From: Jiri Baum <jirib@cs.monash.edu.au>
To: bigmac@digicash.com (Marcel van der Peijl)
Message Hash: 31655deee403a190e6263e9043f900e14391beb4a17145259fbe0f696e15831a
Message ID: <199511030729.SAA03867@molly.cs.monash.edu.au>
Reply To: <199510241312.OAA00644@digicash.com>
UTC Datetime: 1995-11-03 07:55:51 UTC
Raw Date: Fri, 3 Nov 1995 15:55:51 +0800
From: Jiri Baum <jirib@cs.monash.edu.au>
Date: Fri, 3 Nov 1995 15:55:51 +0800
To: bigmac@digicash.com (Marcel van der Peijl)
Subject: Re: Re: Chaum's cash: backup?
In-Reply-To: <199510241312.OAA00644@digicash.com>
Message-ID: <199511030729.SAA03867@molly.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Hello Marcel van der Peijl,
> From: "Marcel van der Peijl" <bigmac@digicash.com>
> Date: Tue, 24 Oct 1995 14:10:58 +0100
Sorry about taking so long to reply... I'll quote more than usual
to make up for it.
> > > I could give a hint: your random state initializer is not the too-often
> > > used srand( time( NULL ) ) but user-chosen during installation.
> > This sounds great... Will the bank be running crack against the proto-coins
> > it gets? (Say, at the behest of a LEA?)
> It is not the bank's intention to screw the clients, but mostly the
> other way around.
I was referring to the claim that the system is payer-anonymous.
Thinking of it again now, what's to stop Eve the eavesdropper from spying
on the proto-coins, running crack against it, and then (later)
eavesdropping on the bank-signed coins and unblinding/depositing them
before Alice/Bob does?
(No, being encrypted by the bank's public key is not enough.)
> If the bank wants to screw the clients the easiest
> way is to change their account balance. Remember, you trust them with
> your money. That's why they're a bank.
Yes, but is the bank really interested in protecting privacy?
> > Is there any way for the user to re-initialize the random state?
> > > Write that initializer down and you can re-generate all coins.
> > ...
> > That's going to be one hell of a valuable piece of paper.
> > (Certainly to your enemies/prosecutors - it reveals the blinding factors
> > for every coin you ever spent.)
> You may choose to burn it or change random state and have no
> recoverability. What do you value more? Your privacy or your money?
> Each user will have too choose.
a) It would be nice if the protocol didn't require this choice.
b) This choice should be made explicit to the user.
c) As I noted above, wouldn't it also strongly reduce security?
See you!
Jiri
- --
<jirib@cs.monash.edu.au> <jiri@melb.dialix.oz.au> PGP 463A14D5
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMJnEeCxV6mvvBgf5AQF2BwP/XdMn6ktMGjToDltqo014kT1i3Z/GGXPr
HPW1gBN3RT3Ba9F2Ac+24IVVFqauo1sT+Ecc872UrlQzoF8S524oZfhjh3IW5xRF
mpZX48tnQn5nJE/U4XgvcuQ6yw5JOhc2eEVPs2PnKT+RdUogNb9UDAXOKn6+EILc
nqosNXK+aMU=
=geHb
-----END PGP SIGNATURE-----
Return to November 1995
Return to “Jiri Baum <jirib@cs.monash.edu.au>”
Unknown thread root