From: anon-remailer@utopia.hacktic.nl (Name Withheld by Request)
Date: Tue, 24 Oct 95 00:50:17 PDT
To: cypherpunks@toad.com
Subject: Hack DigiCash: Payee Anonymity
Message-ID: <199510240750.IAA04175@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Well, Sameer is offering a "Hack DigiCash" promotion, in the same spirit as
the hack Netscape and Microsoft offer.  However, Chaum is a fairly
experienced cryptographer, and I doubt that there are any major security
flaws in the system.  The trial version used RSAREF, so that code at least
was open for your inspection.  There is still the possibility of bugs
creeping in when porting to different platforms tho...

I think the most interesting hack to pursue is to eliminate the
payee-nonanonymity problem.  The current software uses the following
protocol:

The  <--(blinding)--- Client
Bank --(unblinding)-> Client --> Merchant(non-anonymous) --> deposit in bank

The client is anonymous to the bank because of the blinding.  What we want
is for the client to be able to pay someone money, and have the recipient
be able to spend the money anonymously.  That is, there must be blinding
between the payer and the payee:

The  <--(blinding)--- payer <--(blinding)--- payee
Bank --(unblinding)-> payer --(unblinding)-> payee --> payee spends money

The payee generates some digital coins, blinds them, and sends them to the
payer.  The payer then makes a withdrawl from his bank account, blinds the
coins again (or not, it really doesn't matter) and sends them to the bank. 
The bank signs them, and returns them to the payer.  The payer removes his
blinding (if any) and sends them to the payee.  The payee unblinds the
coins and spends them at his leisure.  Privacy for all involved.