enforcing honest behavior in agent economies
TRANSCRIPT
Enforcing Honest Behavior in Agent Economies
by
William Robert Schneider
Submitted to the Department of Electrical Engineering and Computer Sciencein partial fulfillment of the requirements for the degrees of
Master of Engineering in Electrical Engineering and Computer Science
and
Bachelor of Science in Computer Science and Engineering
at the
MASSACHUSETTS INSTITUTE OF TECHNOLOGY
@ William Robert
May 1999
Schneier, MCMXCIX. All rights reserved.
The author hereby grants to MIT permission to reproduce and distribute publiclypaper and electronic copies of this thesis and to grant others the right to do so.
MASSACHUSETTS INSTITUTEOF TECHNOLOGY
Author'-.I,. u ... ...- . L. .:.........
Department of Electrical Engineering and Comppt ciMay 7, 1999
Certified by......... .. ............ ... ...................Jeffrey 0. Kephart
Manager, Agents and Emergent Phenomena, IBM ResearchThesis Supervisor
C ertified by ................ .................. . ................Barbara Liskov
Ford Professor of Engineering.1 Thesis Supervisor
Accepted by....... .. ............ .....................
Arthur C. SmithChairman, Department Committee on Graduate Theses
Enforcing Honest Behavior in Agent Economies
by
William Robert Schneider
Submitted to the Department of Electrical Engineering and Computer Scienceon May 7, 1999, in partial fulfillment of the
requirements for the degrees ofMaster of Engineering in Electrical Engineering and Computer Science
andBachelor of Science in Computer Science and Engineering
Abstract
Given the recent explosion of the Internet, the trade of information goods and servicesmay become the dominant form of commerce in the future global economy. Softwareagents, or semi-autonomous computer programs that run with little or no user input,may play a significant role in this information economy, perhaps even as direct par-ticipants in economic transactions. Such software agents might trade different typesof information commodities with other software agents in return for electronic cur-rency, ultimately to benefit their human user. This thesis addresses several problemsthat must be resolved before such an economy of software agents could become areality, and offers some potential solutions to these problems. We consider a numberof different electronic payment systems in the context of an agent economy, and thendescribe the design and implementation of an electronic payment system in Magenta,a fully open and extensible multi-agent platform developed at IBM Research. Wediscuss a number of different mechanisms that could protect consumers from dishon-est merchants, such as reputation, escrow, and certification mechanisms; escrow andreputation mechanisms are also implemented in Magenta.
Thesis Supervisor: Jeffrey 0. KephartTitle: Manager, Agents and Emergent Phenomena, IBM Research
Thesis Supervisor: Barbara LiskovTitle: Ford Professor of Engineering
2
Acknowledgments
I would like to thank the following people, who contributed in some way to the
completion of this thesis, or otherwise to my education or experience at MIT:
" Jim Hanson, Dave Levine, Rich Segal, Gary Tesauro, and Steve White, all of
whom read and provided useful comments for this thesis at various stages.
* Amy Greenwald, who helped immensely with my understanding of game theory
and microeconomics, and provided useful feedback on my thesis draft.
" The past and present brothers at Zeta Beta Tau, Xi chapter, who gave me
opportunities to develop my leadership potential and helped me mature into
the man that I am today; and who helped me learn how to loosen up and enjoy
myself more often.
" My parents, Edward and Sheila, whose love and support were essential to the
successful completion of my education, and who helped keep me occupied while
I was near home on my VI-A assignment.
3
Contents
1 Introduction 9
1.1 Guide to Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2 Magenta Architecture 14
2.1 Related Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.1.1 Computational Markets . . . . . . . . . . . . . . . . . . . . . 15
2.1.2 Agent-Mediated Electronic Commerce . . . . . . . . . . . . . 16
2.1.3 Extensible Agent Architectures . . . . . . . . . . . . . . . . . 17
2.2 Magenta Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.2.1 Clusters, Domains, and Conversations . . . . . . . . . . . . . 18
2.2.2 M essages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.2.3 A gents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.2.4 Traditional Security Issues . . . . . . . . . . . . . . . . . . . . 20
2.3 Sum m ary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3 Payment System Design and Implementation 23
3.1 Previous work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.2 Payment System Desiderata . . . . . . . . . . . . . . . . . . . . . . . 24
3.3 B anks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4 Credit and Debit Cards . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.5 Direct Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.6 Micropayments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.6.1 CyberCoin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4
3.6.2 IBM Micropayment System . . . . . . . . . . . . . . . . . . . 31
3.6.3 eC ash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.6.4 MilliCent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.7 Evaluation and Adaptation of Existing Systems . . . . . . . . . . . . 36
3.7.1 On-line Clearing vs. Off-line Clearing . . . . . . . . . . . . . . 37
3.8 Payment System Implementation . . . . . . . . . . . . . . . . . . . . 38
3.8.1 Supported Protocols . . . . . . . . . . . . . . . . . . . . . . . 38
3.8.2 Bank Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.9 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4 Solutions to the Thousand-Merchants Attack 42
4.1 Required Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.2 Random Clearing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.3 Random Clearing with Termination . . . . . . . . . . . . . . . . . . . 47
4.4 Random Clearing with Reputation . . . . . . . . . . . . . . . . . . . 52
4.5 Game Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.5.1 Solving the social dilemma . . . . . . . . . . . . . . . . . . . . 58
4.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
5 Managing Merchant Dishonesty
5.1 Transaction Order . . . . . . . . . . . . .
5.2 Certification . . . . . . . . . . . . . . . . .
5.3 Escrow Agents . . . . . . . . . . . . . . . .
5.4 Reputation Agents . . . . . . . . . . . . .
5.5 Ramifications of Reputation Usage Modes
5.5.1 Negative Reputation . . . . . . . .
5.5.2 Positive Reputation . . . . . . . . .
5.6 Summary . . . . . . . . . . . . . . . . . .
62
. . . . . . 63
. . . . . . 63
. . . . . . 64
. . . . . . 66
. . . . . . 67
. . . . . . 67
. . . . . . 69
. . . . . . 70
6 Conclusions and Future Work
6.1 Future Work and Open Problems ....................
72
73
5
6.1.1 Reputation Systems . . . . . . . . . . . . . . . . . . . . . . . 73
6.1.2 Payment Systems . . . . . . . . . . . . . . . . . . . . . . . . . 74
6.1.3 Legal Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
6
List of Figures
4-1 Average Cost vs. Clearing Frequency . . . . . . . . . . . . . . . . . . 50
4-2 Average cost vs. clearing frequency, for different values of D . . . . . 50
4-3 Average cost vs. clearing frequency, for different values of S . . . . . 51
4-4 Average cost vs. clearing frequency, for different values of C . . . . . . 51
4-5 Average cost vs. clearing frequency, for different values of C . . . . . . 55
4-6 Average clearing probability of adaptive merchants vs. time . . . . . 59
4-7 Cumulative system-wide loss for adaptive merchants vs. tax rate . . . 60
7
List of Tables
3.1 Properties of Existing Electronic Payment Mechanisms . . . . . . . . 36
4.1 Experimental cost matrix for random clearing with termination . . . 57
8
Chapter 1
Introduction
The Internet is going through major changes. What was once a medium for scientists,
academics, and government agencies to exchange information is now the business tool
of the next milennium. Production of Internet content is now a for-profit business,
and "electronic commerce" is a buzzword for the latter half of the decade. People
can now shop and purchase things entirely on-line, without interacting with a single
human on the other end of the transaction.
Software agents take this last idea a step further. Agents are computer programs
that act autonomously on behalf of their owner to meet some goal. These agents can
conduct exchanges with each other, without any human intervention on either side of
the transaction. An agent may have the goal of gathering information from the Inter-
net, filtering it with respect to some programmed quality metric, and returning the
results to its owner. Another agent may have the goal of completing a computation.
Agents can exchange information and computing power by communicating with one
another.
A certain class of agents, known as economic software agents, are imbued with
some notion of "wealth" or "cash". Economic agents can buy and sell goods from
other agents. Agents can buy or sell services as well; for example, certain agents may
sell bandwidth, usage of an algorithm, or storage space. We define an agent economy
to be any number of economic agents, each of which has the capability of engaging
in trade with one another.
9
This thesis explores problems related to fraud and dishonesty that may arise
when an agent economy is an open system, like a human economy or the Internet,
in which anyone can enter the system. Specifically, we consider these problems in
the context of information economies, or agent economies in which the goods and
services traded are entirely electronic, with no physical delivery process. When small
pieces of information are traded, the dollar value associated with each transaction
may be very small; this affects the design of an agent payment system, discussed in
Chapter 3. Also, the lack of physically tangible goods and services influences the kinds
of mechanisms that can be used to prevent fraud and dishonesty; this is discussed
further in Chapter 5.
In open systems, one must not rule out the possibility that actors in the system
are malicious1 [32]. Furthermore, an observer cannot always predict a priori how an
agent will behave in all situations; thus, it is not always possible to simply deny a
maliciously programmed agent entry into the agent economy.
"Malicious" agents may engage in various types of fraudulent or dishonest behav-
ior. Such behaviors include:
* Counterfeiting: Agent A arbitrarily creates additional currency for itself.
* Payment fraud: Agent A pays for an item using agent B's money.
" Incorrect delivery: Agent A pays agent B for an item X and agent B delivers
item Y # X.
" Non-delivery: A special case of incorrect delivery, where Agent A pays agent B
for something and agent B gives nothing in return.
" False advertising: Agent B misleads A into purchasing item X by misrepresent-
ing its value.
'Agents are just computer programs and are neither inherently "honest" nor "dishonest," butare programmed to behave in certain ways by their owner. In an economic system, this behaviorultimately affects other human agent owners, who may percieve this behavior as "dishonest." Inthis thesis we will use the word "dishonest" to describe an agent if it is programmed to ultimatelydeceive or cheat another agent or human, whether this is intentional or unintentional on the part ofthe agent's programmer.
10
Since it is not possible to simply prevent agents from engaging in such behaviors
in an open system, we must consider social control [32] measures in order to limit the
effects of malicious agents. We define a social control mechanism to be any security
measure that has the goal of limiting fraud and abuse by detecting it after the fact,
rather than attempting to prevent it outright.
Social control differs from "hard security" mechanisms, such as password protec-
tion, encryption, etc., which are the most common types of security mechanisms in
computer networks today. Hard security mechanisms often take the form of cen-
tralized barriers that allow only those users who posess some secret (a password or
encryption key) to enter or access data in a system. These barriers make it difficult
to access such a system unless the user possesses the secret, thus limiting access to a
known (and trusted) set of parties. Social control mechanisms, however, are generally
deterrants rather than barriers; they limit the extent of the damage that untrusted
parties can perform, rather than attempt to prevent it completely.
Social control mechanisms also differ from hard security mechanisms in that hard
security mechanisms generally have a single point of failure; if a password or en-
cryption key is revealed, there is nothing that prevents system abuse once a user
has gained entrance to a system. Social control mechanisms, though, can often still
function even if a hard security barrier is circumvented.
Human economies use a mix of both hard security and social control. For ex-
ample, a retail store cannot physically prevent all people from shoplifiting, but it
can discourage such behavior by putting alarms on products that will sound when
removed from the store, increasing the probability of a shoplifter being caught and
then fined or sent to jail. The overwhelming majority of automobiles sold in the world
have locks on the door and on the ignition to prevent car theft, but in addition there
are laws in most of the civilized world that send people to jail for stealing cars if this
hard security mechanism breaks down.
Economic agents, like humans, should make use of both hard security mecha-
nisms and social control. Agents can use encryption to protect their communica-
tions from eavesdropping; they can use signatures and certificates for authentication
11
[24]; and they can use various cryptographic constructions for electronic currency [7].
These mechanisms, however, cannot prevent all types of abuse in agent economies.
In particular, hard security systems cannot prevent dishonesty in situations in which
computers cannot easily determine whether a particular transaction was conducted
dishonestly or not. Thus, to maintain honesty in an agent economy, both hard secu-
rity and social control mechanisms should be used.
1.1 Guide to Thesis
In this thesis, I explore various types of honesty issues that arise in agent economies,
and discuss and evaluate some possible solutions that I have designed and imple-
mented in the Magenta architecture, a multi-agent research platform developed at
IBM Research and described in Chapter 2. These solutions will combine aspects of
both hard security systems and social control. The primary questions I attempt to
answer are:
1. How can agents conduct payments securely and efficiently? The goods agents
will trade will often be information rather than physical goods. When delivery
is entirely on-line, delays from a payment system become a significant portion
of the latency for the entire transaction process. Any payment system used by
agents must also have a very low financial overhead for each transaction, since
many agent transactions will have small dollar-values. In Chapter 3 I evaluate
a number of existing payment systems in this context, and describe the design
and implementation of a payment system in iMagenta.
2. How can the extent of the thousand-merchants attack be limited? The payment
system that best meets all the needs for an agent economy suffers from the
thousand-merchants attack [25], the electronic equivalent of sending a thousand
checks for a dollar apiece to each of a thousand different mail order companies
when one has only a hundred dollars in his bank account. In Chapter 4 I discuss
the design and implementation of a number of randomized mechanisms that
12
succeed in limiting the risk to merchants that use this payment system. Many
of these mechanisms require cooperation on the part of competing merchants;
I discuss game-theoretic reasons why such cooperation would not arise on its
own, and a taxation mechanism to encourage cooperation.
