1993-10-02 - Single Value Pseudonyms

Header Data

From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: d5f087a91f3452c544c5cac128199c76e63216e53daf9da56015548a671ea103
Message ID: <9310021641.AA09412@ah.com>
Reply To: <00083D17.MAI*Hastings@courier8.aero.org>
UTC Datetime: 1993-10-02 16:58:47 UTC
Raw Date: Sat, 2 Oct 93 09:58:47 PDT

Raw message

From: hughes@ah.com (Eric Hughes)
Date: Sat, 2 Oct 93 09:58:47 PDT
To: cypherpunks@toad.com
Subject: Single Value Pseudonyms
In-Reply-To: <00083D17.MAI*Hastings@courier8.aero.org>
Message-ID: <9310021641.AA09412@ah.com>
MIME-Version: 1.0
Content-Type: text/plain

>Someone posted a way to resist altered bank notes [...] by something
>called (if I remember right) a "cut-and-choose" protocol.

Karl Barrus posted this, and I've been meaning to respond to it.
Basically, Karl's scheme doesn't work.  With any cut-and-choose
protocol, there must be some assurance that the two things offered are
the same thing, and, in a series of them, that all the things offered
are the same thing.

With a blind signature, the signature itself is that which has value,
not the thing signed.  

>To make things very simple for a bank, I suggest having fixed value digital
>pseudonyms for each value of bank note. For example, the Bank of Hastings on
>Kent would use "AU 500 mg from HoK Bank" as the user name for all signed 500
>milligram gold certificates.

Basically yes.  More accurately, the bank has one key for each
denomination for each particular time range.  The key is the
significant entity here, not the user name.  The blind signer could
make a regular signature attaching a name to that key, of course.