From: chen@intuit.com (Mark Chen)
Date: Thu, 19 Oct 95 13:20:57 PDT
To: cypherpunks@toad.com (cypherpunks)
Subject: Re: digital cash and identity disclosure
In-Reply-To: <acabe4df3f021004b9f5@[205.199.118.202]>
Message-ID: <9510192017.AA26270@doom>
MIME-Version: 1.0
Content-Type: text/plain


Tim wrote:

> "Double spending" detection is a REAL MESS. That's my basic conclusion. It
> tends to require schemes for going after double spenders, it tends to make
> identity-revealing attacks possible (such as the attack I alluded to, and
> that Hal more completely describes), and it's INELEGANT.
> 
> "Immediate clearing" is much more elegant, and is, I think, truer to the
> spirit of "annonymous digital cash" than most of these other schemes are.
> (Grep the FAQ for "online" or "online clearing" or "clearing" and you
> should find some stuff. Also, several articles--including one recently by
> me, about a month ago--go into the differences between the types of
> clearing.)

I also suggest taking a look at Stefan Brands' solution, which, while
requiring hardware, has some favorable properties.  Among these are:

   - prior restraint of double spending through hardware-based
   "secret-key certificates"

   - in the case of hardware tampering, double spenders are traceable
   as in Chaum's system; however, the protocol used to achieve this is
   much more efficient than Chaum's "cut-and-choose"

   - no possibility of a subliminal channel between the
   tamper-resistant device and the payee or bank


--
Mark Chen 
chen@intuit.com
415/329-6913
finger for PGP public key
D4 99 54 2A 98 B1 48 0C  CF 95 A5 B0 6E E0 1E 1D