3. How can merchants be discouraged from failing to deliver promised value? Al-
though it is impossible to completely eliminate dishonesty among merchants,
social control may help limit or discourage such behavior. The implementation
of an escrow protocol and a reputation service are described in Chapter 5, along
with their ramifications and trade-offs.
13
Chapter 2
Magenta Architecture
All of the implementation work in this thesis was performed in the Magenta (Market-
oriented agent architecture) environment, an object-oriented agent development plat-
form prototype developed by IBM Research for UNIX in C++. Both this thesis and
Magenta define agent to be an autonomous computer program that can communicate
with other such agents. Further, an economy of agents is defined as any group of
agents that can communicate and trade goods and services with each other.
The goals of Magenta are:
e To provide an efficient platform for implementing large (hundreds or thousands
of agents) multi-agent systems.
e To provide transparent communications between agents whether they are run-
ning on the same machine or different machines, connected by TCP/IP.
* To be both an open system where any user may add agents to the economy and
extensible in the sense that any user may introduce a new type of agent or agent
behavior. Agents belonging to different users may have conflicting goals.
* To provide the infrastructure for a multi-agent system comprised of economic
software agents, where even the most basic services (matchmaking, communi-
cation, etc.) are provided by agents themselves, possibly for a fee. These agents
may face competition from other service-providing agents.
14
* To be mobility-neutral; mobile agents are not currently supported, but could
be in future versions.
2.1 Related Systems
Magenta has many aspects in common with other existing multi-agent systems, and
combines different features from different systems. While many existing systems
achieve one or more of the above goals, no current system achieves all of them.
2.1.1 Computational Markets
Several computational market systems have been developed to study the application
of economic forces to problems in computer science. In these systems, agents use
some token or "currency" as a common exchange medium, but this currency is not
linked to legal tender. These systems differ from Magenta in several ways: they are
not "open" (arbitrary people cannot add agents to the economy); the players in these
systems are expected to be trustworthy; and in many cases are all assumed to be
cooperating to achieve the same end result.
An example of such a system is the WALRAS algorithm [17]. WALRAS is a de-
terministic algorithm to find competitive equillibria in resource-allocation markets in
a distributed fashion. WALRAS is not an "open system" because all of the economic
players are known a priori; since WALRAS is only an algorithm, it does not address
trust and honesty issues.
Another example is SPAWN [37], which uses an economic mechanism to distribute
computation across idle machines. In this system all agents are assumed to be trusted,
and security is not a goal of the system. The SPAWN system has a single goal of
balancing the load of computation. The MIT Media Lab's Challenger system [16]
is a similar system, which explicitly uses the word "agent" to describe the entities
engaged in exchange; again, all agents in this system cooperate to the common goal of
load balancing, though it is accomplished through each agent having the conflicting
goal of maximizing its own profit. But, neither system is tied to real money. The
15
computational economies of Miller and Drexler [28, 29] are based on similar ideas and
also not tied to real money.
The focus of Nathaniel Bogan's Master's of Engineering thesis [10] is similar to that
of the Challenger system, that is, to use a computation market to allocate processor
time. Bogan's system is also not tied to real money. Bogan, however, acknowledges
that there is no a priori reason to believe a computation market must be "fair"
unless the model specifically disallows such behavior. He gives the example that
certain markets might not explicitly prohibit agents from coining their own money,
and leaves this as an open problem.
2.1.2 Agent-Mediated Electronic Commerce
Several multi-agent systems exist where agents function as matchmakers between
people wishing to buy and sell things, and carry out price negotiation on behalf of
their owners. Generally, these systems allow users to create agents through a Web
interface, and then the agents communicate with other agents in the system. These
systems differ from Magenta because the agents in the system do not actually carry
out any exchange; exchanging the actual goods and payment must happen externally
between the human users, and agents are only mediators in the exchange. Also,
these systems are not necessarily "extensible"; while they may be "open" because any
person may add agents to the system, agent behaviors within the system are generally
predefined. Because of this, the agents themselves can all be trusted, although the
people responsible for the final exchange of goods might not be.
One such system is Kasbah [15], developed at the MIT Media Lab. Kasbah allows
people to create agents to exchange books and CDs online, and the agents negotiate
prices among themselves. Users cannot define agent behaviors that are not already in
the system; all types of inter-agent communication are also predefined. To address the
fact that human agent owners might possibly be dishonest, Kasbah includes a facility
for users to rate each other based on satisfaction with the transaction. Another similar
systems is AuctionBot [38], which allows people to set up automated auctions on the
16
Internet. The eBay' system also allows users to set up on-line auctions for goods.
2.1.3 Extensible Agent Architectures
There is a class of agent architectures similar to Magenta that allow users to cre-
ate arbitrary types of agents. Whereas systems that fall into the class described in
Section 2.1.2 are economic but not extensible, these systems are extensible but not
economic.
D'Agents, developed at Dartmouth University, is a programming structure for
building mobile agents of arbitrary functionality. Formerly known as Agent Tcl
[23, 24], the architecture provides the functionality for communication and mobil-
ity for agents written in existing interpreted programming languages such as Tcl,
Java, and Scheme. D'Agents is extensible, since no agent behavior is pre-defined.
The architecture also provides some basic security measures, such as authenticat-
ing the machine from which an agent migrates, and encrypting state data sent over
the network. Agents have a hierarchical namespace, and the lookup functionality is
provided by a yellow pages agent.
JAFMAS[12] is another extensible agent architecture. It consists of a set of Java
classes that can be extended to build agents and carry out communications between
them. Agent behaviors are not predefined, although the structure of communication
is tied to a LISP-based language called COOL. Communications are handled through
conversation objects. An agent may communicate concurrently with several other
agents, since each conversation runs in its own thread. JAFMAS does not consider
any security or trust issues.
KaOS[11] is also an extensible agent architecture. It does not predefine agent
behavior, nor does it require the use of any specific language for communication be-
tween agents. It carries out conversations through objects called conversation policies,
which capture a sequence of interactions between agents. A core set of conversation
policies is provided, and users may make new policies to extend the set.
lhttp://www.ebay. com
17
2.2 Magenta Architecture
2.2.1 Clusters, Domains, and Conversations
The functional units under which Magenta agents exist are called clusters and do-
mains. (A domain bears no relation to Internet domain names or DNS.) A cluster is
a group of agents running in a single process, and each cluster is owned by the user
who started it. Multiple clusters, owned by either the same or different users, may
run simultaneously on the same machine. A domain is a self-contained community
or economy of agents that can all communicate with each other; each agent can only
be in a single domain. Domains can include multiple clusters on multiple machines.
Within a single cluster process, each agent runs concurrently in its own thread.
When an agent wishes to communicate with another agent, it opens a conversation
with the other agent. As in the JAFMAS system, each agent starts a new thread for
each conversation in which it is engaged. An agent may engage in multiple conversa-
tions concurrently.
Agents are referred to by their location in a hierarchical namespace, as in JAFMAS
and D'Agents; each agent's location in the namespace consists of its domain, canonical
machine name, cluster, and a unique agent ID, assigned by the cluster process. Like
in D'Agents, each agent also has a flat pseudonym or social name that is registered
with a yellow pages agent, which converts social names to elements in the hierarchical
space. Since an agent's identity in the hierarchical name space is linked to its physical
location, agents cannot easily change this identity "on the fly."
Magenta is truly an open system because any user may start a cluster process
anywhere on the Internet, and, provided that the user knows where to look for other
agents, the agents in this new cluster will be able to communicate and trade with
existing agents elsewhere. Nothing needs to be done to give additional users access-
one only needs the software. It is also a fully extensible system, since people may
define their own new types of agents to the system as well. This creates several
interesting security issues, which include both issues of agent honesty, as discussed in
Chapter 1, and more traditional issues discussed in Section 2.2.4.
18
2.2.2 Messages
Magenta includes a predefined message form. This message form consists of a con-
mand or verb followed by an arbitrary number of attribute-value pairs; these values
may be messages themselves, which allows for arbitrarily complex messages. There
are several predefined verbs to facilitate communication, but users are free to create
their own idioms as well.
When convenient to express the contents of messages in this thesis, the following
notation is used:
MessageName (argi, arg2 , ... , argn), where MessageName is the name of the message or
"verb," and argi...args are the parameters of the message. The arguments may be
messages themselves.
Magenta also contains objects similar to KaOS's conversation policies, which en-
capsulate several message exchanges into a single operation.
2.2.3 Agents
The following is a non-exclusive list of agents currently implemented in Magenta.
" Yellow Pages: The YP agent maintains the locations of registered agents as well
as a searchable description of their type and capabilities.
" Forwarding Agent: The forwarding agent sends messages between clusters.
When an agent sends a message to an agent in another cluster, the message
is sent to the forwarding agent in the sender's cluster, the forwarding agent
sends the message to the forwarding agent in the other cluster, and this for-
warding agent sends the message to its final destination.
" Bank Agent: This agent maintains accounts for agents and mediates payment
protocols. When Magenta is deployed, Bank agents will also be the interface
between the agent economy and the existing banking system.
" Escrow Agent: The escrow agent implements a simple protocol to offer a non-re-
pudiation service and a guarantee that a transaction will only complete if both
19
parties uphold their end of the deal.
* Reputation Agent: The reputation agent maintains a list of complaints and
commendations about agents, and allows agents to query this information. The
reputation agent allows agents to share information or "gossip" about each other
" Sheriff Agent: The sheriff has the power to terminate (stop the execution of)
any agent in its cluster.
" Consumer Agent, Merchant Agent: Implemented for experimental purposes
only, the consumer agents and merchant agents have configurable supplies and
demands, and conduct transactions with each other.
2.2.4 Traditional Security Issues
Because Magenta is an open system, where any person with access to the Internet can
create agents in any domain, we must consider several security issues that are common
to all networked systems. In particular, the use of TCP/IP for sending messages
between agents running on different machines allows the possibility of traditional
eavesdropping and replay attacks; denial-of-service attacks ("bombing") may also be
possible.
Eavesdropping attacks could be prevented by using various hard security measures.
These could include a public-key cryptosystem, such as RSA [33], or a hybrid system,
such as PGP [40]; additionally, replay attacks can be prevented with timestamps
or nonces on signed messages. Netscape Corporation's 2 Secure Socket Layer (SSL)
could also be used to protect communications between agents running on different
machines. However, our current infrastructure does not by default encrypt, sign, or
timestamp messages. If we would like to treat security as a commodity which carries
a cost (extra computation time, additional message length), it makes sense for users
and their agents to decide for themselves when it is appropriate and worth the cost
20
2http://www.netscape.com
to sign or encrypt a message, or when a signature should be required on a received
message.
To facilitate this, Magenta includes a place-holder cryptography library, which
uses the RSA algorithm with very small (32-bit modulus) keys for encryption and
signatures. While not secure, the library effectively demonstrates how agents can
use signatures for authentication and to encrypt private messages. At a later date
this library module could be strengthened or replaced with a stronger library such as
RSAREF [35].
Denial-of-service attacks are also possible within the Magenta architecture. In
particular, a malicious user could flood another agent with bogus messages, preventing
that agent from processing legitimate messages in a timely fashion. Or, specifically in
the inter-machine case where TCP/IP is being used, an adversary could ping-bomb
a cluster's forwarding agent to overload and/or crash it.
There is no clear solution to a ping-bombing attack on the forwarding agent;
maintaining continuity and quality of service in the face of malformed TCP packets,
ping-bombing, etc., is up to the operating system, and is currently an open problem.
However, the economic nature of the system could protect other agents from such
overload in some instances. If forwarding agents charge for their service, an agent
must pay every time it sends a message to an agent in another cluster. Then, there is
less incentive for agents to send superfluous or "spam" messages to agents in another
cluster. Preventing overload from intra-cluster bombing is an open problem, since
there is currently no mechanism in Magenta that can enforce charges for an intra-
cluster message exchange.
2.3 Summary
Magenta is an open multi-agent platform that allows users to construct their own
agents that interact with other agents in the system. Magenta is both open, since
there are no restrictions on which users may add to the system, and extensible, since
there are no restrictions on the types of agents that may be added to Magenta. A
21
number of different agents and interactions between them are currently implemented
in Magenta.
Because Magenta uses TCP/IP for agents to communicate over a network, a
number of security concerns common to all such network systems are addressed.
These concerns includes denial-of-service attacks, eavesdropping, and replay attacks.
Magenta also includes mechanisms for agents to carry out payments with each
other; these mechanisms, and existing payment systems that led to their development,
are discussed in Chapter 3.
22
Chapter 3
Payment System Design and
Implementation
In order to use Magenta to build economic agents that ultimately trade goods and
services in exchange for legal tender, it is necessary to implement a secure inter-agent
medium of exchange, or currency. Many electronic payment paradigms already exist,
so it would be preferable to build on past work and adapt an existing system for use
in agent economies. Since agents and their trading dynamics differ from humans in
many fundamental ways, though [26], the trade-offs involved in any particular system
may be slightly different and the design decisions for any particular system must be
re-evaluated in this context.
In this chapter, I analyze several types of electronic payment systems and discuss
the trade-offs for each when used in an agent economy. This analysis led to the
implementation in Magenta of a protocol similar to the IBM Micropayment Protocol,
formerly known as Mini-Pay [25]. The protocol was simplified and modified slightly;
and, in Chapter 4, I discuss the development of various mechanisms to strengthen
the protocol against a possible attack. Thus, this particular payment protocol as
implemented aims to provide a good balance between security and efficiency.
