Bitcoin and previously created anonymous electronic money systems
In this publication, I will make a comparison of Bitcoin, about which many have already heard, with previously created electronic money systems, the basis of which was put by David Chaum in the early 1980s. Bitcoin in most information sources is presented as something revolutionary, out of the ordinary outstanding. I’ll demonstrate that this is just just one more payment system, not much better than PayPal, WebMoney and the like, and in many ways even lagging behind them.
I will take as a basis the article "Universal Electronic Cash" , in which cryptographers give clear requirements for an ideal electronic payment system (in this work the conditions for creating a decentralized system are not set):
For example, paper money, coins, “cash” are safe: using a bill leads to the fact that you lose it, lose something tangible. The effort to create bills (their fake) is too high due to the complexity of technology. To create gold coins you need gold. Cash money gives privacy to the user. And anonymity. When giving the bill to the store or receiving change, neither I nor the store know whose hands these notes have been in before. They can no longer link my purchases by banknotes. They can be transferred to other people (without the participation of banks), make payment offline.
')
We will not go into the details of the implementation of Bitcoin: there is a huge amount of materials on this topic. Each user has a wallet, which is a pair of asymmetric keys. Each transaction is a set of data signed with asymmetric keys, which states what amount and where it is sent. Transmitted transactions from user to user (which may also be shops) form a time-related chain. This chain is a single database for all, by which everyone can check whether money has been used again. You can add transactions / data to this (or many other) chains only by making resource-intensive calculations (proof of work).
The whole essence of Bitcoin is based on the assumption that the longest chain of data is always used, since the most resources are spent on it, and the most resources are spent by well-wishers, honest users. Having opened the whitepaper on Bitcoin, we see that it is clearly stated: the system works until the attacker has 51% (a little more than half) of computing resources. In this case, he will be able to create alternative chains of transactions and make it so that, for example, the store today sees and trusts my payment, and tomorrow it will no longer be in the longest chain, although the goods could easily have already been shipped to me. In addition, the one who has the right to create a valid chain of trust can introduce censorship: not allowing certain purses to appear in it. It may not include transactions for which the minimum fee was not paid. All this is not prohibited by the protocol.
The one who has more than half of the computing resources concentrated turns the system into a centralized one. He can cancel accounts (without letting transactions appear from them), he can demand a commission - in general, there is everything that modern banks are so bad about.
Bitcoin ideas could work if computing resources were really heavily distributed among users. However, we know that on simple CPUs it is useless to try to do mining, even the GPU is less and less an option. Build huge mining data centers. That is, the further, the more and more computing power migrates to small centers. The ghash.io network has already exceeded the 51% threshold.
There are other electronic payment implementations where the SHA256 hash function from Bitcoin is being replaced with algorithms — also memory-intensive to reduce the gap between cheap ASIC mining chips and expensive but inefficient CPUs. All this revolves around the idea of ​​proof of work and therefore it is only a postponement of the inevitable centralization of computing resources. Proof of work is known for a long time, since the appearance of spam in e-mail. And over the decades, people had to realize that this is not a means of preventing the emergence of spam (alternative transaction chains in the context of Bitcoin), but only a tool for reducing it. It is completely impossible to eliminate spam: then the entry threshold, the number of required resources grows so much that mere mortals will not be able to use the system and again everything will come to small, huge, powerful service providers. In the context of money, they can be called the most ordinary banks, those who have a developed expensive infrastructure. Money makes the richest.
When it comes to the security of money, when it comes to transactions in the millions or billions of conventional units, then there’s no hope that no one will replace the longest chain of Bitcoin transaction blocks. Nobody will take such a risk. Therefore, the proof of work as a whole is not applicable to work with money, except perhaps only when it comes to small things (micropayments), where the risk is not so terrible.
Thus, already at the moment Bitcoin is a centralized system.
If money or ordinary banking transactions are safe, then Bitcoin does not talk about this: the chain can be changed. People who have sold something for a large amount will be extremely disappointed tomorrow, not seeing the paid amount in their wallet (as the transaction for their public key is in a different chain that is not trusted).
If anonymity implies the ability to instantly say that such and such a user (or rather, such and such a public key) is Vasily Pupkin from such and such a home, then Bitcoin is anonymous in this context, unlike bank transactions generated by credit cards. But absolutely the whole purchase history, the entire history of any monetary movements of the user is forever fixed in the chain of blocks. There is always a trivial opportunity to say that this purchase was made by the person who once bought this and that.
