Hacker News new | comments | show | ask | jobs | submit login

This is a big step backwards from the security of Bitcoin. All someone has to do is break open the hardware and extract its key (or take its key with a side-channel attack) and they can double-spend money. That's problem one. Bitcoin's entire byzantine protocol exists entirely to solve the double-spend problem, and it works, while this doesn't.

Every MintChip has an ID, and every transaction is logged on both the sending and receiving device with the ID of the other device. This means that if someone takes your chip, they get a complete record of every transaction you've ever made. In other words, it's not anonymous at all. That's problem two. Bitcoin solves this by encouraging users to generate a new address/private key for every incoming transaction, so that matching up addresses to people is hard.

It's tied to single physical devices which can be lost or damaged. This makes them unsuitable for storing savings. Bitcoin wallets, on the other hand, can be backed up securely.

Both MintChip and Bitcoin can be stolen if the attached device is compromised. Bitcoin is designed in a way that makes it possible to fix that, and developers are working on a fix: multi-signature transactions (so you have several computers, or a computer and a phone, and all of them must agree to any outgoing transaction). MintChip, however, cannot solve this problem in any way except with chargebacks, and the documentation given so far indicates that they aren't supporting that.

It's interesting- I wonder what the acceptable level of compromise is for the MintChip. As programmers our instinctive response is "none at all", but MintChip is a replacement for cash, and cash gets compromised all the time.

So, in theory, the Mint might be OK with trading off security for convenience/affordability, as long as that level is below what they currently experience with cash. It's difficult to know.

It's interesting- I wonder what the acceptable level of compromise is for the MintChip. As programmers our instinctive response is "none at all", but MintChip is a replacement for cash, and cash gets compromised all the time.

That would be fine, except the compromises in MintChip give up what is essential to cash. It's more like a replacement for debit cards for small purchases.

Some European countries tried out different systems in the past, for example the "Quick" system in Austria over a decade ago. As far as I know all of them failed.

Quick was a small chip on a smart card that allowed you to store a monetary amount and to pay with this chip at certain terminals. This worked essentially like real money: You had to regularly top-up your chip and if you lost it your money was gone.

This is all nice from theoretical aspects, but in practice it didn't provide any advantages to users. Why use your "Quick" card, when you can use your plain old debit card instead? With the debit card you earn interest, get a new card if you lose it, don't have to regularly top it up.

The same is true for this Canadian Mint thing: (As a regular user) why should I be interested? I can use my credit card to pay online and offline. I can use my online banking account to transfer money to friends. Where's the advantage?

One thing that you might not know is that in Canada, we don't have "debit cards" per se, but INTERAC cards, which can't be used for online purchases. This means that you must use a credit card for online purchases, which makes online transactions prohibitive for people who don't want or otherwise can't have credit card (i.e. kids).

I think the reason the Mint is launching this contest is to see what the community can come up with. Hopefully having a development community first will lead to enough useful applications that answer the question of advantages.

Here in NL we have "Chipknip" which is exactly the same as you describe.

The advantage this system has over debit is that the terminal does not need to have a network connection. So individuals can make small purchases at coffee machines, parking meters, etc. You do need to "top up" your card at an ATM-like station (Pin # required), but you don't have to enter your pin when you make a transaction.

If you loose your card, or your card breaks, you're screwed, which is why I don't like the system very much.

> The advantage this system has over debit is that the terminal does not need to have a network connection.

In a couple of years even your underwear is going to be online, so this is really a non-feature.

There was Mondex here in the UK - which I was only really aware of because we shared an office with a company that did a Mondex implementation for a Philips device. It never caught on.


I agree about your point about debit cards - I use a debit card for all day to day purchases (lunch, taxis, bars, cinema). Pretty much the only cash transaction I make is when I get my hair cut.

The largest problem with Bitcoin has always been how insecure peoples computers are. WoW accounts where only worth a few dollars and yet account hacking was incredibly common unless you used a physical authenticator tied to your account. Thus, to securely use Bitcoin you really need a third party either a 'bank' or a vary secure device.

PS: Banking websites have their own issues. But because they tend to use multitiple forms of authentication the are significantly harder to break into on the client side.

This problem is not insolvable. As you pointed out, a secure device can be built to securely transact. Or use a "bank" (but I don't like it because any centralization is against the design principle of Bitcoin).

For example, Bitcoins could be stored on a smartcard having a flexible e-paper display, flexible built-in keypad, and flexible LiPo battery [1]. Withdrawing coins from the card could require a user typing in an amount and a pin code, and then using a smartphone to scan a QR code shown on the e-paper display (or sliding the card in the merchant's payment terminal, which would scan the QR code). The QR code would represent a signed Bitcoin transaction to a pre-programmed address whose private key sits on some online server, which is only used as an intermediary step before forwarding the coins to the final merchant. The smartcard would effectively never connect to an online device during its entire life, making it un-hackable without having physical access to it. Smartcards could also be manufactured in pairs, or triplets, etc, to have clones of them in order to have redundant backups of the Bitcoins in case of a loss of one of the cards. If you know about the Bitcoin blockchain, you might ask how the smartcard can sign transactions without access to the current blockchain. Well it is mathematically possible, because a transaction just consists of ECC-signing a few bytes representing the destination addresses.

