•   almost 12 years ago

Lower level tech docs for the system?

"It uses a PKI" doesn't really tell me much. MintChip folks, are there any docs you can point me to online (or send me via email) about the design of the system? I don't really care about the API, I am more interested in the system itself.

Also, who did security and cryptography reviews on it?



  • Manager   •   almost 12 years ago

    Hi Leigh,

    Thanks for writing. If you have questions about the MintChip developer resources, microSD chips, remote MintChip accounts, or other developer resources, please send an email to mintchipsupport@mint.ca

    I will forward your query on to them so they can respond.


  •   •   almost 12 years ago

    Hi Marny, thanks for the reply. I very specifically don't care about developer resources, I am interested in system design documentation that says something more than "we use PKI". Is there any of that publicly available, or should I just email my request to the address you mention?


  • Manager   •   almost 12 years ago

    Hi Leigh,

    Please do email the address I mentioned, and I will send them your query as well.

    Thank you,

  •   •   almost 12 years ago

    Why not make that documentation public? Surely you don't expect the public, in 2012, to trust an unpublished cryptosystem, right?

  •   •   almost 12 years ago

    Let me get this straight: MintChip is a proprietary, patented, centralized, unpublished cryptosystem, where a trusted-third-party (the Mint) signs a certificate saying "this private key was stored in a tamper-resistant hardware token that is designed not to double-spend", so we're supposed to just be able to assume that any valid MintChip transaction signatures are trustworthy, even offline. As soon as one person extracts a private key from a MintChip token (which they will, given that there's a monetary incentive), the fundamental assumption that the whole system relies upon is destroyed.

    Your organization appears to know this, which explains why you emphasize that MintChip is intended for "low value" transactions.

    Fine, so the security of the whole system depends on the security of these hardware tokens, and yet you're "not in a position to release" any tangible information about them? Why should anyone invest in this system? Because you're The Mint?

    You have the threat model wrong, too. Why on earth would you want to emulate cash? Cash is easy to counterfeit. It only remains useful because there's a high risk vs. payoff associated with uttering counterfeit cash. On the other hand, MintChip is supposed to be used online, so even if we detect a counterfeit, there's not much chance that the fraudster will actually go to jail. There's also a much larger number of potential fraudsters (basically, everyone connected to the Internet).

    MintChip also doesn't deliver on its privacy claims. "No personal data is exchanged in the transaction." That's not true at all. According to your documentation, every MintChip has a *single*, 16-digit ID that's generated by the central authority and used in all transactions, so there's no reason why these IDs couldn't be tracked the way companies already track credit card numbers.

    The funny thing is that this all could have been implemented on top of Bitcoin. Make some tamper-resistant hardware with some Bitcoin private keys inside it, and sign a certificate saying "the keys for these addresses are in tamper-proof hardware". For low-value transactions, they could be accepted at face value, but if we wanted greater certainty, we could inject the transaction into the Bitcoin network and wait for a few confirmations to avoid double-spend fraud.

    Way back in 1999, Bruce Schneier posted a list of nine cryptography "snake oil" warning signs (http://www.schneier.com/crypto-gram-9902.html#snakeoil). I see 3 of the 9 warning signs here already.

  •   •   almost 12 years ago

    My main concerns, like Dwayne L., is that the system is not open and public. Any accepted cryptosystem must be released to the scrutiny of professionals outside of the initial developers.

    Another problem, being a Linux user, is the lack of source for the API libraries. If we are to trust this system and the developers don't even trust the security of their design enough to open the API library source, I have a few doubts. The only way to get access to the apis is to use the binary blobs available with the API samples. One of my ideas was to attempt Linux support; this is impossible without at least the source to the libraries. Is this intended, or should we just wait for access to these items?

  •   •   almost 12 years ago

    Echoing Dwayne's concerns here. Security by obscurity is not security. This is an important topic that more people should be concerned about.

