[lyall]

The whole system is quite tightly controlled by the transit companies (e.g. JR East). For example, your average payment terminal can take money off of a card but not load money onto it (refunds have to be done out of band). Loading money onto cards is more privileged, as it’s equivalent to printing money.

One other limitation in place is that these transit cards have a limit of ¥20,000 (~140 USD) max that can be loaded on to them. So any transaction larger than that is out of the question.

So to answer your question, no this isn’t really a person-to-person cash replacement. It’s a transit card that happens to be able to be used as an offline payment method, but it’s got various limitations and weirdness that prevent it from being something more.

[abdullahkhalids]

I am not saying this particular system is good enough for person-to-person cash. But..

The primary problems that digital cash has to solve is double-spending. Debit/credit cards solve this problem by confirming the transaction with the central server over the internet. Credits cards used to solve this problem by trusting that someone's signature could not be replicated, but this was obviously insecure. Some cryptocurrencies solve this problem by confirming transactions with a public distributed ledger.

This system is solving the double-spend problem preventing the holder of the card from, as per OP,

> cloning (can't read the keys)

> a successful attack on another card (each card has its own keys)

> replay attacks (per-session unique keys are generated in the challenge/response)

So the secure enclave on these cards prevent double-spend.

However, it seems like the card reading machine has to be trusted in the current implementation, because it can extract an arbitrary amount of cash from your card. This prevents arbitrary peer-to-peer transactions. But this seems like a much easier problem to solve.