[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Single Value Pseudonyms
>Someone posted a way to resist altered bank notes [...] by something
>called (if I remember right) a "cut-and-choose" protocol.
Karl Barrus posted this, and I've been meaning to respond to it.
Basically, Karl's scheme doesn't work. With any cut-and-choose
protocol, there must be some assurance that the two things offered are
the same thing, and, in a series of them, that all the things offered
are the same thing.
With a blind signature, the signature itself is that which has value,
not the thing signed.
>To make things very simple for a bank, I suggest having fixed value digital
>pseudonyms for each value of bank note. For example, the Bank of Hastings on
>Kent would use "AU 500 mg from HoK Bank" as the user name for all signed 500
>milligram gold certificates.
Basically yes. More accurately, the bank has one key for each
denomination for each particular time range. The key is the
significant entity here, not the user name. The blind signer could
make a regular signature attaching a name to that key, of course.
Eric