One thing I like about Loom is that an asset type has a single issuer. This means that an issuer can store some physical assets in a vault, create a digital asset type redeemable for those physical assets, and issue the digital asset type in a strictly limited quantity.
Then there's no question what a digital asset type is good for, because even if no exchangers or merchants accept the asset type, at least the issuer is contractually obligated to deliver the assets in storage or the promised services.
I wish Mr. Nakamoto (the author of Bitcoin) could devise a way for a digital currency to have a single issuer, but still trade in the wild like Bitcoin does now without a central server. However, that may be a logical contradiction and thus fanciful thinking.
So the best I've been able to come up with is Loom, which does indeed depend on a central server. But I would like to see many Loom servers with trading networks between them. That might be a way to realize the benefits of central servers while avoiding much of their risk.
(I just have to dig up where I read about it.)
First, I would need a reference standard implementation of blinded signatures. I know if I tried to cobble something together myself, some crypto-guru would laugh and point out that my prime factors weren't super-prime in a Zeta field of modulus three or some such thing.
Second, basic blinding still does require a central server. I believe the Brands protocol allows blinded tokens to circulate without contact with the server at every stage, and anyone who attempts a double-spend can be identified cryptographically. But it's complicated and ultimately relies on the technique of going after the bad guy with a baseball bat.
So if I went with blinded tokens on a central server, I'd be right back at the central server problem. Blinding provides un-traceability at the cryptographic protocol layer. With Loom, I figured that anyone that concerned with un-traceability could just use a VPN or Tor.
See the case of E-Gold for a similar comparison. E-Gold was doing something very similar: letting people transfer money anonymously and untraceably, but backing it with real gold in a vault so that it had some legitimate worth. The feds shut them down.
Crypto currency sounds great, but unfortunately it always breaks down where the rubber meets the road, or where the crypto currency gets converted into real currency. These places are easy to shut down by any government.
Regarding money "laundering," that used to be defined as concealing the proceeds of crime. Now privacy itself has been defined as laundering, even when no fundamental crime is involved. That is to say, privacy itself is criminalized by statute. It's sick, and decent people need to reject that way of thinking. Stick to the principles of common law and voluntary exchange.
Look at TPB--a lot of money has to change hands on their site (advertisers, etc.) and in spite of pretty much every country trying to shut them down they seem to be doing OK.
Both of these are common problems among all new currencies, and the most common way to defeat both is to have the currency issuer back their currency with something of known worth (gold, a fiat currency, etc). If conversion to/from the backing currency is common, then most transactions become bound by the problems of both currencies, for example paypal is effectively a currency that is more or less worth USD * ##%, because of the currency switching costs.
I can't wait to see a crypto-based-currency jump these hurdles, but I can't yet imagine how they'll successfully do it (and perhaps some already have that I don't know about?).
Basically, you have 3 choices for currency. You can have debt-money (most modern economies). This has the advantage that money is effectively created by the market based upon the mutual agreement of a lender and a borrower, which means that money is created and destroyed by the invisible hand. This is a good thing. It is problematic, however, in that you get problems if large sections of the economy ever start paying off their debts through very large productivity gains because that destroys the money supply. Also, it tends to support a "banker class", who does nothing but loan money and gets paid for very little work (capital allocation isn't THAT hard compared to how much you make doing it).
You can have commodity money, which is great because you don't get runaway inflation. But because of deflationary spirals, you can get runaway deflation. Also, people tend to hoard whatever commodities you are using, which are typically useful for industrial or other uses.
You can have fiat money, but that only works if you have an incorruptible central bank. Otherwise you end up like Nigeria.
Personally, I think we should use the Joule as a basic unit of currency. Although energy supplies can fluctuate, they tend to grow and shrink with the economy, which prevents either inflation or deflation. Different banks could offer different baskets of energy types (wind farm or solar farm output futures, barrels of oil, coal, etc.), and you don't end up with a banker class living off of everyone else, but you don't end up with hyperinflation or deflation. 500 MJ today would tend to buy a similar amount of things 10 years from now as today (maybe a little more because of efficiency gains, but not a lot more).
A nice steady mild deflation is nothing to worry about. That kind of deflation was mostly caused by productivity gains, which benefited everyone. With inflation, the beneficial effects of productivity gains are stolen, and given to the privileged early recipients of the inferior irredeemable money coming out of the spigot.
Sounds like that'll cost a lot of CPU/bandwidth... * continues reading * I'm curious how the whole thing is organized...
edit: technical paper link is on the FAQ page.
edit2: from the technical paper:
The steps to run the network are as follows:
1) New transactions are broadcast to all nodes.
2) Each node collects new transactions into a block.
3) Each node works on finding a difficult proof-of-work for its block.
4) When a node finds a proof-of-work, it broadcasts the block to all nodes.
5) Nodes accept the block only if all transactions in it are valid and not already spent.
6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.
I'm curious though: what happens when transactions get large compared to cpus-which-can-prove-transactions? Wouldn't that cause the average rate of growth of the histories to decline, making it easier to attack individual lines?
I don't see how this can scale. But please correct me if I'm wrong... I like the idea of a distributed currency, and I'd love one to work.
Since I read the book, I have been waiting for someone to create something like this. It will be exciting to see if this will work and if "cyber currencies" will become more widely used.
Plus points for the top pun as well.
However, I think if we're ever going to escape the problems mentioned in other comments here, what we really need is a huge PayPal-style system to take off, integrate with common systems etc. Can you imagine the potential if eBay supported this? Shame it won't happen, as that's the kick it needs in my opinion :)
One to skip imho.