1996-03-31 - Question about integrity of Blind Signature

Header Data

From: Chein-hsinLiu <r3506010@cml11.csie.ntu.edu.tw>
To: cypherpunks@toad.com
Message Hash: f473c11d7a9154d3151795f5db4154c5bb3183b819c08cf5c266b064cc1319b8
Message ID: <199603311551.XAA01495@cml11.csie.ntu.edu.tw>
Reply To: N/A
UTC Datetime: 1996-03-31 18:41:51 UTC
Raw Date: Mon, 1 Apr 1996 02:41:51 +0800

Raw message

From: Chein-hsinLiu <r3506010@cml11.csie.ntu.edu.tw>
Date: Mon, 1 Apr 1996 02:41:51 +0800
To: cypherpunks@toad.com
Subject: Question about integrity of Blind Signature
Message-ID: <199603311551.XAA01495@cml11.csie.ntu.edu.tw>
MIME-Version: 1.0
Content-Type: text/plain


  Hi!
I have some question about ecash protocol. In ecash protocol, we represent
money by a sequence number which is signed by bank. And for privacy, we
use blind signature. But when we send bank a pesudo sequence number--
X*PK(r) (X:sequence number we want, r :random number to cheat bank)
then we can get SK(X*PK(r)) from bank, and get money by SK(X*PK(r))/r=SK(X).
But if we divide SK(X*PK(r)) with r', we can get another money? It confuses
me. How does it preserve the integrity of the money, and let people divide
r on the SK(X*PK(r)) ?
  It confuses me very long time. Thanks for any help!
  Chein-hsin Liu 4/1/96





Thread