1995-10-08 - anonymous cash without blinding

Header Data

From: Wei Dai <weidai@eskimo.com>
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 056e08ce641a9d6cdf08827dcb2fbd7aaca483c65c796a4acf9109f6c870280c
Message ID: <Pine.SUN.3.91.951008135715.1544C-100000@eskimo.com>
Reply To: N/A
UTC Datetime: 1995-10-08 21:20:40 UTC
Raw Date: Sun, 8 Oct 95 14:20:40 PDT

Raw message

From: Wei Dai <weidai@eskimo.com>
Date: Sun, 8 Oct 95 14:20:40 PDT
To: Cypherpunks <cypherpunks@toad.com>
Subject: anonymous cash without blinding
Message-ID: <Pine.SUN.3.91.951008135715.1544C-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


With all this talk about Chuam patents, I would like to remind people 
that blind signatures are not absolutely essential to an anonymous 
digital cash system.  You can combine a traceable cash system with an 
anonymous communication system in a fairly obvious way to get a 
fully (both payer and payee) anonymous cash system.

Suppose a bank is running a digital cash system that works like this: it 
maintains a database of valid coins, and whenever someone presents it 
with a valid coin (string of bytes) it erases that coin from its 
database, and then either gives the person an equivelent amount of paper 
cash or a newly created coin(s) of the same value.

Now if the bank allows this exchange of old coins for new coins to be 
done over an anonymous network (e.g., a remailer-net), then the system is 
anonymous as long as you don't move physical money in or out of the system.
Maintaining anonymity when moving physical money in and out of the system is 
what blinding helps you to do, but this will be less useful in a fully 
digital economy where such movement will be infrequent.

Wei Dai





Thread