[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

anonymous cash without blinding

With all this talk about Chuam patents, I would like to remind people 
that blind signatures are not absolutely essential to an anonymous 
digital cash system.  You can combine a traceable cash system with an 
anonymous communication system in a fairly obvious way to get a 
fully (both payer and payee) anonymous cash system.

Suppose a bank is running a digital cash system that works like this: it 
maintains a database of valid coins, and whenever someone presents it 
with a valid coin (string of bytes) it erases that coin from its 
database, and then either gives the person an equivelent amount of paper 
cash or a newly created coin(s) of the same value.

Now if the bank allows this exchange of old coins for new coins to be 
done over an anonymous network (e.g., a remailer-net), then the system is 
anonymous as long as you don't move physical money in or out of the system.
Maintaining anonymity when moving physical money in and out of the system is 
what blinding helps you to do, but this will be less useful in a fully 
digital economy where such movement will be infrequent.

Wei Dai