From: Hal <hfinney@shell.portal.com>
Date: Tue, 19 Apr 94 13:16:46 PDT
To: cypherpunks@toad.com
Subject: Re:  CRYPTO: Money laundering and traceability
Message-ID: <199404192017.NAA23184@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: hughes@ah.com (Eric Hughes)
> 
> >Chaum's arguments appear to apply to virtually any electronic cash
> >system which can prevent double-spending.  They suggest that traceable
> >cash will be the rule in any digicash system.  
> 
> That's true for transferable and off-line cash systems.  The same
> argument doesn't hold for on-line systems.  There you can have an
> exchange protocol to deposit a piece of digicash and immediately
> rewithdraw it, blinding it again in the process.  There need be no
> account with the bank for this to happen.

This is a good point, although I think on-line systems are unlikely to
be used for payments to private individuals such as in the scenarios I
mentioned, because of the cost of accessing a centralized database for
every transaction.  In any case, this suggests that it might be unwise
to carry cash issued by such a bank, because of your vulnerability to
robbery.  Chaum even considered (in another paper) the threat of being
coerced into withdrawing cash from a bank in such a way that you don't
see the blinded cash.  He had an approach where you would get all of
your "blinding certificates" when you opened your account, and these
would be the only things you could use to blind cash.  So any stolen
cash could always be recognized.

I suppose one risk is that the robber exchanges the cash so quickly that
the robbee has no chance to warn the bank; and once exchanged the cash is
certainly anonymous.  Perhaps banks would instigate some minimum time for
handling an exchange in order to protect their cash holders from this
threat.

Hal