From: chen@intuit.com (Mark Chen)
To: cypherpunks@toad.com (cypherpunks)
Message Hash: aa42da0fc4ca6e67b3c6c76beccb7c27e9cf8561612b32d7bb1bb46d6ee50acb
Message ID: <9510192017.AA26270@doom>
Reply To: <acabe4df3f021004b9f5@[205.199.118.202]>
UTC Datetime: 1995-10-19 20:20:57 UTC
Raw Date: Thu, 19 Oct 95 13:20:57 PDT
From: chen@intuit.com (Mark Chen)
Date: Thu, 19 Oct 95 13:20:57 PDT
To: cypherpunks@toad.com (cypherpunks)
Subject: Re: digital cash and identity disclosure
In-Reply-To: <acabe4df3f021004b9f5@[205.199.118.202]>
Message-ID: <9510192017.AA26270@doom>
MIME-Version: 1.0
Content-Type: text/plain
Tim wrote:
> "Double spending" detection is a REAL MESS. That's my basic conclusion. It
> tends to require schemes for going after double spenders, it tends to make
> identity-revealing attacks possible (such as the attack I alluded to, and
> that Hal more completely describes), and it's INELEGANT.
>
> "Immediate clearing" is much more elegant, and is, I think, truer to the
> spirit of "annonymous digital cash" than most of these other schemes are.
> (Grep the FAQ for "online" or "online clearing" or "clearing" and you
> should find some stuff. Also, several articles--including one recently by
> me, about a month ago--go into the differences between the types of
> clearing.)
I also suggest taking a look at Stefan Brands' solution, which, while
requiring hardware, has some favorable properties. Among these are:
- prior restraint of double spending through hardware-based
"secret-key certificates"
- in the case of hardware tampering, double spenders are traceable
as in Chaum's system; however, the protocol used to achieve this is
much more efficient than Chaum's "cut-and-choose"
- no possibility of a subliminal channel between the
tamper-resistant device and the payee or bank
--
Mark Chen
chen@intuit.com
415/329-6913
finger for PGP public key
D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”