[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: digital cash and identity disclosure

Tim wrote:

> "Double spending" detection is a REAL MESS. That's my basic conclusion. It
> tends to require schemes for going after double spenders, it tends to make
> identity-revealing attacks possible (such as the attack I alluded to, and
> that Hal more completely describes), and it's INELEGANT.
> "Immediate clearing" is much more elegant, and is, I think, truer to the
> spirit of "annonymous digital cash" than most of these other schemes are.
> (Grep the FAQ for "online" or "online clearing" or "clearing" and you
> should find some stuff. Also, several articles--including one recently by
> me, about a month ago--go into the differences between the types of
> clearing.)

I also suggest taking a look at Stefan Brands' solution, which, while
requiring hardware, has some favorable properties.  Among these are:

   - prior restraint of double spending through hardware-based
   "secret-key certificates"

   - in the case of hardware tampering, double spenders are traceable
   as in Chaum's system; however, the protocol used to achieve this is
   much more efficient than Chaum's "cut-and-choose"

   - no possibility of a subliminal channel between the
   tamper-resistant device and the payee or bank

Mark Chen 
[email protected]
finger for PGP public key
D4 99 54 2A 98 B1 48 0C  CF 95 A5 B0 6E E0 1E 1D