23
3.1 Previous work
Quite a few electronic payment systems have been developed in the last few years.
There are systems that electronically emulate cash and check transactions [34, 14,
2, 27]; there are systems that allow credit card numbers to be securely transmitted
over an insecure network [6]; and, there are systems that are optimized for making
frequent payments in very small denominations [25, 4]. There are even systems such
as the Java wallet [3] that coordinate several of the above systems, much as a physical
wallet can contain both cash and credit cards.
The analysis in this chapter divides electronic payment systems into three main
categories: card-based transactions, direct fund transfers, and micropayment sys-
tems. We describe how a simple debit- or credit-card based payment system uses
cryptography to securely transmit existing credit- or debit-card numbers over the
Internet. Direct funds transfers are also discussed; these are similar to debit-card
transactions except the customer or "buyer" is responsible for communicating the
transaction to the bank, rather than the merchant or "seller." Finally, micropayment
systems are, as the name implies, designed to perform better than card-based and di-
rect fund transfers for low-valued transactions; they involve either cryptographically-
unforgeable "coins," or "payment orders," which are cryptographically-signed forms
and work like checks. The main payment system implemented in Magenta was based
on a micropayment system to allow for the flexibility of low-valued transactions; other
reasons for the selection of the specific protocol used are given later in this chapter.
The goal of this chapter is to describe how to select and incorporate such a pay-
ment system into Magenta. Then, Magenta agents may securely exchange real goods
and services for "real money" -currency that can ultimately be converted into legal
tender.
3.2 Payment System Desiderata
Existing secure-payment systems often have the following goals in common:
24
" Non-forgeability: Users should not effectively be able to coin their own money.
* Efficiency: The incremental computation and communication overhead of pro-
cessing a payment operation should be small relative to that for the entire
transaction; and the economic cost of processing a payment should be small
relative to the value of the transaction.
" Integrity: Any use of money must be explicitly authorized by the user. Eaves-
droppers or dishonest sellers must not be able to forge payments from the user.
* Privacy: Users should be able to conduct transactions without revealing to
eavesdropping users what was purchased or how much money was spent.
* Non-repudiation: There should be a mechanism to prove at a later time that a
purchase was indeed authorized by the user.
" Fault-tolerance: A system crash should not result in any financial loss.
" Scalability: The efficiency or usability of a payment system should not be ad-
versely affected by its number of users.
Some payment systems also attempt to provide some degree of untraceability,
similar to that achieved with paper money [14]. Untraceable systems prevent a third
party that is indirectly involved in a transaction from revealing the identity of the
participants in the transaction; also, untraceable systems do not require a payer to
reveal his identity to a payee.
Any payment system implemented in Magenta must achieve as many of these goals
as possible. There are often trade-offs between how well each of these properties may
be reached; for example, trade-offs between efficiency, security, and privacy are com-
monplace in many different types of computer systems. Agents and their economic
dynamics fundamentally differ from people, though, which could result in a slightly
different evaluation of trade-offs involved with a payment system. For example:
25
* Agents, like other things on the Internet, might not always be traceable back
to their (human) owner. Therefore, the security of any agent payment system
should not depend on traceability.
" Agents can conduct transactions much faster than people can. People are lim-
ited by the physical speed at which they can exchange bills, swipe a credit card,
or click a mouse. Agents also do not get "tired" in this process. This amplifies
any potential for fraud when agents rather than people are the players in the
economy.
* The goods being traded among agents will often be information (news arti-
cles, images, stock quotes, etc.), with no external (non-agent) physical delivery
process.
For these reasons, agents may develop different spending patterns than people, and
the relative emphasis on each of the above payment system criteria may be different
when agents are the players in the economy. Efficiency, as defined previously, is
crucial. When delivery is completely on-line, delays from the payment system are
noticeable, and since transactions may have small dollar values, the payment system
must have a very small financial overhead for usage. Scalability is also very important
for any agent payment scheme, since each user could have a potentially large number
of agents participating in the economy.
3.3 Banks
The electronic payment systems discussed in this thesis assume the existence of some
trusted third party (TTP) to convert legal tender into electronic form and mediate
transactions. It is believed that no network payment system without such a TTP is
possible [29]. This TTP acts as a banking system, which maintains accounts for its
users, and may issue certificates and/or "coins." For our purposes, I define a "bank"
as any trusted third-party that keeps track of another party's currency and converts
between electronic currency and legal tender.
26
3.4 Credit and Debit Cards
Credit and debit cards provide one way of conducting electronic payments. Many
Web sites today accept credit card numbers for payment of physical goods, or for
paying monthly subscription fees for access to pay content.
To carry out an electronic payment using credit or debit cards, the payer gives
its card number to the payee, the payee contacts the issuing bank, and is credited
the amount of the purchase and notified accordingly. The purchase price is either
deducted from the payer's account or billed to the payer later, depending on whether
the card is debit or credit.
One could easily give an agent the capability to directly spend money from an
existing credit or debit card; the agent just needs to possess the card number in
its memory. Of course, to prevent an eavesdropper from obtaining the card number
or replaying it, these messages should be timestamped and sent over an encrypted
channel. SET [6] is another standard proposed for conducting secure electronic credit
card transactions.
Credit card transactions carry a financial overhead; credit card companies usually
charge a service fee for each purchase in order to offset the bank's risk of loss, since
in this model the bank assumes the risk of default for the merchant. This financial
overhead makes this approach inappropriate for small-valued transactions, where the
cost of performing the transaction is significant when compared to the value of the
transaction itself.
Also, unless the payer is strongly trusted, sellers ought to communicate with the
bank to approve each transaction at the time of purchase to ensure the card number
is valid.
One potential problem with credit card transactions in an agent economy is non-
repudiation. Although a payer could prove later that he did indeed make a purchase,
he could not prove that he did not make a purchase. A malicious selling agent could
collect card numbers, then make many false charges to the card. Or, a malicious
merchant could turn around and sell card numbers to other agents at a profit. In
27
human economies, the bank assumes the risk in such cases.
This problem can be overcome with payer-signed digital signatures and times-
tamps; SET [6] provides many of these safeguards. This would prevent merchant
replay and ensure that a card is only charged when explicitly authorized by the user
for a specific amount. However, this would make the system less efficient by requiring
that a merchant obtain approval for each transaction at time of purchase, and requires
that both the user and bank perform public key operations for each transaction at
the time of purchase.
Credit- and debit-card systems seem to be best suited for use in agent economies
only when the agents are making larger-valued purchases, where the financial overhead
to a merchant is small relative to the cost of the item purchased. In this case, a
merchant may be better off by paying the bank's service fee in order to protect itself
from incurring any loss due to fraud. An electronic credit- or debit- card system is
also difficult to defraud. In credit-based systems, of course, the human ultimately
responsible for paying the credit card bill could walk out without paying, but then
there would at least be a path back to human responsible, and existing legal structures
for dealing with such situations and imposing appropriate consequences.
3.5 Direct Transfers
A direct transfer is similar to a debit-card purchase, wire transfer, or electronic check
in many ways; the main difference is that here the buyer is responsible for telling the
bank to transfer funds, whereas in a debit-card system the seller does this communi-
cation with the bank. This is one possibility for how a direct transfer protocol might
work:
1. Buyer and seller have accounts analogous to checking accounts at a bank.
2. Buyer sends signed request for transfer to bank.
3. Bank deducts amount from buyer's account, credits seller's account.
28
4. Bank sends back signed receipt to buyer, which contains the amount paid, the
recipient's account number, and a unique identifier (either a nonce or times-
tamp). The identifier is necessary to prevent double-spending. Alternatively,
the bank could send the receipt directly to the seller as well.
5. Buyer gives receipt to seller, seller provides goods or services in return.
Aside from the slight differences in the flow of communication and currency, this
protocol is roughly equivalent to a debit-card system with respect to security and
efficiency. This protocol requires about the same amount of communication and
computation overhead as the a debit-card protocol, although checking for double-
spending is now the responsibility of each seller rather than the bank.
This system has some advantages over debit and credit cards. A payer could
obtain signed receipts for many purchases in advance as a batch operation, and then
no additional communication or signing needs to be done at time of purchase, resulting
in low communications overhead. In this system the payer agent also has immediate
proof that funds were transfered, whereas in a credit- or debit-card system the user
must wait until the bank issues a statement at the end of a billing cycle. And, the
bank is never' at risk for losing money, as it is in a credit-card system; thus there is
less financial overhead for conducting a transaction in this fashion. Because of the
lower financial overhead, direct transfers might be more practical than credit cards
for small-valued transactions. This system might thus be more useful to agents than
a credit- or debit-card based system.
3.6 Micropayments
As the name implies, micropayment systems are optimized for low-value transactions.
Micropayment systems are the functional equivalent of pocket change for Internet
commerce; such systems originated to satisfy the demand for a way to sell content
on the Web "by the click" profitably. When the value of a transaction is small (for
'Well, hardly ever.
29
example, under US$1), the amount of financial overhead involved in processing the
transaction makes it unprofitable for a merchant to accept credit cards.
Micropayments are generally like checks, in that the merchant accepts the respon-
sibility of loss, if any, due to payment fraud. For small-valued transactions, though,
this expected risk for any individual purchase is probably smaller than the financial
overhead of using a credit card.
Several micropayment systems exist and are in beta-test or production at this
time. In each system, buyers carry out their payments through software which acts
as their electronic wallet, and payments are received by similar software on the seller
side. All of these existing systems are believed to provide integrity and protect against
forging and counterfeiting.
3.6.1 CyberCoin
CyberCoin [1] is a commercial system developed by CyberCash.2 The exact details of
the protocol are uncertain, since it is not believed to be published. However, a high-
level summary of the protocol is available from CyberCash's web page; in general, it
works as follows:
1. The buyer sets up an account at CyberCash's headquarters, which acts as the
system's bank. The buyer puts money into this account through conventional
payment methods (credit card, check, etc.)
2. To make a purchase, the buyer creates a signed purchase order indicating the
amount to be spent, and sends it to the seller.
3. The seller forwards the purchase order to the bank; after verifying the order,
the bank transfers funds from the buyer's account to the seller's and issues a
receipt.
4. Seller delivers goods to buyer.
30
2http: //www. cyber cash. com
According to CyberCash's web page, the system uses cryptography for authenti-
cation and to protect from eavesdropping and replay attacks; the signatures used for
authentication also provide some degree of non-repudiation.
In this system, a consumer's "currency" exists in the central bank and not in its
own software. Thus, the system is fault-tolerant with respect to the user's software.
The system also scales well in space; each extra user adds only an extra bank
account to the system. However, the system does not scale well with respect to
time. The CyberCoin system is "cleared on-line," which means that the seller must
communicate with the bank at the time of each purchase, before completing each
transaction. The bank then becomes a central bottleneck in the system, and if many
people use the system or people make transactions frequently, the bank can get over-
loaded, hampering the efficiency of the system.
Further, the system requires that the user perform a public-key signature opera-
tion at the time of purchase for each item purchased. Although such operations are
computationally-intensive, the resulting computational overhead is generally small
relative to network latency; and signature re-use could be incorporated into this pro-
tocol to reduce the number of public-key operations required [25].
3.6.2 IBM Micropayment System
The IBM Micropayment System, as described in [25], is similar to CyberCoin, except
that payments are cleared with the bank "off-line"; that is, clearing with the bank
is deferred rather than done at the time of purchase. Also, the banks used by the
buying and selling agents may be different; the banks transfer funds between each
other, much like the system for clearing paper checks or credit card transactions
between banks.
The flow of data and currency in the IBM Micropayment System is approximately
as follows:
1. Buyers and sellers have accounts at some bank (TTP); these accounts are anal-
ogous to checking accounts. The seller's bank is referred to as the acquiring
31
bank.
2. The buyer's bank issues the buyer a timestamped and digitally-signed "daily
certificate" once per day or other fixed time interval. The daily certificate
contains a recommended consumer offline spending limit; each individual seller
is advised to verify funds availability if a buyer exceeds that limit with the
particular seller in that time interval.
3. Buyer transmits daily certificate along with a signed purchase request (analo-
gous to a check drawn on the account) to the seller.
4. If buyer has spent more than his recommended off-line spending limit on this
seller, seller checks funds availability with the buyer's bank. (This is referred
to in [25] as the extra-spending protocol.)
5. At the end of the day (or other fixed interval), the seller deposits all purchase
orders with its acquiring bank.
6. The seller can request information from its acquiring bank regarding the status
of which purchase orders are cleared, rejected, or pending with the buyer's bank.
Because of the way it uses signatures, the IBM Micropayment system satisfies
the non-repudiation property. Like CyberCoin, currency exists in the user's bank
account until a payment order is cleared with the bank; so, no money is lost if the
user's software crashes.
Since payments are cleared off-line, IBM's system is more efficient than CyberCoin
since it is not necessary to wait for purchases to clear with the bank before completing
a transaction. Like CyberCoin, the user must perform a single public-key signature
operation at the time of purchase; again, according to [25], the time to perform this
operation is not significant compared to network delays, and signature-reuse could
reduce the number of signatures required. There is some additional overhead from
obtaining a certificate, but this overhead is amortized over a potentially large number
of purchases.
32
The IBM system also scales very well. It scales better than CyberCoin in time,
since the bank is not as much of a bottleneck; purchases are cleared off-line, and mul-
tiple banks can exist in the system. Clearing off-line also results in smaller latencies
for transactions, since merchants do not need to communicate with the bank after
every purchase.
