From: Wei Dai <weidai@eskimo.com>
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 056e08ce641a9d6cdf08827dcb2fbd7aaca483c65c796a4acf9109f6c870280c
Message ID: <Pine.SUN.3.91.951008135715.1544C-100000@eskimo.com>
Reply To: N/A
UTC Datetime: 1995-10-08 21:20:40 UTC
Raw Date: Sun, 8 Oct 95 14:20:40 PDT
From: Wei Dai <weidai@eskimo.com>
Date: Sun, 8 Oct 95 14:20:40 PDT
To: Cypherpunks <cypherpunks@toad.com>
Subject: anonymous cash without blinding
Message-ID: <Pine.SUN.3.91.951008135715.1544C-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain
With all this talk about Chuam patents, I would like to remind people
that blind signatures are not absolutely essential to an anonymous
digital cash system. You can combine a traceable cash system with an
anonymous communication system in a fairly obvious way to get a
fully (both payer and payee) anonymous cash system.
Suppose a bank is running a digital cash system that works like this: it
maintains a database of valid coins, and whenever someone presents it
with a valid coin (string of bytes) it erases that coin from its
database, and then either gives the person an equivelent amount of paper
cash or a newly created coin(s) of the same value.
Now if the bank allows this exchange of old coins for new coins to be
done over an anonymous network (e.g., a remailer-net), then the system is
anonymous as long as you don't move physical money in or out of the system.
Maintaining anonymity when moving physical money in and out of the system is
what blinding helps you to do, but this will be less useful in a fully
digital economy where such movement will be infrequent.
Wei Dai
Return to October 1995
Return to “Wei Dai <weidai@eskimo.com>”
1995-10-08 (Sun, 8 Oct 95 14:20:40 PDT) - anonymous cash without blinding - Wei Dai <weidai@eskimo.com>