1997-05-22 - ecash & remailers

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: cypherpunks@algebra.com
Message Hash: 26c1be9c373d4fa5ef292e533e63a9a6baf0e4f852116d966c6b5cb3c16441cd
Message ID: <199705221703.SAA02054@server.test.net>
Reply To: N/A
UTC Datetime: 1997-05-22 17:21:47 UTC
Raw Date: Fri, 23 May 1997 01:21:47 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 23 May 1997 01:21:47 +0800
To: cypherpunks@algebra.com
Subject: ecash & remailers
Message-ID: <199705221703.SAA02054@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain

It occurs to me that there is a problem with remailers using Chaum's
ecash as offered by MT bank and others.

The attacker could coerce the sender of an anonymous message into
revealing his blinding value, and use this to obtain the identity of
each remailer hop by colluding with the bank.  (The bank keeps a
database of the blinded coins minted against who they were given to;
unblinding reveals the coin which can then be compared against those
deposited by remailers, tallying sender with remailer, all the way to
the exit remailer.)

To stop this, the sender should discard the blinding values, thereby
removing his ability to be later coerced, or to later trace the
recipient of his cash.

Is there a way to purge blinding values from the ecash directory?

Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>