reason most countries have tried to build walls between elected representatives and heads of central banks. Making the situation even less democratic is the fact that private banks can also create new money, via the issuance of private loans. So you really can't get a situation less democratic than that.

Human society has always struggled with the question of how to control the power of those who can print money, and despite many attempts never found a truly satisfying solution. Bitcoin, for all its faults, does try to address this.

MintChip doesn't try and tackle this problem. That is not an issue for me. I think it's totally fine to tackle the smaller and arguably more achievable problem of building electronic cash. However, I wouldn't try and cast it as a strength beyond it being simpler and therefore more easily deployed.

The reason most peopl

Re:*facepalm*

[camperdave]

If they figure out how to counterfeit digital bits, then the digital money will be indistinguishable from the real deal.

Real money *IS* digital money: fictitious numbers held within databases. Cash is only a small percentage of the money, and it is just as fictitious. It's not like a small bit of paper with the ruler's picture is actually worth $20. The closest things to real worth is the nickel and the penny (which is being eliminated because it costs too much to produce). Everything else is just a token.

Since all we are exchanging is tokens, does it really matter if these tokens are made of metal or paper, or bits on a cell phone? All that matters is that they are hard as hard to counterfeit as the "real" digital tokens we hold as money.