Nobody forbids having multiple wallets, generally making one or two transactions per wallet, but if we are talking about using money associated with the outside world, material, then the user will already be forced to give some additional information about himself. Indeed, it is possible to guarantee for years that no information will leak in transactions, but it is enough to make one contact with the outside world - and someone will already know something deanonimizing about you, automatically attaching this information to all your previous history of money transfers. Preventing the leakage of any data about you almost completely limits the applicability of Bitcoin in reality. The store may not send you the goods - how will you contact them and try to return the money? How to pick up the goods? Only by de-anonymizing yourself. Moreover, cash deanonymizes you within a single transaction (the shop sees that it received 20 rubles from me for the purchase of bread, that's all), while Bitcoin de-anonymizes the whole story.
Offline payments in Bitcoin do not. Moreover: they cannot even be made quickly, since to confirm a transaction it is necessary that it be in several blocks of the longest chain (although the fact of the appearance of a transaction is quickly visible). In the case of payment of any small things (well, there is a sandwich), you can take a risk, and even if the transaction does not turn out to be valid - the loss is not great. That is, again, in practice, only micropayments.
This table assumes that bank cards are chip cards and offline payments can be made with them. PayPal is simply a web interface with which you can somehow manage cash flow, it can be your bank’s web interface. By schneiercash is meant an example of creating an anonymous e-currency described in Bruce Schneier ’s Applied Cryptography . About this currency will be written below.
Finished designs for anonymous (indeed, and not narrow, practically not applicable in life, the context of Bitcoin) and secure electronic money, such as schneiercash, were already created in the 80s. Many cryptographers dealt with cryptocurrency issues, but none were able to come up with a decentralized solution. Anonymous, safe, offline and other things were invented (by the way, there is a rather complicated mathematics and implementation), everyone knows about the proof of work, but only Satoshi Nakamoto could make decentralized cryptocurrency using trivial engineering knowledge (any software engineer is able from scratch to get to the idea of ​​a chain of transactions related to time hashes with proof of work)? Of course, this cannot be so. If the media and even some states recommend developing this system, advising to support it, this is guaranteed to be beneficial for someone. If the system were honest, anonymous, secure, decent, decentralized, then it is not profitable for anyone to waste time on the media advertising about it. This was already clear before the network computing resources were concentrated in the same data centers.
Another obvious fact: no state in their right mind would allow an anonymous monetary system to develop. The state will do everything so as not to lose its power, which rests on the army and the economy, rather, entirely on the economy, its control. Anonymous systems are the inability to control and even track and monitor transactions. David Chaum created companies embodying his achievements, but they were all crushed and closed. About the ability of people to unite around a good idea that they cannot be broken, they have the Internet in their hands and so on - all this is utopia, nothing more. If states have nothing against Bitcoin, then they can control it, it means that it is not anonymous, not censored. The fact that Bitcoin is prohibited, for example, in Russia, is certainly reasonable, so why allow sponsoring of third-party unfriendly countries?
Bitcoin currently has a couple of advantages over the same online payment systems, such as PayPal: no mandatory expensive commissions (just for now); no fuss with the banking bureaucracy, the binding of cards, bills, their service. That is, it can be considered as a more convenient alternative from the point of view of the interface.
Gradually consider how to make a system of electronic money.
The first approach to the projectile is simple: there is a bank, the public key of which is known to all. Users have accounts in it. Before buying in the store, the user makes a request to the bank for a certain amount. The bank checks whether there is such an amount on the account, deducts it, signs with its private key the value of this amount, this check. Technically, it really could just be a text file with “100.56” and a signature. This file / check is sent to the user. The user sends this signed check to the store. The shop is convinced, using the public key of the bank, that the signature, respectively, and the check, are valid and releases the goods. This store can send the store at any convenient time to the bank, and the latter, having verified the signature, will increase the value of the cash account of the store.
Of course, the main problem here is that the check / file can be copied and reused. This problem can be solved by adding a unique identifier to each check by the user and storing the identifiers of the checks used in the database of the bank. We get security.
