Digital Bearer Instruments on XRPL – (im)possible?

[thinlyspread]

Just having a brainstorm really, would love some input here as to why/how this may be possible or impossible on the XRPL. Think of this as a Gedanken (thought experiment). 

IDEA:

You have various private physical "mints" regulated by the govt, think of them sort of like XRPL gateways except they have physical cash-in locations, maybe they're like secure kiosks. They take in cash, then read the serials & holograms on the notes to make sure they're not counterfeit etc, like a post office or bank might, with machines. The machine/system is then hooked into XRPL (somehow)... so that a 1:1 fiat value asset is issued across the corresponding mint's trustline onto the XRPL, let's say for now, as "cash fiat" i.e. cUSD cEUR cGBP, etc.

For each issuance, however, something different is happening that is NOT like gateways and normal issuances. It is more like an "NFT" perhaps, except it *is* fungible as pure cash. Somehow, perhaps using a memo field or one of the other fields (??), the serial number for each note is printed into the issuance and encrypted. Perhaps the encryption is actually more like an OTP or Vernam randomised cipher (thus no need for algo-encryption), which is used to securely scramble the serials but through which other mints/kiosks who share the cipher code can "decrypt" or read what these serials are and thus if they are legit.

[KEY POINT: Governments probably like it because they can track money supply/flows as was intended by cash notes having serials. All good so far. ]

This would NOT be an IOU for paper, this would be more like Chaumian e-cash, "true" cash where the serial *is* the money itself now (aka a bearer instrument), wrapped into XRPL, but legally binding as spendable money. Presumably the original paper notes/reserves would be taken in by the treasury/mint or central bank / government, and destroyed/archived or whatever but that's irrelevant for now. The overall point is, these aren't stablecoins "backed by" notes and coins, but they are (in my hypothetical scenario) *legal tender* proven as such via their encrypted hidden serial and thus traceable back to the mint(s) and whatever KYC requirements they endorse.

However, the XRPL likely has a problem as the carrier medium for this for various reasons I see, because:

  --> Normal issuances can be broken down into smaller units, because they are representations (no individual "one time" serial numbers) and fractional by design

  --> If you allow "1 USD" to be split into "0.5 USD" or "1.2345 USD", then how do you manage the serial and thus retain the bearer instrument quality?

  --> Identity may need to be tethered to the serial ID and for every change of hands that be updated and somehow stored in the same unit

Now my hunch is this is impossible precisely because the XRPL is/was setup as an account based crypto-ledger, not a token based system like e-cash, Bitmint, xx (perhaps), etc. But... if there were a clever solution around this – you could have bearer instruments also moving on the XRPL – and tradeable with other assets, without any peg/tethering risks. In theory! 

I think the main barrier is how to create fractionalized serial numbers for each transaction (ok, maybe you could have limits, which can be set by the XRPL I believe, to say, 0.01 in cents or pennies) and still have them be fungible and identifiable as full serial numbers and not useless number parts.

The other issue is even if you solved this somehow, and you could – like a hologram contains fractal informational pieces of the whole – create new cipher-strings which carry the memory of prior transactions and splits, then what's the purpose of the XRPL at all? Interoperability? Maybe it's better then to have a proprietary app that does the ID checks (by looking up a central or shared blockchain/database?) and instead just send pure bitstrings (like BitMint) and use whatever system, even unsecure pure data connections (since if the strings are cipher-text anyway, intercepting them over Bluetooth/WiFi/whatever doesn't matter – they'd be useless randomised strings unless you had the decryption tool, which would mean you're registered/exposed anyway). The idea being, that only registered participants can use the system, by registering with a local mint that's part of the wider "chain" of interoperable and legally sanctioned mints. I guess this would be done by a corresponding key? (Then, I guess you'd need some dual cipher... like public/private keypairs but from the mint, for the user, but then also keep the cipher code scret from users and only accessible to mints??? Maybe you can make Mints anti-fragile because you know all the serials from an exposed Mint and so can immediately warn all other Mints and shut down stolen e-cash, rendering it useless if stolen??? So it's never totally centralised because each Mint uses their own cipher system in a competing security/functionality war with other Mints.)