Don't discard a technology because you are unable to comprehend it enough to think of solutions to address some of its flaws. (I do agree that addressing the security of Bitcoin wallets is of utmost importance.)

[1] The technology for this already exists. I own one of those: http://gallery.drfaulken.com/d/8752-1/IMG_1466.JPG

That's not really true. You can store Bitcoin keys on paper with QR codes (or even just in your brain), and sign transactions on devices that have never touched the internet and never will. It's just the infrastructure that hasn't been built yet, but there is a lot of development going on to enable the average user to utilize these possibilities. That's not even mentioning multi-signature transaction support.

Carrying around your life savings in your wallet or memory doesn't really make it more secure, it just increases your odds of suffering bodily harm.

I don't mean to suggest that Bitcoin can't adapt. Just that most of the advantages it has over physical / digital cash or credit disappears once you add such things. Once you have a bank or physical device governments will get into the game and start regulating with the express goal of eliminating anonymity for large transactions.

"... most of the advantages it has over physical / digital cash or credit disappears once you add such things. Once you have a ... physical device governments will get into the game and start regulating"

Not sure what you mean. By 'device' I didn't mean some special hardware developed by some special company, where the government can then regulate that industry. I just meant any computer. I'm saying that signing a transaction can be done offline on devices that are never connected to the Internet, such as an old laptop, or yes even a special device. There's no fundamental requirement to have the keys on your virus-ridden home PC at any time. This doesn't remove any of Bitcoin's advantages from what I can see.

And multi-signature transactions will allow for multi-factor authentication at a protocol level.

That's significantly worse from a user perspective than giving Amazon a credit card number to enable one click checkout or downloading a book from my kindle. It's true you could do anonymous transactions online, but while it's better than mailing people cash it's something of an edge case and I could also buy a Visa gift card and get the same sort of anonymity. Again, I like Bitcoin, but the problem IMO is how to make it both as convenient as a credit card and secure.

PS: Your also describing an adhock solution. As soon as you want to mass produce them to allow significant and convenient adoption you get into regulation issues. And by 'device' I am including just the software to manage your account from a cheap netbook.

>Thus, to securely use Bitcoin you really need a third party either a 'bank' or a vary secure device.

Things like the BitcoinArmory client [1] + upcoming multi-sig transactions should make it secure enough relative to traditional currencies. Use a a *nix instead of Windows (much easier for the mainstream these days with OS X/iOS/Android) + secure wallet.dat backup like SpiderOak or Tarsnap and you're in good shape security-wise.

1. http://bitcoinarmory.com/

> Use a a *nix instead of Windows (much easier for the mainstream these days with OS X/iOS/Android)

And ubuntu...

I almost mentioned it, Ubuntu has been my primary OS since 2007 and I continually re-evaluate options - Fedora, Cent, SUSE, Mint, and Arch mainly - but Ubuntu always comes out on top. I just have no experience converting people over to Ubuntu from Windows, so not personally sure how well that works.

Services like StrongCoin https://strongcoin.com secure bitcoins by doing the signing in the browser. No private ket stored to your hard disk or their site.

The big problem with banking is how insecure people's computers.

To secure your 'real' bank account, you need your computer that you do your online banking to be secure, your need the computer in the card reader at the store to be secure, you need the computer in the POS to be secure, you need the stores back office system to be secure, you need the computers at the credit card processing company to be secure (yes you VISA) and you need your bank to be secure.

To secure bitcoin all you need is your bitcoin wallet to be on a USB key in your pocket.

Your overstating the need to secure a credit card. I could post photo's of my credit card here or hand it to a waitress, and at worst I would have to make one phone call. Yet, I can make a 5,000$ purchase without fear. Because, unlike Bitcoin I can dispute transactions after the fact yet people still accept credit cards.

Now, plug in that bit-coin wallet into a unsecured computer and within 5 seconds your account could be drained and there is no way for you to ever recover your money. Your PC and wallet might be secure, but you have literally no way of knowing that. Worse yet as soon as large numbers of people start having a few thousand $ worth of bitcoins zero day attacks are going to take on a hole new meaning.

PS: I don't do online banking or use a debit card, the entire system is horribly and fundamentally insecure. But, I only need to pay off my CC every month and suddenly I have near total safety. Or, I can walk up to any ATM and suddenly have total anonymity at the cost of some risk.

