[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tense visions of future imperfect
From: [email protected] (Bill Frantz)
> >[Description of dcash counterfeiting scam, presumably done by stealing
> > the bank's public key]
> I don't see how this third scam would work in a system such as DigiCash
> which uses online clearing. Unissued serial numbers would be refused when
> presented for clearing.
DigiCash banks do not issue serial numbers. Serial numbers are randomly
chosen by the user when he withdraws his cash. He blinds the serial
number before presenting the cash to be signed by the bank during
withdrawal. So the bank never sees serial numbers until they are spent.
The uniqueness of serial numbers results solely from having a large
enough random space that matches are unlikely.
What the bank does is keep a list of all spent serial numbers, not all
issued ones (since it doesn't know those). That way it can detect double
spending.
We have had some discussions here about how banks could recognize this
kind of counterfeiting, similar to the statistical measures mentioned in
Garfinkel's scenario, and steps that could be taken.
Hal