While off-line clearing alleviates the central bottleneck of communicating with
the bank, it introduces a new and interesting problem. Each seller runs the risk of
losing up to the off-line spending limit times the number of buyers with which it
does business, if a dishonest buyer spends an amount under its offline limit in enough
different places such that it exceeds its available funds. This weakness is called the
thousand-merchants attack [25]. In a large and busy economy, though, the small risk
may be worth the improved efficiency over an on-line system, and the risk can be
further limited through various randomized mechanisms, as I show in Chapter 4.
3.6.3 eCash
DigiCash's 3 eCash system [2] is based on the work on the work of Dr. David Chaum.
The eCash system is designed to be untraceable, just like paper cash; the act of
depositing money into a bank or showing it to any third party does not reveal any
information about where the money came from. While eCash is not exclusively a
micropayment system, it can be used as such; it also has the property that all parties
in the system can use the same software to be buyers and sellers at the same time.
The eCash system workings are described in [19]. The system is based on "coins,"
which are very long numbers cryptographically signed by a bank. Since the coins are
signed, they are difficult to forge. These coins are stored in the user's purse software.
The flow of data and money in the protocol is as follows:
1. To obtain coins, the buyer creates several long random strings, "blinds" them
[13], and sends the blinded strings to the bank.
3Since the writing of this thesis commenced, DigiCash has filed for a Chapter 11 reorganization.The technology, however, remains relevant to the discussion.
33
2. The bank creates coins from the buyer's blinded strings by assigning a value to
each with a digital signature. The bank sends these blinded coin back to the
buyer.
3. To spend the coin, the buyer unblinds the coin received from the bank, and
sends it to a seller.
4. The seller verifies the validity of the coin by depositing it into the bank before
completing the sale.
Because of the blind signature scheme used, coins are untraceable; when the bank
receives a deposited coin it cannot link it to the user who spent it.
There can be more than one bank issuing coins in this payment protocol, but each
coin must ultimately be deposited at the bank of its origin. Each bank keeps a central
database of coins that are deposited so that a coin may be spent only once.
Although coins are stored in the user's software, the software that runs the bank
does allow the recovery of coins lost in a system crash; thus the system is fault-
tolerant, although such a recovery requires surrendering anonymity [18].
E-cash is cleared on-line; since coins are untraceable, an off-line system would
create an enormous temptation to write dishonest purse software to double-spend
coins. However, it is possible to create coins in such a way that their owner's identity
is revealed if only if the coins are spent more than once [14]. Nonetheless, off-line
clearing would still allow an attack similar to the thousand-merchants attack described
above.
The main problem with eCash, though, is that it does not scale well [8]. Since
each bank keeps a central database of spent coins to prevent double-spending, this
central database must expand every time a coin is spent, and can never get smaller. In
a large economy with many purchases, this database could explode beyond control.
Alternatively, banks could construct timestamped coins that expire after a certain
time interval; a bank would then only need to keep track of a smaller, finite number
of unexpired coins. This database could still be large, though, and consumers would
34
need to renew unspent coins periodically; renewing unspent coins could result in
significant network usage.
3.6.4 MilliCent
The MilliCent protocol [4], developed by Compaq's Digital Equipment Corp.4 , is
another micropayment protocol. A description of the protocol is available in [5].
MilliCent uses scrip, which is similar to the electronic coins used in eCash. Each
piece of scrip is a cryptographically-secure, unforgeable string that carries a value,
like an electronic coin; each piece of scrip is only usable with one particular seller,
though. Pieces of scrip can thus be thought of as electronic "IOUs" with small dollar
values. Purchases are made with MilliCent as follows:
1. Buyer purchases scrip from a scrip broker for each seller with which he wishes
to do business. This is similar to buying coins from a bank, except the act
of buying scrip actually transfers money from the user to a particular seller's
account. Since the funds transfer has already occurred, the seller will not need
to communicate with the bank to receive payment after the transaction.
2. To make a purchase, the buyer sends scrip to the seller.
3. The sellers verify their scrip and complete the transaction. Again, since the
funds were already transferred during the scrip purchase, the seller does not
have to clear the transaction with the bank.
According to [5], MilliCent is not fault-tolerant; if the user's wallet software
crashes, the value of the scrip is lost. For this reason, the software currently only
allows each user to hold US$50 in their wallet at any given time, to reduce this
possible loss.
MilliCent scales well, like CyberCoin and the IBM Micropayment System. It is
also efficient, because it does not require the user to perform any signature operation
35
4http: //www. digital. com
Non-repudiation Y Y Y Y N Y
On/Off-line N/A N/A On Off Mixed OnSignature operations > 2 3 2 < 1 < 1 1
Scales well? Y Y Y Y Y NFault-tolerant? Y Y Y Y N YVulnerable to TMA? N N N Y N NTransaction Size > $5 > $5 $0.25-$5+ $0.01-$5+ 1 $0.001-$5+ "any"
Table 3.1: Properties of Existing Electronic Payment Mechanisms
CC: CyberCoin; IBM MP: IBM Micropayment System; MC: MilliCent; TMA:Thousand-Merchants Attack. All dollar amounts are US currency. The eCash systemis assumed to be cleared on-line.
at time-of-purchase, nor does it require the seller to communicate with anyone to
verify it. However, this lack of a clearing process means that non-repudiation is not
possible; that is, it is not possible for a consumer to prove that a payment was indeed
made.
Since scrip is only good with one particular seller, the thousand-merchants attack
on off-line cleared systems is avoided. However, if the user makes a few purchases
with many sellers, it essentially becomes an on-line system, and therefore less efficent;
since the user must communicate with the scrip broker once for each merchant with
which it wishes to do business.
3.7 Evaluation and Adaptation of Existing Sys-
tems
Of the existing payment systems examined and summarized in Table 3.1, it seems
that a micropayment system is better suited for use in an agent economy, because it
allows small-value (under US$5) transactions with little financial overhead. Credit-
and debit-card systems are appropriate for larger-valued transactions. In practice,
different payment systems can peacefully co-exist, and in a truly open economy of
agents, market forces would determine which systems would be used in any given set
of circumstances.
36
Property Cards Direct CC IBM MC eCash
The IBM Micropayment System and CyberCoin seem to be the best suited for
use in an agent economy. eCash is not appropriate because of its poor scalability.
However, some agent owners may wish to have a system like eCash at their disposal
when they specificially wish to perform untraceable transactions. MilliCent is not
appropriate because of its poor fault tolerance and lack of non-repudiation.
Since the details of the CyberCoin protocol are not known at this time, the main
payment system implemented in Magenta is based on IBM's system. However, one
may also create a payment system similar in spirit to CyberCoin by making an on-
line clearing version of IBM's system. The system implemented in Magenta allows
merchants to decide for themselves how often agents should clear orders.
3.7.1 On-line Clearing vs. Off-line Clearing
There are substantial trade-offs between clearing on-line and off-line. Off-line clearing
provides significantly better efficiency because there is no single-point bottleneck at
time of purchase. Off-line systems also ensure that a transaction can be completed
even if the connection to the third-party bank fails. On the other hand, off-line
systems also involve a risk of loss on the seller's side due to fraud. This risk of loss is
the thousand-merchants attack described previously.
If a buyer were to mount the thousand-merchants attack, it would be caught when
the sellers do clear all of their payment orders or coins and discover that their orders
"bounced" due to insufficient funds or double-spending. Then, the bank would refuse
to issue another certificate or more coins to the buyer, preventing the buyer from
further using the system until the buyer paid the amount defrauded from the sellers,
plus a possible additional penalty.
Agents, however, escalate the potential risk from the thousand-merchants attack.
First, they can make purchases much faster than people, and from many different
places simultaneously, whereas the human-computer interface is inherently serial and
limited by relatively slow physical processes such as the human nervous system; this
limits the amount of money that a person can spend through low-value purchases,
fraudulently or otherwise. Second, since agents are computer programs themselves,
37
they do not need an interface to a payment protocol, but may implement the payment
protocol directly; and since agents directly send messages to each other, they may di-
rectly create and send unredeemable payments since they have no interface restricting
what messages they can send. Therefore, there is a considerable risk involved with
using an off-line payment system in an agent economy.
However, if the majority5 of agents in the system are honest, agents are better off
clearing small-valued purchases off-line, when the risk of loss on any given transaction
is very small compared to the overhead of clearing it on-line. On-line clearing may
then be reserved for larger-valued purchases. From CyberCoin's6 and IBM's 7 web
pages, it appears that any purchase with a smaller value than US$0.25 should be
cleared off-line. Since the risk of loss due to even such small-valued transactions
could still add up to a significant sum, in Chapter 4 I discuss possible ways to further
limit the effects of the thousand-merchants attack with randomized mechanisms.
3.8 Payment System Implementation
3.8.1 Supported Protocols
I implemented a set of common message forms in Magenta so that our agents can
conduct payments using both a direct-transfer system (Chapter 3.5) and a micropay-
ment system similar to the IBM Micropayment System described in Chapter 3.6.2.
In addition, a bank agent was also implemented to act in these payment protocols.
The direct transfer protocol is implemented exactly as described in Chapter 3.5.
The micropayment protocol is implemented almost as described in Chapter 3.6.2,
with some notable exceptions.
e Both parties involved in a transaction must have an account at the same bank.
This obviates the need for an inter-bank clearing protocol and also allows im-
5If this were not the case, then no one would ever make money by selling anything, and theeconomy would not be of much use to anyone
6http: //www. cybercash. com7http: //www.hrl. il. ibm. com/mpay
38
mediate verification of deposits.
" There is also no system-wide requirement or policy regarding when selling agents
must clear their collected purchase orders. Sellers are free to program their
agents with arbitrary clearing strategies. The test sellers I implemented have
easily-configurable on-line clearing frequencies, and clear all other orders upon
receiving a signal that the current simulated time period has ended. This vari-
ability in clearing frequency allows the implementation of the randomized clear-
ing strategies discussed in Chapter 4.
" Upon discovering that an account is overdrawn, the bank agent may send a
message to the Sheriff agent to terminate the offending agent's execution if
possible, and/or the Reputation agent to publish this information.
A typical transaction between a buyer B and seller S using the micropayment
system as implemented is as follows. X -+ Y denotes a message transfer from
agent X to agent Y. The GetPrice (x) message is a request for the price of item x;
PurchaseItem(x) initiates a purchase of item x. The RequestForPayment from the
seller tells the buyer about the purchase price and the payment methods accepted,
and the buyer sends the payment in a Payment message.
1. B --+ : GetPrice (news)
2. S -+B :Price(news, $0.04)
3. B - S: PurchaseItem(news)
4. S B : RequestForPayment($0.04, (micropay, BankName, AccountB),
(direct, BankName, AccountB), (cash))
5. B -S S: Payment (micropay, certificate, order)
6. S -B: Item(news, "I am a news article...")
7. (At some later time) S -+ Bank : Deposit (orderi, ..., order, order,+, ... )
39
In this example, A is buying an item called news from B for $0.04. After com-
pleting the purchase, the merchant agent clears the purchase order with the bank at
some arbitrarily soon point in the future.
3.8.2 Bank Agent
Agent economies need a mechanism for transforming real money from their human
owners into agent currency, and a trusted third party to mediate currency transac-
tions. The solution is to have a bank, like the banking systems discussed above, which
is an agent itself, or at least possesses agents in the system so that the bank appears
to be "just another agent" from an agent's perspective. In an agent economy, just as
in a human economy, there may be multiple banks in competition with each other,
offering services such as loans and interest-paying savings accounts to other agents.
I implemented a bank agent to maintain accounts for agents in the system. Ac-
counts are indexed by an account number, and each account has a public/private key
pair associated with it. Accounts belong directly to the agents themselves, and to
their owner indirectly; however, it is possible for multiple agents to share a "joint"
account if each agent possesses the account number and private key in its internal
store. All requests to the bank agent are signed with the account's associated private
key. The bank itself has a public/private key pair for setting up encrypted private
channels and authenticating itself to other agents.
Since at present Magenta is just a research prototype, there is no connection to
real money at this time. So, for experimental purposes, at this time the system
operators can put arbitrary amounts of money in each agent's account.
In practice, a user would transfer wealth to his agents by providing the bank agent
with billing information, either a credit/debit card number or a checking account
number, or by transferring funds from another bank agent. This initial transfer of
wealth into the agent economy would, under normal circumstances, reveal the identity
of the human agent owner, unless the bank agent accepts cash deposits or transfers
from anonymous ("Swiss") bank accounts. When there are multiple bank agents, an
agent owner could anonymize or "launder" money by transferring funds directly from
40
one bank agent to another; the first bank does not necessarily reveal the identity of
the human owner to the second bank. Under such circumstances, there is still a trail
back to the human owner; following it, however, requires the cooperation of more
third parties.
3.9 Summary
There are currently two payment mechanisms implemented in Magenta: a micropay-
ment system based on IBM's Micropayment System, and a direct-transfer system.
Many existing payment systems were explored and evaluated in the context of an
agent economy. IBM's system was used as a model because of its efficiency, with
respect to both purchase time latency and low financial overhead with small-valued
transactions, and its scalability. The direct-transfer system would be more appropri-
ate for larger-valued transactions. The required infrastructure for both systems was
implemented in Magenta; this included a set of message forms and a bank agent.
