[iudqnolq]

They invented a clever decentralized system based on public key cryptography, but it seems like they actually need centralized features. So they bolted some on, leaving an end result worse off than if they'd started with something simple and centralized.

For example, you can ask any UK rail operator to book you a trip that includes sections run by other operators. So your purchase needs to be fed through a centralized revenue-splitting system (called LENNON iirc) anyway.

Then they got the feature request that you should be able to book specific seats and someone else shouldn't be able to book the same seat, and so on. This just can't be decentralized.

This setup does have the advantage that they can check tickets without needing a network connection, but I'd guess there would be simpler ways to add that to a centralized system.

[krisoft]

> So they bolted some on, leaving an end result worse off than if they'd started with something simple and centralized.

I disagree.

> This setup does have the advantage that they can check tickets without needing a network connection

This is the most important reason why it is implemented this way. Checking happens on rowing handheld devices which have frequently no good internet connection. Even in the turnstiles where you would think they could afford a reliable connection if said connection goes down you can’t block the flow of people.

Reliability and speed of checking was clearly the most important features they optimised for. Security, in the sense that passengers can’t just mint tickets for themselces, is a close second.

The beauty is that every centralised reporting can be deffered. In case the centralised database is down, or the checker’s network is down, you just store the timestamp and the signed ticket data and report it once things are working again. The centralised system doesn’t even need to trust the checker computers. Railway company A cannot mint a ticket from railway company B. They don’t have the keys to do that. So they cannot fraudelently divert revenue from each other. Neither accidentally nor intentionally.

> but I'd guess there would be simpler ways to add that to a centralized system.

I’m all ears. How would you do it simpler?

[londons_explore]

Centralized ticket server. QR tickets consist of a counter and signature.

Train companies have a login to the ticket server to let them mint tickets.

Checkers, when offline just check the signature, and log to the central server later.

When online, they ask the central server for all other ticket details and check those.

Any ticket that is misused and isn't detected at the time is blacklisted, and that blacklist distributed for offline use. A blacklist of the 10 million most-misused tickets could perhaps be just 10 megabytes - easy to download/update every few hours over mobile internet.

Now, anyone can wrongly use a ticket just once, as long as they are sure the checker is offline. And if they are mistaken and the checker is online, or they reuse a ticket, they will get caught.

main benefit: tickets can be smaller (and therefore read far quicker). Tickets can also be cancelled easily. For example, train companies could send out promotional tickets which only charge you if used, and are cancelled otherwise.

[bombcar]

You could in theory make it decentralized-ish depending on the requirements. For example they could allocate blocks of seats to vendors and if you bought one of those seats you could buy it “offline” to be synced later.

But it’s probably not worth the hassle and once the ticket is sold you can have it be signed by the centralized system so you can verify the signature offline easily.

[iudqnolq]

I don't think that theory works out in practice because they have not that many seats in the trains, a lot of vendors, vendors that book very small and irregular numbers of tickets on routes, and sometimes very few or no extra seats. So you'd need to reallocate the blocks by demand quite frequently, at which point it's morally a shitty centralized system.

And with every clever decentralized solution there's another feature request that adds more complexity. I just remembered some trains have displays above seats that tell you if it's reserved.