1993-10-06 - Re: Chaum on the good foot?

Header Data

From: peter honeyman <honey@citi.umich.edu>
To: cypherpunks@toad.com
Message Hash: c3605c3816f7e2848058b6c726286c7528bf4b435fbe7ad57bf7cb02e37db03e
Message ID: <9310060424.AA15907@toad.com>
Reply To: N/A
UTC Datetime: 1993-10-06 04:25:07 UTC
Raw Date: Tue, 5 Oct 93 21:25:07 PDT

Raw message

From: peter honeyman <honey@citi.umich.edu>
Date: Tue, 5 Oct 93 21:25:07 PDT
To: cypherpunks@toad.com
Subject: Re: Chaum on the good foot?
Message-ID: <9310060424.AA15907@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>   This could refer to observer based protocols. I don't see anything in the
> above paragraph to indicate that they have invented a digital coin. I don't
> see how offline non-observer based cash could possibly work. (e.g.
> I send a copy of my cash to someone in Europe and we "spend" them 
> simultaneously)

well, actually, it's very neat how this works.  here, i'll quote from
n. ferguson's paper  "single term off-line coins."

  The most difficult fraud to counter in electronic cash systems is
  the double-spending.  A user can always spend the same coin in two
  different shops.  This fraud cannot be detected at the time of
  spending as the payments are off-line.  The solution that all
  electronic cash systems use is to detect the double-spending after
  the fact.  At each payment the user is required to release some
  information in response to a challenge from the shop.  One such
  release of information provides no clue to the user's identity, but
  two such releases are sufficient to identify the user uniquely.

this is based on shamir's "how to share a secret" cacm v22n11 1979.

in the stefan brands quote ("the privacy of honest users cannot be
violated in any cryptanalytic way") the emphasis is on honest users.
dishonest users are traceable.

after reading these two papers, i really think off-line cash works -- it
offers divisibility, multi-party security, privacy, and untraceability. 
the major impediments seem to be the complexity of the protocols and the
large computational price to be paid.

	peter





Thread