[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: Chaum's cash: backup?
-----BEGIN PGP SIGNED MESSAGE-----
Hello Marcel van der Peijl,
> From: "Marcel van der Peijl" <[email protected]>
> Date: Tue, 24 Oct 1995 14:10:58 +0100
Sorry about taking so long to reply... I'll quote more than usual
to make up for it.
> > > I could give a hint: your random state initializer is not the too-often
> > > used srand( time( NULL ) ) but user-chosen during installation.
> > This sounds great... Will the bank be running crack against the proto-coins
> > it gets? (Say, at the behest of a LEA?)
> It is not the bank's intention to screw the clients, but mostly the
> other way around.
I was referring to the claim that the system is payer-anonymous.
Thinking of it again now, what's to stop Eve the eavesdropper from spying
on the proto-coins, running crack against it, and then (later)
eavesdropping on the bank-signed coins and unblinding/depositing them
before Alice/Bob does?
(No, being encrypted by the bank's public key is not enough.)
> If the bank wants to screw the clients the easiest
> way is to change their account balance. Remember, you trust them with
> your money. That's why they're a bank.
Yes, but is the bank really interested in protecting privacy?
> > Is there any way for the user to re-initialize the random state?
> > > Write that initializer down and you can re-generate all coins.
> > ...
> > That's going to be one hell of a valuable piece of paper.
> > (Certainly to your enemies/prosecutors - it reveals the blinding factors
> > for every coin you ever spent.)
> You may choose to burn it or change random state and have no
> recoverability. What do you value more? Your privacy or your money?
> Each user will have too choose.
a) It would be nice if the protocol didn't require this choice.
b) This choice should be made explicit to the user.
c) As I noted above, wouldn't it also strongly reduce security?
<[email protected]> <[email protected]> PGP 463A14D5
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----