From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 7cdafd9689b6b761fe3362cbb607c35b0716f7a4ae1307f058dcdb509d352882
Message ID: <199412071644.IAA19261@jobe.shell.portal.com>
Reply To: <Chameleon.4.00.941206225809.jcorgan@.netcom.com>
UTC Datetime: 1994-12-07 16:45:06 UTC
Raw Date: Wed, 7 Dec 94 08:45:06 PST
From: Hal <hfinney@shell.portal.com>
Date: Wed, 7 Dec 94 08:45:06 PST
To: cypherpunks@toad.com
Subject: Re: Ideal digital cash system?
In-Reply-To: <Chameleon.4.00.941206225809.jcorgan@.netcom.com>
Message-ID: <199412071644.IAA19261@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
Johnathan Corgan <jcorgan@netcom.com> writes:
>The authors consider this the first ideal untraceable electronic cash
>system.
>T. Oamoto and K. Ohta, Universal Electronic Cash
>Advances in Cryptology--CRYPTO '91 Proceedings
>Berlin: Springer-Verlag 1992 pp. 324-337
(This should be Okamoto & Ohta.)
This paper is not available electronically as far as I know. The crypto
proceedings can be found in good university libraries.
I believe the Okamoto scheme has the problem that payments by a person
are all linkable. Basically when you open an account with the bank you
get a "license" number B which you keep for all the time (and which the
bank doesn't know). But every time you spend you have to send B. So all
of the payments from a person will use the same B.
True, this doesn't reveal his identity, but it allows a given pseudonym's
spending patterns to be recorded and studied, which may be almost as bad.
Okamoto forgot unlinkability in his laundry list of ideal cash
characteristics.
Hal
Return to December 1994
Return to “Johnathan Corgan <jcorgan@netcom.com>”