1995-10-19 - Re: digital cash and identity disclosure

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: d1cfb0f032dbc6b98ddbaa17660aeda89771a7ba397bf0718b24b75812ab3da5
Message ID: <199510191741.KAA09854@jobe.shell.portal.com>
Reply To: <m0t5ej6-0002ebC@horten>
UTC Datetime: 1995-10-19 17:42:29 UTC
Raw Date: Thu, 19 Oct 95 10:42:29 PDT

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Thu, 19 Oct 95 10:42:29 PDT
To: cypherpunks@toad.com
Subject: Re: digital cash and identity disclosure
In-Reply-To: <m0t5ej6-0002ebC@horten>
Message-ID: <199510191741.KAA09854@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Andreas Bogk <andreas@artcom.de> writes:

>In the Cyphernomicon, section 12.6.6, Tim May writes:

>             - Chaum went to great lengths to develop system which
>                preserve anonymity for single-spending instances, but
>                which break anonymity and thus reveal identity for double-
>                spending instances. I'm not sure what market forces
>                caused him to think about this as being so important, but
>                it creates many headaches. Besides being clumsy, it
>                require physical ID, it invokes a legal system to try to
>                collect from "double spenders," and it admits the
>                extremely serious breach of privacy by enabling stings.
>                For example, Alice pays Bob a unit of money, then quickly
>                Alice spends that money before Bob can...Bob is then
>                revealed as a "double spender," and his identity revealed
>                to whomver wanted it...Alice, IRS, Gestapo, etc. A very
>                broken idea. Acceptable mainly for small transactions.

>But as far as I got Chaums idea, Alice would not reveal Bobs identity,
>but rather her own. Am I missing a point here?

There is an attack here, but the text doesn't go into detail about it.
You have to assume that (as with the current ecash implementation from
Digicash) people have non-anonymous accounts with the bank.  If Alice
wants to know Bob's identity she can collude with the bank to find
out.  As Tim describes, she gives Bob some money, then quickly deposits
the coins herself.  In effect, she intentionally double-spends (with
the bank's permission).  When Bob makes his deposit, his coins are
recognized as matching those which Alice double-spent.  So if Alice
was, say, an agent involved in a government "sting", and bought bootleg
software from Bob, his identity can in fact be learned when he deposits
the money.

Actually with the DigiCash system and in fact all of the ecash systems I
know about, you don't have to get so fancy; Alice can simply give the
bank a record of her transaction with Bob (the coins she sent him) and
these will be recognized when Bob deposits them.

Lucky Green has been discussing ways in which people could exchange coins
anonymously even with DigiCash's ecash in order to provide some immunity
from such attacks.

Hal




Thread