  •   •   almost 12 years ago

    In General I agree that public adoption of this system would require more transparency and a look at the system.

    However, I want to add in that I think we're missing a little bit, based on an email exchange I've had with the developer support. The MintChip developers see this as a R&D project, and a publication of a raw API. The interest is more in what sorts of things could we hope to see, not so much as let's all start using MintChip tomorrow. If taken in context, this is an opportunity to look at the technology and find the weaknesses, and that nothing may be published currently because it's under development or subject to change.

    Dwayne L, for this portion of you're comment:
    MintChip also doesn't deliver on its privacy claims. "No personal data is exchanged in the transaction." That's not true at all.

    I asked something very similar directly to their support, on whether these ID numbers would have a registry that could be used by laugh enforcement for tracking theft. The response is basically that the idea of maintaining a registry of who own's which mintchip vs. privacy is actually something under consideration, and they want to see how the debate plays out.

  •   •   almost 12 years ago

    It doesn't matter whether the Mint keeps an ID registry. The ID itself is "personal data", because there's only one per MintChip, and anyone you ever perform a MintChip transaction with gets a copy of this number, which can be stored for later cross-referencing and shared between different organizations.

  •   •   almost 12 years ago

    To load bitcoins onto a tamper proof device, you need to trust a central authority to have legally acquired bitcoins. Once acquired they guarantee not to circulate them until someone redeems the BTC from a MintChip.

    I see two differences between MintChip and Bitcoin. First, MintChip does not require online connectivity to approve a transaction, while Bitcoin does. Second, MintChip can hold different currencies (I include BTC as a currency) which isolates you from forex fluctuations. Nothing so frustrating as to see your account balance move up and down all day long.

  •   •   almost 12 years ago

    Dwayne -- you do have some valid security concerns, but the ID is the most abstract way of identifying a person. It's no more secret or private than an IP address. There is, of course, the ongoing debate over whether or not an IP address constitutes "personal data", but there isn't really a way of transferring digital funds without the exchange of some sort of identification. That isn't how the internet works (although I'm sure you know that by now). Without exchanging even one piece of "personal data" (super vague term, btw) - the cards would have to be in the same location, and the payment processed by physical hardware.

    ... which kills the point of MintChip, really.

    It really depends on how closely mintchips are tracked. It may be so that anonymizing yourself is as simple as buying a new mint chip, doing an offline transfer from old to new, and destroying the old chip. Conversely, receive a payment on a new chip, transfer to a 'main' chip, and destroy the new chip. Privacy advocates, tinfoil hats, and black hats will *always* find a way.

  •   •   almost 12 years ago

    I would tend to agree the claim made in the video at developer.mintchipchallenge.com is misleading in the sense that no personal data is exchanged. The media covering this anouncement also appears to have widely spread this claim.

    However, barring external factors, if you use multiple mintchips, there isn't common id between them that would tie you together.

    Barring whether or not claims of anonymity are misleading, I personally don't beleive the system should be anonymous, atleast not in the sense of having capabilities for law enforcement to investigate reports of fraud. It would be great if this included the ability to appear anonymous to a merchant by randomizing the ID in some fashion that could be de-randomized by court order.

  •   •   almost 12 years ago

    I'm afraid that I have to disagree with James P about the ID being "abstract" and comparable to an IP address.
    An ID is a unique and static identifier, tied to a single device. Unless you believe that people will consider MintCoin devices as cheap and throwaway, then an ID->device->person is an easy match.
    Consider the public (or even home) telephone. Many people have access and could use the device. Having the phone number of a public phone doesn't identify a person. Having a home phone number identifies a small set of people who could have used it, but still no definite identification of an individual. IP addresses also do not (always) uniquely identify an individual. All of these identify a *location* which could be used by many people.
    Unless the MintChip devices become the cheap equivalent of a throwaway "burner" cell phone, then the ID leads straight to an individual.

