From: Bryce <wilcoxb@nagina.cs.colorado.edu>
To: tcmay@got.net (Timothy C. May)
Message Hash: c821173cba0561f45e720adc0e02cbdb4121ebd88f28bdcaae07253807dc9853
Message ID: <199510192219.QAA29534@nagina.cs.colorado.edu>
Reply To: <acac05c4410210047467@[205.199.118.202]>
UTC Datetime: 1995-10-19 22:20:06 UTC
Raw Date: Thu, 19 Oct 95 15:20:06 PDT
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Thu, 19 Oct 95 15:20:06 PDT
To: tcmay@got.net (Timothy C. May)
Subject: Re: digital cash and identity disclosure
In-Reply-To: <acac05c4410210047467@[205.199.118.202]>
Message-ID: <199510192219.QAA29534@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
I, Bryce <bryce@colorado.edu> wrote:
>
> (i.e., because the payer knows the actual ID number
> of the bill, she can choose to relate it to the bank and then the bank
> can identify who turns in that bill. Has nothing to do with
> double-spending. If the protocol provided for re-blinding before
> depositing the bill then this would not be possible, I think, and
> would still have nothing to do with double-spending.)
Someone claiming to be the nym calling itself tcmay@got.net (Timothy C.
May) wrote:
>
> Oh, but it does.
<snip>
> (Note: Any schemes for "re-blinding" must still allow "uniqueness"...and
> must still point back to Alice. Else the scheme/scam above
[double-spending -B]
> will work.
> Online clearing, in which only the _first_ to present a digital cash claim
> gets paid, does not have this problem.)
Whoops, you're sure right. Alice will not be revealing the bill's ID,
she will be revealing her "double-spending prevention" field. Hm.
I suppose that her victim (the one who received the pre-spent bill and
was "out"'ed) could have turned the bill in sans double-spending
prevention field if the protocol allowed for it and if he didn't mind
the risk of letting Alice get away with a bona fide double-spend.
Of course, if the bank allows anon accounts you can launder your e-coin
through these first. Also, suppose I start a payee-anonymity service?
(a.k.a. e-laundering service). You send me the e-coin you received,
I deposit it with the bank, check out a new coin, and send you the new
coin. (Minus my percentage.) Of course, now *I* have the ability to
sting you...
Regrettably, Tim C. May is right and current Chaumian Ecash can't do
off-line clearing without enabling stings in which payers can prove
which bank account the payee used to deposit the coin. (Not quite the
same as proving the payee's identity, but...) Marcel van der Peijl of
DigiCash once bragged to me in private e-mail that they could probably
do both-way anonymity in off-line clearing if they really wanted to.
Does anyone else think that this is possible? Unlike Tim, I think
that off-line clearing capability is a big plus.
Regards,
Bryce
Announcement: I'm not reading cpunks very much. Cc: me if you want
to be sure I'll read your post.
signatures follow
"To strive, to seek, to find and not to yield."
<a href="http://ugrad-www.cs.colorado.edu/~wilcoxb/Niche.html">
bryce@colorado.edu </a>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01
iQCVAwUBMIbKx/WZSllhfG25AQEsFAQApkyEFvVhNAdUdOMBAXkFAq1ICKtw+J4Z
8rTJmkkjc2bCdl8Rh1K7jWQESxSFIrF5bLfAyJz/K2CXhVSCOZpRASSFH7vL9HHb
7M9Gv7ZfvJ5vqEvW/PpLlDoA5xjt3Q4Q3xMW1dsqOyW928kkXzZhqqKDhGlTFNoW
+sMTuvi8X7c=
=QLx5
-----END PGP SIGNATURE-----
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”