[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Chaum's cash: backup?

To: [email protected] (Marcel van der Peijl)
Subject: Re: Re: Chaum's cash: backup?
From: Jiri Baum <[email protected]>
Date: Fri, 3 Nov 1995 18:29:04 +1100 (EST)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Marcel van der Peijl" at Oct 24, 95 02:10:58 pm
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

Hello Marcel van der Peijl,
> From: "Marcel van der Peijl" <[email protected]>
> Date:          Tue, 24 Oct 1995 14:10:58 +0100

Sorry about taking so long to reply... I'll quote more than usual
to make up for it.

> > > I could give a hint: your random state initializer is not the too-often 
> > > used srand( time( NULL ) ) but user-chosen during installation.

> > This sounds great... Will the bank be running crack against the proto-coins
> > it gets? (Say, at the behest of a LEA?)

> It is not the bank's intention to screw the clients, but mostly the 
> other way around.

I was referring to the claim that the system is payer-anonymous.

Thinking of it again now, what's to stop Eve the eavesdropper from spying
on the proto-coins, running crack against it, and then (later) 
eavesdropping on the bank-signed coins and unblinding/depositing them 
before Alice/Bob does?

(No, being encrypted by the bank's public key is not enough.)

> If the bank wants to screw the clients the easiest 
> way is to change their account balance. Remember, you trust them with 
> your money. That's why they're a bank.

Yes, but is the bank really interested in protecting privacy?

> > Is there any way for the user to re-initialize the random state?
> > > Write that initializer down and you can re-generate all coins.
> > ...
> > That's going to be one hell of a valuable piece of paper.
> > (Certainly to your enemies/prosecutors - it reveals the blinding factors
> > for every coin you ever spent.)

> You may choose to burn it or change random state and have no 
> recoverability. What do you value more? Your privacy or your money? 
> Each user will have too choose.

a) It would be nice if the protocol didn't require this choice.

b) This choice should be made explicit to the user.

c) As I noted above, wouldn't it also strongly reduce security?


See you!

Jiri
- --
<[email protected]>     <[email protected]>     PGP 463A14D5

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMJnEeCxV6mvvBgf5AQF2BwP/XdMn6ktMGjToDltqo014kT1i3Z/GGXPr
HPW1gBN3RT3Ba9F2Ac+24IVVFqauo1sT+Ecc872UrlQzoF8S524oZfhjh3IW5xRF
mpZX48tnQn5nJE/U4XgvcuQ6yw5JOhc2eEVPs2PnKT+RdUogNb9UDAXOKn6+EILc
nqosNXK+aMU=
=geHb
-----END PGP SIGNATURE-----

Prev by Date: [NOISY] Re: Clinton Administration Plans 1.5 MILLION WIRETAPS
Next by Date: Re: [NOISE] Re: censored? corrected [Steve Pizzo cited in The Spotlight]
Prev by thread: Re: FBI Wants to Wiretap One of Every 100 Phones in Urban Areas
Next by thread: Transcript of Bernstein hearing is now available
Index(es):
- Date
- Thread