Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

In Statistics We Trust

Understanding Peppercoin requires a little history. According to old English common law, the smallest unit of payment that could appear in a contract was a peppercorn. Silvio Micali’s wife, a professor of law, suggested that as the name for his startup back in 2001, and it stuck (becoming “Peppercoin” for the sake of clarity). Now, in his office at MIT’s Computer Science and Artificial Intelligence Laboratory, Micali is explaining what makes Peppercoin tick. On hand are technical books and papers in neat piles, should we need them. It’s simple mathematics, says Micali-but don’t believe him.

Micali knows two things: cryptography and coffee. His micropayment analogies involve cappuccinos. There are two standard ways of buying digital content, he says. One is like prepaying for a certain number of cappuccinos, the other like getting a bill at the end of the month for all the cappuccinos you’ve had. That is, the customer either pays up front for a bundle of content-say, 10 archived New York Times articles-or runs a tab that’s settled every so often. The problem with both models is that the seller has to keep track of each customer’s tab, and the buyer is locked into a particular store or site. But in the spring of 2001 came a “very lucky coffee break” when Micali and Rivest, whose office is just down the hall, put their heads together. “We started discussing this problem, and within minutes we had the basic solution,” says Micali. “And we got very excited! First, from the discovery. Second, from the coffee.”

What they discovered was a way to cut the overhead cost of electronic payments by processing only a statistical sample of transactions, like taking a poll. On average, Peppercoin might settle, say, one out of every 100 transactions-but it pays the seller 100 times the amount of that transaction. Given enough transactions, it all evens out, says Micali (see “a Penny for Your Bits: How Peppercoin Works,” below).

Peppercoin’s software makes micropayments efficient and profitable by processing only a statistical sample of all transactions. A customer selects an item and sends digital payment (a Peppercoin “token” worth, say, 10 cents) to a merchant’s Web site. The merchant’s computer verifies the token and delivers digital goods, such as MP3 files, to the customer’s computer.
Peppercoin’s software randomly selects one token out of every 100 or so for processing. In that case, The merchant sends the token to Peppercoin. Each token stores a running total of the customer’s spending at all sites. Peppercoin pays the merchant 100 times the face value of the token, e.g., 100 x 10¢ = $10. Peppercoin bills the customer for the exact amount of his outstanding purchases from all online merchants. The customer pays his Peppercoin bill using a credit card.

It looks simple to the buyer, who only has to click on an icon to charge an item to her Peppercoin account, but the action behind the scenes is pretty complicated. In beta tests, special encryption software runs on both the buyer’s and seller’s computers, protecting their interactions from hackers and eavesdroppers. And encrypted in each transaction is a serial number that says how many purchases the customer has made over time, for how much, and from whom.

Ninety-nine transactions out of a hundred are not fully processed-but they’re still logged by the seller’s computer. One transaction out of a hundred, selected at random, is sent to Peppercoin. After Peppercoin pays the seller 100 times the value of that transaction, it bills the customer for all of her outstanding purchases from all sites that use Peppercoin. Since about one out of a hundred purchases is processed, her last bill will have come, on average, a hundred purchases ago. That’s the trick: by paying the seller and charging the customer in lump sums every 100 purchases or so, Peppercoin avoids paying the fees charged by credit cards-roughly 25 cents per transaction-on the other 99 purchases. “This is fantastic,” says Greg Papadopoulos, chief technology officer at Sun Microsystems and a member of Peppercoin’s technical advisory board. “Ron and Silvio have done what needed to be done-get the cost of transactions down without ripping up the existing infrastructure of credit cards and banks.”

But what’s to keep all this fancy statistical footwork from cheating sellers out of their due? And what’s to keep buyers and sellers both from cheating the system? “That’s the secret sauce,” says Micali.

He’s talking about cryptography, the sweet science of codes and ciphers. Its inner workings are, well, cryptic-paper titles at conferences include things like unimodular matrix groups and polynomial-time algorithms-but it’s used every day to keep communications, documents, and payments secure. Roughly speaking, says Rivest, statistical sampling of transactions makes the system efficient, while cryptography keeps the random selection process fair and secure. So Peppercoin charges users exactly what they owe, and if Peppercoin’s payment to the seller happens to be more or less than the value of the purchases customers actually made, the discrepancy is absorbed by the seller. Over time, this jiggle will become negligible, especially compared to the amount of money Web sites will make that they couldn’t make before.

Think about it for too long, and most people get a headache. But Micali and Rivest have been thinking about this sort of thing for 20 years, so they make a formidable and complementary team: Micali is as animated as Rivest is understated, like fire and ice. “They’ve done brilliant work over the years,” says Martin Hellman, a professor emeritus of electrical engineering at Stanford University and a pioneer in cryptography going back to the 1970s. “Peppercoin has a clever approach.”

But clever mathematics aside, the proof is in the pudding. In the end, Peppercoin’s executives say, their system must be as easy to use as cash. Perry Solomon, Peppercoin’s founding CEO, explains it this way, pulling some change out of his pocket. “I can give you this quarter, and you can look at it quickly and say, Okay, that’s a quarter.’ You don’t need to call the bank to verify it.” Online merchants, however, must check a credit card holder’s identity and available credit before approving a purchase. Going to that trouble makes sense for a $50 sweater or a $4,495 Segway transporter, but not for a 50-cent song. So Peppercoin’s software stamps each transaction with the digital equivalent of e pluribus unum-a guarantee to the seller that it’s Peppercoin handling the transaction, and that payment is forthcoming. The seller can quickly verify this stamp and deliver the goods.

0 comments about this story. Start the discussion »

Tagged: Web

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me