However, the bank, at the time of signing the check, sees its identifier and can remember it and associate it with the user. That is, there is no anonymity. David Chaum solved this problem by inventing so-called blind signatures . In the RSA asymmetric encryption algorithm, you can apply a masking function to the data before signing it. The peculiarity of this function is that after unmasking the data, the signature still remains valid. This can be compared with an envelope from tracing paper: you can put a check (a masking operation) inside it, leave a signature on the envelope itself (we don’t see the contents), then take the check out of the envelope (demasking) and it will have a valid signature.
Needless to say, the bank will not sign what is completely unknown. Therefore, in order to receive a signed disguised check from a bank, for example, in the amount of $ 100. we do the following:
In this case, the bank does not know that the store received the check from us, since he never saw his identifier anywhere, because he signed a disguised envelope. In our case, we have one chance in a thousand to deceive the bank: hope that he will not choose one single envelope in which there may be a large differing amount. If the bank fears this probability, then you can ask for at least a million envelopes: you can take this risk. In any case, if a client is noticed for trying to cheat, he will not be happy.
We get anonymity valid. The bank can detect the fact of an attempt to deceive him: either the user has sent a check twice, or a shop. The bank does not know who tried to do it, but it is necessary to punish. To find out which of the two is at fault, let’s complicate the protocol: when the store accepted a check from the user and checked the bank signature, he asks the user to leave a random string on his check. This check with a random string is sent to the bank, where it stores it along with the check ID in its database. It is assumed that the store / seller is not able to replace this line (if you take an analogy from the material world, then, for example, this is paper with squares cut out that you can pierce - you can’t put it back into place). When checking the availability of a check identifier in the database, the bank also looks at the saved random line: if it coincides when trying to double use the check, then the store is to blame, and if it is different, then the buyer is to blame.
If the user is to blame, then he still remains anonymous for the bank. If it were possible to de-anonymize it at the time of attempting to double-use a check, but not in regular, honest cases, this would make it possible to make already offline payments, as it happens with chip bank cards: if the user tried to deceive the cash register and took advantage of the fact that if he had no connection with the bank, the bank would still later find out who it was from the cash register transaction log and the user would be punished. No need to instantly "take" on the spot.
This can be done using such cryptography techniques as secret splitting and bit commitment. Continue to complicate the current protocol:
The decryption key reveals only one of the parts of each line of the identifier and the bank is unable to receive its original. However, if the check is reused, then, since the seller randomly chooses which of the parts of each of the lines to open, the probability that the decryption key of any of the lines will be requested for the missing half is maximum.The decrypted half of at least one line (with a sufficiently large N) will already be in the database of the bank and when reused, the second one is also decrypted, making it possible to combine them (XOR) and get the original identification string. The bank will know which user specifically tried to use the check twice.
This anonymous, secure, with the ability to work offline and identifying who tried to cheat the bank, the protocol is already quite complicated. But it still does not give the opportunity to split money (checks are atomic and you have to make a request to the bank to replenish the account, and request two separate checks for smaller required amounts) and send directly to users, bypassing communication with the bank (that is, the user will have to play the role of seller must replenish your account). There are much more complex implementations that solve these remaining problems ... except for the unsolved problem of decentralization.
I will take as a basis the article "Universal Electronic Cash" , in which cryptographers give clear requirements for an ideal electronic payment system (in this work the conditions for creating a decentralized system are not set):
- Independence from any physical conditions. Money must represent only information flows so that it can be used over computer networks;
- Security. The possibility of reuse, copying money should be excluded;
- Privacy, non-traceability, anonymity. The ability to track the relationship between the user and his purchases should be excluded;
- Offline payments. If the network is unavailable, the store should still be able to accept money from the user;
- The ability to transfer money to other users, bypassing communication with the bank or some similar centralized service;
- The possibility of crushing, exchange of bills of a given value into smaller parts, without the participation of the bank directly.
For example, paper money, coins, “cash” are safe: using a bill leads to the fact that you lose it, lose something tangible. The effort to create bills (their fake) is too high due to the complexity of technology. To create gold coins you need gold. Cash money gives privacy to the user. And anonymity. When giving the bill to the store or receiving change, neither I nor the store know whose hands these notes have been in before. They can no longer link my purchases by banknotes. They can be transferred to other people (without the participation of banks), make payment offline.
')
We will not go into the details of the implementation of Bitcoin: there is a huge amount of materials on this topic. Each user has a wallet, which is a pair of asymmetric keys. Each transaction is a set of data signed with asymmetric keys, which states what amount and where it is sent. Transmitted transactions from user to user (which may also be shops) form a time-related chain. This chain is a single database for all, by which everyone can check whether money has been used again. You can add transactions / data to this (or many other) chains only by making resource-intensive calculations (proof of work).
