1995-09-15 - Re: Why ecash is traceable

Header Data

From: “Pat Farrell” <pfarrell@netcom.com>
To: cypherpunks@toad.com
Message Hash: 67c491796cbb8739cdb4aa2a600b6ffed94306c7cde3a9fa29c46f6d9ac99799
Message ID: <28922.pfarrell@netcom.com>
Reply To: N/A
UTC Datetime: 1995-09-15 12:03:32 UTC
Raw Date: Fri, 15 Sep 95 05:03:32 PDT

Raw message

From: "Pat Farrell" <pfarrell@netcom.com>
Date: Fri, 15 Sep 95 05:03:32 PDT
To: cypherpunks@toad.com
Subject: Re: Why ecash is traceable
Message-ID: <28922.pfarrell@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

  tcmay@got.net (Timothy C. May)  writes:
> Hal, a very nice summary!

Yes, good job Hal.

> Why not "online clearing" as the preferred model, then?

Because you lose most (all?) anonymous abilities. (I think)

> (There are more abstract ways of viewing this advantage. While mere
> software is always duplicable, and cash numbers are of course duplicable,
> one thing that is not duplicable is this: "the first agent to present a
> valid number at this bank." There can be only one of these, and this
> uniqueness is what keeps the currency from collapsing, what introduces
> _conservation_ into the system.)
> Well, since Alice knows her own blinding factors, she will always be able
> to say to the bank: "My cash will look like this. Watch for it."

So when the money Alice gave to Bob gets deposited by TCMay,
That it was Alice's is instantly known. This is not how physical cash works.

There is a chain from TCMay through some number of steps to Bob.
Even if you can't find it with this single case, you could use
a zero-knowledge type proof to slowly uncover Bob's identity.

I keep wanting to believe in ecash, but I'm not convinced
it can exist.


Pat Farrell    Grad Student      http://www.isse.gmu.edu/students/pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>