So if this is true, then it does have universal recognized value.
Everyone can check that signature and know it's an IOU from IP Bank.
It does seem to be easy to transfer.
You can just send the bits to another person.
It could be anonymous and untraceable, and let's assume that it is.
This would be the case if all the IOUs the bank creates are exactly the same.
The way we describe it seems like they are.
It's very light and portable, so it looks like we're doing really well.
We've got four out of five.
We've got a big problem, though. It's not hard to copy.
It's, in fact, trivial to copy.
We can send the same bits multiple times and no one knows
which ones are valid and which ones are copies.
So this doesn't work. Once we've lost this property, we've lost this one as well.
It is hard to forge.
To forge it we'd need to know the private key of the bank,
but that doesn't matter, because once we have one bill
we can make any number of copies of it and spend them as many times as we want.
This means it actually doesn't have the universally recognized value.
Depending on how you interpret this question, this is what I think is the correct answer,
but there are other ways to interpret this where your answer could be equally valid
and correct and not match mine.
One way to solve this would be to give each bill a unique ID.
Then if someone attempts to double spend a bill
the bank would check has that bill be spent already.
If it's been spent already, the bank would alert the spender that it's not a valid bill.
This would also cause problems for the second possibility.
It would no longer be easy to transfer if you have to check the ID
with the bank every time you get a bill.
It would also no longer be anonymous.
It would mean the bank can track all the transactions,
because every time there's a transaction, the bank sees the unique ID
and knows who is transferring money to whom.
Our goal is to have unique IDs to prevent this copying problem
but preserve the anonymity and somewhat preserve the easy to transfer.
We'll still need the bank to check the ID when the money is deposited,
but maybe there could be transactions before that, and we can trace them back
to who cheated at a point where the cheating happened. That's our goal.
The main tool that we need for this is a new cryptographic technique called blind signatures.
