From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 3e3945bd506dc2ae2ef4d8c1850961dd590d230b2a7fc88dd0321bcf91a2472f
Message ID: <acabe4df3f021004b9f5@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1995-10-19 18:26:28 UTC
Raw Date: Thu, 19 Oct 95 11:26:28 PDT
From: tcmay@got.net (Timothy C. May)
Date: Thu, 19 Oct 95 11:26:28 PDT
To: cypherpunks@toad.com
Subject: Re: digital cash and identity disclosure
Message-ID: <acabe4df3f021004b9f5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain
At 5:41 PM 10/19/95, Hal wrote:
>There is an attack here, but the text doesn't go into detail about it.
>You have to assume that (as with the current ecash implementation from
>Digicash) people have non-anonymous accounts with the bank. If Alice
>wants to know Bob's identity she can collude with the bank to find
>out. As Tim describes, she gives Bob some money, then quickly deposits
>the coins herself. In effect, she intentionally double-spends (with
>the bank's permission). When Bob makes his deposit, his coins are
>recognized as matching those which Alice double-spent. So if Alice
>was, say, an agent involved in a government "sting", and bought bootleg
>software from Bob, his identity can in fact be learned when he deposits
>the money.
>
>Actually with the DigiCash system and in fact all of the ecash systems I
>know about, you don't have to get so fancy; Alice can simply give the
>bank a record of her transaction with Bob (the coins she sent him) and
>these will be recognized when Bob deposits them.
>
>Lucky Green has been discussing ways in which people could exchange coins
>anonymously even with DigiCash's ecash in order to provide some immunity
>from such attacks.
As Hal notes, there are a lot of issues and attacks to consider. I'm sorry
that my brief section on Chaumian digital cash in the Cyphernomicon doesn't
adequately cover the issues (and as the debates here show, confusion still
reigns, and no doubt some of my points are misleading, wrong, or
incomplete).
"Double spending" detection is a REAL MESS. That's my basic conclusion. It
tends to require schemes for going after double spenders, it tends to make
identity-revealing attacks possible (such as the attack I alluded to, and
that Hal more completely describes), and it's INELEGANT.
"Immediate clearing" is much more elegant, and is, I think, truer to the
spirit of "annonymous digital cash" than most of these other schemes are.
(Grep the FAQ for "online" or "online clearing" or "clearing" and you
should find some stuff. Also, several articles--including one recently by
me, about a month ago--go into the differences between the types of
clearing.)
--Tim May
Views here are not the views of my Internet Service Provider or Government.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^756839 | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”