Hacker News new | ask | show | jobs
by silverliver 251 days ago
> We know exactly how to do these things digitally. Many European countries have had stored-value payment schemes in the 90s. Japan still does today.

But how do they prevent people double spending the same amount? Say someone has 100$ and boards on a plane. During the trip, this person buys a bag of potato chips sold for 90$. At the same time, his bank account is automatically charged 90$ for a bill.

With credit cards, handling this case is baked into the system. As far as I am aware, direct debt has no equivalent.
2 comments
lxgr 251 days ago
> But how do they prevent people double spending the same amount?

Both payment cards and merchant terminals (essentially also using embedded or removable smartcards) are tamper-resistant and hold symmetric keys only known to the payment scheme or issuer.

The terminal essentially creates a cryptographic secure channel between two smartcards, and they transactionally agree to decrement the balance on one, and increment the one on the other correspondingly.

The really neat thing is that this theoretically even works without the need for central accounts, and is as such very privacy friendly. (Practically, even just one key leaking would have catastrophic consequences though, and to detect whether that has happened, systems usually aggregate all transactions asynchronously and check money movements for plausibility.)

link
bornfreddy 250 days ago
Iiuc, you have to "transfer" the funds from your bank account to the card device (wallet, in a way) from where you can then spend these funds without interaction with the bank? That would work.

Otherwise, without the initial withdrawal from your bank account, you could spend the money twice.

link
lxgr 250 days ago
Yes, only the issuer of the stored-value system can “create” funds, and they need to ensure that they do get paid for it without double spending.

That can be done using cash at a machine, with an online-authorized card transaction etc.

link
0xWTF 250 days ago
That works with a network. But as the period of disconnection grows, the uncertainty grows.
link
lxgr 250 days ago
Yes, you’ll definitely want to avoid running such a system completely offline without bounds.
link
pas 251 days ago
... information theoretically... you can't

it's okay

there's already some fraud, waste, loss, inefficiencies, accidents (packages lost, chargebacks by mistake, package arrives weeks later)

....

that said the chips have some physical protection, it's not trivial to clone them

and the chip has a variable where it stores how much more you can use without online confirmation

of course, these are cheap protective measures, but to crack it you would need more effort probably than the total credit that's assigned for offline spending

link
lxgr 251 days ago
What's the information theory connection in your view?

> these are cheap protective measures,

They're holding up extremely well. I'm not aware of any cryptographic or physical key extraction compromise in EMV, for example. All known bugs are protocol design oopsies, as far as I'm aware.

link
pas 249 days ago
since the key is there it's not impossible to extract it in theory
link