OK I know this is a real long shot, a real waffle. But I think it's interesting philosophically and logically, or as a design question, to think about what "is" money – can it be "pure" data as simple cipher-text strings? Can it be a bearer instrument like true digital cash, rather than an issuance guaranteed by an issuer – yet inherit the benefits of blockchain e.g. for tracing/tracking? Or is there some balance between the two (my idea), where you take in circulating "real" money we all know, i.e. private cash, and issue a digital twin which is a perfect legal replica of the original.

Discuss...  

Edited January 27, 2022 by thinlyspread

[thinlyspread]

Another MAJOR issue here is simply the obvious conflict in philosophy of bearer instruments (like true cash) "vs" distributed ledgers and blockchains where – in general – everything is fully traceable and non-private. Or at least semi-private or pseudonymous, but certainly not anonymous. Whereas the entire point of cash is, while there's a serial to trace flows and prevent counterfeiting, etc, what "happens inbetween" so to speak, is entirely private and in the full control and freedom of the holder (bearer). 

Also we have a HUGE issue looming right now with big data analysis and taregetted advertising, worries about social credit scoring, and personal security and freedom and such. I don't like the idea of Google or China or Amazon or some nasty hacking cartel being able to link one of my XRPL addresses and I am forever on a system where everything I ever buy is linked together in a huge network graph. We do need, at bare minimum, consumer level privacy if not complete anonymity (which favors the worst kind of criminals). 

So maybe we can have a system that gives the advantages of cash, but in digital form with all its perks and conveniences, but with traceability and accountability in a LEGAL sense (e.g. distributed Mints could have to seek a strict court order from a judge or get a warrant or something to trace individual activities) – such a system would need to protect consumers and individuals from public surveillance, big tech and data miing, meta data, etc, Russian/Chinese or other nefarious state elements, while allowing the justice system to thrive and not have our society fall to organised criminal elements. 

[thinlyspread]

Another controversial point. Not saying this is true, but just to throw it out as a Gedanken...

For all the horsesh*t bitcoin maximalist, Silicon Valley and VC rhetoric about "decentralization", for most people they simply don't care about how "decentralized" something is as long as "it just works" for them and their needs. To add to that, true cash is – ironically – arguably near infinitely MORE decentralized than ANY current blockchain system. 

I think about it like MP3s, or Microsoft Word. They ain't on a blockchain, don't need one, yet are highly "decentralized" in the sense that because they are useful, millions of people choose to use them as tools on their devices globally and don't care if/how their activity is tracked – and even if it is, a lot of people have "dodgy" copies or "grey area" copies, etc. But even if the internet goes down, they can still access the files. It doesn't depend on some stupid blockchain, internet access, and it not being slow/expensive or getting 51% attacked. Blockchain is more like Spotify in this analogy – great until there's no internet or it gets expensive, or the ads become insufferable, at which point you realise they own/control everything and it sucks for you, your files don't work without their database ("blockchain").

I like the idea that e-cash can be a pure blob of information or a simple elegant bitstring (but use identifiers to prevent double spend etc), rather than everyone having to share everything on the same chain and having this gigantic, bloated, potentially vulnerable & poorly governed pseudo-database... which feels to me more like centralization, than having a bearer instrument of your own "data blobs" or true e-cash that, like our personal computer files, are private only and until a warrant is out for our arrest (or whatever) and the police can ask for your password and then legally demand the Mint give the other codes.

True e-cash can maybe solve this weird public/private dichotomy, by giving us everyday full privacy and freedom but only under the LAW of each country, a bit like what happens today anyway e.g. if the police want to crack your iPhone they need a court order to force Apple/whoever to do it. 

However this system would be secure and NOT need backdoors. The regulated Mints would oversee the system and e.g. Vernam ciphers would gurantee security instead of blockchains/crypto. But once your personal "blob" of data is accessed by court order it contains all necessary information, but the entire system (unlike a blockchain) is not/never exposed. Only in theory the cipher for that specific Mint or set of accounts (which are immediately destroyed and recreated anew for each access). Mints could compete and use various blockchains for tracking, features, etc. Or... in theory they could even take in crypto-assets and convert them to the same system. 

Edited January 27, 2022 by thinlyspread

[brianwalden]

Just so I know which direction to comment from, what problem are you trying to solve here?

