From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Oct 1995 03:15:19 +0800
To: tomw@cthulhu.engr.sgi.com
Subject: Re: digital cash and identity disclosure
Message-ID: <199510281848.LAA05019@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:53 AM 10/20/95 -0700, tomw@cthulhu.engr.sgi.com wrote:
>> I don't understand how this could happen? The two coins are identical
>> (as I understood it from the tech backgound of ecash). what has a double-
>> spended coin what a copied single-spended coin not has?

>The process of spending a coin is not simply that of transfering data.
>There is a complicated protocol in which Alice decrypts some of the
>identity information in the coin.  

There are several approaches - in the immediate-clearing model,
you can tell if someone's spent coin 111111111111 because the bank keeps
a record of which coins have been spent and refuses to pay anybody
who tries to spend the same coin later; this almost forces you to use
on-line clearing solutions.  Chaum's blinding protocols
make it possible for the bank to sign a coin without being able to
trace it to the person withdrawing the coin, so she can spend it anonymously.

Another model uses the protocols Tom described which place a random chunk
of the spender's identity into the coin - one chunk gives away no information,
but two chunks have an extremely high probability of doing so - so you
can go prosecute the guilty double-spender later (or just debit her account
twice...)
Then there are the non-anonymous models.
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---