[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Chaum on the good foot?
- To: [email protected]
- Subject: Re: Chaum on the good foot?
- From: peter honeyman <[email protected]>
- Date: Wed, 06 Oct 1993 00:23:22 -0400
- In-Reply-To: rjc's message of Tue, 05 Oct 1993 22:53:29 -0400.
> This could refer to observer based protocols. I don't see anything in the
> above paragraph to indicate that they have invented a digital coin. I don't
> see how offline non-observer based cash could possibly work. (e.g.
> I send a copy of my cash to someone in Europe and we "spend" them
> simultaneously)
well, actually, it's very neat how this works. here, i'll quote from
n. ferguson's paper "single term off-line coins."
The most difficult fraud to counter in electronic cash systems is
the double-spending. A user can always spend the same coin in two
different shops. This fraud cannot be detected at the time of
spending as the payments are off-line. The solution that all
electronic cash systems use is to detect the double-spending after
the fact. At each payment the user is required to release some
information in response to a challenge from the shop. One such
release of information provides no clue to the user's identity, but
two such releases are sufficient to identify the user uniquely.
this is based on shamir's "how to share a secret" cacm v22n11 1979.
in the stefan brands quote ("the privacy of honest users cannot be
violated in any cryptanalytic way") the emphasis is on honest users.
dishonest users are traceable.
after reading these two papers, i really think off-line cash works -- it
offers divisibility, multi-party security, privacy, and untraceability.
the major impediments seem to be the complexity of the protocols and the
large computational price to be paid.
peter