[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Buying Digital Postage Stamps Anonymously
This came up in today's Bay Area Cypherpunks meeting (a very good meeting,
by the way). It also has come up in a couple of the messages here, with
mention made that the stamp seller may know who is using his remailer
because he has records of who he sold the stamps (= numbers) to.
There are several standard solutions:
1. Two-way anonymous communication, and two-way anonymous e-cash.
("Wrappers" and all that stuff, stuff I don't here us talking about much
lately...)
2. "Stamp mixes," wherein users exchange stamps bought earlier. (This still
depends on trust that the seller will not have kept copies of the stamps
for his own use, thus wiping out the value of one's new stamps, or that he
won't keep records. Anonymity techniques in the mix could help with some of
these problems.)
3. Cash purchase with message pool posting.
This last one I'll spend a moment describing, as it is very easy to
understand, and is robust against a lot of attacks.
Alice wishes to buy 100 remailer stamps, each worth 20 cents. She places a
$20 U.S. banknote and a diskette containing a public key in an ordinary
paper envelope and mails it from a random mailbox to Bob. She also includes
a simple phrase to make it easier for her to later find the stamps, such as
"Rosebud." Bob creates the digital stamps, encrypts the list of them with
the public key provided, puts the name "Rosebud" on the file, and places it
on his Web page which is visited by many people daily, or, for more
security, posts it to a Usenet group devoted to such things (such as
alt.anonymous.messages).
Alice retrieves the digital stamps by either visiting Bob's Web site, with
some small amount of identity leakage possible, or reads the messages in
alt.anonymous.messages (with even less chance of leakage). Or, Alice could
use a Web proxy to more securely visit the site.
The net result is that Alice has $20 worth of digital stamps, Bob has a $20
bill and will honor the stamps he issued, and Bob doesn't know who he sold
them to.
This is how easily it could be done. Digital cash is not needed, at this
granularity ($20 bills sent through the mail), and simple trust works. (We
talk a lot about "reputations," and this is a concrete example. Protocols
that "force" Bob to honor a digital stamp, instead of relying on his
willingness to honor his promises, are vastly harder to design and use than
are such simple, micro-trust transactions.)
Different remailers would have different stamps, different rates, etc., and
a remailer script (for a "premail"-like app?) could take the remailer hops
planned, pull a stamp off the list of unused stamps, and put the number in
a remailer-like header field, such as:
::
Digital-Stamp: 5he20o#xL3p01SA29s
The receiving remailer would decrypt the message with its private key,
check the digital stamp field (as above, or in a real header format,
whatever), and see if the stamp is in its list of "issued, but unused"
stamps. And so on, in the obvious way.
Seems straightforward to do.
--Tim May
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."