41
Chapter 4
Solutions to the
Thousand-Merchants Attack
Sellers using the implemented micropayment scheme face a risk from the thousand-
merchants attack if they do not clear purchases on-line. This attack occurs when
a dishonest consumer agent spends an amount under its recommended offline limit
with enough different sellers such that some purchases will be unredeemable due to
insufficient funds.
In this chapter, I discuss a number of different social control mechanisms for im-
proving the limit on each merchant's risk due to fraud in IBM's micropayment system,
while preserving the efficiency of off-line clearing. These schemes do not completely
eliminate fraud, which could be accomplished with on-line clearing at the expense of
increased transaction delay; rather, these schemes aim to detect agents conducting
fraudulent transactions and to stop them from conducting further transactions.
Such schemes would be valuable not only to protect merchants, but also to protect
customers. By limiting the number of unredeemable transactions that a consumer
agent could conduct, one also limits the extent to which a user's buying agents can
accidentally overdraw an account, perhaps due to a programming error. Such an
error, if unchecked, could result in substantial financial loss for the customer.
42
4.1 Required Identity
Merchants could limit their risk from the thousand-merchants attack simply by choos-
ing to engage in off-line cleared commerce only with banks that can (and will) trace
the identity of human agent owners in the event that payment orders bounce. Then,
in the event that agents overdraw their accounts, their owner can be located and
required to pay all the bounced payment orders and possibly an additional fine or
penalty. There are existing remedies in the human legal system for such situations,
provided the user's identity can be established.
This restriction is a form of social control, since it does not eliminate the pos-
sibility of attack; rather, such a restriction would deter people from programming
their agents to engage in such behavior. There are several shortcomings with this
solution, however. First, since the agent economy is an open system, agents and their
human owners may cross both state and international boundaries, which might make
it difficult to rely on existing legal systems. Second, such a scheme eliminates the
possibility of making unconditionally anonymous transactions. Third, the overhead
of tracing an agent's human owner and then recovering the loss due to fraud from it
might not be worthwhile if each individual dishonest agent owner only contributes a
relatively small amount of fraud to the economy. Thus it did not seem worthwhile to
implement such a policy in Magenta.
4.2 Random Clearing
I designed and implemented a system where each seller clears a randomly-selected
portion of their received purchase orders on-line, which could limit each seller's risk
to less than the recommended off-line limit for each consumer agent. This system is
also a form of social control because it does not completely eliminate fraud; rather,
this system attempts to detect fraud in progress and prevent the responsible agents
from performing further transactions.
Although there is a cost associated with any on-line clearing, only a fraction of
43
each merchant's transactions are cleared on-line. Since funds are deducted from an
agent's account with some probability on transactions with any selling agent, it may
be possible for a individual selling agent to detect a fraud in progress and then refuse
to accept further orders from that consumer. This could limit the risk for each seller
below the recommended off-line limit for each consumer.
Let us analyze what happens in the above scheme when executed over a finite time
interval. Assume that consumers each engage in a certain number of transactions
in this interval, and pick a merchant for each trade at random. Let there be D
dishonest consumers in the system at the start of this interval, and S sellers, each
of which completes T total transactions. The number of transactions T that each
seller completes is directly proportional to the total number of consumer agents in the
system; thus the number of total consumers in the economy is not explicitly referenced
in the analysis. Let us make the simplifying assumptions that all goods have the same
purchase price Cf, and that attempting to clear an individual transaction always costs
C. Assume that each merchant agent "cooperates" in the scheme by clearing any
given transaction with probability pc. Each transaction is an independent trial.
A merchant would like to minimize both its loss due to fraud and its cost of
managing fraud. The total cost is the sum of costs incurred for clearing transactions
and the losses due to each dishonest agent's unredeemable orders. Because of inde-
pendence, the average loss incurred by each merchant agent for clearing transactions
is
Costclear = TpcCc. (4.1)
A selling agent "catches" a dishonest consumer when a merchant attempts to
clear a purchase order after the issuing consumer agent's bank balance has been run
down to zero. In the meantime, though, each merchant retains the greater portion
of purchase orders from this consumer for later clearing; many of these orders will
ultimately be unredeemable. Merchants discover these orders are unredeemable upon
a later attempt to clear with the bank.
44
Let us calculate the amount of loss that a single merchant experiences due to these
unredeemable orders from a single dishonest consumer agent. These orders can be
divided into two sets and combined later: the first set consists of those orders issued
before the consumer agent's balance has been used up, and the second set consists of
those issued afterwards.
First, we calculate the number of unredeemable orders in the first set. Let B
be the number of purchases that a particular consumer can have cleared before its
balance runs out; again, for this analysis, we make the simplifying assumption that
B is the same for all dishonest consumers. Since merchants clear any given purchase
with probability pc, each dishonest consumer can then expect to make B/pc total
transactions before its balance runs out. Because each purchase is made with a
uniformly and randomly selected seller, each seller will have saved B/Spc of these
purchases for later clearing in the first set.
Next, we calculate the number of unredemable orders in the second set. Each
seller will still continue to accept purchases from this consumer after its balance
runs out until the individual seller performs a clearing operation with the bank and
discovers that the consumer has no money. Since each seller clears any transaction
with probability pc, the seller then expects to enqueue 1/Pc transactions in the second
set.
Adding the two sets results in each seller expecting to allow B/Spc +1/Pc unre-
deernable transactions from each dishonest consumer agent. Given that there are D
dishonest consumer agents, and the loss to any given unredeemable payment order is
the purchase price Cf, the total expected loss that one particular merchant will incur
over the time interval, for all dishonest agents in the system, is
DCff (B/S + 1). (4.2)
Pc
In practice, this quantity would not exceed DLd, where Ld is the recommended offline
spending limit for each consumer. The only value for pc that would result in exceeding
DLd that is germane to the analysis is Pc = 0. Any other such value will result in a
45
greater clearing cost with no benefit to the merchants in the economy.
The total expected loss to clearing and fraud is the sum of formulas 4.1 and 4.2,
because of independence. Thus the total average cost per merchant is
Cost = TpcCe + min( PC (B/S + 1), DLd).pc
Now, we find the optimal value for Pc. This equation is of the form y = ax+b/x+c,
which has a single minimum over the interval x > 0 where y' = 0. We find the optimal
pc by solving this differential equation and comparing the resulting cost (if there is a
solution over 0 < x < 1) with the cost at Pc = 0 and Pc = 1. Solving y' = 0 yields
x = ba, which is
DCf(B/S + 1)TCc
First we consider the case where x < 1. Plugging Pc = x back into the cost formula,
the expected total cost per merchant is
Costmin = 2VDTCcCf(B/S + 1).
The expected cost to each merchant agent if Pc = 0 is DLd, where Ld is the recom-
mended off-line limit per dishonest consumer; if Pc = 1, the cost is TCc. Algebraically,
it is worthwhile to use this scheme (i.e., pc, = x) if and only if
2VDTCcCf(B/S +1) < DLd
TCeCf B TCCf5SD D
and
2VDTCcCf(B/S+1) < TCc
2 DCf B DCfSTC TCe
46
Since we assume that always clearing on-line is expensive, the second half of this
condition should almost always be met.
Similarly, if x > 1, p,,t = 1 if TCc < DLd, and 0 otherwise.
It can be seen from the above formula that this random-clearing scheme is worth-
while if a large number of merchants participate, or if there are many dishonest
agents in the system. However, in the likely event that T/D is large, the scheme is
not worthwhile participating in regardless of how many other merchants are involved.
Also, it is important to note that the optimum probability is dependent on quantities
(T, D, B) that are initially unknown, and must be measured or "learned" over time.
We also observe that, if p,,t > 0, the cost under this scheme scales with the square
root of D, whereas the maximum cost with no clearing scales linearly in D. Thus
this scheme succeeds in improving upon the cost of managing fraud asymptotically.
4.3 Random Clearing with Termination
The above scheme can be further strengthened if there is a Sheriff agent that can
terminate agents that attempt to bounce payment orders on behalf of the Bank agent.
This would make a random-clearing scheme more beneficial, because merchants do
not individually have to catch each dishonest consumer through clearing-once any
merchant detects a fraud in progress, the consumer agent is immediately prevented
from carrying out further transactions with any merchant.
Theoretical Analysis
Analysis of this scheme is identical to the original random clearing scheme, except the
(B/S + 1) term becomes B/S. A dishonest consumer is effectively removed from the
economy when any merchant attempts to clear one of its fraudulent purchases; the
'If T/D were not large, then there would be little incentive for people to put agents in theeconomy in the first place.
47
dishonest consumer does not have to be "caught" by each individual merchant. Thus,
each dishonest consumer can now only expect to make B/Spc transactions with each
seller. There are zero transactions in the "second set" described above.
The total cost as a function of clearing probability is now
Cost = TpcCe + min(DCf (B/S), DLd).Pc
The optimum Pc is now either 0, 1, or (, where
DCf BSTCc
Plugging in pc = results in a cost of
Cost =2 DTCCf5B/S.
Again, the minimal loss under this scheme scales with the square root of D rather
than linearly. Similarly, the system is worthwhile if and only if
2 DTCeCfB/S < DL,
2 TCcCf B < Ld-2 SD
and
2 DTCcCf B/S < TCc
2 CfB < 1STCc
-2 < 1
==- < 1/2.
If both conditions are met, then pe= (, and the scheme is worthwhile. If the first
condition is not met, then p,,, = 0, and the scheme is not worthwhile. If the second
is not met, pc,,, = 1, which means that always clearing off-line is better than random
48
clearing. As before, if (> 1, pcopt 1 if DLd < TCc and 0 otherwise.
From this analysis, one can see that the scheme is worthwhile if S is large. Re-
gardless of what all other system parameters are, there is always some value So for
which the scheme is worthwhile if S > So. This means that this scheme is more
generally useful than the pure random clearing scheme in Section 4.2.
Experiments
I evaluated both the above random-clearing with termination scheme and the random-
clearing with reputation scheme discussed below by simulating a Magenta cluster with
the required service agents (Bank, Yellow Pages, Sheriff) and merchant and consumer
test agents, which engaged in trade using the implemented micropayment system. The
value of pc for each selling agent could be configured by the operator of the simulation;
consumers had configurable initial balances and could be configured to be "honest"
or "dishonest." The agents were instrumented to report how much money they lost
to fraud, and how much they spent performing on-line clearing operations. I assigned
a cost to a single act of on-line clearing to simulate the financial loss associated with
slowing business due to the overhead of clearing. The parameters B, Cf, Cc, and T
are random rather than fixed, and are generated independently with each transaction
from binomial or Gaussian distributions.
The experiments verify the analysis of the scheme's viability; given fixed average
system parameters for some time interval, we measured the combined loss due to fraud
and the cost of clearing as a function of clearing probability. In this experiment, all
merchant agents cleared with the same probability. The results of this experiment
are shown in Figure 4-1; the experimental result is remarkably close to the simplified
theoretical expectation in spite of discretization and randomization effects. I also
experimentally verified the effects of varying D (Figure 4-2), S (Figure 4-3), and C,
(Figure 4-4).
49
0a
70
60
50
40
30
20 -
10
0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4Average System-Wide Clearing Probability
Figure 4-1: Average Cost vs. Clearing FrequencyTotal average cost of managing fraud (cost of clearing plus remaining loss to fraud) permerchant agent vs. system-wide clearing probability. Horizontal line is the averageloss with no clearing. Experimental parameters were T 200, D = 16, S = 100, Cc =0.5, Cf = 1, B = 4; o(T) 14.07, o-(Cf) = 0.33, o(Cc) = 0.15, o(B) = 2. Theoreticalpe,,P= 0.08.
160Experimental, 0 = 48 -e-Experimental, 0 = 32-+-
140 - Experimental, D = 16 -1--
120
100
80
a) ~- 80 -
< 60
40 -a k
20 - .....---------- --------------------- ----------oE__
00 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4
Average System-Wide Clearing Probability
Figure 4-2: Average cost vs. clearing frequency, for different values of DThe average loss each seller experiences increases linearly with D when pc = 0. How-ever, minimal loss to each seller only increases with the square root of D. IncreasingD also increases the optimal pc.
50
t
C)
70
60
50
40
30
20 -k ..-- ..- - ~ ......
10 -
00 0.05 0.1 0.15 0.2 0.25 0.3
Average System-Wide Clearing Probability
Figure 4-3: Average cost vs. clearing frequency, forIncreasing S decreases the optimal pe, and also lowersmerchant. The value of S does not affect the cost to each
140
120
100
0
a)tM
80
60
40 - ----a--- . -- ---
00 0.05 0.1 0.15 0.2 0.25 0.3
Average System-Wide Clearing Probability
0.35 0.4
different values of Sthe minimal cost to eachmerchant when pc = 0.
0.35 0.4
Figure 4-4: Average cost vs. clearing frequency, for differentIncreasing Ce decreases the optimal pc, and raises the minimal cost
values of C,to each merchant.
51
4.4 Random Clearing with Reputation
There may be certain circumstances where terminating dishonest consumers may not
be possible or desireable. For example, a Magenta cluster may lack an "honest"
sheriff agent that responds appropriately to signals from a bank. Or, it may simply
be undesireable to stop an agent from all forms of computation when the goal is only
to stop that agent from creating more unredeemable payment orders. The following
scheme attempts to achieve the same goal of limiting both fraud and the cost of
managing it, by taking a less direct action against dishonest consumers.
