1996-05-21 - Re: Is Chaum’s System Traceable or Untraceable?

Header Data

From: Tim Dierks <tim@dierks.org>
To: Ian Goldberg <iang@cs.berkeley.edu>
Message Hash: f37ec564dadad9326f0bed52e41be7915049594298171686ccb7afcf75a1d5b9
Message ID: <v02140b0aadc66b47f5b3@[206.170.39.104]>
Reply To: N/A
UTC Datetime: 1996-05-21 07:10:35 UTC
Raw Date: Tue, 21 May 1996 15:10:35 +0800

Raw message

From: Tim Dierks <tim@dierks.org>
Date: Tue, 21 May 1996 15:10:35 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <v02140b0aadc66b47f5b3@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:10 AM 5/20/96, Ian Goldberg wrote:
>In article <199605190626.BAA62897@rs5.tcs.tulane.edu>,
>Matthew Carpenter  <mcarpent@mailhost.tcs.tulane.edu> wrote:
>>My PDA receives
>>back any coins as change if needed, and logs info about the transaction
>>for my financial records.
>>
>>When I get back home I 'deposit' my change using the same ATM interface.
>>This also removes from my home computer the copies of the coins I spent,
>>and automatically updates the transaction records on my PC.
>>
>>So are there any flaws with above procedure?
>
>Yup; with the current protocols, there's no way to do change.  For the shop
>to pay you change, besides suddenly losing your anonymity as a payee, you
>would have to go online immediately to clear the coins, which assumedly
>is infeasable.
>
>However, if you use the "fully anonymous" protocol, change becomes trivial.
>You don't have to go online; the payer (the shop) does, which it assumedly
>already is.  Another benefit is that coins received in this way as change
>are immediately spendable by you, without having to go online in between.
>
>The "fully anonymous" protocol turns out to be _exactly_ what is needed
>for situations like this.

Not that full anonymity isn't a Good Thing, but couldn't this be solved by
having the merchant (who presumably is on-line) provide PDA <-> mint
connectivitiy for the purposes of getting change, exchanging coins, etc.?
My assumption is that all the ecash protocols are not subject to a MITM
attack, which I would just presume to be good practice.

Also, given the fully anonymous protocol as you've described it (both payor
and payee blind the coins), what's to prevent the merchant from depositing
your change before he gives it to you? Unless your PDA is online, you'll be
home before you find out the hot dog vendor shorted you. (It's my
understanding that the current digicash system does not support Chaum's
method of revealing the identity of double-spenders).

 - Tim

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development







Thread