[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Offline Digicash ?



[email protected] writes:

> According to the Chaum-protocol description on chaos.bsu.edu, this is
> an online system - both parties must talk to the bank before a
> transaction is concluded. Are there any true offline systems? i.e. I
> can send you an email which is worth money, with no third parties
> involved, and there is no audit trail or means of tracing.
>
> The main problem is that there is no digital "coin" or object which
> can be passed around but not duplicated. Other than the bank method,
> I've read about an "observer" chip which keeps you honest, but the
> design of the chip would have to be secret, or at least the chip
> would have to know a secret (i.e. a key) which it would never tell
> you. If you could extract the key, you could write a "cheater".
> Shades of Clipper.
>
> Is there a system which allows anonymity and at the same time
> prevents people from double-spending their cash? How does it work?

Well, one thing that could be done is to write an "electronic check". 
Someone would deposit money in a bank, and then pay money to other
people by writing checks, encrypting each check with with their private
key for authentication, and then with the recipient's public key to
protect against the possibility that the message might be intercepted. 
The recipient would then decode the first layer of encryption with his
private key (leaving the sender's key-authentication), add his account
number to the message and send it to the bank (preferrably, encoding it
with the bank's public key).  The bank would be able to verify the
authenticity of the check by means of the sender's public key, and would
then transfer the funds to the recipient's account.  Basically, this
works the same way paper checks work today, and might be a feasible
system.  This eliminates the need for both parties to talk to the bank
before making the transaction; only the recipient would need to talk to
the bank - to cash his check.  This doesn't completely solve the
traceability issue however.  Although accounts could be numbered and the
owner's identity kept "secret", it is still theoretically possible to
trace the money from one account to another.

However there is another way to do it.  The bank could simply issue
numbered "bills" in exchange for conventional cash, and this would be
done completely anonymously.  Each number would be worth a certian set
value, such as a US dollar, a gram of gold, etc.  The numbers could be
of a form such that there would be one valid number in a billion or a
trillion (or more possible) combinations, eliminating the possibility
that someone might find a valid number by random guessing.  (As a side
comment: Creating different unique numbers is not too difficult. 
Suppose a bank was going to issue one million bills out of a trillion
combinations.  They could number the valid bills 0-999999, leaving
numbers 1000000-999999999999 as invalid combinations.  Each number would
then be encrypted with a conventional private-key system, meaning that
the valid combinations would end up randomly distrubited thruout the
possible domain of numbers.  The bank would easily be able to tell
anyone who asked weather or not a number was valid, by using its cipher
to decode the number, but nobody else would know how to find valid
combinations because the bank would keep its cipher secret.)  When
someone wanted to spend some money, he would give the recipient the
numbers of the bills he wanted to spend.  To eliminate the possibility
of double-spending the same numbers, the recipient would then call the
bank, and give them the numbers, and the bank would flag those numbers
in its database as being spent (so they couldn't be spent again), and
issue new numbers.  Since all calls to the bank would be anonymous,
there would be effectively no way to trace the money, while security
against double spending would be maintained.