[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: anonymity and e-cash



At 04:59 PM 2/12/97 -0800, Hal Finney wrote:
>From: [email protected] (Tim May)
>> You missed a very good talk by Ian Goldberg of UC Berkeley at the Saturday
>> Cypherpunks meeting at Stanford, where Ian talked for more than an hour on
>> just this issue. (He also talked for an hour on his crack of the RSA
>> challenge using 250 workstations...this was also a good talk.)
>
>I wish I could have heard that, it sounds good...
>
>A simple idea we have discussed for full anonymity uses the idea of
>exchanging coins at the bank.  You make an anonymous connection to
>the bank, supply some ecash you have received along with some blinded
>new ecash.  The bank verifies that the ecash is good and signs your
>blinded ecash, sending it back to you.  You unblind it and have good,
>fresh smelling ecash which you can keep, spend, or later deposit in
>your account.
>
>If the merchant performs this exchange operation on-line as soon as
>he receives ecash, then his anonynmity is protected.  The customer is
>protected too, by the blinding he used when he withdrew the ecash earlier.
>So both sides remain anonymous.
>
>It sounds like Ian may have worked out details of a system where third
>parties do these exchanges.  Banks may be reluctant to allow them for
>liability reasons, and the market, abhoring the vacuum, will supply
>intermediaries who perform exchanges for a fee.
>
>Resolving the various forms of cheating is the hard part.  When Lee asks
>about a signed receipt, it is hard to understand what is the point if the
>seller is fully anonymous!  A signed receipt from a freshly-minted key
>is not of much use to anyone.
>
>If the participants are using persistant pseudonyms then whatever
>reputation capital they have can be put on the line when cheating happens,
>although it still may be hard to tell who cheated whom.  Did the customer
>pass bad cash and claim it was good, or did the merchant deposit good
>cash and claim it was bad?
>
>The same thing could happen every day at the supermarket, of course.
>A customer insists they paid $20 but got change for a $10.  If dozens of
>customers say the same thing has happened to them, we start to mistrust
>the market, while if several businesses say this particular customer
>has made the same claim to them, we blame the customer.

Here is another idea.
The merchant and customer agree on a price, with the merchant knowing that
the "bank" will take a cut for their services.
The merchant and customer both LOG IN to the bank seperately, each type in
their agreed upon price and cut & paste in the services rendered
information.  If they match, the bank makes the necessary transaction
between the accounts, e-cash stash, etc.  The bank also supplies both
parties with a clear signed receipt.  The bank can now no longer alter the
receipt, as the merchant and customer both have a copy.  And the customer
and merchant can not alter the receipt, because then it would fail the test
on the signature.
If a receipt for a transaction number were used, then the only threat would
be the same one that exists for remailer operators.  This could be negated
by daisy-chaining banks in a similair manner.  If each bank took a cut of
non-customers of $.0002 or .02% of the transaction, whichever was greater,
then a suitable system could be set up.

Another idea that has been festering.  If we could get a CPA involved in
this forum, I would be willing to have h[im/er] sign my key, (which is
seldom used, mostly because this is the only place I use e-mail), for that
reasonable fee that CPA's can charge.  I know that it is not a standard, or
even legally recognized, post for CPA's, but I think that enough people
would trust them.
This would take care of some of the "newly minted" key problems.  Since
getting someone who is trusted to sign your key is a recognized method of
getting people to believe you are who you say you are.  Just an idea.
Actually two, one half thought out, one that has been bugging me.