[LoveMortuus]

How can they make it work offline while protecting the money from being duplicated?

That's something that I don't quite understand.

Would they give a unique ID to each cent so that if two with the same ID appear they see the discrepancy, but even that wouldn't work for offline, unless if they're planning to make it so that you have to go online every set period of time and then they verify the money.

[jfkimmes]

Chaum designed and tried to commercialize an anonymous + offline payment system in the 90s already.

Basically he used (and invented) blind signatures to allow the bank to sign a 'coin' without knowing what they signed. The customer takes the blindly signed coins from the bank, pays at a merchant and later the merchant deposits the coins at the bank again, where the signature is checked.

In this context offline just means that the merchant can verify the authenticity of the coin without immediately needing a connection to the bank. At some point in the future, however, the merchant will have to connect to the bank to get their money. Check out his original paper for details[1].

Offline systems have drawbacks, though. E.g the GNU Taler people made the pragmatic decision to have an online system. See chapter 1.2.1 'Offline vs Online' of Florian Dold's Phd thesis for a discussion on why[2].

[1]: https://chaum.com/wp-content/uploads/2022/01/Chaum-1990-Chap... [2]: https://taler.net/papers/thesis-dold-phd-2019.pdf

[avidiax]

> How can they make it work offline while protecting the money from being duplicated?

It's not actually possible to prevent this entirely. It's not even possible with physical currency. You can always look at a bank note and make an exact-enough duplicate, then spend it twice.

> they're planning to make it so that you have to go online every set period of time and then they verify the money.

That's not a hard requirement, but yes. The central bank is the final authority on what currency is counterfeit or not.

-----

For current technology, I think it's probably sufficient to have a smart card issued by the central bank, with an embedded certificate chained to the central bank. For offline transactions, the two cards can establish an encrypted stream, mutually verify that they were attested by the central bank, and then mark notes as transferred to the other party in TXN#X, run the transfer, then delete the notes entirely.

Interrupting the process might leave the notes in a partial state (marked for transfer to a particular smart card), but the connection can be reestablished to try again, so long as the TXN# isn't incremented by another transaction.

Now you have to hack a smart card processor to double spend (and only offline, and still detectable), which is of similar difficulty and risk to making counterfeit banknotes.

Maybe North Korea will sell you an infinite money card, but it will only get you free coffee when hiking in the Alps, and only until that card's certificate is added to the revocation list and people update their transfer boxes.