Let us consider the case where, again, selling agents clear some fraction of purchase
orders at time of purchase; but, rather than having the bank terminate a dishonest
consumer agent when "caught," the bank instead reports to a reputation agent. Sell-
ing agents can then, with some probability pr, issue the reputation agent a simple
query asking whether or not a particular consumer agent has run out of money.
Verifiying a consumer's solvency still carries some cost Cr, though this should
be a less costly operation in the general case than clearing with a bank. First, this
check is a simple read-only operation, whereas clearing with a bank is a combined
read-and-write operation. Second, this "reputation" information can exist in multiple
locations, to reduce network congestion. In contrast, clearing operations necessarily
involve a specific bank agent. Thus, we can make the assumption that C, < Cc.
The reputation agent in this scenario acts as a negative reputation system or black-
list, where merchants assume that a consumer is solvent unless the bank has reported
otherwise. The success of such a negative reputation system depends on it being diffi-
cult for an agent to change its identity [29]; for the purposes of this payment system,
an agent's identity is the account number on its bank-issued certificate. Changing this
identity would require moving funds to a new bank or account, and receiving a new
certificate. For this reason, banks could prevent such identity changes in practice by
not allowing such a direct funds transfer while there is a valid outstanding certificate
on an account.
Intuitively, if C, is close to Cc, this scheme performs identically to the random
52
clearing scenario in Section 4.2. Likewise, if C, is very small relative to Cc, the scheme
performs similarly to the random clearing with termination scenario (Section 4.3).
The removal of dishonest consumers from the economy is equivalent to the ability
for merchants to check for free whether or not any given customer has ran out their
balance. Of course, the latter checking operation can never be truly free, since it
requires some action on the part of the merchant, whereas termination is passive,
requiring no action.
Analysis
The analysis is again almost identical to that in Section 4.2 and 4.3, except that
now there are two concurrent random processes. Merchants attempt to clear each
transaction with the bank with probability pc; if a merchant does not elect to try
clearing a given transaction, it will check the customer's zero-balance condition with
a reputation agent with the conditional probability pr. Processing T transactions
now results in an expected loss of T(pr(1 - pc)C, + pcCc).
The expected amount that each selling agent will lose to each dishonest consumer
due to fraud until catching it is, again, the sum of the expected loss until the con-
sumer's balance is run out, plus the expected loss between the consumer's balance
being run out and the discovery of the condition. The expected loss that a single
merchant will experience due to a single dishonest consumer until its balance is run
out is, as before, Cf B/Spc. The probability of detecting the zero-balance condition
after it is reached is Pd, where Pd is the probability that, on a particular transaction
from a consumer with a zero-balance, the merchant will either clear with the bank, or
check with a reputation agent. Thus Pd = Pc + Pr - PcPr. Therefore the expected loss
for a single merchant resulting from a single dishonest consumer between balance de-
pletion and detection is Cf/(Pc+Pr-PrPc). Again, this total loss due to unredeemable
orders is bounded by Ld for each dishonest consumer. Because of independence, the
total expected loss experienced by a single merchant as the result of all dishonest
53
consumers in the economy is
B1Cost =T(Crp,(1 - pc) + Cepe) + min(CfD( + PrDL-).
Spc Pc + P, - pr pe
It is possible to optimize the cost for Pr in terms of pc; the optimal Pr will either
be an endpoint of the interval [0, 1], or a solution to dc"ot = 0, which isdpr
DCf Pcp t = - (4.3)
TCr(1 Pc) 1 pc(
Solving for both optimum probabilities simultaneously is difficult because a quartic
equation results. This makes it difficult to make the same kind of cost-benefit analysis
shown in previous sections. However, it is possible to confirm our intuition above from
the cost formula. If we take the limit of the total cost as Cr goes to 0, the optimaldthe optimal pc is Df B the same as it was in Section 4.3. Figure 4-5Propt =1, and teoimlpisVSTCC'I
shows the results of an experiment to validate this intuition.
In closing, if the cost of checking a consumer's reputation is very small, reporting a
consumer's intent to overspend its balance to a reputation agent is a viable alternative
to termination.
4.5 Game Theory
The analysis of the three above random-clearing schemes all assume the cooperation
of all sellers in the economy, where a selling agent "cooperates" by clearing with
the optimal probability defined in each section. This frequency is, however, a social
optimum, or the optimal clearing frequency for an individual seller assuming that all
other sellers clear with the same frequency. An individual seller may, however, incur
a smaller loss to managing fraud (and thus earn a greater profit) by "defecting," or
clearing less frequently.
In the pure random-clearing scheme, an individual selling agent's best strategy
depends on what all the other selling agents in the economy do. There is no incentive
to be the first seller to cooperate in this scheme, since the benefit to that particular
54
100With termination (Cr = 0) -o--
Cr =0.01 -Cr 005 o-Cr= 01 x
Cr =0.15-~80 Cr 02 1 -
Maximum with no clearing
40 --20 -- -
40
.. ................... . .. ...... ..... ....
20 ..........
20
0 0.1 0.2 0.3 0.4 0.5 0.6Average System-Wide Clearing Probability
Figure 4-5: Average cost vs. clearing frequency, for different values of C,This experiment uses similar parameters as shown in Figure 4-1 except Cc = 0.1;o-(C,) = C,/10; and the optimum p, as a function of pc, given by Equation 4.3, isalways used. When C, is very small relative to Cc, the minimal cost as a function ofclearing frequency is almost identical to the termination case (C, = 0). Higher valuesof C, result in a higher minimal cost, which may still be smaller than that with noon-line clearing. Raising C, beyond some threshold renders the scheme unprofitable.Note that the empirical pe,,c does not appear to vary much with C, provided thatpeo,, > 0; thus peopt could be approximated with the boundary case (C, = 0) inpractice.
55
agent does not outweigh the cost if no other agents cooperate. On the other hand,
if a critical mass of other selling agents in the system cooperate, it is in the best
interest of an undecided merchant to also cooperate, since it will then do better than
by not clearing at all. If we treat an individual agent's clearing decision as a game
between the agent and all the other agents in the economy, where the players must
decide between cooperating and defecting, as defined above, then there are two pure-
strategy Nash equilibria [36] in the game: either all agents cooperate, or all agents
defect. There may also be mixed-strategy Nash equilibria in this game; this is an
open question for future research. Since merchants are each trying to maximize their
own profits, though, no merchant programmed to act rationally will be the first to
cooperate in this random clearing plan, and the all-cooperate Nash equilibrium would
probably not be observable in practice.
The random clearing schemes with termination and reputation create social dilem-
mas [22] or free-rider problems [36] for the selling agents in the economy. Unlike the
pure random clearing scheme, in which an agent must cooperate to enjoy the benefits
of other agents cooperating, a defecting agent becomes a free-rider in these schemes
and may profit from other agents cooperating, without incurring the cost for coop-
eration itself. But if all agents choose to be free-riders and defect, they all do worse
than if they had all cooperated.
For example, in the case of termination, dishonest consumers are effectively re-
moved from the economy when caught; sellers are thus protected from these consumers
whether or not they aid in the policing effort. In the case of reputation, the same holds
true for the clearing decision; although there is still a cost for checking reputation, a
seller only benefits from the cooperation of other sellers if it individually verifies its
customers. In this scheme there would be a temptation for selling agents to use only
the reputation agent and not to clear any purchases with the bank.2 An individual
selling agent thus always turns a higher profit in these schemes by defecting from the
clearing decision no matter what all other selling agents do. If the clearing decision
2Note that checking reputation is a read-only operation that does not affect other sellers'strategies.
56
Agent A Cooperates
Agent A Defects
All other agentsCooperate Defect
15.53 57.37
7.73 47.21
Table 4.1: Experimental cost matrix for random clearing with terminationThis experiment used the same parameters as given in Figure 4-1. Each element inthe table shows how much an individual agent A spends to manage payment fraud(clearing cost plus loss to fraud) depending on whether it "defects" or "cooperates"in the random-clearing scheme, and whether all other agents defect or cooperate. Theexperiment shows that the individual agent A is always better off defecting regardlessof what the other agents do.
is again treated as a game, the only pure-strategy Nash equilibrium is for all agents
to defect; but again, if all agents defect, they all do worse than if they all cooperated.
This can be demonstrated mathematically. Consider the random clearing with
termination case, where all selling agents but one cooperate. The average system-wide
probability that any given transaction is cleared is SjpPcopt. Now, the "defecting"
agent (one who does not participate in the clearing scheme while other agents do
participate) will only incur a cost of
DCfB DCfB SCOstdefect = = = DTCfCeB .
Sc (S - 1) DbC5 B /STCc -
It is thus beneficial to defect if
DTCfCcB < VDTCcC5B,S-1 \/5
which is always true if S > 2. Thus merchants benefit by defecting from this scheme
in every non-trivial economy. The results of an experiment illustrating this are shown
in Table 4.1.
57
4.5.1 Solving the social dilemma
Since competing merchants are unlikely to cooperate to implement the socially-
optimal solution to managing fraud on their own, we consider how they could be
encouraged to do so. This involves changing the payoffs in the merchant clearing
game, to make it less profitable to be a free-rider. The bank may take an active role
in changing the payoffs for selling agents. Some strategies that the bank may consider
in light of this issue include:
* Reward: The bank can reward merchants who catch dishonest consumers in the
act.
" Taxation: The bank can set some "optimal" clearing frequency and penalize
merchants who do not cooperate.
" Laissez-Faire: The bank could do nothing.
Of these possibilities, a taxation scheme seems the most promising. A reward
scheme requires that the reward money come from somewhere else, which would be
problematic if all selling agents cooperate. A laissez-faire approach is a valid strategy
on the part of the bank, but it is not a solution.
Experiments
I tested a taxation scheme in a simulation, where selling agents were taxed by the
bank based on the difference between a mandated clearing frequency and their actual
clearing frequency. The actual tax computed and charged for each selling agent was
T(pcopt - Pcactuai)K, where K is a tax rate constant.
When the simulated economy is run for multiple successive time intervals, it is
possible to program agents with an adaptive algorithm that adjusts its pc to minimize
its individual loss. The algorithm used here starts by clearing as infrequently as
possible and then adjusts pc to minimize the individual seller's loss. The selling
agents are aware only of their own profit or loss and do not have access to other
agents' clearing frequencies. Without a tax (K = 0), selling agents have no incentive
58
0.14
0.12 - -
Social Optimum ---
0.1 -
0.08
0.04
0.02
0 100 200 300 400 500 600 700 800Time
Figure 4-6: Average clearing probability of adaptive merchants vs. timeThis experiment used the same parameters as those in Figure 4-1, and shows theaverage clearing probability of merchant agents in the system as a function of timewith different tax rates. Random variations in the experiment cause the averageclearing probability to converge to a non-zero but small value with no tax. Smalltax rates result in convergence to sub-optimal frequencies, higher tax rates result infaster convergence to the optimum, and still higher tax rates result in overshootingthe optimum.
to clear any orders on-line. When K > 1, selling agents have an incentive to clear
with the socially-optimal frequency, and the average system-wide clearing frequency
should converge to the optimal value. This behavior can be seen in Figure 4-6.
The highest tax rate tested in the above experiment resulted in overshooting the
optimal pc, but it also resulted in the lowest cumulative cost of managing fraud in
the economy. Of course, if the bank reports this optimum frequency value, agents
that voluntarily abided by this clearing frequency rather than starting with a clearing
frequency of zero and adjusting it until finding the optimum, would have the lowest
cumulative loss, since they would not incur any tax (Figure 4-7).
The above experiments validate the argument that a taxation scheme effectively
discourages defection, by introducing a strong incentive to cooperate.
59
48000
40000
E
38000
36000
34000
32000 11 _ _ _0 1 2 3 4 5
Tax Rate
Figure 4-7: Cumulative system-wide loss for adaptive merchants vs. tax rateAfter 400 time steps, the highest tax rate causes adaptive agents to lose the least tomanaging fraud system-wide. But an economy where agents voluntarily abide by thesocial optimum (tax rate = 2) does even better (horizontal line).
4.6 Summary
A number of different policies to alleviate the thousand-merchants attack were dis-
cussed. The policy of requiring the ability to establish the identity of a consumer
agent's owner on request was deemed inadequate to solve the thousand-merchants
problem. Thus, several different varieties of random clearing schemes were discussed
to protect selling agents from this attack.
All three random clearing schemes discussed succeed in asymptotically curbing
each seller's maximum expected loss due to fraud; with no clearing, this loss scales
linearly in D, whereas with all three random clearing schemes the total cost of man-
aging fraud scales with the square root of D. All three schemes are beneficial under
certain circumstances. The random clearing with termination scheme is beneficial un-
der less restrictive conditions than the pure random clearing scheme, but the former
might not be desireable or possible to implement in practice. The random clearing
with reputation scheme is a compromise between the two other schemes. The pure
random-clearing scheme will not benefit any selling agents unless they cooperate and
share the cost of implementation; the other two random clearing schemes create a
60
social dilemma for the selling agents, and cooperation must be encouraged through
a taxation scheme. By using these random clearing schemes, selling agents may en-
joy the efficiency of off-line clearing while limiting their potential risk due to the
thousand-merchants attack.
61
Chapter 5
Managing Merchant Dishonesty
In this chapter I will describe the implementation of mechanisms that can be used to
discourage merchants from intentionally programming their agents to accept payment
and subsequently fail to deliver promised value. Such behavior would include non-
delivery, delivering the wrong merchandise or garbage, or misrepresenting the value
of an item. Agents implementing such behavior shall, for the purposes of discussion,
be considered "dishonest."
