Re: digital cash and identity disclosure

[Scott Brickner <sjb@universe.digex.net>]

Andreas Bogk writes:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Hi...
>
>In the Cyphernomicon, section 12.6.6, Tim May writes:
>
>             - Chaum went to great lengths to develop system which
>                preserve anonymity for single-spending instances, but
>                which break anonymity and thus reveal identity for double-
>                spending instances. I'm not sure what market forces
>                caused him to think about this as being so important, but
>                it creates many headaches. Besides being clumsy, it
>                require physical ID, it invokes a legal system to try to
>                collect from "double spenders," and it admits the
>                extremely serious breach of privacy by enabling stings.
>                For example, Alice pays Bob a unit of money, then quickly
>                Alice spends that money before Bob can...Bob is then
>                revealed as a "double spender," and his identity revealed
>                to whomver wanted it...Alice, IRS, Gestapo, etc. A very
>                broken idea. Acceptable mainly for small transactions.
>
>But as far as I got Chaums idea, Alice would not reveal Bobs identity,
>but rather her own. Am I missing a point here?

You're right.  Tim's wrong.  Bob can't spend the money Alice gave him
without depositing it in the bank and getting new money issued.  Each
coin has "This money was issued to Alice" as an invisible imprint which
only shows up when two coins with the same serial number are together.