Slashdot Mirror

← Back to Stories (view on slashdot.org)

Voting Begins For Canadian Digital Currency App

Posted by samzenpus on from the voting-on-dollars dept.

An anonymous reader writes "The Royal Canadian mint has been pursuing the creation of mintchip, a digital currency for Canada, through a publicly held app contest. App development and consideration is now complete, and the public can now vote on which phone or desktop digital payment apps should be endorsed and publicized by the mint. There has been multiple arguments that the mintchip could easily have the same security, privacy, and traceability concerns as current digital payment, rather than actually introducing the benefits of cash."

9 of 84 comments (clear)

  1. Re:lol fraud by Nerdfest · · Score: 5, Funny

    So far, I was under the impression that our digital currency was Tim Horton's Gift Cards, and they've stayed relatively secure.

  2. Re:*facepalm* by cheesecake23 · · Score: 3, Funny

    As a Canadian, I'd like to apologize for the insecure, amateur-hour embarrassment that is MintChip. Hopefully it will go away quietly.

    I imagine it will go away as quietly as this wafer-thin MintChip.

  3. Bypass the Bankers by tchdab1 · · Score: 4, Interesting

    I'm terribly impressed that Canada is working on electronic payment systems that don't "donate" a portion of every transaction to the likes of Visa, Mastercard, Paypal, etc. Electronic payments and the defacto currency behind them are real, but "legal tender" offered by host countries has not kept pace with the technology and habits of citizens who use it. Let's hope Canadians can work through the problems with this, and we neandertals in the USA can learn from them. Next in line: national credit cards and checking accounts.

  4. Re:*facepalm* by Scott64 · · Score: 5, Informative

    We don't "call our currency loonies". The one dollar coin is nicknamed the loonie because there's a loon on it and it rolls off the tongue better than "one dollar coin".

  5. Mintchip is designed to track you by Anonymous Coward · · Score: 5, Informative

    it's about time I clear my conscience...

    The system keeps track of what funding sources you've been "in contact" with, kinda like Bitcoin's idea of "taint"

    The implementation is quite clever, involving some modular arithmetic and the 24-byte "Transaction Authentication Code" detailed in the Mintchip Messages documentation. Or I should say, revealed... of course they're not telling you what the TAC does because they don't want to admit it's true purpose. It's also not just the TAC, all those supposedly random nonces generated by the hardware aren't going to be as random as you'd think. Basically you can use them as an additional way of stenographically hiding data between transactions that goes way beyond what they document.

    I can't reveal too many details on how it works as they'd probably figure out who I am, but essentially that's enough bits to encode a probabalistic record of every Sender ID that has transfered funds that ended up in your balance. Then when you resend your balance, you "infect" subsequent Mintchip balances with that record.

    I'll give an toy example to prove the point: lets suppose you assigned prime number to every user of the system. If the TAC were simply multiplied by each prime from every payer, you could then factor the resulting large product of primes to determine who the payers were. The actual implementation is more involved, and probabalistic, but you get the idea. Sure it essentially becomes a brute forcing problem, but when you have a rough idea of who might be paying who, brute forcing is a lot easier than you'd think. Canada's population is only a bit over 30 million...

    Don't trust closed hardware or software. You have been warned. This may look like a anonymous Bitcoin competitor, but the mint isn't stupid, and they're not going to give back any of the anonymity cash provided that the government wants so badly to get rid of.

    1. Re:Mintchip is designed to track you by WillerZ · · Score: 3, Insightful

      If you are identifying people from a population of 30 million you need ceil(log2(30 000 000)) bits for your person identifier; which is 25 bits in this case. However you are likely to need to identify corporations as distinct from persons, which will probably take another bit or so. 26 bits per trading entity into a 24-byte (192-bit) TAC goes 7.4 times.

      No matter how you put those IDs into the TAC you can never fit more than 7.4 at a time. So if you are a criminal (or privacy nut) who wants to use this system, make sure there are 8 trades between you and any other party you interact with if you want deniability if someone has access only to the TAC used for the final transaction to you. This is not a very plausible tracking scheme because for practical reasons you will need a timestamp and other gubbins to be encoded in the TAC.

      Of course, if you have access to all the TACs you only need to fit two IDs in there at a time to build a chain. This is IMO very plausible.

      --
      I guess today is a passable day to die.
  6. Re:*facepalm* by GNU(slash)Nickname · · Score: 4, Informative

    Considering that Canadians call their currency "loonies", with straight faces, there is no need for apologies . . .

    <pedant>

    We don't call our currency any such thing. Nothing ever costs a "couple of loonies", it costs a "couple of bucks."

    We do, however, call our $1 coin a loonie, based on the picture of the loon it carries. This is much like Americans who often refer to specific denominations by the name of the president pictured on it.

    </pedant>

  7. Re:*facepalm* by chrb · · Score: 4, Interesting

    As a Canadian, I'd like to apologize for the insecure, amateur-hour embarrassment that is MintChip.

    Perhaps you (or the people who are moderating you up) would like to expand on why MintChip is bad? Instant and irrevocable digital payments with no transaction fee sounds like a step up from many of the existing micropayment systems. The fact that it is a national standard means that it is going to be much more widely adopted than anything a private company would likely achieve (see CDMA vs GSM; GSM took off globally after being legally mandated as the common standard for the European Union).

    I even think the app contest is quite an interesting approach - certainly much better than the usual "contract a single company to make an app". The summary does not make it clear, but the app is merely a front-end to a MicroSD card that also contains a secure IC for digital cash functions. The contest was not to create the underlying encryption protocols, these already exist, and the security therefore does not lie in the app itself. It sounds as though the MintChip protocol itself is more secure than Visa's NFC-based Contactless Payments.

  8. Re:*facepalm* by chrb · · Score: 4, Insightful

    Okay, so I just read the Bitcoin-fan objections to MintChip, and it seems it boils down to two points that they see as negatives: the currency is controlled by the Royal Canadian Mint, so they can make new digital coins, and if you can crack the secure chip then you can potentially double spend. However, these two points are what gives gives MintChip it's real world advantages: the currency is linked to a real currency and controlled by an authority that is overseen by the democratic institutions of the nation state, so it has value. Double spending is an unfortunate reality of allowing offline transactions, but in the real world being able to do offline transactions (like real cash) is very desirable.

    Many encryption enthusiasts miss one important point when it comes to digital cash: security and convenience are a tradeoff, and the public will usually value convenience over security. With the right equipment, it is possible to copy and double-spend real cash. These are issues that society already has to deal with. The question is not whether it is possible to defraud digital cash - the question is whether it is worth a criminal's time to do so. A potential criminal is not going to use an electron tunnelling microscope to extract the cash from a micropayment card that is intended for payments of less than $10. Yes, it is theoretically possible, but in practice there are more profitable ways for criminals to make money.

    Now, if there were an easy way to "empty" a payment card though some stupid exploit, then I can understand that being a problem, but that assumes that there is such an exploit. I would be willing to bet that a system that has been checked by the world's best cryptographers, using open protocols, would be more secure than physical cash notes. Not perfect, but more secure, and that is all we can really ask for. In the real world, it is trivially easy to steal the cash from someone's wallet. Digital cash doesn't need to be perfect, it just needs to be better than that.