Design the infrastructure to support the issue exchange of unlimited numbers private electronic currencies, then provide a partial implementation. Privately issued currency is not new. They were common in Australia before 1910 being first issued in the form of promissory notes by traders and later by banks. You can issue private commodity currency today in the form of a personal cheque but it is difficult to circulate cheques because it is hard for the recipient to determine whether it is redeemable. A properly designed electronic system can provide the mechanism for determining the value of an unlimited number of currencies.
Online commerce is currently supported by a variety of transaction
systems some of the most well known being Visa, Paypal, Linden Dollars
(Second Life) and e-gold. They all require that transactions take place
via a central authority, all are supported by taxing transactions and
they issue private electronic commodity currency. Commodity currency
comes with a promise it will be exchanged for some commodity of value by
the issuer. For Paypal credits and Visa the commodity is one of several
national currencies, for e-gold it is physical gold and for Linden
dollars it is rent of virtual Second Life land. Users may not have the
payment method requested by the merchant and exchanging funds between
the systems is a manual and often difficult process. The credibility of
each currency is dependant on the reputation of the issuer and fees are
high, usually 2-3 % because customers want to use widely accepted
payment methods and the switching costs are high. Seigniorage profits
accrue to the issuer because the commodity currency is created at no
cost to the issuer and exchanged with the purchaser for something of
value. This can be significant with the bulk of the revenue for Second
Life being obtained this way as the number of Second Life users has
rapidly increased. Seigniorage can be particularly expensive for users
where they are required to maintain balances in multiple payment
The shortcomings listed above can be circumvented by privately issued
electronic commodity currencies that anyone can issue and exchange
amongst themselves without requiring third parties.
This is mostly the same but the current concept of using x.509 certificates alters some of the logic described here.
X509 certificates are a method of associating a common name with a public key. They are hierarchical with each issuer certifying the level below. They are widely used, commonly for certifying that a website is run by the organisation it purports to be.
An X509 certificate can be used a value token. The upper levels
of the hierarchy certify the issuer is who they claim to be. The X509
certificate representing the value token is passed to another by signing
a certificate for a new holder using the private key of the previous
holder. A registrar is used to avoid double spending.
This is an x509 certificate with a:-
Issuer: The token itself says nothing about the value of token. The value can be defined by a signed statement at the URL of the issuer but doesn't need to be. The issuer promises to redeem the token for a commodity and is ultimately responsible for honouring the token. Other parties are representatives of the issuer. If they fail the issuer is ultimately responsible to the holder. The value of the token may be floating and the willingness of an holder to hold it will depend on the reputation of the issuer. The issuer may appoint a third party to monitor the registrar to keep track of most recent holder. An issuer that isn't trusted could still present trusted tokens where the new holder gets a quote from a trusted redeemer so that the holder relies on the reputation of the redeemer.
Registrar: A registrar is needed to prevent double spending. A token offerree checks with the registrar who currently owns it and becomes the holder when they possess a copy of the token and the registrar shows that the current holder is their x509 certificate. Double spending can only be initiated by a previous holder. The registrar checks this is not happening. The registrar has a minimal role.
An enquiry of token on the registrar returns the X509 certificate of current holder signed by the registrar. An update of token on the registrar is registered when a valid x509 certificate is provided, signed with the private key of the previous holder. The registrar can charge a fee.
Redeemer: Is the representative of the issuer who provides the administrative function of redeeming the token for the issuer. An holder may have more trust in the redeemer than the issuer. Generally a token will have no value unless it can be redeemed for a commodity which could be anything e.g. mobile phone minutes US$ paid to a bank account or gold. Redeeming may be a burdensome process. The redeemer can change the redemption value at any time. The redeemer should advertise the commodity value and procedure for redemption and be willing to provide a quote guaranteed by the redeemer to a holder or potential holder that would allow the holder to redeem the token for a fixed quantity of commodity for a fixed time so that the purchaser can accept a token that is effectively guaranteed by the redeemer. The redeemer can reserve an amount of the commodity previously provided by the issuer to avoid risk. The redeemer can not make an open ended offer as there is no way to know the quantity of tokens issued. The redeemer should monitor registrar for X509 certificate of current holder on behalf of issuer in case the registrar fails and then accept tokens that have ever been shown to be current by the registrar.
Exchanger: Provides a service exchanging one token for
another for a fee. Not formally part of the system but outsources the
problem of valuing and acquiring correct tokens. A person would normally
work through one or several exchangers who would exchange the tokens
they have for whatever they want. The exchanger would provide a quote on
all the tokens their customer owns and exchange tokens with other
exchangers to get the tokens they need for their customers or offload
those they do not want. A holder then does not have to deal directly
with redeemers. Tokens can potentially circulate for a long time prior
Issuer fails to honour: Loss to holder. The issuer is ultimately responsible and the holder has to trust either the redeemer or the issuer to get value.
Holder loses private key of X509 certificate: Token can not be redeemed.
Holder transfers tokens but new holder not aware: Token can not be redeemed.
Registrar shows previous holder as current holder: In this case a seller could inadvertently accept a token that is already owned by another. This token can only be offered by the holder shown by the registrar who would have to collude with the registrar to double spend. The certificate of ownership provided by the registrar to the new holder is the proof for the holder that the registrar failed in their duty.
Registrar fails to respond: The redeemer should have a record of the most recent holder but this could have been superseded before the redeemer found out. After a suitable delay (maybe 2 days) in which the registrar failed to respond redeemer accepts token from last known holder or new later holder if one is presented. Registrar can not be replaced as there is then the possibility of double spending. Tokens are ultimately still redeemable.
Redeemer purports to redeem but fails to deliver: Holder seeks assistance from issuer. In general do not accept tokens with untrustworthy redeemers.
Redeemer fails to redeem (perhaps out of business): Issuer
can appoint a new redeemer and advise at URL of issuer.