[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Digicash question



One problem with your proposal is that at *some* point you want to be able
to get *real* cash for your digicash - at that point you've got to give
the bank the password, but also an account to deposit the cash into
(or equivalent), and at that point the bank can compare it with
the original owner of the bill.  You not only have to trust them to
not rip off the money, you have to trust them to not give away
the information, which may be tough if the government requires it.

Another problem is that:  Suppose Alice gives the password to Bob,
who gives it to Carol, and then Alice spends the cash before 
Carol can get it - you don't know if Alice or Bob ripped you off.
Alice could also try spending it before Bob deposits it,
but that's an issue for any offline cash protocol, though this
appears to give you less protection.

Different denominations aren't much of a problem - you need something
like that anyway.  Having each separate coin have a separate number
registered with the bank is somewhat more annoying than some of Chaum's
schemes, where you could prove the coin had been signed by the bank
but the bank didn't (and couldn't) track the coins.

Another trusting-the-bank problem is what happens if the
government comes to you and says "Alice is a drug dealer (mushrooms?) -
give us the passwords for all her digicash, and if she's given them
to anyone else, we can still forfeit them because the law lets us
confiscate them after she's spent them, just like stolen goods."
In Chaum's case, that's explicitly impossible.
(In the cases that led to Swiss Banking Secrecy laws,
the crime wasn't "drugs",it was "being Jewish".)

Similarly, even if the bank as a whole is honest, there may be
employees trying to embezzle the funds - tough to prevent in your approach.

		Bill Stewart