From: ljo@ausys.se (Johansson Lars)
Date: Wed, 1 Nov 95 05:31:17 PST
To: hfinney@shell.portal.com
Subject: RE: (cpx) Digicash tagged with payee?
Message-ID: <95Nov1.143001gmt+0100.53766@void.ausys.se>
MIME-Version: 1.0
Content-Type: text/plain




Hal Finney <hfinney@shell.portal.com> writes:

>I have heard it claimed that when you make a payment with Digicash ecash,
>the identity of the payee is encoded or embedded into the cash somehow.
>This is an anti-theft measure (among other things, perhaps).  The bank
>checks that the embedded identity in deposited cash matches the account
>name which is doing the deposit.

Where have you heard that? Everything I've heard from DigiCash seems
to indicate that no such "payee encoding" is performed.

>My question is, how could this be done?  How can the payor, at payment
>time, without communicating with the bank, embed a payee name
>irreversibly into the cash so that a thief cannot strip it out and
>replace it with his own name?

It is possible though with other (teoretical) protocols, such as Chaum,
Fiat and Naor's off-line cash scheme (briefly described in Schneirer's
book 'Applied Cryptography') and especially the (off-line) cash system,
developed by Stefan Brands.

In these systems, when Alice spends a coin at Bob's shop she has to
respond to a random challenge, sent to her by Bob. This random challenge
could possibly be a hash of Bob's identity and some other values.
My impression though is that this is not a feature of the current
implementation of ecash.

>Off-list there has been some discussion about the role of certificates in
>ecash, and in cash systems in general.  It would be interesting to know
>if this anti-theft provision of Digicash is actually provided by means of
>a certificate.

It is conceivable to think of the above mentioned methods in that way,  yes

/Lars Johansson
ljo@ausys.se