The whole essence of Bitcoin is based on the assumption that the longest chain of data is always used, since the most resources are spent on it, and the most resources are spent by well-wishers, honest users. Having opened the whitepaper on Bitcoin, we see that it is clearly stated: the system works until the attacker has 51% (a little more than half) of computing resources. In this case, he will be able to create alternative chains of transactions and make it so that, for example, the store today sees and trusts my payment, and tomorrow it will no longer be in the longest chain, although the goods could easily have already been shipped to me. In addition, the one who has the right to create a valid chain of trust can introduce censorship: not allowing certain purses to appear in it. It may not include transactions for which the minimum fee was not paid. All this is not prohibited by the protocol.
The one who has more than half of the computing resources concentrated turns the system into a centralized one. He can cancel accounts (without letting transactions appear from them), he can demand a commission - in general, there is everything that modern banks are so bad about.
Bitcoin ideas could work if computing resources were really heavily distributed among users. However, we know that on simple CPUs it is useless to try to do mining, even the GPU is less and less an option. Build huge mining data centers. That is, the further, the more and more computing power migrates to small centers. The ghash.io network has already exceeded the 51% threshold.
There are other electronic payment implementations where the SHA256 hash function from Bitcoin is being replaced with algorithms — also memory-intensive to reduce the gap between cheap ASIC mining chips and expensive but inefficient CPUs. All this revolves around the idea of ​​proof of work and therefore it is only a postponement of the inevitable centralization of computing resources. Proof of work is known for a long time, since the appearance of spam in e-mail. And over the decades, people had to realize that this is not a means of preventing the emergence of spam (alternative transaction chains in the context of Bitcoin), but only a tool for reducing it. It is completely impossible to eliminate spam: then the entry threshold, the number of required resources grows so much that mere mortals will not be able to use the system and again everything will come to small, huge, powerful service providers. In the context of money, they can be called the most ordinary banks, those who have a developed expensive infrastructure. Money makes the richest.
When it comes to the security of money, when it comes to transactions in the millions or billions of conventional units, then there’s no hope that no one will replace the longest chain of Bitcoin transaction blocks. Nobody will take such a risk. Therefore, the proof of work as a whole is not applicable to work with money, except perhaps only when it comes to small things (micropayments), where the risk is not so terrible.
Thus, already at the moment Bitcoin is a centralized system.
If money or ordinary banking transactions are safe, then Bitcoin does not talk about this: the chain can be changed. People who have sold something for a large amount will be extremely disappointed tomorrow, not seeing the paid amount in their wallet (as the transaction for their public key is in a different chain that is not trusted).
If anonymity implies the ability to instantly say that such and such a user (or rather, such and such a public key) is Vasily Pupkin from such and such a home, then Bitcoin is anonymous in this context, unlike bank transactions generated by credit cards. But absolutely the whole purchase history, the entire history of any monetary movements of the user is forever fixed in the chain of blocks. There is always a trivial opportunity to say that this purchase was made by the person who once bought this and that.
Nobody forbids having multiple wallets, generally making one or two transactions per wallet, but if we are talking about using money associated with the outside world, material, then the user will already be forced to give some additional information about himself. Indeed, it is possible to guarantee for years that no information will leak in transactions, but it is enough to make one contact with the outside world - and someone will already know something deanonimizing about you, automatically attaching this information to all your previous history of money transfers. Preventing the leakage of any data about you almost completely limits the applicability of Bitcoin in reality. The store may not send you the goods - how will you contact them and try to return the money? How to pick up the goods? Only by de-anonymizing yourself. Moreover, cash deanonymizes you within a single transaction (the shop sees that it received 20 rubles from me for the purchase of bread, that's all), while Bitcoin de-anonymizes the whole story.