There are existing structures in human economies to prevent these behaviors. For
example, when a person buys something through mail order or over the Web, he uses
a credit card or check to pay for the merchandise, which is then delivered by some
common carrier. A side-effect of this delivery process is the existence of a (trusted)
third party who can later be called upon to verify that merchandise was or was
not received by the customer; this ability for a third-party to retrospectively verify
delivery is known as non-repudiation. A customer's credit card company may assume
liability for non-delivery or defective merchandise, and has the power to discourage
merchants from engaging in these practices by threatening to end the merchant's
ability to accept the card.
Managing these issues is complex in agent economies where agents only trade
information. When there is no external delivery process, it is difficult to prove in
an unmediated transaction that a particular piece of merchandise was or was not
received. It may also be occasionally difficult for agents to determine that the value of
62
an item was misrepresented (false advertising) [28], or distinguish between a valuable
piece of information and one of poor quality. Non-delivery can be seen as a special case
of this instance, where the quality of the received data is zero; however, agents can
always detect non-delivery without intervention from their owners, while on occasion
humans must serve as the ultimate judges of information quality.
In general, it is impossible to completely eliminate fraud in an agent economy
[28]. However, it may be possible to limit the extent of such fraud. The remainder of
this chapter will explore mechanisms that could be used to limit the above types of
seller-side dishonesty in agent economies.
5.1 Transaction Order
Without loss of generality, we assume that in normal currency-for-merchandise trans-
actions between agents, the currency is transferred first. This is also the case in
human economies; since consumers are so much more numerous and more difficult to
link with an identity, they are inherently less trustworthy.
The same is true for economic agents. A consumer could, of course, prevent all
forms of merchant dishonesty by waiting for the seller to transfer the merchandise
first. Few sellers would be expected to take a customer up on the offer, though. If
the merchandise were transferred before the currency, dishonesty on the part of the
merchant would cease to be an issue, but all of the same issues that previously applied
to merchants would now apply to consumers (although with greater frequency), in
addition to the issues regarding secure payments as discussed in Chapter 3.
5.2 Certification
Consumers could protect themselves from dishonest merchant agents by program-
ming their own agents to do business only with selling agents that bears a revokable
certificate signed by some trusted third party. This would guarantee the identity of a
selling agent's owner, and thus allow a consumer to choose to do business only with
63
the agents of business with a recognized and established name.
Much work has already been done on certification mechanisms [30, 20]. Several
organizations, such as VeriSign1 , provide certification services to Web sites; others
organizations, such as TRUSTe 2 and the Better Business Bureau3 provide electronic
"seals" verifying the reputability of electronic commerce Web sites. The Magenta
project thus did not focus on certification mechanisms, and certification is not cur-
rently supported in Magenta.
Certificates only guarantee identity, and do not on their own guarantee the rep-
utability of the certified party. For certificates to function as a social control mecha-
nism, or a deterrent to merchant dishonesty, there would have to be an enforcement
mechanism. This requires guilt establishment, which is not always easy in an infor-
mation economy. Certificate authorities could, however, police the economy by using
their own agents to test the services of certified agents in question. This would in-
volve expense on the part of the certificate authority, though; this cost would then be
passed on to certificate bearers. If certificates are revoked when their bearers engage
in fraudulent activity, then it may be more profitable for an agent to engage in honest
business than to obtain a new identity through a new certificate.
There is an economic inefficiency to certification. Certification involves a high
start-up cost for agents entering the economy, since the TTP certificate authorities
are also economic entities and must be paid for their service. If consumers only do
business with certified merchants, casual sellers who wish to use agents to trade on a
limited basis may find it difficult to do business in the economy.
5.3 Escrow Agents
Magenta provides an escrow service through a trusted third-party escrow agent. The
escrow agent mediates transactions of information between two other agents, holding
goods and payment in escrow until both halves of the deal are fulfilled. At that time,
64
ihttp://www.verisign.com2http: //www.truste. org3http://www.bbb.org
the escrow agent sends the goods or payment to their final destination. If either half
of the deal is not fulfilled, then the escrow agent returns the payment or merchandise
to its original owner. Thus the escrow agent guarantees that either both halves of a
mediated deal are completely fulfilled, or there is no deal. The escrow agent can also
serve as a non-repudiation service, since it can verify or refute claims that information
items were or were not delivered.
Since the escrow agent is another agent in the economy, and uses public resources
to exist, it must charge enough for its service to at least break even. It may choose
either to charge both parties in the transaction, or to charge only the merchant with
the expectation that the merchant will pass this cost along to the customer.
There are several limitations and drawbacks to the use of escrow agents. First,
while escrow agents are useful for preventing non-delivery and establishing non-
repudiation, they cannot always verify that the goods delivered are those that the
customer requested. Without an infinite (or very large) knowledge base, it may oc-
casionally be possible for a seller to generate worthless information goods that are
indistinguishable from valuable ones. And even if escrow agents could always verify
the quality of information, doing so would require examining the information itself,
thus resulting in a loss of privacy.
The main drawback to the use of escrow agents is congestion. Even if there were
a large number of distributed escrow agents in the agent economy, each transaction
would use up to twice as much bandwidth as an unmediated transaction; the actual
information and payment being traded all have to travel an extra distance through
a third party. This makes escrow particularly impractical for transactions of small
pieces of information.
The other drawback to the use of escrow is the introduced economic inefficiency.
If a consumer's expected loss from using the escrow agent (the fee for usage) is greater
than the expected loss from not using it (the probability that any given merchant is
dishonest times the amount that would be lost if cheated in this case), there is no
reason to use the escrow agent.
Nonetheless, an escrow agent can still provide some useful service to other agents.
65
It can serve as a non-repudiation service, as previously stated; and it can be used as
a promotional tool for new sellers in the economy [32], and as a means of building up
trust.
5.4 Reputation Agents
Reputation agents allow agents to share information about their experiences with
other agents; they are a repository for information analogous to the "word-of-mouth"
knowledge that people share about other people or businesses. Reputation agents
provide a form of social control, because reputation information does not strictly
prevent dishonesty. Rather, reputation deters dishonest behavior by making it more
profitable for an agent to be honest [31].
Like the escrow agent, the reputation agent is also an economic entity and will
charge for its services.
I implemented a simple reputation agent in Magenta. It is both a positive and a
negative reputation agent in the sense that agents can register both complaints and
commendations with regard to other agents. The reputation agent that I implemented
keeps track of the complaints and commendations received about other agents, along
with an optional space for comment. Agents could then be programmed to avoid
doing business with other agents for which specific complaints have been registered.
It was previously stated that negative reputation agents will fail whenever it is
easy to change one's identity, since complaints would not be traceable to the respon-
sible agent [29]. Thus, the reputation agent implemented in Magenta keeps track of
other agents by their location in the hierarchical name space rather than by social
name, since this identity cannot easily be changed by the agent itself. In order to
effectively change an agent's identity in this name space, the agent's human opera-
tor must manually stop the agent and restart it. Since identity changes are difficult
in Magenta, the reputation agent may be used successfully as a negative reputation
system. Should Magenta ever allow agent mobility, though, agents could effectively
change their identity by migrating, and negative reptuation would then not be useful.
66
In this case, however, a Magenta cluster could prohibit an agent with a bad reputa-
tion from migrating into it; this could possibly create a market for clusters that take
"bribes" for allowing agents with a bad reputation to migrate.
Using a reputation agent results in a different congestion problem than using an
escrow agent. Since the actual information and payment being traded would not
have to travel any extra distance, querying the reputation agent requires much less
bandwidth than using an escrow agent. An escrow service is more easily distributed,
however; when there are multiple reputation agents in the system, not all of them
would contain the same information, and reputation information would also have to
propagate over the network.
The existence of multiple reputation agents in the economy could also possibly
create a market for metareputation information, or reputation information about the
quality of reputation agents themselves. It would also be possible for reputation
agents to buy and sell information from each other in order to maintain the quality
and relevance of their reputation information.
5.5 Ramifications of Reputation Usage Modes
5.5.1 Negative Reputation
When the reputation agent is used as a negative reputation system, there may be
some optimal frequency for verifying a merchant's reputation. The following parallels
the analyses in Chapter 4 on random clearing systems.
Consider a case example where agents report to the reputation agent immediately
when they are cheated by a merchant agent. Assume that consumer agents always
report fraud honestly; that is, they always report fraud immediately when it occurs,
and never report a fraud when it does not occur.
In this example, assume there are M total merchants in the economy, D dishonest
merchants, and C consumers; the cost for checking a merchant's reputation is Cr, and
a consumer agent loses Cf for each transaction conducted with a dishonest merchant.
67
Again, assume that C, and Cf are constants throughout the example.
Over a finite time period, consumers perform T transactions, picking a merchant
at random for each transaction independently, and checking the reputation of this
merchant with probability pr independently on each trial. If a merchant has a "bad"
reputation (reported by another agent as cheating) another merchant is selected.
Determining whether an individual transaction is fraudulent immediately after
purchase carries a checking cost. In many instances it may be possible for an agent
to cheaply determine if it was defrauded at the time of purchase. In other instances,
it may be necessary to consult the agent owner, which is a more expensive operation
as it requires a human's immediate attention. And in either case, if fraud is detected
on a given transaction, reporting this fraud carries a cost as well. To simplify this
analysis, let Cc be the average cost for a consumer agent to check whether it was
cheated on an individual transaction, and report fraud if necessary. Assume each
consumer agents checks such transactions independently with the probability pc; if a
consumer agent elects to check any given transaction, the consumer agent does not
also look up the merchant's reputation before the transaction. If a transaction is
checked and determined to be fraudulent, the consumer immediately reports to the
reputation agent and "remembers" not to go back to the dishonest merchant.
Each consumer is expected to lose the amount spent checking reputations and
transactions, plus plus the amount actually lost to dishonest merchants. The prob-
ability that an agent checks any given transaction for fraud, a consumer should lose
on average T(pr (1 - pc)Cr + pcCc) to all checking operations.
Since a consumer agent checks any given transaction for fraud with probability
pc, each dishonest seller expects to make 1/Pc fraudulent sales on average before some
consumer agent detects it and reports to the reputation agent. If consumers select
sellers at random on each transaction, each consumer agent expects to have made up
to 1/Cpc of these transactions. Then, a consumer will not stop making purchases
from a particular dishonest merchant until the consumer individually discovers that
the merchant is dishonest either through examining a purchase or receiving word of
bad reputation. Each consumer expects to make up to 1/(Pr + Pc - PrPc) purchases
68
from each dishonest merchant after some other merchant "catches" it. Any individual
consumer's risk is limited by the total number of purchases that it could have made
with all the dishonest agents in the system, or DT/M.
Thus, the total expected cost to each consumer agent in this example is
1 1 DTCost = T(p,(l - pc)C, + pcCc) + max(DCf ( 1+ 1 ) )
CPc Pr + Pc - prpc M
This cost function behaves identically as the one derived in Chapter 4.4; only the
constants are different, which reflects the r6le reversal from the random clearing with
reputation example. Thus, it can be seen that the dynamics of random fraud and
reputation checking to limit merchant dishonesty are very similar to the dynamics of
a random-clearing system to limit the thousand-merchants attack.
It is also interesting to note that if Ce is close to 0, then there is no benefit to
randomly checking reputation; if agents can cheaply determine if a merchant failed to
deliver promised value immediately after the transaction, either propt = 0 or Pro=pt 1.
It is much more likely for Ce to be small here than it was in Chapter 4.4 because an
agent may implicitly check the validity of information merchandise through usage
immediately after purchase.
Another consequence of negative reputations is the temptation for merchants to
"badmouth," or submit a false complaint about, a competing merchant. This, how-
ever, is another social dilemma; since a badmouthed merchant could retaliate simply
by badmouthing its own competitors, merchants are better off by not badmouthing
at all in the first place.
5.5.2 Positive Reputation
Positive reputation is arguably a stronger mode of usage for the reputation agent
since it eliminates the problem of fixing agent identity, and would continue to work
in a mobile-agent system assuming agents maintain their identity after migrating. It
is believed the analysis of optimum verification probabilities in a positive reputation
system would be similar to the above analysis; this is an open question for future
69
research.
There are, however, a number of issues to consider with positive reputation sys-
tems. First, a new agent in the system has no reputation, which, according to [39],
should be equivalent to the worst possible reputation so that agents are discouraged
from cheating their customers and then changing their identity. In this sense, a pos-
itive reputation is an asset that is developed over time; it is more profitable for an
agent to maintain its reputation than to go for the "quick buck" by cheating [21]. A
positive reputation could be seen as a certificate of identity with an associated con-
tinuous value, whereas the certificiates discussed in Chapter 5.2 are boolean-valued;
losing the value of a positive reputation would be similar to having a certificate re-
voked. Reputations, however, do not need to be controlled centrally.
A new agent in the economy with no reputation may offer some promotion, such
as a lower price, or a money-back guarantee (made possible with a trusted third-
party escrow agent) to encourage consumers to take what they might perceive as a
risk [31]. This sort of "dues-paying" makes it possible for a new agent to acquire a
positive reputation [21].
