[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: digital cash and identity disclosure



At 5:41 PM 10/19/95, Hal wrote:

>There is an attack here, but the text doesn't go into detail about it.
>You have to assume that (as with the current ecash implementation from
>Digicash) people have non-anonymous accounts with the bank.  If Alice
>wants to know Bob's identity she can collude with the bank to find
>out.  As Tim describes, she gives Bob some money, then quickly deposits
>the coins herself.  In effect, she intentionally double-spends (with
>the bank's permission).  When Bob makes his deposit, his coins are
>recognized as matching those which Alice double-spent.  So if Alice
>was, say, an agent involved in a government "sting", and bought bootleg
>software from Bob, his identity can in fact be learned when he deposits
>the money.
>
>Actually with the DigiCash system and in fact all of the ecash systems I
>know about, you don't have to get so fancy; Alice can simply give the
>bank a record of her transaction with Bob (the coins she sent him) and
>these will be recognized when Bob deposits them.
>
>Lucky Green has been discussing ways in which people could exchange coins
>anonymously even with DigiCash's ecash in order to provide some immunity
>from such attacks.

As Hal notes, there are a lot of issues and attacks to consider. I'm sorry
that my brief section on Chaumian digital cash in the Cyphernomicon doesn't
adequately cover the issues (and as the debates here show, confusion still
reigns, and no doubt some of my points are misleading, wrong, or
incomplete).

"Double spending" detection is a REAL MESS. That's my basic conclusion. It
tends to require schemes for going after double spenders, it tends to make
identity-revealing attacks possible (such as the attack I alluded to, and
that Hal more completely describes), and it's INELEGANT.

"Immediate clearing" is much more elegant, and is, I think, truer to the
spirit of "annonymous digital cash" than most of these other schemes are.
(Grep the FAQ for "online" or "online clearing" or "clearing" and you
should find some stuff. Also, several articles--including one recently by
me, about a month ago--go into the differences between the types of
clearing.)

--Tim May


Views here are not the views of my Internet Service Provider or Government.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."