Offline payments in Bitcoin do not. Moreover: they cannot even be made quickly, since to confirm a transaction it is necessary that it be in several blocks of the longest chain (although the fact of the appearance of a transaction is quickly visible). In the case of payment of any small things (well, there is a sandwich), you can take a risk, and even if the transaction does not turn out to be valid - the loss is not great. That is, again, in practice, only micropayments.
| Cash | Bank cards | Paypal | Bitcoin | schneiercash | |
|---|---|---|---|---|---|
| Decentralized | Not | Not | Not | Not | Not |
| Independence from physical conditions | Not | Not | Yes | Yes | Yes |
| Security | Yes | Yes | Yes | Not | Yes |
| Anonymity | Yes | Not | Not | Not | Yes |
| Offline payments | Yes | Yes | Not | Not | Yes |
| Transferring money to users | Yes | Not | Not | Not | Not |
| Splitting up | Not | Yes | Yes | Yes | Not |
This table assumes that bank cards are chip cards and offline payments can be made with them. PayPal is simply a web interface with which you can somehow manage cash flow, it can be your bank’s web interface. By schneiercash is meant an example of creating an anonymous e-currency described in Bruce Schneier ’s Applied Cryptography . About this currency will be written below.
Finished designs for anonymous (indeed, and not narrow, practically not applicable in life, the context of Bitcoin) and secure electronic money, such as schneiercash, were already created in the 80s. Many cryptographers dealt with cryptocurrency issues, but none were able to come up with a decentralized solution. Anonymous, safe, offline and other things were invented (by the way, there is a rather complicated mathematics and implementation), everyone knows about the proof of work, but only Satoshi Nakamoto could make decentralized cryptocurrency using trivial engineering knowledge (any software engineer is able from scratch to get to the idea of ​​a chain of transactions related to time hashes with proof of work)? Of course, this cannot be so. If the media and even some states recommend developing this system, advising to support it, this is guaranteed to be beneficial for someone. If the system were honest, anonymous, secure, decent, decentralized, then it is not profitable for anyone to waste time on the media advertising about it. This was already clear before the network computing resources were concentrated in the same data centers.
Another obvious fact: no state in their right mind would allow an anonymous monetary system to develop. The state will do everything so as not to lose its power, which rests on the army and the economy, rather, entirely on the economy, its control. Anonymous systems are the inability to control and even track and monitor transactions. David Chaum created companies embodying his achievements, but they were all crushed and closed. About the ability of people to unite around a good idea that they cannot be broken, they have the Internet in their hands and so on - all this is utopia, nothing more. If states have nothing against Bitcoin, then they can control it, it means that it is not anonymous, not censored. The fact that Bitcoin is prohibited, for example, in Russia, is certainly reasonable, so why allow sponsoring of third-party unfriendly countries?
Bitcoin currently has a couple of advantages over the same online payment systems, such as PayPal: no mandatory expensive commissions (just for now); no fuss with the banking bureaucracy, the binding of cards, bills, their service. That is, it can be considered as a more convenient alternative from the point of view of the interface.
schneiercash
Gradually consider how to make a system of electronic money.
The first approach to the projectile is simple: there is a bank, the public key of which is known to all. Users have accounts in it. Before buying in the store, the user makes a request to the bank for a certain amount. The bank checks whether there is such an amount on the account, deducts it, signs with its private key the value of this amount, this check. Technically, it really could just be a text file with “100.56” and a signature. This file / check is sent to the user. The user sends this signed check to the store. The shop is convinced, using the public key of the bank, that the signature, respectively, and the check, are valid and releases the goods. This store can send the store at any convenient time to the bank, and the latter, having verified the signature, will increase the value of the cash account of the store.
Of course, the main problem here is that the check / file can be copied and reused. This problem can be solved by adding a unique identifier to each check by the user and storing the identifiers of the checks used in the database of the bank. We get security.
However, the bank, at the time of signing the check, sees its identifier and can remember it and associate it with the user. That is, there is no anonymity. David Chaum solved this problem by inventing so-called blind signatures . In the RSA asymmetric encryption algorithm, you can apply a masking function to the data before signing it. The peculiarity of this function is that after unmasking the data, the signature still remains valid. This can be compared with an envelope from tracing paper: you can put a check (a masking operation) inside it, leave a signature on the envelope itself (we don’t see the contents), then take the check out of the envelope (demasking) and it will have a valid signature.
Needless to say, the bank will not sign what is completely unknown. Therefore, in order to receive a signed disguised check from a bank, for example, in the amount of $ 100. we do the following:
- We create a thousand requests for the withdrawal of “100”, each of which has its own unique identifier, a random number. We mask each request (put it in an envelope). And we send them all to the bank;
- The bank randomly chooses 999 requests in disguise and asks us to give it a unmasking value for them. We provide this information and the bank unmasks these requests, opens the envelope;
- The bank makes sure that absolutely all 999 requests indicate the same number and check identifiers are different. Checks if this money is in our account. Signs on the only remaining masked request and sends it to us;
- We unmask the request and get in our hands a valid signed check identifier that no one has ever seen;
- Then this check, as before, is sent to the store, that bank, the bank checks the signature, enters the identifier in the database (to check that such a check has not been used once) and increases the account of the store.
In this case, the bank does not know that the store received the check from us, since he never saw his identifier anywhere, because he signed a disguised envelope. In our case, we have one chance in a thousand to deceive the bank: hope that he will not choose one single envelope in which there may be a large differing amount. If the bank fears this probability, then you can ask for at least a million envelopes: you can take this risk. In any case, if a client is noticed for trying to cheat, he will not be happy.
We get anonymity valid. The bank can detect the fact of an attempt to deceive him: either the user has sent a check twice, or a shop. The bank does not know who tried to do it, but it is necessary to punish. To find out which of the two is at fault, let’s complicate the protocol: when the store accepted a check from the user and checked the bank signature, he asks the user to leave a random string on his check. This check with a random string is sent to the bank, where it stores it along with the check ID in its database. It is assumed that the store / seller is not able to replace this line (if you take an analogy from the material world, then, for example, this is paper with squares cut out that you can pierce - you can’t put it back into place). When checking the availability of a check identifier in the database, the bank also looks at the saved random line: if it coincides when trying to double use the check, then the store is to blame, and if it is different, then the buyer is to blame.
If the user is to blame, then he still remains anonymous for the bank. If it were possible to de-anonymize it at the time of attempting to double-use a check, but not in regular, honest cases, this would make it possible to make already offline payments, as it happens with chip bank cards: if the user tried to deceive the cash register and took advantage of the fact that if he had no connection with the bank, the bank would still later find out who it was from the cash register transaction log and the user would be punished. No need to instantly "take" on the spot.
This can be done using such cryptography techniques as secret splitting and bit commitment. Continue to complicate the current protocol:
- To each check, before requesting its signature, adds N identification lines. Identification string is name, account number, place of residence: in general, deanonymizing information required by the bank. Each of the N identification lines is divided into two parts so that you can get its original only by combining these and only these two parts. For example, we have an identification string 40 bytes long. We generate a random string (noise) of the same length and apply XOR to this string and the identification string. At the output we also get a random line. This is akin to a one-time cipher block and it is proved that only with these two halves (random string and result after XOR) can we get the original;
- Each half of the identification lines is encrypted by the user with different symmetric keys;
- As a result, the bank is sent 1000 disguised envelopes in which, in addition to the amount, the check identifier, also contains N encrypted pairs of identification lines;
- After unmasking the 999 envelopes, the bank also asks the user to provide a decryption key for each half of all identification lines and makes sure that they are all equal and that they contain all the information the bank needs (at least just some kind of user ID). At the same time, the bank also automatically makes sure that the user is really correctly encrypted and halved all these lines;
- The bank signs the remaining envelope, gives it to the user, he unmasks it, sends it to the seller. The user can no longer replace the identification string, as this will make the bank signature invalid;
- The seller, after verifying the bank's signature, writing a random string, also asks him to provide N decryption keys for the right or left side (randomly) of each string;
- The user provides the decryption keys and the seller along with the check also sends them to the bank, which will save them along with the check ID and the random string written in it from the user.
The decryption key reveals only one of the parts of each line of the identifier and the bank is unable to receive its original. However, if the check is reused, then, since the seller randomly chooses which of the parts of each of the lines to open, the probability that the decryption key of any of the lines will be requested for the missing half is maximum.The decrypted half of at least one line (with a sufficiently large N) will already be in the database of the bank and when reused, the second one is also decrypted, making it possible to combine them (XOR) and get the original identification string. The bank will know which user specifically tried to use the check twice.
This anonymous, secure, with the ability to work offline and identifying who tried to cheat the bank, the protocol is already quite complicated. But it still does not give the opportunity to split money (checks are atomic and you have to make a request to the bank to replenish the account, and request two separate checks for smaller required amounts) and send directly to users, bypassing communication with the bank (that is, the user will have to play the role of seller must replenish your account). There are much more complex implementations that solve these remaining problems ... except for the unsolved problem of decentralization.
Source: https://habr.com/ru/post/248851/
All Articles