Second, while merchants may give incentives for customers to take a perceived risk
with a new merchant, there is no incentive for agents to report reputation accurately,
or at all. Merchants may promote themselves under this system, for instance. (If
reporting reputation carries a cost, self-promotion would be effectively equivalent to
advertising.) This situation is a social dilemma, where reputation is a public good
that agents must cooperate to produce [9]. As with the social dilemma that arose in
some of the random-clearing schemes, a taxation and reward system could be used
to encourage honest and accurate reporting.
5.6 Summary
A number of different mechanisms to help prevent merchant dishonesty in agent
economies were considered. An escrow agent and reputation agent were both imple-
mented in Magenta. The escrow agent mediates transactions and ensures that deals
70
between agents are either completed bilaterally or cancelled; the escrow agent can
also later non-repudiate transactions. The reputation agent deters dishonesty on the
part of merchants by making it more profitable in the long run to be honest.
Both escrow and reputation mechanisms carry costs for their use. There are direct
costs to fund the third-party escrow and reputation agents, and there are implicit
costs for communications overhead. Agent owners would ultimately have to decide
for themselves in what situations using such services is profitable. It was shown
that there may be some optimal probability for using a reputation service randomly,
provided there is a mechanism to encourage honest reporting of reputations.
71
Chapter 6
Conclusions and Future Work
The Magenta system is an open and extensible multi-agent system, in which I de-
signed and implemented both hard security and social control mechanisms to enforce
or encourage honesty in Magenta agent economies. A payment protocol based on
IBM's micropayment system, as well as a direct transfer protocol, was implemented
in Magenta; both of these protocols rely on hard security measures such as signatures
to prevent counterfeiting and protect integrity. The implemented payment protocol
allows an attack known as the thousand-merchants attack; I designed and evaluated
various randomized socially-controlled mechanisms that succeed in achieving at least
an asymptotic improvement (and under many circumstances, an absolute improve-
ment) in the risk that merchants take by using such a system. Lastly, I designed and
implemented some social control mechanisms to encourage honest behavior among
merchant agents. While it is impossible to completely eliminate fraud from an agent
economy, I found that, by using a combination of hard security mechanisms and social
control, it was possible to construct mechanisms that would help limit the extent of
fraud and dishonesty in agent economies.
72
6.1 Future Work and Open Problems
6.1.1 Reputation Systems
Reputation systems are an open research area, and there are several reputation sys-
tems under development that are more sophisticated than the reputation agent cur-
rently implemented in Magenta. There are several such systems under development
at the MIT Media Lab, such as Histos and Sporas [39]. These systems involve a pair-
wise rating system, where one's complaints or commendations are weighted based on
one's own reputation in the system. These systems also limit each individual's ability
to affect the reputation of others, and prevent self-promotion. Therefore, informa-
tion acquired by a reputation agent using one of these systems would likely be more
accurate than that acquired through the reputation agent currently implemented in
Magenta.
The presence of a reviewer agent, as suggested in [31], could also be useful. Like a
reputation agent, a reviewer agent supplies reputation information for a fee. However,
the reviewer agent also uses its funds to be a consumer in the economy and generates
its own reputation information. The reviewer agent could thus be seen as a reputation
agent that verifies the claims of other users. It could also use its revenue to explore
merchants on its own and generate positive reputation information that it would not
have received otherwise.
Implementing a taxation and reward system, similar to that in [9], to encourage
consumers to explore and evaluate new merchants also warrants some future consid-
eration.
Pull vs. Push Systems
The reputation agent currently implemented in Magenta is a pull system, since in-
dividual agents "pull" information from the reputation agent by issuing queries, to
which the reputation agent responds. However, a push system might disseminate
reputation information more efficiently in a large agent economy. In such a system,
individual agents would "subscribe" to a set of reputation agents and the reputation
73
agents would then "push" relevant reputation information to their clients. This might
alleviate some network congestion because there is no longer any need for queries, and
because the reputation agent would presumably only push new or changed informa-
tion; in a pull system, individual agents would still have to make a full query to check
if there is any new reputation information since some time.
6.1.2 Payment Systems
In the future, the implemented micropayment system should be expanded to include
inter-bank clearing, so that merchants and consumers who do not have accounts at
the same bank may conduct business.
To a significant extent, the potential for such an economy of agents discussed
throughout this thesis becoming a reality depends on the public's acceptance of elec-
tronic payment systems. More specifically, the information economy envisioned in this
thesis depends on the acceptance of micropayment systems for small-valued transac-
tions. So far, although a number of such protocols exist, they have not achieved
widespread acceptance or usage at the time of writing. Much of the information
transactions on the Internet are still subscription-based, using a credit card for funds
transfer. It remains to be seen whether micropayment systems will catch on.
Also, we should consider the possibility of hardware-assisted (e.g., smart-card)
electronic payment systems. Perhaps we could construct a version of the micropay-
ment system implemented in Magenta that relies on a piece of secure, tamper-proof
hardware to generate and sign payment orders. Such a piece of hardware might have
a smart-card reader, so that different people could use the same piece of hardware at
different times.
An electronic payment system using a piece of trusted hardware would have an
important advantage over all the payment systems discussed in this thesis: the main
obstacle to off-line cleared payment systems, the thousand-merchants attack, would be
practically eliminated. Although Chapter 4 gives several mechanisms that can reduce
the impact of the thousand-merchants attack, these mechanisms could easily be less
profitable in practice than relying on trusted hardware. Trusted software is another
74
possibility, though in general it is much easier and cheaper for an attacker to defeat
secure software than hardware. Unfortunately, this special hardware would be an
additional cost to entering the information economy; however, with mass production
and the economy of scale, this cost could become insignificant with in comparison to
the cost of buying a personal computer.
6.1.3 Legal Issues
The legal status of agents and their transactions at present is unclear. There are
many unsettled legal questions that need to be answered before people could use
agents for any non-trivial amount of commerce. Most importantly, are the contracts
that agents enter on behalf of their owner legally binding? Can a person be held
liable for a contract that one of his agents entered accidentally, possibly as the result
of a bug or programming error? How can we structure the legal system so that there
are adequate deterrents against intentionally breaking contracts formed by agents,
without discouraging usage of agents due to fears of legal repercussions that might
occur because of something as innocent as a typographic error? What sorts of legal
action can be taken against a con artist in another country with possibly different
legal standards? Until these questions are answered, it is unlikely that consumers
and businesses would feel comfortable relying on agents for any significant portion of
their participation in the economy.
75
Bibliography
[1] CyberCoin. http://www.cybercash.com.
[2] DigiCash: Solutions for security and privacy. http: //www. digicash. com.
[3] Java wallet user interface functionality (white paper).
http://java.sun.com/products/commerce/docs.
[4] MilliCent: Digital's microcommerce system.
http://www.millicent.digital.com.
[5] MilliCent wallet documentation.
http://www.millicent.digital.com/discover/community/documentation/index.html.
[6] SET: Secure electronic transactions. http://www.mastercard.com/set.
[7] N. Asokan, Phillipe A. Janson, Michael Steiner, and Michael Waidner. The
state of the art in electronic payment systems. IEEE Computer, 30(9):28-35,
September 1997.
[8] Petri Aukia and Jean-Baptiste Lehmann. Mechanisms in electronic commerce
using micropayments. http: //studwww . eurecom. fr/~lehmann/study.
[9] Chris Avery, Paul Resnick, and Richard Zeckhauser. The market for evalutations.
To appear in the American Economic Review, 1998.
http://www.si.umich.edu/~presnick/papers/mfe.
[10] Nathaniel Bogan. Economic allocation of computation time with computational
markets. Master's thesis, Massachussetts Institute of Technology, 1994.
76
[11] Jeffrey M. Bradshaw. KAoS: An open agent architecture supporting reuse, in-
teroperabiliby, and extensibility. In Proceedings of the Tenth Knowledge Acquisi-
tion for Knowledge-Based Systems Workshop, Banff, Alberta, Canada, November
1996.
[12] Deepika Chauhan and Albert D. Baker. JAFMAS: A multiagent application
development system. In Katia P. Sycara and Michael Wooldridge, editors, Pro-
ceedings of the Second International Conference on Autonomous Agents, pages
100-107, Minneapolis/St. Paul, Minnesota, May 1998.
[13] David Chaum. Blind signatures for untraceable payments. In David Chaum,
Ronald L. Rivest, and Alan T. Sherman, editors, Advances in Cryptology-
Proceedings of CRYPTO '82, pages 187-197, New York, 1982. Plenum Press.
[14] David Chaum, Amos Fiat, and Moni Naor. Untraceable electronic cash. In
S. Goldwasser, editor, Advances in Cryptology-Proceedings of CRYPTO '88,
pages 319-327, New York, 1988. Springer-Verlag.
[15] A. Chavez and P. Maes. Kasbah: An agent marketplace for buying and selling
goods. In Proceedings of the First International Conference on the Practical Ap-
plication of Intelligent Agents and Multi-Agent Technology (PAAM'96), London,
UK, April 1996.
[16] Anthony Chavez, Alexandros Moukas, and Pattie Maes. Challenger: A multi-
agent system for distributed resource allocation. In Proceedings of the Interna-
tional Conference on Autonomous Agents, Marina Del Ray, California, Februrary
1997.
[17] John Q. Cheng and Michael P. Wellman. The WALRAS algorithm: A conver-
gent distributed implementation of general equilibrium outcomes. Computational
Economics, 12(1):1-24, August 1998.
[18] DigiCash Corp. Ecash purse user's manual.
http: //www. digicash. com/ecash/docs/purse-manual.
77
[19] DigiCash Corp. How ecash works.
http://www.digicash.com/ecash/docs/works.
[20] Carl Ellison. SPKI certificates. In DIMACS Workshop on Trust Management in
Networks, South Plainfield, NJ, October 1996.
[21] Eric J. Friedman and Paul Resnick. The social cost of cheap pseudonyms: Fos-
tering cooperation on the Internet. In Telecommunications Policy Research Con-
ference, Washington, DC, 1998.
[22] Natalie S. Glance and Bernardo A. Huberman. The dynamics of social dilemmas.
Scientific American, pages 76-81, March 1994.
[23] Robert S. Gray. Agent Tcl: A transportable agent system. In Proceedings of
the CIKM Workshop on Intelligent Information Agents, Fourth International
Conference on Information and Knowledge Management (CIKM 95), Baltimore,
Maryland, December 1995.
[24] Robert S. Gray. Agent Tcl: A flexible and secure mobile-agent system. In
Proceedings of the 1996 Tcl/Tk Workshop, pages 9-23, July 1996.
[25] Amir Herzberg and Hilik Yochai. Mini-pay: Charging per click on the web. In
Michael R. Genesereth and Anna Patterson, editors, Sixth International World
Wide Web Conference, Santa Clara, California, April 1997.
[26] Jeffrey 0. Kephart, James E. Hanson, David W. Levine, Benjamin N. Grosof,
Jakka Sairamesh, Richard B. Segal, and Steve R. White. Dynamics of an infor-
mation filtering economy. In Proceedings of Second International Workshop on
Cooperative Information Agents, Paris, July 1998.
[27] Luc Longpre. The use of public-key cryptography for signing checks. In
David Chaum, Ronald L. Rivest, and Alan T. Sherman, editors, Advances
in Cryptology-Proceedings of CRYPTO '82, pages 187-197, New York, 1982.
Plenum Press.
78
[28] Mark S. Miller and K. Eric Drexler. Comparative ecology: A computational
perspective. In B.A. Huberman, editor, The Ecology of Computation, pages 51-
76. North-Holland, 1988.
[29] Mark S. Miller and K. Eric Drexler. Markets and computation: Agoric open
systems. In B.A. Huberman, editor, The Ecology of Computation, pages 133-
176. North-Holland, 1988.
[30] Moni Naor and Kobbi Nissim. Certificate revocation and certificate update. In
Seventh USENIX Security Symposium, San Antonio, TX, January 1998.
[31] Lars Rasmusson. Socially controlled global agent systems. Master's thesis, Kungl
Tekniska H6gskolan (Royal Institute of Technology), Stockholm, Sweden, 1996.
[32] Lars Rasmusson and Sverker Jansson. Simulated social control for secure inter-
net commerce (position paper). In New Security Paradigms, Lake Arrowhead,
California, September 1996.
[33] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures
and public key cryptosystems. Communications of the ACM, 21(2):120-126,
February 1978.
[34] Bruce Schneier. Appiled Cryptography. John Wiley and Sons, New York, 1996.
[35] RSA Data Security. RSAREF FTP site.
Available through ftp://ftp.rsa.com/rsaref, 1998.
[36] Hal Varian. Microeconomic Analysis. W. W. Norton & Company, New York,
Third edition, 1992.
[37] Carl Waldspurger. A distributed computational economy for utilizing idle re-
sources. Master's thesis, Massachussetts Institute of Technology, 1989.
[38] Peter R. Wurman, Michael P. Wellman, and Milliam E. Walsh. The michi-
gan internet AuctionBot: A configurable auction server for human and software
agents. In Katia P. Sycara and Michael Wooldridge, editors, Proceedings of the
79
Second International Conference on Autonomous Agents, pages 301-308, Min-
neapolis/St. Paul, Minnesota, May 1998.
[39] Giorgos Zacharia and Pattie Maes. Collaborative reputation mechanisms in on-
line communities. Working paper.
http://agents.www.media.mit.edu/groups/agents/techreports/1998//latest/paper.pdf, 1998.
[40] Phil Zimmerman. PGP User's Guide, Volume 1. 1994.
80