1995-10-23 - Re: How can e-cash, even on-line cleared, protect payee identity?

Header Data

From: Bryce <wilcoxb@nagina.cs.colorado.edu>
To: tcmay@got.net (Timothy C. May)
Message Hash: c7425576bc41671858255879cc17fa57f8c1f7ce8d2f6541638591263c7db58d
Message ID: <199510230348.VAA02972@nagina.cs.colorado.edu>
Reply To: <acb0502856021004848f@[]>
UTC Datetime: 1995-10-23 03:49:04 UTC
Raw Date: Sun, 22 Oct 95 20:49:04 PDT

Raw message

From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Sun, 22 Oct 95 20:49:04 PDT
To: tcmay@got.net (Timothy C. May)
Subject: Re: How can e-cash, even on-line cleared, protect payee identity?
In-Reply-To: <acb0502856021004848f@[]>
Message-ID: <199510230348.VAA02972@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain


 I, Bryce <bryce@colorado.edu> wrote:
> I can imagine a future in which this requirement is not difficult to
> meet.  Perhaps it will be the case that you can accept a coin, open
> up a new ("anonymous") account with the bank, deposit the coin,
> withdraw a new coin of the same amount, close the account, and now
> have an untraceable coin all in a fraction of a second.

 the entity calling itself TC May <tcmay@got.net> allegedly wrote:
> This is essentially the point several of us have been making, that if
> "anonymous bank accounts" are allowed (_technically_, no problem), then Bob
> can take his "possibly watched" piece of cash, deposit it with his bank in
> his anonymous account, withdraw the same amount (or more, or less, it
> doesn't matter if the account is truly anonymous) and neither Alice nor the
> Bank know who got it.

Now it seems to me that any ecash scheme, whether cleared on-line or
off-line, with or without double-spending-detection, will put the
payee at risk of identification by a collusion of the payer and the
bank.  As far as I can tell, Chaum's off-line,
double-spending-detecting DigiCash Ecash is no more or less
susceptible to this attack than is any other scheme.  (This is
because the e-coin must have a unique ID or serial number, and the
payer/bank collusion can trace the passage of that serial number to
identify the payee.)

TC May has stated that Chaum's off-line strategy enables
payee-identification by a payer/bank collusion, but it seems to me 
that this is incorrect, because payee-identification is *always*
possible by a payer/bank collusion under any scheme.

 ""TC May"":
> As you note, Bob can even open a new account, deposit, withdraw, close the
> account. This makes the bank a "digital coin laundry," such as Lucky Greene
> and others have talked about.

Right, if the bank allows anon accounts and/or accounts that can be
created and used with very little time/effort/expense.  Now if the
bank doesn't allow that then you could have a chain of
money-laudering "remailer" type services.  They will deposit the
coin for you and withdraw a new one, thus making it untraceable
*unless* they themselves are in on the collusion.

Perhaps you "chained remailer" people can apply your expertise to this
and invent for us a method of laundering your e-coin through a chain
of such services, making sure that a collusion of payer, bank and
*all* launderers is necessary to reveal your identity, and making
sure that the launderers themselves can't steal your coin.

Sounds impossible at first blush.



signatures follow

            "To strive, to seek, to find and not to yield."   
    <a href="http://ugrad-www.cs.colorado.edu/~wilcoxb/Niche.html">

                          bryce@colorado.edu                   </a>

Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01