by Jörg Baach — last modified Jun 13, 2009 04:44 PM
I came across another system for electronic payments today, epoints. Some findings about it.
I also sent email to Janis, also asking for his masters theses which seems to be the source of the long documentation on https://www.epointsystem.org/trac/epoint_issuer/wiki/RedcentDocumentation From what I understand, the epoint system works as follows (Nils, please correct me): - Alice makes up a secret, and creates a hash of it - She sends the hash to the issuer, who signs it - The issuer - sends back the cert - publishes the cert - The certs have a strict ascending serial number - Alice now transfers the secret to Bob - Bob creates a new secret, and hash - Bob sends the Secret 1 along with Hash 2 to the issuer - As Bob is the first one to have the secret for the orignal hash, Bob can exchange the old token for the new one. Effectively all tokens are public, but you need to know a secret to use / unlock them. This allows: - payments with receipt (provided bob has a digital id) - bob would (before getting paid by Alice) issue a receipt to Alice that contains the hash of a secret that Bob created - Alice would then use Bobs hash and one of her coins to 'pay' for the exchange of one of hers into a new one which Bob holds the secret for - method against ransom - as the issuer has a record of which old coin was exchanged for what new one, all coins that are based on ransom money coins could be declared invalid. Hence ransom money becomes relatively useless Whats different to opencoin is the aspect of anonymity (in regards to the issuer being able to track payments). With epoint the issuer could see that a token that was handed in by connection A is later appearing in connection B, concluding that A made a transfer to B. In opencoin, there is no tracing of the token, because the issuer only sees it on redemption, not on creation. Epoint relies on the issuer not being able to trace who ther person is behind a connection (a.k.a TOR). Which is worse then opencoin, but better then a account system (or its using one time account systems, one could say). On the issue of double spending I see them on the same level - epoint seems to rely on online connections as well as opencoin does, and also mentions the trust solution for the offline mode. One advantage of epoint is much easier to publicly audit them, for e.g. the number of tokens issued - they have the increasing serial number of the tokens signed, which opencoin can't have - so there is no reliable way of controlling an opencoin issuer from the outside (Nils?) And of course the code base is way further ahead, it seems (they have mobile phone stuff). Cheers, Joerg