Offline Digital Currency Transactions

Wouldn't it be good if digital currencies worked offline?

I'm going to talk through a proposed user experience, and then discuss how it would work in practice.

Let us imagine a future digital currency ₢. It might be fiat, it might be crypto, doesn't really matter.

• Alice loads up a smartcard with ₢100 and locks it.
• Alice gives Bob the smartcard.
• Bob uses offline verification to see that the smartcard contains ₢100 of unspent currency.
• Bob unlocks the smartcard and transfers the ₢100 to his own wallet.

Sketching out how it works.

The key thing here is that Bob doesn't need to connect to the Internet - or do a live check with any 3rd party - in order to verify that the card has cash. How would that work?

It is - sadly and unavoidably - an escrow system. If you want to avoid the "double-spend" problem without going online, then you need intermediary to vouch that the funds are locked.

Let us imagine a physical token. For example, a Smartcard with an embedded microchip. The microchip has a unique ID and is able to perform certain cryptographic functions. It is able to sign data with its own private key - for example, it may have embedded a subkey of its manufacturer.

When Alice loads a card, this is what happens.

• Alice sends a challenge, signed with her private key, to the Smartcard.
• Smartcard sends Alice a response to the challenge, and its unique ID, signed with its private key.
• Alice tells the Escrow provider that she is in possession of a specific Smartcard by sending her signed challenge and the Smartcard's signed response.
• The Escrow provider checks a public ledger to see if this specific Smartcard is in use.
• If the card is not in use, the Escrow sends a challenge, signed with its private key, to the Smartcard.
• Smartcard sends the Escrow provider a response signed with its private key.
• Escrow provider tells Alice that it is convinced that she is in possession of that Smartcard.
• Alice sends ₢100 to the Escrow provider.
• Escrow sends the Smartcard a cryptographically signed digital certificate saying that Escrow is in possession of ₢100 and will release it to the bearer of the Smartcard.
  • The certificate could be time-limited?
• Smartcard validates the certificate and securely stores it for later retrieval.

Effectively, this Smartcard is now digitally engraved with the words "I promise to pay the bearer on demand". Anyone who proves that they are in possession of that specific Smartcard, can redeem the stored value from the Escrow provider.

Here's how it works.

• Bob asks Alice for ₢100.
• Alice hands Bob a Smartcard.
• Bob asks the Smartcard for the amount it has stored.
• Smartcard responds with a figure which is cryptographically signed with the private keys of the Smartcard and the Escrow provider.
• Bob has previously stored the public keys of all major Escrow providers.
• Bob validates offline the Escrow's signed statement against the Escrow's public key.
  • Alternatively, Bob may have the Smartcard vendor's public keys available for validation.
• Once satisfied the card contains the correct amount, he takes the card.

How does Bob redeem the stored value? Well, firstly, he doesn't have to! The smartcard is fungible. He can hand it over to someone else as payment.

But, if Bob wants to "cash in" the card and transfer the ₢100 to his own wallet, he will need an Internet connection

• Bob sends a challenge, signed with her private key, to the Smartcard.
• Smartcard sends Bob a response to the challenge, and its unique ID, signed with its private key.
• Bob tells the Escrow provider that he is in possession of a specific Smartcard by sending his signed challenge and the Smartcard's signed response.
• The Escrow provider checks a public ledger to see if this specific Smartcard is in use.
• If the card is not in use, the Escrow sends a challenge, signed with its private key, to the Smartcard.
• Smartcard sends the Escrow provider a response signed with its private key.
• Escrow provider tells Bob that it is convinced that he is in possession of that Smartcard.
• Bob tells the Escrow provider he wants to cash out and sends them the details of his wallet.
• Escrow provider sends an instruction to the smart card to "self-destruct" and remove the signed amount.
• Smartcard deletes the stored amount and sends a signed transaction back to the Escrow.
• Escrow transfers the money to Bob's wallet.

All this is... complicated. And relies on smartcards which have close-to-unbreakable storage for their private keys. And has a lot on baked-in assumptions about humans want to transfer money. But it is something. At the moment, all cryptocurrencies demand a permanent Internet connection if you want to use them. I think offline transactions are useful.

Notably, it doesn't require a blockchain or any cryptocurrency. It makes use of cryptography, sure. But you don't need inefficient, permanently-online, slow databases to make this work.