[thinlyspread]

6 minutes ago, brianwalden said:

Just so I know which direction to comment from, what problem are you trying to solve here?

Open discussion really. 

Public/private data (and thus money) dichotomy. Fears over losing cash, and what is cash, really, i.e. what do we really mean when we think of cash being private etc. Blockchains generally being... crap (but also they ALL are potentially vulnerable to cyber warfare – Vernam is NOT)... how do we best blend the idea of cash/privacy and blockchain/technology.

Also just philosophically asking the question... what do people want/prefer? And are there better ways to issue money on distributed ledgers. Is there a "social contract" to money and thus it's never really our "right" as it's government issued under the Law? Etc.

Have at it! 

Edited January 27, 2022 by thinlyspread

[thinlyspread]

I also think this is highly relevant to the question of how to structure CBDCs and whether CBDCs are also "cash" or the accounting/ledger base layer underneath the entire system, with cash designed differently on a higher layer.

[Guest]

@thinlyspread some initial thoughts. 

The benefit of being represented on a blockchain, today, is access to additional liquidity/assets. To me, that's the primary goal and that's the lens in which I see this.

I think there is a way to preserve privacy on the blockchain by compromising a bit off the blockchain. To me, loss of privacy on the blockchain is far more impactful and issuing physical/non-blockchain assets on the blockchain will always be reliant on an off-chain identification. 

 Let's ignore capital control issues, limits on cash spending in various countries, etc. Here's how I see this working -

• Rather than representing individual paper/individual units directly, we should probably look at representing accounts.
• An account could be a bank account, credit account, metals, a physical store of cash, treasury bonds etc.. The asset manager should just have an account for you on XRPL or a side-chain of XRPL.
• So if you have 100 USD in a Bank of America account, you get a 100 xUSD account on XRPL, issued by Bank of America. The token decimals will have to match decimals used in the current banking system etc. Same holds through with other assets and we could get more complex by representing non-Fiat assets in Fiat through Oracles, etc.
• The issuing gateway sends an authorization request to you. An app on your device locally generates a compatible account + private keys. You sign the authorization request and include the generated account. The gateway knows that this is your account and updates your balance with the funds you have with them. You import private keys into your favorite wallet (could also just be the same app where you generated that account). 
  • Technically if this is cash, it should just be burnt once balance is updated with your account, but what happens if you want to get out of the blockchain and get back physical cash? This one's a tricky problem. 
• Perhaps part of the authorization request is to disable fund remittance from your off-chain account. 
• The blockchain account is kept in sync with the off-chain account through a state connector (e.g. Flare).
• What happens if your account needs to be frozen (e.g. bad actor, bad transactions, etc.) ?
  • I think the right way to solve this is for the Custodian/Gateway to flag your blockchain account, which automatically makes the blockchain reject certain transactions from you or makes the other gateways reject transactions from your account, or something. I don't think there should be the ability for the custodian to "zero-out" your account.

The identity of your account on the blockchain is private. The issuing gateway knows your identity and your account of course, but they don't have your keys. And they already know your identity because you're depositing your assets with them. They've already done the KYC/AML stuff.

I don't see a future where CDBCs are issued to people directly on the blockchain. There is no way to preserve privacy that way. The only way is to have custodians off-chain that act as issuing gateways and support privacy through that mechanism.

The transparency here that comes from decentralization is about flow of money that is now accessible to everyone. And if the system fails for some reason, or go offline for a while, the most recent "snapshot" of funds are always there with the custodians/gateways and XRPL always stops progress if it thinks it cannot do so safely so while there may be a disruption of service, funds will always be safu

Edited January 27, 2022 by Ripley

[brianwalden]

People want the freedom of cash combined with the security of a bank where they kiss all your boo-boos and make them go away (but without all the fees that banks nickel and dime you with). Quite frankly, it's irrational. Freedom or security. Pick one, you can't have both.

Governments want complete control over the money supply right down to individual accounts. **** 'em.

I can think of how to do bits and pieces of what you're describing on the XRPL, but not the whole thing. I don't think the bits and pieces really accomplish what you're trying to accomplish. For example, you could have a fungible currency that's backed 1:1 by non-fungible IOUs representing each serial number. But I don't really know where that gets you.