Magic Money

As more and more businesses rush to join the World Wide Web and capture the websurfer's attention (and cash), the need for a secure electronic transaction system has become more and more apparent. Businesses envision a world-wide clientele, with markets open to all, regardless of company size. Users envision a diverse selection of products and services, available from the convenience of their homes. The meeting of the two in the electronic marketplace depends upon a certain amount of confidence between the merchant and the customer that the merchant will get the money promised them, and the customer will get the goods promised them, without any other parties being privy to the transaction. Credit card transactions, while being well-supported on the consumer and merchant ends of the exchange, are also easily interceptable and forgible. Magic Money attempts to bridge this gap between consumers and merchants, offering a more secure electronic transaction system.

What is Magic Money?

Magic Money is a publicly available digital cash system, using PGP, the Chaum protocols for blind signatures, and the email system to offer an on-line transaction system. In reference to digital cash systems, there are both on-line and off-line systems. On-line systems require an interface with some server to process the transaction, tracking interactions and information comparable to serial numbers to verify that pieces of money are not "double-spent", where double-spending refers to the possibility of copying the string of bits that make up a piece of digital cash to make another piece of cash. Off-line systems do not require the use of a server, and have implemented other means to combat double-spending.

Magic Money was invented by an individual who uses the handle "Pr0duct Cypher". Pr0duct Cypher is well known on the Internet for development of applications using PGP, and provides the source code and documentation for these applications at various sites. No one knows exactly who this person is, or where they are, other than that they have claimed that they are in Europe, and thus are not constrained by the US. cryptographic legalities. In addition to writing Magic Money, Pr0duct Cypher has also developed a set of tools called "PGP Tools", allowing easier integration of PGP encryption into GUI applications.

Where Can I Get Magic Money?

Magic Money can be downloaded through anonymous ftp from ftp.dsi.unimi.it in /pub/security/crypt/code, among other places. Fair warning: one of the versions that I downloaded, when unzipped, contained a file with the name "--------.---". This file serves no purpose, and if one views it, you will see that it is merely someone's idea of a practical joke. UNIX's command "unlink" did the trick of removing it from my directory (rm views the filename as an odd sequence of command characters).

What Does it Do (re: Security)?

Each person participating in the Magic Money system runs the client module on their machine. Client modules send messages requesting actions into the server module, which processes these messages and sends the response back to the client module. All messages are PGP encrypted, and messages from the server are signed.

The server module is responsible for issuing all new coins, by creating the new coin and stamping it with a blind signature. In addition, the server module keeps track of all old coins (those which have been spent). The client module is responsible for keeping track of all current coinage.

We have been speaking of a client module and a server module, but there is no reason not to have multiple client modules and multiple servers.

What can I use it with?

In its original form, Magic Money required a great deal of client/server interaction that was not automated. Thus the user had to be aware of what was going on, and be an informed participant. Since Pr0duct Cypher's original posting of Magic Money's source code, various automatic client software applications have been written, to try to simplify the traffic that the user needs to be aware of going between the client and the server module.

Using this AutoClient capability, it should be possible to set it up as a secondary program to a main network application, perhaps something along the lines of a stock exchange game. The main application would call the AutoClient and receive all responses, with no user intervention required.

What Else Must I Use With It?

Someone wishing to use Magic Money will have no choice but to understand PGP. Someone wishing to develop their own applications surrounding a Magic Money kernel would most likely wish to look at Pr0duct Cypher's PGP Tools for development of integrated PGP applications. Those attempting to use it for anything other than a purely experimental basis (see Does anybody really use it?) will need to be aware of the various legalities surrounding the usage of patented technologies, including RSA and Chaum's protocols for blind signatures.

Does Anybody Really Use It?

There have been a few attempts to implement the Magic Money system on the Internet, such as Nexus bucks, but they have run into several problems, some of them based on the specifics of Magic Money, and some of them inherently based in the as yet not fully developed concept of digital cash.

The problems specific to Magic Money are rooted in its implementation. Magic Money depends heavily on the use of Chaum's blind signature protocols and RSA's encryption protocols. These are both patented concepts, and are thus not available (without some sort of royalties) to be used in a commercial system. Since Pr0duct Cypher is freely posting his source code for anyone to use, trying to get a handle on who is using what and whether proper royalties (should they ever be decided upon) have been paid, would be an impossible task. Chaum himself has no incentive to even offer a royalty payment schedule, as Magic Money would be in direct competition with his DigiCash system.

The problems specific to Magic Money are most likely not its worst difficulties, however. There are difficulties inherent in any digital cash system, as yet, that have not been overcome in theory, much less in practice. Without some sort of backing, the digital dollar is worthless. Money of any sort is only worth what it can buy, and without some sort of guarantee of worth, digital cash is merely a string of bits, too easily created, and not easily enough controlled. One does not need to look far into US history to see examples of currencies gone bad: the Confederate dollar, the greenback, and the Silver standard come to mind as currencies not well regulated or supported by something of real value.

Ignoring the backing question, one still needs to determine who gets to issue and regulate these lovely strings of bits. Currently the Nexus avoids this question by trading Nexus bucks for bartered services. This, however, does tend to limit the purchasing power of the digital cash, and causes problems with such simple things as making change.

For the moment, Magic Money is merely a neat toy to play with, something perhaps to model economic systems with, but definitely not something to use as handily as one would a credit card or an ATM account.

Bibliography