This doesn't make any sense. Can only preordained organizations print the notes? Then we’re back to centralized cash. Can anyone print the notes? Then they can also print duplicates. Do we verify electronically when we transact to prevent that? Then we're back to electronic transactions.
What am I missing? How is this not fatally flawed?
Today, Kong's printing is centralized to the Kong project (similar to a premine) because we cannot guarantee that someone else will use a secure element which conforms to section 2 of the paper (which would preclude the creation of duplicates). If anyone else wants to print Kong, and we can verify they source a secure element conforming to section 2 of the paper, then we'll share "printing rights" with them. The Kong recurring lockdrop, section 4.2, is outside of our control and open to anyone.
We start to explore how someone could participate in printing Kong freely, without our influence, in section 5.1 but there are massive unsolved challenges to tackle here.
There is a significant distinction between verifying a note electronically and conducting an electronic transaction. The former can be done in an offline fashion; the latter cannot and, in the case of credit card networks, Ethereum and, Bitcoin, incurs a fee.
Is this not strictly worse than cash, then? It’s still a centralized physical currency, but instead of a government with checks and balances that is ostensibly accountable to its citizens, Kong is controlled by an opaque organization accountable to nobody.
After reading the paper, I’m still not exactly sure how the lockdrop works. Could you elaborate on it?
As for verifying transactions offline, I’m skeptical of how useful that is. If you can lock down printing, the supply of fake or duplicate Kong should be low anyway. If you decentralize printing (or a lot of counterfeit/duplicate Kong gets introduced into the market some other way) then offline verification seems insufficient. What’s to stop me from printing and spending two copies of a note if I know the other parties won’t veriify the transaction online until much later?
We can only print Kong; we cannot remove it from circulation. We're limited in the total amount of Kong we can print.
We likely will need to have another document detailing how the lock drop works. The short version is that you lock up Ethereum in a smart contract for between 30 and 365 days; when you prove that fact to a given Kong lock drop contract instance you receive Kong token (at the end of the period).
> If you decentralize printing (or a lot of counterfeit/duplicate Kong gets introduced into the market some other way) then offline verification seems insufficient. What’s to stop me from printing and spending two copies of a note if I know the other parties won’t certify the transaction online until much later?
Here's how I see offline verification working:
(1) I sync up directly with an Ethereum node and cache all the Kong note smart contracts (ideally my own would be the most trustworthy). Most importantly this contains the public key for each Kong note known at the time and the token associated with that note
(2) I accept any notes that I can electronically verify from that cache. That's done by challenging the note to sign a message and verifying the response.
(3) I don't accept any notes not in my cache. The downside is that I can't accept very new notes, but we suspect that if we continue to produce Kong that we'll do so in large batches infrequently.
> We can only print Kong; we cannot remove it from circulation.
This isn't strictly true; you can buy notes from people.
> We likely will need to have another document detailing how the lock drop works. The short version is that you lock up Ethereum in a smart contract for between 30 and 365 days; when you prove that fact to a given Kong lock drop contract instance you receive Kong token (at the end of the period).
It sounds like the basic idea is that you "preorder" Kong with Ethereum, and then you visit a physical location (the "contract instance") to receive your cash ("Kong token"). If my understanding is correct, then this isn't outside of your control at all — you (or the "contract instance") can simply refuse to issue the cash.
Re: verification, here's my issue:
> Most importantly this contains the public key for each Kong note known at the time and the token associated with that note
What if someone counterfeits Kong not by wholesale faking currency, but by duplicating valid notes in circulation? The public key would be the same, so they would both pass offline verification.
> This isn't strictly true; you can buy notes from people.
Haha, sure.
> It sounds like the basic idea is that you "preorder" Kong with Ethereum, and then you visit a physical location (the "contract instance") to receive your cash ("Kong token"). If my understanding is correct, then this isn't outside of your control at all — you (or the "contract instance") can simply refuse to issue the cash.
Nope, it's in a smart contract that can be deployed into perpetuity.
> What if someone counterfeits Kong not by wholesale faking currency, but by duplicating valid notes in circulation? The public key would be the same, so they would both pass offline verification.
Section 2 in the paper explains how difficult this would be do. You need to duplicate the private key from a secure chip designed not to reveal the private key.
> Nope, it's in a smart contract that can be deployed into perpetuity.
But I would be receiving a physical object, correct? Which means one of the following must happen:
- you give me notes in a manner that is not controlled by you (e.g. in the mail) assuming I'll fulfill the contract in good faith
- you give me notes in a manner that is controlled by you (e.g. at a bank-like location) to prevent theft
- we introduce an oracle (i.e. centralization in a third party)
> You need to duplicate the private key from a secure chip designed not to reveal the private key.
Yeah, this is an example of a problem that becomes much more likely if you share "printing rights".
Ultimately, I remain unconvinced — this is as proposed today a centralized currency that is almost strictly worse than a government currency, with the possibility of new drawbacks were printing ever to become decentralized.
> But I would be receiving a physical object, correct?
Incorrect. The lockdrop is for completely virtual Kong token.
> Yeah, this is an example of a problem that becomes much more likely if you share "printing rights".
Correct, as elucidated above. Likewise each Kong self generates its own private key by design, as outlined in section 2 of the paper. By design, the key is non-extractable.
> Ultimately, I remain unconvinced — this is as proposed today a centralized currency that is almost strictly worse than a government currency
We can't inflate Kong infinitely unlike every other paper fiat currency. We can only print Kong for four years. After that the only digital Kong produced is via lockdrop.
> We can't inflate Kong infinitely unlike every other paper fiat currency. We can only print Kong for four years. After that the only digital Kong produced is via lockdrop.
So what? As soon as you share printing rights the other party can. So can anyone else who has the private key. Not even by minting new Kong but by physically duplicating existing Kong. That's a much bigger problem than a well controlled 2% rate of inflation.
It's a zero coupon bearer bond, that's all. With some very elaborate anti forgery. Nothing wrong with an organization printing bonds, it's just that these aren't a debt but represent locked up economically inactive etherum.
There's a distinction that Kong is not payable on demand, until after expiry, but I'm not sure it's a useful distinction. Unlike a conventional bond, there isn't a question of default by the issuer; the Etherium is locked up in a smart contract, rather than relying on the issuer honouring the bond at maturation.
Rarely do users of cash care about the property of it being payable on demand by the issuer (conventionally a central bank), only the property that it be practical for physical commerce.
Here the risk is that the note becomes physically damaged in some trivial way and the value is lost forever. Maybe it's bent too far over in one direction, maybe something heavy falls on it, etc, etc.
That physical cash can become damaged is nothing new. Maybe this implementation could be easily damaged in some way, I don't think this threatens the concept of silicon cash generally.
The notes are more durable than linen currency and less durable than polymer currency. We found this to be an acceptable tradeoff. Most of the note can be destroyed but the funds still claimable. There is an envelope of durability properties associated with physical cash - Kong fits within most of these. Of course there is opportunity for improvement which we hope to address in future versions.
I'm not sure what you're making that assertion on the basis of. The note has redundant electrical connectors. You could melt the bulk of the note down and still claim the Etherium from the secure element. Hypothetically you could have redundant SEs.
What am I missing? How is this not fatally flawed?