Bo Zhu   •   over 11 years ago

Mention two suggestions/questions for MintChip after submitting our app

We were working hard to catch up the deadline and the questions are not very critical, so we have time to discuss them now after submitting our app EasyChip.

We think MintChip is a great product and has a bright future.
With the cryptographic assurance provided by MintChip, we can make the online payments to be a very simple and satisfying process, e.g. you don’t need to do registrations first or enter any passwords (you can check our video http://goo.gl/V82F6 and the demo site http://goo.gl/0PWnO).
I think such things can’t be done without MintChip. (Distributed BitCoin can’t work instantly like this because it needs a fairly long chain to prevent double spending.)

However, there are still some things that I think should be improved in future designs of MintChip.

MintChip should have a built-in authentication mechanism in its hardware, perhaps asking for a passcode for each payment and limiting error retrials.
The current non-hosted MintChip can’t protect itself, and any local malicious apps or software can easily withdraw all your money.

We implemented our own value message parser, and found the APIs of official libraries for reading/creating value message may have some implementation problems.
The chip ID, e.g. 1302, is actually stored as (0x13, 0x02) in the ecn file; while other number fields are stored normally as decimal (13, 02). People can run the official php parser to check the output.
Although it might be fine using the same libraries in both sender and receiver, I think it is better to keep consistent implementations for different number fields.