From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: ee8a926b796b3d5577f7bb8adabeef69498f09129933e73cb97434cb02423962
Message ID: <199510241410.HAA04523@jobe.shell.portal.com>
Reply To: <199510232023.OAA10038@nag.cs.colorado.edu>
UTC Datetime: 1995-10-24 14:12:29 UTC
Raw Date: Tue, 24 Oct 95 07:12:29 PDT
From: Hal <hfinney@shell.portal.com>
Date: Tue, 24 Oct 95 07:12:29 PDT
To: cypherpunks@toad.com
Subject: Re: How can e-cash, even on-line cleared, protect payee identity?
In-Reply-To: <199510232023.OAA10038@nag.cs.colorado.edu>
Message-ID: <199510241410.HAA04523@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
tomw@orac.engr.sgi.com (Tom Weinstein) writes:
>Perhaps the problem is that Bob insists that Alice's coin was not signed
>by the bank. In that case, how about this modification? Alice should
>first show Bob the doubly blinded coin she gave to the bank and the
>signed doubly blinded coin she received back. Bob can verify the
>signature and then Alice can give him the blinding factor so he can
>unblind it himself. Bob also needs to sign the singly blinded coin that
>he gives to Alice so that Alice can later show that she gave him the
>correct blinding factor if Bob tries to claim that she didn't.
The problem with this is that Bob and the bank can now collude to trace
Alice, since he sees what she sent to the bank. This is not as bad as in
the forward traceability case of regular ecash, because it happens after
Alice has completed her bank transaction, rather than before, but it
would be better to be untraceable since that is the whole point of this
variation.
Hal
Return to October 1995
Return to “Wei Dai <weidai@eskimo.com>”