But you still end up paying for the possibility of those disputes in terms of higher prices. If you make a dispute because somebody stole your card and bought stuff, the damage isn't simply undone by a chargeback. The merchant loses out. Chargebacks from identity theft, as you describe, are a massive source of risk to merchants, and they have to factor that into the price of their items. What's more, the credit card companies impose large fees on merchants who get too many disputes against them (even if they aren't engaging in fraud themselves, but instead they are the ones getting defrauded through the process you described).

What your describing are reasons for merchants to adopt Bitcoins not consumers. Because, merchants charge people paying with cash the same price as those paying with credit cards and distribute the costs between them. So, as a system you might have a point, but as with a classic prisoner's dilemma there is zero advantage to me for giving up that protection. And, if I have a rewards credit card I can extract money from those who pay with cash or theoretically Bitcoins.

PS: I still think Bitcoins are an interesting idea. I am just describing why their adoption has been so slow. There is simply no compelling reason for significant legal transactions to use Bitcoins, which covers for their inherent risks.

One reason for consumers is built-in deflation. Money has to be scarce; 21million is a ridiculously low number, and bitcoins are very scarce.

This comes up pretty often, but it's worth noting that it's built-in scarcity. Deflation in the sense of increasing purchasing power will only happen if it is more widely adopted as a medium of exchange (which is definitely possible.) It its use as a medium of exchange diminishes, it could actually see inflation in the sense of decreasing purchasing power.

Unlike cash and gold, Bitcoin can be divided down to 8 decimals. So it doesn't really matter how many millions of bitcoins there are. The important thing is that bitcoin can't be printed by central banks.

For most people this is a negative.

"most people"

This is a baseless statement.

I, for one, don't want my bank controlling my money supply or telling me how I can and can't spend it.

Children don't like their parents forcing them to eat vegetables but that doesn't mean it isn't good for them. You may not like the bank controlling the money supply but that doesn't mean you haven't benefited from it.

And my claim is hardly "baseless". You can reject the orthodox views but please don't claim to be in the majority -- whether we use the polite term "heterodox" or the less polite "crank" the fringe nature of such views is apparent.

You can dispute transactions because of your legal agreement with the credit card company - not because of any technical reason. For example your bank also insures itself against having untraceable cash stolen by robbers.

You could have a bank account where the bank claims no liability if your debit account was emptied by a hacked chip+pin reader - they just wouldn't have many customers!

Similarly a bank could decide to offer a bitcoin account where it will offer you the option of a chargeback. It will simply charge a commission on the transaction to cover itself.

Not true!

Merchants would have never come up with that on their own. It was forced on them with credit cards by consumer protection laws. Debit cards don't have that legal requirement, but consumers have come to expect it.

The point is it's a legal invention - introduced by the banks so that people would actually trust credit cards - it's not a necessary feature of a traceable transaction.

It's a feature of having a 3rd party as part of the transaction. A random merchant trusts Visa to ban people who abuse the system. And merchants are threatened by with being banned if they don't keep quiet about the occasional charge back. However with a pure digital currency there is no independent party, so all transactions are either provisional or finalized with the merchants and customers having total power at different parts of the process.

PS: I am not going to sue if some random website fails to ship a 200$ graphics card. So reputation becomes even more important, but only because fraud will also become far easier.

P2P currency doesn't preclude 3rd party (escrow) transactions. In fact, it will likely be a popular option for large transactions and it will cost less than CC/debit card security overhead.

the genius of the credit card system is that not all of its features rely on what programmers would think of as technical mechanisms. legal and contractual constructs can be highly effective.

Could a national currency integrate into the block-chain if they wanted to? For example, Canada could issue 'authorized' bitcoins, meaning the coin had to originate from an official source. And if the coin originated from an 'authorized' source, the value could be pegged at a certain price -- backed by the gov't? This way the currency could adopt the flexibility and convenience of bitcoin -- while retaining the ability to issue new currency.

Edit -- to clarify, a mint could purchase one coin, and peg the value of .00000001 of that coin to $1. Only transactions originating from this official coin would be treated as official currency.

Bitcoins don't have IDs - it's only amounts being transferred between addresses. If I have 5BTC in my wallet, I have no way to differentiate between let's say the 0.01 "canadian" and the 4.99 ordinary BTC. i could not specify which ones to send in a transaction.

That said, if MintCoin gains momentum I'm sure there will be plenty of MC-BTC exchanges popping up.

That is wrong. Maybe the current client implementation cannot do this, but the open block chain allows one to exactly see where a coin originated (i.e. whether is is Canadian or not). Alternative implementations could then be told to specifically spend the Canadian or regular coins.

I don't think it makes sense to use block chain technology for backed currencies; if you're going to have a central mint anyway you might as well use a Chaum-style system like Lucre or Open-Transactions.

Why would it? The capacity to manipulate the national currency is a major source of government power. Plugging into bitcoin would only dilute that power.

You seem to have significant insight on the topic of digital currency. I would love to learn more from you if you can spare some time. Please leave me your contact or email me only if you want to.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact