Hi folks, I’m one of the contributors at Kong — https://kong.cash/. Kong is a physical cryptocurrency that looks, feels and works like traditional cash. You can think of it as an ultra-secure, time locked cryptocurrency wallet with a fixed face value — no one can access the token except for the holder of the note after a period of several years. It consists of a secure element and NFC chips mounted on a flexible PCB with a full color print. There are several gold elements that also serve as direct i2c interfaces to challenge the secure element’s authenticity by signing information with its private key.
Kong is based on two primary observations; (1) it’s really difficult to use and secure cryptocurrency for most people and (2) cryptocurrency has been useful as a means of speculation, but poor for actually buying goods and services. It’s our hypothesis that by making cryptocurrency more like cash it may be possible that people ultimately use it as a means of exchange.
Our background is in secure embedded hardware (Lockitron, YC S09); over the past year we did a deep dive to really consider how cryptocurrency key material is handled today. We found that cryptocurrency has a unique challenge and corresponding opportunity; unlike IoT products where the cost of a breach might be difficult to quantify, breaking a hardware wallet can yield clear rewards to the hacker.
We developed Kong around the notion that security should be isolated to the smallest possible footprint — in the case of Kong, to an individual single purpose secure element chip. Doing so removes additional layers of firmware and software in order to limit the attack surface (it also broadly questions how good are our existing secure chips today).
This doesn't make any sense. Can only preordained organizations print the notes? Then we’re back to centralized cash. Can anyone print the notes? Then they can also print duplicates. Do we verify electronically when we transact to prevent that? Then we're back to electronic transactions.
What am I missing? How is this not fatally flawed?
Today, Kong's printing is centralized to the Kong project (similar to a premine) because we cannot guarantee that someone else will use a secure element which conforms to section 2 of the paper (which would preclude the creation of duplicates). If anyone else wants to print Kong, and we can verify they source a secure element conforming to section 2 of the paper, then we'll share "printing rights" with them. The Kong recurring lockdrop, section 4.2, is outside of our control and open to anyone.
We start to explore how someone could participate in printing Kong freely, without our influence, in section 5.1 but there are massive unsolved challenges to tackle here.
There is a significant distinction between verifying a note electronically and conducting an electronic transaction. The former can be done in an offline fashion; the latter cannot and, in the case of credit card networks, Ethereum and, Bitcoin, incurs a fee.
Is this not strictly worse than cash, then? It’s still a centralized physical currency, but instead of a government with checks and balances that is ostensibly accountable to its citizens, Kong is controlled by an opaque organization accountable to nobody.
After reading the paper, I’m still not exactly sure how the lockdrop works. Could you elaborate on it?
As for verifying transactions offline, I’m skeptical of how useful that is. If you can lock down printing, the supply of fake or duplicate Kong should be low anyway. If you decentralize printing (or a lot of counterfeit/duplicate Kong gets introduced into the market some other way) then offline verification seems insufficient. What’s to stop me from printing and spending two copies of a note if I know the other parties won’t veriify the transaction online until much later?
We can only print Kong; we cannot remove it from circulation. We're limited in the total amount of Kong we can print.
We likely will need to have another document detailing how the lock drop works. The short version is that you lock up Ethereum in a smart contract for between 30 and 365 days; when you prove that fact to a given Kong lock drop contract instance you receive Kong token (at the end of the period).
> If you decentralize printing (or a lot of counterfeit/duplicate Kong gets introduced into the market some other way) then offline verification seems insufficient. What’s to stop me from printing and spending two copies of a note if I know the other parties won’t certify the transaction online until much later?
Here's how I see offline verification working:
(1) I sync up directly with an Ethereum node and cache all the Kong note smart contracts (ideally my own would be the most trustworthy). Most importantly this contains the public key for each Kong note known at the time and the token associated with that note
(2) I accept any notes that I can electronically verify from that cache. That's done by challenging the note to sign a message and verifying the response.
(3) I don't accept any notes not in my cache. The downside is that I can't accept very new notes, but we suspect that if we continue to produce Kong that we'll do so in large batches infrequently.
> We can only print Kong; we cannot remove it from circulation.
This isn't strictly true; you can buy notes from people.
> We likely will need to have another document detailing how the lock drop works. The short version is that you lock up Ethereum in a smart contract for between 30 and 365 days; when you prove that fact to a given Kong lock drop contract instance you receive Kong token (at the end of the period).
It sounds like the basic idea is that you "preorder" Kong with Ethereum, and then you visit a physical location (the "contract instance") to receive your cash ("Kong token"). If my understanding is correct, then this isn't outside of your control at all — you (or the "contract instance") can simply refuse to issue the cash.
Re: verification, here's my issue:
> Most importantly this contains the public key for each Kong note known at the time and the token associated with that note
What if someone counterfeits Kong not by wholesale faking currency, but by duplicating valid notes in circulation? The public key would be the same, so they would both pass offline verification.
> This isn't strictly true; you can buy notes from people.
Haha, sure.
> It sounds like the basic idea is that you "preorder" Kong with Ethereum, and then you visit a physical location (the "contract instance") to receive your cash ("Kong token"). If my understanding is correct, then this isn't outside of your control at all — you (or the "contract instance") can simply refuse to issue the cash.
Nope, it's in a smart contract that can be deployed into perpetuity.
> What if someone counterfeits Kong not by wholesale faking currency, but by duplicating valid notes in circulation? The public key would be the same, so they would both pass offline verification.
Section 2 in the paper explains how difficult this would be do. You need to duplicate the private key from a secure chip designed not to reveal the private key.
> Nope, it's in a smart contract that can be deployed into perpetuity.
But I would be receiving a physical object, correct? Which means one of the following must happen:
- you give me notes in a manner that is not controlled by you (e.g. in the mail) assuming I'll fulfill the contract in good faith
- you give me notes in a manner that is controlled by you (e.g. at a bank-like location) to prevent theft
- we introduce an oracle (i.e. centralization in a third party)
> You need to duplicate the private key from a secure chip designed not to reveal the private key.
Yeah, this is an example of a problem that becomes much more likely if you share "printing rights".
Ultimately, I remain unconvinced — this is as proposed today a centralized currency that is almost strictly worse than a government currency, with the possibility of new drawbacks were printing ever to become decentralized.
> But I would be receiving a physical object, correct?
Incorrect. The lockdrop is for completely virtual Kong token.
> Yeah, this is an example of a problem that becomes much more likely if you share "printing rights".
Correct, as elucidated above. Likewise each Kong self generates its own private key by design, as outlined in section 2 of the paper. By design, the key is non-extractable.
> Ultimately, I remain unconvinced — this is as proposed today a centralized currency that is almost strictly worse than a government currency
We can't inflate Kong infinitely unlike every other paper fiat currency. We can only print Kong for four years. After that the only digital Kong produced is via lockdrop.
> We can't inflate Kong infinitely unlike every other paper fiat currency. We can only print Kong for four years. After that the only digital Kong produced is via lockdrop.
So what? As soon as you share printing rights the other party can. So can anyone else who has the private key. Not even by minting new Kong but by physically duplicating existing Kong. That's a much bigger problem than a well controlled 2% rate of inflation.
It's a zero coupon bearer bond, that's all. With some very elaborate anti forgery. Nothing wrong with an organization printing bonds, it's just that these aren't a debt but represent locked up economically inactive etherum.
There's a distinction that Kong is not payable on demand, until after expiry, but I'm not sure it's a useful distinction. Unlike a conventional bond, there isn't a question of default by the issuer; the Etherium is locked up in a smart contract, rather than relying on the issuer honouring the bond at maturation.
Rarely do users of cash care about the property of it being payable on demand by the issuer (conventionally a central bank), only the property that it be practical for physical commerce.
Here the risk is that the note becomes physically damaged in some trivial way and the value is lost forever. Maybe it's bent too far over in one direction, maybe something heavy falls on it, etc, etc.
That physical cash can become damaged is nothing new. Maybe this implementation could be easily damaged in some way, I don't think this threatens the concept of silicon cash generally.
The notes are more durable than linen currency and less durable than polymer currency. We found this to be an acceptable tradeoff. Most of the note can be destroyed but the funds still claimable. There is an envelope of durability properties associated with physical cash - Kong fits within most of these. Of course there is opportunity for improvement which we hope to address in future versions.
I'm not sure what you're making that assertion on the basis of. The note has redundant electrical connectors. You could melt the bulk of the note down and still claim the Etherium from the secure element. Hypothetically you could have redundant SEs.
A user accepting these "verifies" them by assuming that two properties hold if they connect over NFC or via pogo pins to the "gold elements", send a challenge over this connection, and receive in response the challenge signed with a public key associated with locked Kong tokens.
1. the relevant private key is known to only a Kong note's secure element. this is (hopefully) enforced by the secure element's, uh, security, and by the issuer.
2. the relevant private key is known to the secure element on the specific physical Kong note the user has been given.
2 is unenforced in your current design, from what I can see. A crafted note can relay all communication to the secure element of another note (e.g. over low-power RF from a single-use battery or small ultracapacitor).
better, a "dead" Kong note which performs no NFC communication can be given to a merchant; then, a high-power NFC transceiver can be used to pretend to be the note wirelessly (from a handful of meters away, but in a lot of situations that's more than enough). Of course, this one only works if the verifier is using NFC, but... This one is particularly nasty because it's relatively straightforwards to "weaponise" - imagine buying a "kit" off AliExpress which contains fifty dead notes, a ProxMark, and an amplified antenna. Then, in any situation where you're close enough to the person who'll be verifying your notes... just give them a dead one and relay communications. Verification passes, but what the merchant ends up putting in their cash drawer is worthless.
This specific man in the middle attack is risky in that it requires very close range, face to face interaction with your target, a fairly unreliable chance of success, and may only work on one of the four validation mechanisms. If effective the money is unlikely to propagate much further as the next user will fail to validate.
You could fix 2 by having a verifier that puts the note in a Faraday cage. While that's more work than just scanning with your phone it could still be cheap and worth it if you were receiving a lot of notes.
Is it more risky than getting a fake cash from someone? Is it difficult to validate NFC with say...your phone (make sure the NFC signal changes when you bring it close to your phone)?
For 2) I get the part about relaying communication but regardless of that, what makes you think any sort of communication will cause it to output the private key?
As far as high powered NFC, I am not sure that would work to begin with (someone who knows radio explained it to me but I cannot recall) but even if it did how is it different than existing mobile phone NFC payment?
You also gotta keep in mind,this is in-person. If someone defrauds you, they face several risks including law enforcement,legal,phsyical altercation(violence) and more.
Better would be nice but I can live with "as good as cash" or "as good as mobile nfc payment" when it comes to security.
Are there any solutions to the relay attack you describe?
Perhaps by having the secure element "lock" and "unlock" each time the note changes hands, so that an attacker who uses a a relay will still have his note locked in a way that makes it useless unless he gives it to the recipient to unlock?
I'll try to sum it up: Kong notes are electronic devices which allow whoever has access to them to use a smart contract which after a given date can retrieve a given amount of cryptocurrency. They hold a key which allows them to operate on this smart contract, but don't reveal it, and are designed to be physically impractical to tamper with (https://en.wikipedia.org/wiki/Secure_cryptoprocessor).
So if you use a 500 Kong note to someone for a 10 Kong item, they will have to make 490 Kong in change. 4x 100 Kong notes, 1x 50 Kong note and 2x 20 Kong notes...etc.
How do you expect to get this into the market? And what market do you expect to get this into?
Cash has an inherent agreement as to locality. When I'm in Australia, I use Australian dollars, when in the US, they have US dollars.
Though you may be solving this problem, I can use Kong everywhere, you need to somehow seed the market. How do you see that happening?
As you state, crypto is mostly a store of value atm. The benefit of not having physical crypto is that, in theory, I can trade my crypto for goods anywhere in the world. How will having a physical currency solve for this?
I went to my corner store at about 10:30 a few weeks ago to pick up a late dinner. I took out cash to pay, and the guy behind the register had already entered my purchase into his FPOS (credit card) machine. He looked at me and said "wow...old school. First time I've seen cash all day". You clearly feel that you are not fighting against a dying mode of payment, what makes you believe that? Or is there a piece I am missing?
I use almost exclusively cash and never get that response. Usually a smile as I sail out of the cashiers way faster than our abrtion of a chip+pin system customers possibly could. What part of the world are you in?
Pay with a card at a busy bar in the UK 15 years ago and everyone would sigh as the barman reached for the card terminal, did his thing, waited for you to type in your pin, etc etc. Paying with cash was far quicker.
Pay with cash at a bar now and everyone will sigh as the barman counts it up, puts it in the till etc etc. Contactless is so fast, the barman will be pouring the next drinks while you're tapping the machine.
Also anecdotally, many London cafes/restaurants are entirely card payments now. They just don't do cash.
People are allowed to refuse cash for goods and services whenever they want for pretty much any reason other than discriminating against a protected class of people, including not wanting to handle cash as a form of payment. Amongst other things, this allows ecommerce to exist.
The legal tender laws just mean that if you offer a sufficient quantity of legal tender in settlement of debt, your debt is discharged and they can't sue you for non-payment. This ensures cash has value, and means that most shops will take most forms of cash, even if it means queueing up for counter service because the kiosks are card only
Legal tender is only required to be accepted for debts already incurred.
For instance, if you are at the bar and they pour you 3 drinks then ask for payment, they have to take your cash.
On the other hand if you are at the bar and, ask for a drink, and they say that'll be $10, they are not required to take your cash (the debt has yet to be incurred) and are also of course not required to provide you that drink if you pull out a $10 bill.
Much of the world has contactless payment (no pin, no physical card insertion).
It is more or less instant. Common in .au, .nz at least.
I'm actually noticing some cultural changes as a result of this, cash is starting to seem "dirty" since you often have to touch other people's hands to exchange it.
Not OP, but I can vouch that this is a common occurrence now in Australia. Contactless payment is now so ubiquitous, when you go to pay with cash it's often received with surprise. The vendor has indeed already readied the EFTPOS machine for your payment, and has to cancel that and put the transaction through as cash.
Only last year I always carried cash. I like cash. Now, I have a $10 note in my wallet and I can't even remember where it came from. I've stopped actually carrying my wallet, thanks to Apple Pay on my watch.
(I live in a major metropolitan area. It might be different elsewhere.)
I love this. I have been wanting something like this for a while. Personally, I desired a coin instead of a bill. 2-3CM thick coin made with material good for radio security and longevity would be neat. A phsyical 'coin'. Any plans for something like that? Any reasoning against it?
Kong is very new. Only a few thousand are out there. Frustratingly, or perhaps amusingly, it doesn't yet have an agreed upon value. I don't think it's appropriate for us to set one.
Uh, well, then how do you know what denominations to print? What if the exchange rate ends up by 10,000 Kong per dollar? Are you going to issue Zimbabwe-style bills? What about as the exchange rate fluctuates wildly?
I don't get it. Is it some sort of concept art? What's the point?
Sure, it can be used as money (assuming what authors say is correct). Virtually any physical items that are hard to fake can be used as money, as long as people believe it's worth something. And if we are okay with complicated and rather expensive manufacturing process (since Kong isn't something you find in the forest), it really is a non-problem to create a new "government-independent currency", print it and sell it. Nobody really gives a fuck about that, because money is worthless unless you can spend it. And as long as Costco doesn't accept Kong (or any other made-up currency), it would be hard for you to spend
it on anything other than unique hand-crafted chairs or cocaine. And it would be hard for them to start accepting Kong notes, while being a government-compliant entity that pays taxes, as every physical bill they get must be accounted for and put into a cashier machine.
And, by the way, since every Kong bill is unique, it isn't any more anonymous than dollar bills: i.e. pretty much anonymous as long as they change hands without touching real cashier machines or ATMs, which, as it happens, is not so long, because people don't generally exchange unique hand-crafted chairs for cocaine, they buy/sell it, then go to Costco to get some more conventional goods or services.
Kong has the useful property of peer-to-peer validation. Most paper currencies printed in your basement don't.
Tokens loaded onto Kong Cash instruments and exchanged ephemerally in person between party A and party B are more anonymous than tokens sent directly from party A to party B electronically which will be recorded for everyone to see forever.
It's programmable money. It's cooler than non-programmable money. We're putting it out there as a toy.
If you're handing off physically then just use cash. How is this any better?
The exit to real currency will always reveal Kong transactions at some point. Real cash is more anonymous because it's seamlessly transacted everywhere.
So is crypto. The centralisation is in the algorithm that enforces scarcity as you mine more of the currency, slowing down the creation of new coins and the speed of verifying transactions. The only difference is that it isn’t a government or federal reserve doing the centralising.
Then a company like Coinbase shows up and uses their resources to dominate the market as the de-facto app change. Centralised again.
Crypto is just as abstract as the currency we currently use so only functions as legit currency because people are willing to buy and sell it from one side of the world to the other. Bitcoin for example has a single valuation, despite being decentralised.
If you want true decentralisation then you’re looking at the pre-currency barter economy.
I don't buy the argument that it's "turtles all the way down". Trust begins and ends at the chip level. I think its possible to make an open root of trust chip better than any solution on the market available today. I think the chips available on the market today are good enough for this specific application but not others.
The point of this I thought is to unify the virtual system with a physical product, in the pretty cash. So it isn’t just the chip now, is it? Otherwise why not just... use a hardware wallet and use bitcoin ?
I do agree that people can’t picture or visualize in their mind a “bitcoin”, and so this solves that part. But then you’re left with the, how do people print this tangible pretty currency part.
The point is physical cash is really important to a functioning society.
Cryptocurrencies are turning out to be really important but lack a physical cash instrument.
Kong marries the two.
Kong accomplishes that by minimizing trust down to the chip level - as opposed to the firmware or application level - so we can make these things trustlessly and cost effectively. Something like a Trezor is too expensive and dear to be treated like physical cash.
Whereas your crypto transactions are literally published on a digital distributed ledger for all to see including those self same companies. I thought the transparent, digital, decentralized public ledger was the big reason to use it?
Further, I'd suggest you read up on NFC and tokenization, it's not true that the companies in question actually do get access to that information unless they have separate-from-the-technology arrangements with payment processors.
In either case I'd rather be tracked than bankrupt.
"Less cash but not cashless" is the motto of those northern european countries.
Both the UK and the Netherlands for instance have issue reports[1][2] to ensure cash does not go away as it serves a vital purpose for protected classes.
Somehow I don’t think people buying stuff with dollar bills mind that dollars are “centralised”. In fact I’d venture that this is exactly why dollar bills are accepted in so many places around the world.
Not that Kong isn’t centralised. It’s just that it’s controlled by unknown nobodies, rather than the most powerful entity in the world.
I'm not sure. Feels like opening Pandora's Box. Historically, taking big centralized things (like the Internet) and letting smaller players participate has interesting results. By taking a technology like printing currency, and innovating in the security domain so non-counterfitability is cryptographically guaranteed I would expect a cambrian explosion in cash-like instruments.
So this is primarily physically currency that is hard to counterfeit? Cash (in the US) already has billions of R&D in defenses to the point that most people will never see it, and centralization ensures that cash is always accepted.
I just don't see why people would switch to something to ensure 100% real bills and lose all the other benefits of cash. How is there going to be a cambrian explosion with an issue that affects almost no one?
This is primarily a demonstration of how cash instruments can be decentrally issued.
Secondarily, it demonstrates how we can move validation from physical properties of cash instruments (such as fine printing and exotic inks) to cryptographic properties.
We believe the latter to be superior and a path to ratchet down the cost overheads that go into securing cash issuance and payment channels.
Maybe kind of a valid point, but... I don't know, maybe that varies from place to place a lot, but fake money doesn't feel like a huge problem around here. I mean, unless I am a tax-paying entity with a cashier machine, I don't even really care if a bill is fake or not: it is not fake, if somebody else accepts it. And I'm pretty sure somebody will, if I accepted it after looking at it. It doesn't only concern how bill was actually printed: it happened more than once that I had to worry about a bill because of its condition (tears, dirt, etc.)
> more anonymous than tokens sent directly
Yeah, as much as dollar bills are. That's why Monero is better than Ethereum, BTW.
I see so many people here frustrated with the fact that the creators are giving nonsense answers. It's important to remember that this is a money-making scam. Asking them how their technology provides any value to users is like asking a Nigerian prince about the philosophy behind constitutional monarchies.
Usually I would agree with you but this is an intriguing concept. They explicitly state in the white paper that this is an experiment, so treat it as such. All I’m hearing is a lot of “contempt prior to investigation”.
I agree that it is an intriguing concept. But at the same time they seem to be ready to sell Kong for $$$. And they don't explain why there are three tiers of rarity to the cash - shouldn't 500 KONG == 500 KONG all the time every time? Seems like a mechanic to raise more money, just like 'rare' cosmetic items in video games.
The "tiers" are just bundle names. We could have been super dry but decided to make it more like collectable cards packs; our expectation is that most people will buy Kong since it looks cool (that's totally fine with us). Our margin on Kong is typical of other startup hardware projects; not great. We're not raking in cash from a digital token sale.
We've made a physical product, we'll sell it to cover the costs of doing so.
I agree that they do look cool. They remind me of euro notes but turned up a notch or two.
But I'm wondering what made you decide to go with the generic greek bust heads? Missed opportunity to depict some cryptography and computer pioneers imo.
Some of the design elements are skeuomorphic throwbacks to traditional currencies.
One design pattern among currencies is "person on front, place on back" - we didn't want Kong to be too geographically local so we picked the planets (Mercury, Venus, Mars, Luna, etc) for the places and the associated Roman pantheon. Romans used currency while Greeks famously didn't. (Lydians aside.)
Yeah see “startup” is the problem word there. That implies you have a product. You have a cool hobby project, but there’s no use case.
I’m so curious why people think (and it’s certainly not just you, I see this attitude all over) that it is possible to run a business without providing value to customers.
You think? If someone is paying them money for the manufacturing of goods, then regardless of the value and utility of those goods, I’d say they have a business.
This seems incredibly disingenuous. Unless the founders have a history of fraud, your comment is way out of line.
And yea it is cool, this overriding principle defies any predefined business model or use case. Novel things come from
new things not incremental improvements like “Apple Pay”. Which those are explicable money making scams and schemes to control people’s banking info and insert yet another middle man to profit off the mere act of transacting.
IMO this breaks the entire security model of cryptocurrency. If these bills are intended to be spent hand-to-hand in meatspace without cryptographic validation on a computer, then it is no longer a cryptocurrency. It is another paper currency like the U.S. Treasury's.
The innovation of Bitcoin was money as a purely digital artifact that cannot be double spent. As a merchant accepting Kong bucks, I have no idea how many duplicates of a particular Kong note there could be out there. I could find myself in a race between many other people to move the Ether out of that private key. To rely on embedded chips and watermarks to prevent counterfeiting and double-spending seems like a huge step backward, like you're trying to make a better $100 Benjamin instead of a better cryptocurrency.
I get the idea of quick, zero-fee transactions. But there needs to be some finality or pseudo-finality. The Lightning Network uses a similar model as yours, but it has collateral. Analogously, in the way Lightning solved this problem, the merchant has 5 actual Ether on file for a customer that the customer sacrifices if they ever double spend a Kong buck at the store.
The bills are intended to be spent hand-to-hand in meatspace with cryptographic validation. See section 2.1 [1]
The innovation of Bitcoin was decentralized electronic peer-to-peer cash. Kong does not remove any of those elements and makes the overhead of the peer-to-peer bit easier.
Physical cash is still the dominant form of payment. The advancement here is figuring out how to issue physical cash without needing a central entity.
I like Bitcoin but it is anti-privacy by specification. For small transactions I prefer cash. I would like the best of both.
> The bills are intended to be spent hand-to-hand in meatspace with cryptographic validation. See section 2.1 [1]
When I accept a physical note, do bits move on the Ethereum blockchain? If not, how do I know that it's really mine?
This reminds me of when people sold Bitcoin private keys ("paper wallets") on eBay. I've heard some people do OTC trades by swapping private keys when they don't want the transaction recorded, but I assume these people know each other well. You save money on miner fees and gain some privacy, but you sacrifice trustlessness.
Nothing is moved on chain when the bills are transferred between parties.
Token is stored in an escrow contract. The self-generated, non-extractable key stored on the note is the only key that can be used to claim funds out of that escrow contract when it matures.
This is basically a smart-contract implementation of how promissory notes issued by goldsmiths (the predecessors to modern cash) worked in the 1600's. A big difference is that every note has its own contract. It's possibly more correct to say every bill owns itself and people transfer those bills.
>The bills are intended to be spent hand-to-hand in meatspace with cryptographic validation.
Then what problem is it solving?
>Physical cash is still the dominant form of payment. The advancement here is figuring out how to issue physical cash without needing a central entity.
It has to be physically manufactured. You're now the entity.
The problem is how to make a sound cash instrument backed by cryptocurrencies. It matters because cash is the dominant form of payment worldwide.
Section 4.1 goes into how to manufacture these so we're not the sole entity. Manufacturers of mining equipment set an...ok...precedent here. I think we can do better in this space which is why we're trying to minimize trust in these black boxes and move to open silicon with ARX - section 5.1. [1]
Isn't that what you want, Macroeconomics 101? Control inflation, interest, growth by creating or limiting the currency floating around your system?
I mean yeah you could roll this out to places that perhaps didn't understand this and/or fucked up real bad like Zimbabwe, but otherwise who cares?
If you can't trust your government so bad that your cash no longer works, you've got bigger problems and whatever system you build via the Internet is probably going to also be blocked and/or the infrastructure will be in tatters.
Some people believe that government control of the money supply is a form of theft. It's certainly a form of indirect taxation (via inflation), and it forces you to rely on the responsibility of your government. Some people believe that eliminating the need to rely on the responsibility of other humans is a terminal good.
I don't know if even sci-fi could imagine 7 billion people not needing to rely on anyone even remotely fathomable.
If you don't want to rely on anyone, become a hermit somewhere in the deep woods.
I guess if your government is a royal family taxing you to line their own pockets that would seem like theft, but otherwise seems hard to believe it could be true, but people will believe anything. The world is complex, the economy is complex, and stopping a country's economy from tumbling out of control with all the internal and external variables is non-trivial.
That's s strange comparison. Wifi <-> cancer is an empirical question. The question I articulated was a values question. They're not really comparable.
Those things arent currencies. And it seems people have solutions to hedge against inflation already. That use case isn't the point.
Point is it being not tied to a state level actor is only useful if you can use it to get out from underneath the control of an oppressive regime by not being beholden to it's financial system.
So far we haven't seen a crypto succeed at that. So... so what if it has that property? Doesn't seem to be useful in practice. In theory yes, but not in practice.
> Those things arent currencies. And it seems people have solutions to hedge against inflation already. That use case isn't the point.
The point is that there is a use-case for decentralized assets.
> Point is it being not tied to a state level actor is only useful if you can use it to get out from underneath the control of an oppressive regime by not being beholden to it's financial system.
Or if you don't want the value of your money inflated away by central bank policy.
> So far we haven't seen a crypto succeed at that. So... so what if it has that property? Doesn't seem to be useful in practice. In theory yes, but not in practice.
Yes, that's true. Although you could argue Bitcoin has succeeded, just not as a currency. It has succeeded as an asset class. But the question of why crypto hasn't succeeded as a currency is what Kong appears to be attempting to solve. Their answer to that question is that it doesn't have some of the nice properties of physical cash, so they made one that does.
I'm not sure I think that this will change much, but I don't think the fact that cryptos haven't displaced national currencies yet is evidence that they don't solve any problems. They do solve important problems, they just create other ones, and those things don't yet balance in their favor.
All of the other mechanisms of hedging inflation have issues. Crypto has issues too, of course, but the important point is that it's issues are different and uncorrelated to traditional inflation hedges. If you can hedge the same risk in more than one way, you should, because it will reduce your overall volatility.
One simple interpretation of Kong is a self-generated, non-extractable private key anchored to a smart contract. Kong is a very simple contract that escrows tokens. One can imagine significantly more complicated contracts.
I've been working in crypto for 10 years (well, the only "crypto" that existed back then was Bitcoin) and I agree with zelly's criticism.
Another simple flaw of Kong is that when I receive a Kong note, someone could have intentionally fried it with, for example, high voltage on the I2C contacts to damage the secure element without leaving any visible defects. So I need to verify each Kong note I receive by reading them over NFC using a smartphone. Not great for usability.
"Another simple flaw of Kong is that when I receive a Kong note, someone could have intentionally fried it with, for example, high voltage on the I2C contacts to damage the secure element without leaving any visible defects."
That would "fry" the secure element chip entirely, thus destroying it precluding anyone from accessing the token in the future (NFC would fail as well).
Right but asking people to verify every single note they receive is a regression in usability. It also makes the notes less reliable to store than a gold coin or a paper note, which can't be damaged by things like water, high-voltage or microwaves.
You could make this same criticism of cash, though. It's not a usability regression, they just both have the same flaw. People pass off counterfeit currency as real all the time.
Sure but cash isn’t affected by water, freezing, bending, pressure, moderate temperatures above whatever the 70C limit is on these ICs, static electricity, ionizing radiation and microwaves.
People don’t pass off counterfeit currency as real all the time either, that’s a false lead. Currently 0.01% of currency is fake and it’s actively sought out and removed from circulation [1]. That’s almost guaranteed way less than Kong bills that will become damaged and destroyed in the most ordinary of ways. We’re extending SFYL to IRL.
> "cash isn’t affected by water, freezing, bending, pressure, moderate temperatures above whatever the 70C limit is on these ICs, static electricity, ionizing radiation and microwaves."
And if your physical banknotes do somehow get damaged e.g. by fire or by being chewed by a pet, there is a decent chance you'll still be able to get them exchanged, because there are government-backed institutions there to help you such as the Bank of England[0] or the US Dept of Treasury Bureau of Engraving and Printing[1].
In the absence of a Central Bank of Kong to perform this function, the Kong people could make their new physical currency more robust by putting their fancy chips and whatnot inside some discs made of a metal that was resistant to corrosion and oxidation and had a very high melting point. Perhaps also using a rare metal with high economic value, preferably with a standardized weight and purity, so it could also better act as a store of value and be more difficult to counterfeit. At that point you could also take out the fancy chips and whatnot in order to improve reliablility, usability etc.
I'm not sure what your point is. The comment I was responding to claimed that verification represented a regression in usability in relation to cash. This is not true, because cash also requires verification. I'm not claiming Kong is better in this regard, simply that it is equivalent.
Cash doesn't really require verification in most cases, if it looks good its probably good, your possession of the notes is almost certainly enough. You're not really looking for anything other than an obvious counterfeit note.
Whereas Kong requires verification because literally anything could have happened to the note that you can't determine through mere visual inspection (all the things I noted). That forces you through the awkward and painful flow of verifying each Kong note via NFC.
>>You're not really looking for anything other than an obvious counterfeit note.
That's not because non-obvious counterfeits are not possible. It's just that not many of them are generated. The same could apply to non-obviously sabotaged Kong: theoretically it's possible to do, but in practice uncommon.
Kong would have the added benefit of not financially rewarding the sabateur the way counterfeiting rewards a counterfeiter.
The risks for a cash bill are just counterfeiting. The risks for a Kong bill are both counterfeiting and failure of the secure element from any of a myriad ways, including thermal, mechanical stress, static, and so on. Those failure modes cannot be detected with the naked eye necessitating much more scrutiny.
It's far more likely your Kong bill just break taking its value with it into the aether than you receiving a counterfeit USD bill.
Kong bills are far harder to counterfeit than cash bills. Counterfeits non-obvious to the naked eye only require producing a convincing plastic film and hologram. Compromising the secure element to extract the private key requires advanced mechano-electronic skills.
Yes but counterfeit bills are very rare but broken Kong bills will be very common.
Counterfeiting a bill requires special technology and evading the police. Breaking a Kong bill requires putting it into a wallet with too aggressive a fold.
> Cash doesn't really require verification in most cases, if it looks good its probably good, your possession of the notes is almost certainly enough. You're not really looking for anything other than an obvious counterfeit note.
Neither would Kong in most cases. Why would you assume that counterfeiting will be anymore common with Kong than it would for cash?
> Whereas Kong requires verification because literally anything could have happened to the note that you can't determine through mere visual inspection (all the things I noted). That forces you through the awkward and painful flow of verifying each Kong note via NFC.
I don't see why verification via NFC would be any more difficult than using one of those counterfeit detector pens.
> Neither would Kong in most cases. Why would you assume that counterfeiting will be anymore common with Kong than it would for cash?
No, I assume that the risk of a counterfeit bill is much much lower than the risk of the IC on a kong bill failing taking the value of the bill with it forever. There's so many more failure modes for a Kong bill than the plastic it's embedded in.
The bills themselves, aside from being counterfeit, cannot fail. Kong bills can be counterfeit too, and also have tens of new failure modes.
That flaw is mostly a non-issue with cash because printing it is difficult. Who prints Kong? I imagine prevalence of counterfeiting is more or less directly proportional to the ease of printing.
> And it is most certainly not 'mostly a non-issue'. Counterfeiting happens all the time.
How often have you had any real-life issues with counterfeit money? How often has anyone you know? How often have you even heard of it happening, relative to how often you see and hear of cash being used? A sibling comment provided a source that said that only 1% of 1% of cash is counterfeit.
> Nobody. Kong is printed algorithmically, like any other cryptocurrency.
What? Notes and coins are a human-made physical items. They’re manufactured by someone.
> How often have you had any real-life issues with counterfeit money? How often has anyone you know? How often have you even heard of it happening, relative to how often you see and hear of cash being used? A sibling comment provided a source that said that only 1% of 1% of cash is counterfeit.
Stores have issues with it all the time. That's why they don't often take large bills. I and my personal acquaintances don't accept a lot of cash in exchange for goods and services.
You think 1% of cash being counterfeit is not a problem? That sounds like a huge problem to me.
> What? Notes and coins are a human-made physical items. They’re manufactured by someone.
Sure, the physical objects are made by someone. But the digital tokens to which they refer are produced algorithmically, and the digital tokens are the source of truth here.
1% of 1% (so .01%). Is refusing large bills an effective countermeasure? If so, then yeah — not really an issue. Our economy somehow grinds along just fine.
> Sure, the physical objects are made by someone. But the digital tokens to which they refer are produced algorithmically, and the digital tokens are the source of truth here.
In what sense? The whole idea here is that I can exchange a physical note to transact with someone.
> 1% of 1% (so .01%). Is refusing large bills an effective countermeasure? If so, then yeah — not really an issue. Our economy somehow grinds along just fine.
So refuse large Kong notes. Why would you assume the economy finds workarounds for cash but not this?
> In what sense? The whole idea here is that I can exchange a physical note to transact with someone.
Ya, and for most transactions you will. If you're suspicious, you can validate the physical devices using your phone. But for simple transactions with a moderate level of trust, you can accept cash. The same way you accept a $20 from a friend without buying a counterfeit detector pen to check it.
Why do you assume only large Kong notes will be easily falsified? The scenario I foresee is if printing notes becomes decentralized, a malicious printer makes any note likely to be duplicated.
Re: finding workarounds, we’re talking about money — we shouldn’t be “testing in production”, so to speak. IMO the government should come down hard on this.
The other thing to consider is the pragmatic aspect. A US bill costs an average of 10.3c to print [1]. A US $1 bill is 2.61 by 6.14 inches (16 square inches). I don't have bulk flex PCB costs on hand, but bulk FR4 rigid is $0.05c/sqin and flex is definitely more. That prices you at minimum $0.80 in PCB. An NFC antenna is a specialized piece of kit that adds cost, tuning, etc. A Dual-Interface NFC/EMV card costs $2. Adding all that flex means we're talking $3.
Now your bills cost over 30X what a traditional bill costs. Since counterfeiting is only 0.01% of US bills, to stop that, you're proposing we pay a 30X premium on the manufacture of those bills?
The treasury prints 38M notes per year, totaling $541M dollars. That's a material cost of $3.9M. If 0.01% of that $541M is counterfeit, that's an additional cost of just $54,000, bringing our total just under $4M. Even if you chose to include "2% inflation" as a cost (and to be clear, you shouldn't) that's still just $10.82M.
To print the same 38M notes in Kong we'd be paying $106M. That means to eliminate $4M in printing and counterfeiting costs we'd have to pay $106M. You're proposing we pay 10-27X as much per year to manage our currency. [2] Not to mention the sheer electricity cost of creating and locking up the value on the Ethereum blockchain. Then, mechanical stress/strain and failure of the secure elements over time takes value out of both the Kong real-world supply and also out of Ethereum, which is already subject to massive breakage.
This is basically why we don't verify signatures on checks. It's cheaper to eat the fraud cost.
If I can't take your space money down to the diner and buy a plate of bacon and eggs with it, then as far as I'm concerned it's not real.
There's a chicken-and-egg problem that I think goes missed or unmentioned by all these crypto startups trying to piecemeal a "solution" to the centralized banking problem: in the monetary system, individuals have absolutely no power, because we're at the bottom of the hierarchy of spending.
Joe Schmoe's dollar has value because he can buy a soda at the diner with it. The diner takes the dollar because they can use it to pay their staff and buy more supplies. The supplier takes the dollar because they can pay their staff and and buy raw materials. And in between every layer, the banks store the excess operating capital and profits.
Decentralized currency can only work if it can occupy every layer at once, across the world. Anything less is just straight out worse than regular money from a usability standpoint, and that's before you mention that now we're all responsible for our own money security.
Yes, people out there have been wronged by the current system, but the average modern human's relationship with money can be essentially summed up as follows:
1. Perform labor
2. Receive paycheck
3. Deposit in bank
4. Purchase food, shelter, and netflix
So what is this kind of pseudo-money-computer-chip-paper for? No matter the fancy technology thats woven into its fibers, if I pay the Kong people for 10 Kongs, how do I, Joe Schmoe, turn 10 Kongs into a pizza? How do I, Jane Pizza-Maker, find a supplier that will sell me tomatoes and flour for 10 Kongs? How do I, Rachel Dough-Maker, find a wheat farm that will accept Kongs?
All of this has to happen simultaneously, because business owners are busy and don't have the time or the energy to incrementally work space money into their cash flow.
Yeah sure, centralized banking has issues. But a bottom-up approach is doomed to failure because we don't live in barter-based villages anymore. Every transaction is part of a hierarchy of money-transfers that extend from the local diner through dozens of entities across the planet and back again. Are you making enough Kongs for all of them?
By that definition, any foreign currency isn't real.
I might suggest an alternate definition: Money is a transferable record of debt valid for a period of time and amongst a network of peers.
Generally we think of money as local to a country and its government. However, one could imagine a 'minimum viable money' that could work in a space as small as a table and with only a handful of people - and for the purposes of a game like Monopoly, while the game is ongoing the money in the game serves a real purpose. From there things get pretty blurry as any World of Warcraft or Eve player will tell you.
If I asked you for $10 and you offered me 10 CHF, I'd probably turn you down, as despite 10 CHF being worth more than $10, it's still effectively worth less to me, as my buying power from 10 CHF is significantly lower than it is with $10. I can't pay my taxes with it, I can't buy dinner with it, I can't pay my rent with it. I can't even store it in my bank, I have to pay to convert it first.
I suspect most people (especially in the USA, given how relatively few people even leave the country compared to other western countries) don't consider foreign currency to be real.
Heck, try spending Scottish Pounds in London (UK) and see what responses you get.
I get where you're coming from, and I do like the idea of a self-contained centralized physical currency powered by whatever kind of tech, but I think the minimum viable money is much, much larger than the scale of your initial announcement/launch seems to indicate you think it is.
The Monopoly example is interesting, because there's enough currency in the box to pick up the entire system and operate it. In that context, the money isn't the point, it's just a tool to operate the Monopoly game-system. Similarly, for us money isn't the point, it's just a tool that powers the human society-system.
I think it's better to frame it in terms of the minimum viable society. Figure out how much system it takes for an arbitrary group of humans to operate a society that is indistinguishable from any given slice of modern life, and then derive how much new money you'll need to make and distribute to make it possible to switch all at once.
Privately owned or rented homes, food purchased from a store, utilities, transportation, entertainment; all the things that being a human in society entails. All of it needs to be present and purchasable with the new money, or else the new money will have to be converted back to traditional fiat, which as many have said defeats the purpose and introduces a boat of security problems.
I like where you all are taking the concept of money, I like the Kong experiment, and I wish there was One Weird Trick to get past the adoption phase and into usefulness, but idk it just seems like all we have are ten thousand interesting experiments.
You are missing the point of crypto in general. It is a trust less fixed inflation and issuance decentralized non government controlled global currency
it is none of these things. The value of cryptocurrency swings wildly, the primary way to interact with it is through exchanges which are ordinary trusted institutions, and they are far from globally useable.
What you are missing is that I need to pay my bills in practice, not in theory. I measure the value of cryptocurrency against what it delivers in practice, not on the white paper of the people who are going to benefit from its adoption.
I have paid numerous things in bitcoin and you can even pay some bills. People do exchange it directly just not in your circles. I'm not saying that adoption is massive yet but you need to differentiate the idea with the current status. Value is in price discovery mode and will be for the foreseeable future but the volatility is going down. Lastly you can argue without down voting different opinions.
I really like the concept of physical electronic cash, but in practice nobody has figured out how to make it work.
There are many attacks to consider. The most obvious is to obtain the private key. If you did so, you could give the note to someone else in an environment lacking network access. This would enable double-spending - the main problem Bitcoin solves.
The attack can range in complexity from breaking into the secure element to physically separating the element from the note. The latter approach was used way back to pull private keys from Casascius coins by dissolving the adhesive on the security sticker.
I suspect not all of these kinds of attacks have been considered by the creators.
If it becomes necessary to verify Kong with a network connection, the main value proposition disappears. That can be done already without a physical note.
We have considered both of those attacks and address them in section 2.2 and 3.2 of the white paper respectively[1]. The short version is the key extraction attacks on this specific hardened chip are more expensive than the value they escrow, and in the event a key was extracted it creates a race condition at the period of claim not during the lifetime of its use - still providing some utility. What Kong does that Casascius didn't is provide guarantees that the minter never saw the private key.
> in the event a key was extracted it creates a race condition at the period of claim not during the lifetime of its use - still providing some utility.
So say the key was extracted, you would not be aware until the "maturity" or whatever time you can claim the real value?
How would one then know and trust that the note I'm holding on to won't be claimed by someone else at the period of claim? As far as I see it my best option would be to try and offload any Kong in my possession as soon as possible for real goods or other currency.
Question: since bills can be either loaded or unloaded (either because they haven't been put in circulation yet, or because they're counterfeit), doesn't that mean that e.g. a vendor taking my Kong who has no trust in me would have to individually check each bill via NFC or i2c to make sure that the contract backing the bill is valid (and the correct amount, etc.)? And that I would have to do the same for all the bills I get back as change? As a completely trustless transaction, this seems like it could be entirely too slow for most applications, without some kind of device to quickly verify multiple bills.
Ideally you should check every Kong note. In reality behavior would probably be similar how bills are verified now; businesses regularly check $100 and $50 notes under backlights and with special pens but don't worry about lower denominations.
A dedicated "Kong scanner" could do this very quickly.
"An additional 7,340,032 Kong was issued to the Kong project for discretionary Kong noteprinting and distribution. The upper bound for Kong token created after five years (the point at which only the recurring lockdrop rewards remain) is roughly 72,700,000 Kong."
So, the promoters of this skimmed off 10% before launch. Or, more like 20% of the first year's production.
Now, if this was set up so that it's denominated in something they don't control, like Etherium or Bitcoin or dollars or euros or yuan, it would be more interesting.
Have you considered how this will fare in the current regulatory environment? European countries banned Libra because they didn't want it to compete with the Euro and the U.S. showed hostility to pre-crypto complementary currencies.
Have you considered licensing the tech to governments to make counterfeit-proof bills?
Some people might not remember the Liberty Dollar[0] from 10-20 years ago. The depository was raided after a few years, the company issuing the currency was shut down, and the owner/proprietor was convicted of illegally minting coins. Kong couldn't be shut down the exact same way - these aren't coins - but I'd be shocked if a similar thing didn't happen were Kong to become as popular as ALD (which, come on, it won't).
Exactly. I’m surprised that this point about the legal ramifications isn’t higher up in the thread.
Things get complicated real fast once you move from peddling virtual to physical currencies. I fail to see how the US wont use the same laws to shut them down the way they did to the liberty dollar.
I understand many people here, and in the world, don't like cash anymore. But there are many others, like me, that still think that physical money gives them a better feeling of their spending. So in my eyes Kong is a really nice take on the cash technology, not to mention it's beautifully executed.
Because "regular cash" requires trust and that trust has been routinely violated by various governments of the world so I would rather have trustless currency instead.
I trust math, science and verified algorithms rather than people or governments.
No amount of math, science, and verified algorithms are going to make someone else value your digital currency... you are still having to trust other people to maintain a somewhat stable value of the asset.
Since this is always going to be true, I am probably going to go with the best bets based on track record... I will use the currencies that have held pretty consistent value over the last 100 years.
So once the time lock or whatever expires, I'm free to extract the value from my Kong and then go double-spend the physical bills in a corner store? In the hypothetical world where people use this, how are they expected to validate every note they receive?
Is there an equivalent to a starch pen like a suspicious cashier might use on a $100 bill today? Or is the process more painful? Does it require the internet? Remembering that many cash transactions happen person-to-person, in places with low or inconvenient connectivity.
The expiration mechanic is how Swiss Francs work and we believe a necessary tradeoff for decentralized cash issuance to work.
Validation can be performed with any smartphone. Notes are issued in blocks so technically if you downloaded the 2019 Kong Registry contract you would not need connectivity to validate a note. Purpose built hardware can also be built or existing android based POS systems updated to support kong-like validation. Other anti-counterfeiting techniques have been explored but it the only thing that really matters is securing the root of trust.
Technically with Swiss Francs, the notes have no value after their "expiration date", with Kong the escrow contract unlocks and the token can be claimed off the notes but the precedent made us comfortable enough with this tradeoff.
Alternative implementation 1) notes are not escrowed and funds can be claimed off the bills immediately - this is effectively how paper wallets, java smart card wallets, and trezors work. This is a gift card instrument not a cash instrument.
Alternative implementation 2) funds are locked up into perpetuity - all tokens are eventually lost to breakage.
Our back of the envelope expectancy was 10 years for these notes. We wanted the majority to be reclaimable well before their anticipated breakage so we set a claim date relatively soon in the future.
It looks like Kong might be the first crypto-cash with an issuer that hasn't seen its private keys. And that's cool, but it'd be good not to exaggerate what this is.
There is no ICO. There is no token sale. Bitcoin script does not give us enough operations to do the validation. Using the EVM was the next best candidate. We're selling an extremely limited number of packs to validate the concept and cover manufacturing costs. Section 4.1 of the paper goes into details of why a purpose built token is more suitable than one designed for other purposes[1].
I could not find a single reference about individuals paying cap gains tax on foreign transactions to buy goods & services in foreign countries, because that's absurd. Here's a quote that shows even companies don't have to pay it if they're using the normal currency of where they are and aren't doing anything weird with it
> To reduce the number of currency conversions required, the tax code uses the standard of FAS 52, which is the Financial Accounting Standards Board standard for foreign currency conversions. This allows the business to record most of its transactions in terms of its functional currency (FC), which is the currency that is generally used by businesses in the locale of the foreign unit or entity. Generally, under FAS 52, fluctuations in currency rates do not have to be accounted for unless the fluctuations change the cash flow for the business. In most transactions of a foreign business unit in a foreign country, cash flows are not affected by currency fluctuations. However, transactions between the parent company and its foreign subsidiary will result in a change of cash flow. As a consequence, gain or loss on the currency exchange will have to be included when calculating net income.
You are right on both counts. I realize in retrospect my source is inadequate. I am trying to prove a negative, however. Do you have any evidence for your claim individuals should report profits and losses on their foreign currency transactions abroad?
It really doesn't matter if it's spent in the US or abroad. At the time it is spent, you need to take the difference in transaction rates. It's the same concept as if you are making payments in something like Bitcoin. Unfortunately I don't have any sources on hand, but I have a friend that forex trades and I myself have been following the cryptocurrency regulation scene and the same rules transfer to here.
However, this is one of those things where the government isn't going to come knocking your door down for since it's petty cash.
What you say makes logical sense but I couldn't find any supporting sources for the idea that spending money abroad on foreign goods is equivalent to forex trades for tax purposes.
This is due to how cryptocurrencies are classified by the IRS. Currently, they are classed as assets (property) as opposed to currencies, and thus any "realized gains" are taxable events. This includes the above example, where you may have technically "realized a gain" while buying a grilled cheese with Bitcoin.
I fail to see how this solves a usability issue in developed nations. This also reintroduces the portability problems that are present in current fiat.
Japan is a fairly cash heavy developed nation. Likewise, the majority transactions under $25 in many countries are still conducted using cash. We don't necessarily expect people to revert to using cash; rather, Kong is a means of handling cryptocurrency that's vastly easier to understand as an introduction to cryptocurrency.
The usability problems are also a feature -- if Kong is burned, stolen or otherwise destroyed, the value is lost forever. Billions of people understand that's how cash functions and they take measures to secure it.
From the whitepaper: "Kong notes do not use a secure element that allows for general programmability." Looks like they thought this through more than a typical drive-by 'blockchain' project. With a limited secure circuit you'll be able to call functions that generate ECDSA key pairs on the card but without exposing an interface to retrieve the private key. Without this basic property you would have to fully trust that the issuer had not mass-extracted private keys (similar to how early privacy coins had a trusted setup phase.)
Looks like they're also trying to structure this as 'reward cost for key extraction vs cost of mounting attacks' showing they have a plan in place for attacks. I'd argue the notes still have a tx cost though because the only way to know if a note has a valid private key is to challenge it with a unique, large, random number - which takes time and effort. Users of the notes will need an app for that and have to check every note against an on-chain 'smart contract' before accepting them? NFC might make some of that easier but there are still usability issues there.
The NFC challenge only takes a second and ATM like machines could probably go much quicker than that. A broader goal with ARX is to bake bounties into "licensing fees" (or accurately, manufacturing costs) for secure elements that would validate keys couldn't actually be extracted.
Putting (very) public bounties at various reward tiers lets one establish something like a demand curve but for security.
If the private key is inside of the note and stays the same when it changes hands, how do I know you did not make a copy of it when you created the note?
Another contributor here. This is one of the novel advancements made by Kong.
Specifically, Kong notes use a secure element which 1) self-generates a key pair 2) can attest the key pair was self-generated and 3) does not leak the private portion of that key pair. Section 2 of the paper (specifically 2.2) goes into more detail[1].
So your answer is "trust us". Because how would I know if the claims of the hardware manufacturer (you or your supplier) are true?
This of course holds true for all hardware. When someone creates or stores a Bitcoin key on a laptop, they are at the mercy of the laptop manufacturer.
Yes -- see section 2.3 in the paper linked for our discussion on this. The chips you're referring to are broadly considered to be "smart cards" and usually based on something like Java Card.
We're not interested in doing business with drug cartels.
What is a lovely property of Kong is the only digital breadcrumb is leaves is when notes are loaded at creation and unloaded at de-circulation. Every person to person transaction of the instrument leaves no digital record or footprint. Usability is superior for new users - everyone understands how cash works.
> Every person to person transaction of the instrument leaves no digital record or footprint
That's true of cash as well, but that doesn't mean it's totally untraceable, as bills still have serial numbers. I think what GP is getting at is, Kong notes must completely lack any sort of persistent unique identifier in order to be an improvement over cash in anonymity. Can Kong make this claim?
>What is a lovely property of Kong is the only digital breadcrumb is leaves is when notes are loaded at creation and unloaded at de-circulation. Every person to person transaction of the instrument leaves no digital record or footprint.
What problem does that solve for me though? What benefit does that afford me? Why does that matter to me?
This seems like a step in the wrong direction. Given the option, most people prefer not to use cash. Making me carry something around everywhere I go to be able to use it -- I don't see myself being more inclined to use it.
Potentially more people will accept it. But I doubt it.
So in theoretical use, is everyone expected to validate authenticity of each note exchanged?
That seems painful for small transactions, but without it you lose absolutely all the security benefits of crypto, right? (e.g. vulnerable to good old fashioned counterfeiting)
Just do it like we do it in the US, $50s and $100s get checked consistently for counterfeits, $20s sometimes, $1s, $5s, and $10s never, and $2s are automatically assumed to be fake.
Steve Wozniak used to keep uncut sheets of $2 bills that he perforated and would tear off to give tips to people. He has a great story about secret service agents detaining him and accepting his fake ID ("Laser Safety Officer" - it showed him with an eyepatch on) and generally having no idea $2 existed.
A Kong is worth what I think it's worth. If I saw Kongs trading for 1 beer in the morning and some guy insisted that the rate was now 1.45 Kongs a beer in the evening I might object.
You must not live in a state where pot is legal; in such places $2 bills floating around everywhere, I use them all the time. The reason: cash businesses use them heavily to reduce the amount of physical cash they need to maintain and move around. Pot shops occupy a gray area legally and banks don't like to deal with them so they often operate old school: cash businesses.
I have a few in my wallet most of the time, like to use them for tips when I eat out.
Who is the audience for this product? The page is certainly not written for the general public. Heck, I'm a developer and I don't really understand how this works or why it's better than existing hard currency.
I think the audience is 3rd world countries that don't have reliable internet, electricity and so on. They can use these paper notes instead of United States dollars or their domestic currency which might be in hyperinflation.
I’m very skeptical. While the idea is nice ( I love physical cash and use it every day ) there isn’t much control over counterfeiting, etc. granted, this is also true for Fiat, but there are more controls involved.
Make a currency exchanger that exchanges bits with a scan of your device, instantaneously, and you’ll have my attention.
> there isn’t much control over counterfeiting, etc.
Correct, this is the primary challenge of creating sound cryptocurrency and indeed why we go into length about the hardware we use in section 2 of the paper.
> Make a currency exchanger that exchanges bits with a scan of your device, instantaneously, and you’ll have my attention.
The world is moving towards cashless/mobile payments (albeit with the U.S. strangely behind), so why do you feel physical cryptocurrency is a step in the right direction? Do you expect Kong to face greater challenges for adoption (compared to other cryptocurrencies) since it needs a higher critical mass of users?
Just a bit more expensive than the higher end notes produced by Switzerland/Australia and less expensive than limited edition postage stamps.
We looked at existing hardware wallets like trezor and ledger and realized we could create something like this for 1/20th the price. Once we realized the numbers we were playing with we ran with it. Conceptually, I prefer validating something with a cryptographic signing operations rather than looking at some watermarks.
Kong is a proof of concept but we could always print these for other governments.
These so called "currencies" that you can't actually use as a currency (read as: pay or trade something for) are getting more and more. Has this become some new form of trolling in the internet now?
Can you comment on the history of the name, printed as 港 on the bills? For those unaware, the character means "harbour"; it's the Kong in Hong Kong – is there any relationship to the HKD?
The Chinese name 港幣 may be confusing for Chinese speakers as it's already common short hand for HKD, e.g. the "二十塊港幣" shown on the Kong illustration already means "twenty HKD bucks," not some new currency like "twenty Kong."
I am not familiar with Snow Crash myself and I read the Wikipedia page [1] on it and it makes sense what you're going for; but just want to say that for someone who was born in HK, seeing the term 港幣 really can only mean HKD in my head, and it's difficult for me to process that it means something else. Even as you keep the name Kong, have you considered calling this something else in Chinese aside from 港幣 specifically?
Can a Kong manufacturer build custom secure element chips that leak key material? It seems that a lot of Kong's security comes from the security of the little HSM, and if you don't trust the manufacturer then a lot of it seems to break down.
In addition, the paper cites the cost of decapping and side channel equipment as part of what makes double spends impractical. Given that they're fixed costs that undoubtedly many governments and labs already own, it still seems like it could be worth it for some people to extract Kong keys.
> Can a Kong manufacturer build custom secure element chips that leak key material? It seems that a lot of Kong's security comes from the security of the little HSM, and if you don't trust the manufacturer then a lot of it seems to break down.
This is perhaps the most important question. In short, yes. We use an off the shelf secure element; if it's shown to be broken/backdoored it will influence a vast number of embedded and IoT applications.
> In addition, the paper cites the cost of decapping and side channel equipment as part of what makes double spends impractical. Given that they're fixed costs that undoubtedly many governments and labs already own, it still seems like it could be worth it for some people to extract Kong keys.
We cite fixed costs in hardware, but not in time. Certain extraction techniques would still take hours of time per chip. The secure element we're using has no published attacks thus far (which is not to of course imply that it won't be, simply that it isn't trivial).
> We use an off the shelf secure element; if it's shown to be broken/backdoored it will influence a vast number of embedded and IoT applications
The scenario I'm imagining is one in which someone manufactures a note that looks and behaves exactly like a Kong but has known key material (i.e. a "fake" secure element). You can't verify that the secure element is real without expensive hardware.
And what is the vision for who can mint Kongs? If only the Kong developers can, then it's no better than USD. If anyone can do it, how will you guarantee consistent chips, construction, design, etc. between manufacturers?
> The scenario I'm imagining is one in which someone manufactures a note that looks and behaves exactly like a Kong but has known key material (i.e. a "fake" secure element). You can't verify that the secure element is real without expensive hardware.
Yes, that's counterfeiting in the case of Kong. The counterfeiter would need to first extract that key material from a previously issued Kong note by breaking the secure element.
> And what is the vision for who can mint Kongs? If only the Kong developers can, then it's no better than USD.
Only the Kong project for now; whether it's better or worse is definitely subjective. There is a ceiling for the amount of Kong that can be issued. Also, as something more akin to an art project than a fully functioning economy, there is no place to spend Kong today. It's ambiguous, but the fact that the Kong project is the only issuer of the physical notes doesn't undermine the cryptocurrency rules upon which it's based.
> If anyone can do it, how will you guarantee consistent chips, construction, design, etc. between manufacturers?
Section 5.1 touches on this; in short there is no solution today, but this in an immensely important challenge. Flipping this on its head -- if we don't have these guarantees today, how can we trust any of the places we store key material (smartphones, laptops, IoT). It's impossible to guarantee a perfect chip, but it is feasible to create economic incentives that deter broken chips. We'll probably write more on this topic in the future.
So you can't backup Kong.cash? That's one main benefit of digital currency, why go backwards towards physical cash? Instead you should go towards the Wechat model of instant mobile payments.
We looked at various financial instruments and saw that cryptocurrency space lacked a cash instrument. We realized with our background we could create one.
Cash is the dominant form of consumer payments (77% world wide!) and the move to ban cash in various places disproportionately affects the underserved and marginalized members of society - ostensibly the audience cryptocurrency is trying to serve first. This is an effort to meet others with terms and technology they are comfortable and familiar with.
I'm curious, have you tried passing an airport border security with several of these notes, and have you been asked what they are :)? Do you have to declare them?
Yes, they look like a bunch of circuit boards under X-Ray, it's pretty cool. We've travelled with "unloaded" Kong thus far (i.e. not backed by token). See section 4.1 on minting in the paper.
Even so, we're unaware of any value to the Kong token independent from Kong notes and we are not taking steps to list it on exchanges. If Kong was to become a means of exchange somewhere then it might need to be declared as a monetary instrument depending on the jurisdiction.
How do they hold up in a saltwater environment? My feitan/yubikey U2F physical tokens are developing rust/corrosion just being on my keychain and being thrown in a drawer on my boat for a couple hours at a time. I2C leads + saltwater environment seems like it may cause some problems.
I doubt this version would hold up well in a salt water environment. The chips will ultimately have a conformal coating leaving only gold contacts which should fare better.
We have considered more robust variants that would fully seal all the components, but this is a v2 problem.
I should add that even a corroded chip should ultimately still be accessible; you might have to pull it off of the bill and decap it.
The secure element chip is pretty robust on its own. Even if most of the bill is destroyed, it will be possible to communicate with the chip in most cases.
So, I'm Scottish, and still often have problems in London (and indeed abroad!) when I hand over a Scottish bank note. Scotland and England are of course both part of the UK, and while, yes, technically Scottish bank notes are not legal tender, they have been defacto legal tender since forever.
How do you plan to tackle this mentality, where there is such hostility to anything in the slightest bit unusual?
Less cheekily, I think Kong like instruments when properly adapted could capture the best parts of local currencies (like the Bristol Pound), the messy parts of multi-governmental currencies (like the Scottish Pound), and the nice bits of computer validation.
In your example specifically, the Royal Bank of Scotland can still mint Scottish Pounds but back them on chain by UK pounds.
I'm of course hand-waiving the problems here - we've made a programmable monetary instrument. One can program things well or badly to support this kind of interoperability.
I mean they are not "not technically" legal tender, they are not legal tender and that is why you have problems with them being accepted (because they don't have to be!)
Given Scottish notes are defacto legal tender, and have been since forever, yes, I do think it's fair to call it a technicality - there literally isn't a bank in the whole of the UK that would decline Scottish notes.
Also, while I do sometimes have problems with them abroad too, it's 50/50 - I've had them accepted in all sorts of places, including India, Nepal and China
There is no such thing as "defacto" legal tender. By definition only legal tender must be accepted as a form of payment - you can choose to accept something else but you don't have to.
I have no misconceptions here - I know Scottish bank notes are not technically legal tender, and thus, technically, nobody is under any compulsion to accept them.
But in the real world, they are absolutely defacto legal tender - as above, every bank in the UK (and even many beyond) accepts them.
I think the quarrel here is about the definition of "legal tender". Its literal meaning is not "reliably redeemable at a bank", but rather "required to be accepted by anyone as payment of a debt". These can diverge easily. For example, I remember that Sweden changed its banknotes a few years ago, but the old notes were redeemable at banks for a set period of time. The old notes were definitely not legal tender in the technical sense because private individuals and shops not only were not required to accept them, but actually did not accept them anymore. That doesn't work well with the definition of legal tender!
However, the old Swedish notes had not lost their value because they could still be redeemed.
In a formal legal tender situation, you could to some extent require a private party (within the relevant jurisdiction) to accept the notes in payment of a pre-existing debt. You could contrast this with "having value", "being redeemable", "being in circulation", and "being widely accepted", maybe.
Reminds me how bus drivers (and the like) won't accept highly denominated bills around here - while legally they ARE forced to accept them , but aren't required to give the change. (I haven't had the opportunity yet to see if I would be able to convince them that this is indeed the law.)
I hate crypto currency and I love this. It's a way to project all the insanely bad parts of crypto (if you hold it you own it) into the physical world. If general btc/eth transactions are a very very complex version of SWIFT this is the same for paper money. I can buy coke with my bitcoins but I can't do a cool in person coke buy with bitcoins(and/or ETH). Kong solves my problem.
> I can't do a cool in person coke buy with bitcoins
Why not? Each of you can have Bitcoin wallets on your phones. I'm sure coke heads can figure out something to talk about for 10 minutes waiting for 1 confirmation.
For lack of an epistemological framework, we can call Kong a 4th generation wallet. If you'll bear with me:
Paper Wallet were 1st gen - one couldn't guarantee the person giving you a paper wallet didn't have two copies or kept a copy of the private key for themselves. Probably ok for personal use assuming you trust your printer firmware.
Hardware Wallets were 2nd gen - seed phrases made recovering from device loss nice but again, seed phrases were designed to be exported and cant be used as cash. They are very useful for other applications.
Java smart cards were 3rd gen - meant to be used as pre-paid gift cards but again these were designed for banks who wanted to handle the key material in software and have dangerous APIs for doing such[1].
Kong - uses a specific kind of secure element which allows for key generation but not extraction. On chain contracts convert the R1 keys used by the chip to K1 used by most cryptocurrencies today.
The paper goes in depth on this in section 2.3 [2]
See section 2.2 in the whitepaper [1]. There is not an industry specific term that succinctly captures these requirements. Secure element isn't ideal but it's not an HSM or TPM. PUF's are a feature not a chip category. If it's programmable, we don't want to touch it. That goes for most smart cards / java cards. EMV cards specifically have 'get private key' API's which would not work for this application.
Can be used just like cash? Apart from the needing to wait for up to an hour to get confirmation of payment. And having fees on every single purchase. Bitcoin is not currency.
You even said it in your critique of ETH- “it's not a reliable store of value”
Currency is NOT intended to store value. It’s intended to facilitate the transfer of value. In that regard, etherium and bitcoin fail equally.
I downvoted you for this despite agreeing with you.
Since you have a brand new username, I’m going to give you the benefit of the doubt and assume that you’re just new here and not intentionally trolling, and explain why.
This community values neutral statements of fact, not vulgarities or arguments of passion. As such, while your opinion may have merit, your presentation of it is unlikely to get you far here.
Hope that helps you thrive in this community going forward.
no - the view key does not let you do any transactions. It only lets you verify the balances. It also does so in a privacy-preserving manner.
this is full text of a View Key
A keypair specific to Monero. The public part of it makes up the 2nd half of monero address, and is used by the sender to generate a one-time stealth address to where the funds are actually sent. The owner of the wallet uses the private view key to scan the blockchain and find the funds sent to his address. At the protocol level, the sender performs an encryption with the recipient's public view key, and the recipient attempts to decrypt all the outputs on the blockchain to find the one belonging to him (where decryption was successful). For audit purposes, it could be shared with the auditor, along with the signed key images to prove the balance of a wallet. Sharing only the view key would enable the auditor only to see received transactions, but he wouldn't be able to tell if any funds were spent, so he couldn't know the actual balance.
In the trivial case that each kong is a wallet - a view key would actually show the balance.
Unless this is going to transfer ethercoins, this is a SCAM. They are trying to build a bank on top of smartcoins. The functionality seems like that of a promissory note. As they keep the kong coins in their kong bang ... they will try to make money using the volatility or something.
The functionality is basically exactly like a promissory note. A big difference is every note stores its face value token in its own smart contract. The only thing which can claim the funds stored in that contract is the key self-generated on the secure element. You can manually validate that key was self-generated (and not say programmed on there by the manufacturer). The paper [1] details all this. You can go and make your own using the code we've released on etherscan and github[2].
It is completely unlike other things that have come before because it only stores keys on the secure element and only stores code in the EVM.
We're putting this out there as proof of concept. We're selling a limited number as validation of the idea and because we believe in shipping product in a space notorious for shipping vaporware. There is no ICO. It is technology demonstration first and foremost.
I honestly don’t care about the whole crypto part of this. I just see someone selling funky banknotes and I’m going to hold onto them in the vain hope that I’ll someday run into someone that’s done the same thing.
If someone could pull this idea off--or a similar idea around physical cash it could be a huge boon in countries like Venezuela that are primarily cash based still but the local currency is very weak.
Or they could use dollar bills, which unlike Kong, are redeemable for goods and services because hundreds of millions of people want them to pay bills, debts and taxes.
All the downsides of cryptocurrency and paper money rolled into a banknote that can be break. Imagine if a large bill could become worthless since a little chip inside got hit by a stray cosmic ray.
My personal sentiment is one of the most powerful use-cases for crypto is transmitting money to people across the globe within (minutes/hours). It seems this physical crypto lacks that feature.
I like the idea of fancy cyberpunk cash but I feel like in the real world I'd be getting the worst of both worlds if I tried to use cash thats also a cryptocurrency.
Yes; DAI is a bit of an odd one since it's largely just a more expensive dollar bill, but there definitely some cases where this could be interesting. ETH would easily work too.
This is a fantastic project and great idea! One thing, I believe there are 2 hurdles to adoption: Kong - the unit of account/currency and Kong - the paper money. Don't you think you're trying to do 2 things at once? Why not try this unique technology with Dai or Tether which has a lot of traction? In fact, I would LOVE to have Dai bills.
I agree as well. I find the idea of a crypto-backed paper note to be very intriguing and very useful as well.
I think most others here are simply jumping too far ahead of what is being done here. This is a proof of concept type project. It can certainly be improved going forward, I'm sure.
We've discussed this. It was a bit lower risk to validate the hardware works with a new token than the additional complexity of Dai. A lot of other challenges there too but we're a small team.
Sounds fair. I really like the technology though and think you guys have the most unique take on paper crypto so if the actual token itself becomes a barrier to adoption due to volatility/stability (which is a leading reason why stablecoins are all the rage right now - as I'm sure you guys are aware), you guys can license out the tech or produce bills for Tether, Dai, USDC, and other high traction stablecoins. Our small stablecoin team (releasing product Q1) would be interested ourselves if we were to ever get into the 9 figure market cap range.
This seems like a VERY cool technical solution in a desperate and fruitless search of a problem.
> They consist of a flexible circuit board, specialized secure element chips and an independent NFC interface capable of powering the secure element. Each secure element stores an internally-generated ECDSA key pair that is associated with a unique smart contract on the Ethereum blockchain
Who wants bills that cost $3 ea, and are not likely to survive a wash?
> flexible circuit board
FPC != "meant to be constantly flexed". Most are not designed for a certain (not small) bend radius and to be bent no more than a dozen times. They are more meant to be curved once into a particular shape than to be constantly bent.
> I2C, raspberry pi connector
That will do great with dry pockets and ESD
> raspberry pi connector
tiny holes, so your notes can catch on your keys and any other thin sharp object in your pocket
Glad you think it's cool, given your background that comment means a lot to me personally.
I would contend it's not "in search of a problem" but trying to solve one. Specifically the usability nightmare that is cryptocurrency. Cash has tradeoffs but it has great usability properties. The space needs rebalancing in that direction.
Linen notes last about 4,000 bends before breaking, FPC lasts about 6,000. The stuff thats critical to validation is not in the 'bendy bit' pathway.
Did some ESD testing but the NFC chip bears most of the brunt here and not the secure element. Likewise the tiny holes dont bug me so much as the QF Packaging. Want to go slimmer in our next revision.
But, how tests are done differs from what bills face: Large curve radius, slow curving, nothing sharp poking at it in the middle. Basically the opposite of what is going on in tight pockets/purses.
> NFC chip bears most of the brunt here and not the secure element.
Unless the dielectric over your secure element is some previously unknown type, a few kilovolts will arc right through it and hit your secure element.
The 6,000 number is creasing the kapton 180º over the course of half a second with the 6mm curve radius. Copper breaks but not the lines critical for validation.
Our goal wasn't to make this thing indestructible, it was to figure out where the bar was for "good enough".
USD benchmarks are roughly:
4000 folds
2 years lifetime (low denomination)
8 years lifetime (high denomination)
30 transactions before decirculation
For Kong we aimed for:
6000 folds
10 years lifetime
unknown number of transactions before decirculation. (Unknowable)
Survives a wash
I think it's sufficient for what Kong is now but we have ideas for improvement and I would love here yours. Specifically anything we could do on the ESD side.
We've met before years ago but if you would like to get some to play with please email me.
No, there is nothing backing the Kong token. See section 4 in the paper for more of a discussion on the token issuance.
We considered various stablecoin constructions, but most of them effectively pin to fiat which (1) seems to defeat the original intent of cryptocurrencies (i.e. think back to 2009) as not subject to the whims of central banks and (2) seems to just duplicate fiat currencies in a more expensive format.
Likewise we are doubtful that most folks holding BTC/ETH/etc. would actually be willing to spend it on something, vs. just continue to hodl in a cooler format.
We're selling packs of Kong in a limited fashion to cover the costs of manufacturing the hardware. We have a limited number of units available so we're slowly opening up sales to our mailing list.
Take a look at sections 4.2 and 4.3 of the paper for information on our lockdrop; this is the only other way to get Kong token. Lockdrops are a novel means of distributing token based on opportunity cost rather than selling the token.
Just to clarify, that means that I would need to 1.) purchase some packs of Kong, which are unloaded, and then 2.) participate in a lockdrop to gain the tokens with which to load the Kong? Seems fine and dandy wrt the acquisition of bills, but how will adoption by vendors happen?
Does this mean someone needs to verify every banknote handed over to them? If not, what's to stop me giving people unloaded notes and them assuming they have face-value?
The imagined usability is like cash. Low denominations notes are glanced at to sure they're intact, high denomination notes are scrutinized more closely. The difference is one can validate these notes with a cryptographic operation rather than a highlighter.
Online validation dissolves you’re anonymity value proposition instantly.
Bank notes are recognized as a financial instrument by the government, and have the accompanying legal repercussions to counterfeiting. I expect no such strictness being applied to a private digital token, what exactly de-incentivized someone from going crazy counterfeiting notes? Especially considering their transactions would be anonymous too?
You could cache a list of existing notes directly from an Ethereum node for offline verification; this cached information would work for verification until the claim date in the smart contract.
Correct, there is no secret service that will remove counterfeit Kong which is why you should verify it yourself or only accept it from parties you trust and have attested to previously verifying it. Habits around verification would likely be governed by the prevalence of counterfeits in a local money supply. If I hear about a bunch of 1 Kong notes failing to verify as counterfeit, then I'll likely verify every 1 Kong note before acceptance.
Why limit the bill faces to Western philosophers? Seems like a more international approach is appropriate for both end-user adoption and the crypto space in general.
Edit: or are they all Greek gods?
Kong is based on two primary observations; (1) it’s really difficult to use and secure cryptocurrency for most people and (2) cryptocurrency has been useful as a means of speculation, but poor for actually buying goods and services. It’s our hypothesis that by making cryptocurrency more like cash it may be possible that people ultimately use it as a means of exchange.
Our background is in secure embedded hardware (Lockitron, YC S09); over the past year we did a deep dive to really consider how cryptocurrency key material is handled today. We found that cryptocurrency has a unique challenge and corresponding opportunity; unlike IoT products where the cost of a breach might be difficult to quantify, breaking a hardware wallet can yield clear rewards to the hacker.
We developed Kong around the notion that security should be isolated to the smallest possible footprint — in the case of Kong, to an individual single purpose secure element chip. Doing so removes additional layers of firmware and software in order to limit the attack surface (it also broadly questions how good are our existing secure chips today).
To date we’ve handed out close to 2,500 Kong notes; we’re now exploring more ways to distribute physical crypto. Take a look at https://ipfs.io/ipfs/QmRNRCocj4PwKMXrd1jeUGw7ASQSuEk7BDJu5Ks... for an in-depth technical overview.