1994-12-07 - Re: Ideal digital cash system?

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 7cdafd9689b6b761fe3362cbb607c35b0716f7a4ae1307f058dcdb509d352882
Message ID: <199412071644.IAA19261@jobe.shell.portal.com>
Reply To: <Chameleon.4.00.941206225809.jcorgan@.netcom.com>
UTC Datetime: 1994-12-07 16:45:06 UTC
Raw Date: Wed, 7 Dec 94 08:45:06 PST

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Wed, 7 Dec 94 08:45:06 PST
To: cypherpunks@toad.com
Subject: Re: Ideal digital cash system?
In-Reply-To: <Chameleon.4.00.941206225809.jcorgan@.netcom.com>
Message-ID: <199412071644.IAA19261@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Johnathan Corgan <jcorgan@netcom.com> writes:

>The authors consider this the first ideal untraceable electronic cash
>system.

>T. Oamoto and K. Ohta, Universal Electronic Cash
>Advances in Cryptology--CRYPTO '91 Proceedings
>Berlin: Springer-Verlag 1992 pp. 324-337

(This should be Okamoto & Ohta.)

This paper is not available electronically as far as I know.  The crypto
proceedings can be found in good university libraries.

I believe the Okamoto scheme has the problem that payments by a person
are all linkable.  Basically when you open an account with the bank you
get a "license" number B which you keep for all the time (and which the
bank doesn't know).  But every time you spend you have to send B.  So all
of the payments from a person will use the same B.

True, this doesn't reveal his identity, but it allows a given pseudonym's
spending patterns to be recorded and studied, which may be almost as bad.

Okamoto forgot unlinkability in his laundry list of ideal cash
characteristics.

Hal





Thread