1994-02-07 - Re: Attack on Magic Money and Chaum cash

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 131183691cdd2be91fdc7a87dc2ffb1cdf5598e85746a28881470a6f25d5942a
Message ID: <199402070432.UAA21889@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-02-07 04:36:08 UTC
Raw Date: Sun, 6 Feb 94 20:36:08 PST

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Sun, 6 Feb 94 20:36:08 PST
To: cypherpunks@toad.com
Subject: Re:  Attack on Magic Money and Chaum cash
Message-ID: <199402070432.UAA21889@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


A quick follow-up: I suppose a cut-and-choose protocol in the withdrawal
would prevent this attack.  Instead of sending in one blinded coin to be
signed you'd send in 100 blinded candidates, then the bank would pick 99
and you'd reveal the r's for the others (remember, they are blinded with
r^e) so the bank can verify they are of the proper form.  The bank would
then sign the one remaining one and return it to you.

What a pain!  I hope someone can come up with something better, or show that
the attack doesn't work.

Hal





Thread