From: daw@cs.berkeley.edu (David Wagner)
Date: Thu, 23 May 1996 15:29:40 +0800
To: cypherpunks@toad.com
Subject: Re: PROTOCOL: Encrypted Open Books
In-Reply-To: <adc6b62a1a02100403da@[205.199.118.202]>
Message-ID: <4o0cfk$1i7@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Apologies for replying to a reposted article; I wasn't subscribed when
the (very interesting!) open books protocol was originall proposed.

In article <adc6b62a1a02100403da@[205.199.118.202]>,
Timothy C. May <tcmay@got.net> wrote:
> >Date: Mon, 16 Aug 93 13:57:51 -0700
> >From: Eric Hughes <hughes@soda.berkeley.edu>
> >Subject: PROTOCOL: Encrypted Open Books
> >
> >One criticism I do wish to address now.  I don't think it matters if
> >the bank manufactures fake transactions.  The customer can reveal the
> >sum of all the blinding factors for transactions on that account, in
> >public, and can thus prove what should have been there.  Since the
> >blinding factors were committed to in public, there is a strong
> >assurance that these blinding factors are what they are claimed to be.
> >This in itself can be made into an actual proof of liability.  Note
> >that even this revelantion does not compromise individual
> >transactions.  It only reveals the aggregate value change, which is
> >exactly what is at issue with the bank.

Yes, if the bank manufactures a fake transaction to a customer's
account, I see that the customer can discover the discrepancy & step
forward to identify the bank.

But what if the bank manufactures a fake account, without a real
customer, and fakes a transfer into that account, pocketing the
money that should have gone into that account?  There is no real
customer corresponding to that account to check up on the open
books, so it seems to me like a bank employee can embezzle money
undetectably this way.

Did I miss an important part of the protocol, or does some extra
mechanism need to be added to counter this threat?