  •   •   almost 12 years ago

    Without more information, it is impossible to tell how personal a MintChip itself actually is. From the current implementation, there is nothing stopping you from offloading all funds from one mintchip to another (or into real currency), and swapping someone for a different empty mintchip. Also, consider for a moment the opportunity for 'disposable credit card' equivalents of mintchip.

    Such an ID becomes traceable only if you have given the ID to someone who either a) has a partnership and is working with others to form a database or b) has significant clientel to establish a meaningful database size - ie Google Checkout or Paypal or iTunes.

    It's hard to say at this point how problematic the mintchip ID privacy will be. There is simply not enough information. At any rate, barring the reason that the MintChip challenge is more proof-of-concept/R&D rather than actual implementation (and, thus, is undergoing active development), there is no reason that the crypto being used should not be disclosed.

    I'd hope that all details and specifications are published prior to mainstream adoption.

  •   •   almost 12 years ago

    I love how people are telling the Mint - the printer of all Canadian legal tender, the stamper of Maple Leaf gold and silver coins accepted everywhere with absolute confidence, the keeper of the currency - about counterfeiting and security.

    Dwayne L: LOL "You have the threat model wrong", "Cash is easy to counterfeit."

    You're too full of your own goodness. I think the Mint understands the threat model perfectly and I think they understand counterfeiting a little more completely than you do.

    "there's no reason why these IDs couldn't be tracked", right, just like the serial numbers on bills can be tracked.

    You know "the Mint" isn't the Franklin Mint on TV right?

  •   •   almost 12 years ago

    Erik P: You have way too much confidence in this team. Not saying they aren't good, but they're a product development team like any other. They've only been working on this project for a year. Just because they Mint is footing the bill doesn't mean it's a perfect product.

    A healthy amount of critical security analysis is a good thing with any cryptosystem, especially ones involving trusted hardware.

  •   •   almost 12 years ago

    There's a surprising amount of anger here for a contest based on an R&D project.

    If you take a step back from your Bitcoin-rage and look at the goals of the challenge, it's fairly obvious that the project is still in the discovery stage. They're asking for ideas, not releasing a product.

    Let me re-iterate: this is not the final product. This is a contest to exercise the API, raise public awareness about digital wallets, and see what cool ideas people come up with.

    Contest, not product.

    If you have concerns about security, why not write a polite note or white paper rather than raging and insulting? You can discuss ideas without being a @#$%, even on the Internet.

    For those asking why this isn't open source:
    1) maybe the devs aren't ready to release it, or
    2) maybe the project uses closed source libraries that can't be released, or
    3) maybe the Mint wants to recoup its R&D investment by licensing the technology.

    As for me, I'm participating in this challenge because it's fun. Maybe I'll win some gold. Maybe I'll influence the future of digital wallets. Maybe I'll learn something.

    I won't be raging about how it's unfair to Bitcoin, open source, and money launderers.

  •   •   almost 12 years ago

    I agree with Terry W on this.

    To be fair to the rest of the group here though, when I first went through the site, I was left with much the same impression. I'm not a huge fan of the security model, the ability to reclaim lost transactions left up to vendor implementation, and many other things. However, after emailing the developer support, I was left with a much cleaner picture of what we're out to accomplish.

    To re-iterate a little:
    - This is an R&D project.
    - This is a release of a RAW API to garned feedback from developers and users on how this *might* be used in applications and circulation
    - This is visioned to work in the space of existing cash transactions. Security wise of having a few bills in you're wallet and some change
    - Open to feedback on ways to realistically attain additional security levels, such as mechanisms to block suspicious transactions from happening

    If I take it within this context, I'm honestly not as uncomfortable with how this works as I was originally. But to be completely honest, in this day and age with escalating identity theft, database breaches, etc... I was hoping for better...


  •   •   almost 12 years ago

    @TerrryW That's the post that I've wanted to make for days, but couldn't put so succinctly into words.

Comments are closed.