Home

epointsystem

Updated:
Created:

I came across another system for electronic payments today, epoints. Some findings about it.

The main page is http://epointsystem.org. Newer development takes place on https://www.epointsystem.org/trac, with some form of mobile phone client on http://epoint.org

I also sent email to Janis, also asking for his masters theses which
seems to be the source of the long documentation on

https://www.epointsystem.org/trac/epoint_issuer/wiki/RedcentDocumentation

From what I understand, the epoint system works as follows (Nils, please
correct me):

- Alice makes up a secret, and creates a hash of it
- She sends the hash to the issuer, who signs it
- The issuer
  - sends back the cert
  - publishes the cert
- The certs have a strict ascending serial number
- Alice now transfers the secret to Bob
- Bob creates a new secret, and hash
- Bob sends the Secret 1 along with Hash 2 to the issuer
- As Bob is the first one to have the secret for the orignal hash,
  Bob can exchange the old token for the new one.

Effectively all tokens are public, but you need to know a secret to
use / unlock them.

This allows:

- payments with receipt (provided bob has a digital id)
  - bob would (before getting paid by Alice) issue a receipt to Alice
    that contains the hash of a secret that Bob created
  - Alice would then use Bobs hash and one of her coins to 'pay' for
    the exchange of one of hers into a new one which Bob holds the
    secret for

- method against ransom - as the issuer has a record of which old coin
  was exchanged for what new one, all coins that are based on ransom
  money coins could be declared invalid. Hence ransom money becomes
  relatively useless

Whats different to opencoin is the aspect of anonymity (in regards to
the issuer being able to track payments). With epoint the issuer could
see that a token that was handed in by connection A is later appearing
in connection B, concluding that A made a transfer to B.
In opencoin, there is no tracing of the token, because the issuer only
sees it on redemption, not on creation.
Epoint relies on the issuer not being able to trace who ther person is
behind a connection (a.k.a TOR). Which is worse then opencoin, but
better then a account system (or its using one time account systems, one
could say).

On the issue of double spending I see them on the same level - epoint
seems to rely on online connections as well as opencoin does, and also
mentions the trust solution for the offline mode.

One advantage of epoint is much easier to publicly audit them, for e.g.
the number of tokens issued - they have the increasing serial number of
the tokens signed, which opencoin can't have - so there is no reliable
way of controlling an opencoin issuer from the outside (Nils?)

And of course the code base is way further ahead, it seems (they have
mobile phone stuff).

Cheers,

  Joerg