[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
anonymous cash without blinding
With all this talk about Chuam patents, I would like to remind people
that blind signatures are not absolutely essential to an anonymous
digital cash system. You can combine a traceable cash system with an
anonymous communication system in a fairly obvious way to get a
fully (both payer and payee) anonymous cash system.
Suppose a bank is running a digital cash system that works like this: it
maintains a database of valid coins, and whenever someone presents it
with a valid coin (string of bytes) it erases that coin from its
database, and then either gives the person an equivelent amount of paper
cash or a newly created coin(s) of the same value.
Now if the bank allows this exchange of old coins for new coins to be
done over an anonymous network (e.g., a remailer-net), then the system is
anonymous as long as you don't move physical money in or out of the system.
Maintaining anonymity when moving physical money in and out of the system is
what blinding helps you to do, but this will be less useful in a fully
digital economy where such movement will be infrequent.