[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: digital cash and identity disclosure
Tim wrote:
> "Double spending" detection is a REAL MESS. That's my basic conclusion. It
> tends to require schemes for going after double spenders, it tends to make
> identity-revealing attacks possible (such as the attack I alluded to, and
> that Hal more completely describes), and it's INELEGANT.
>
> "Immediate clearing" is much more elegant, and is, I think, truer to the
> spirit of "annonymous digital cash" than most of these other schemes are.
> (Grep the FAQ for "online" or "online clearing" or "clearing" and you
> should find some stuff. Also, several articles--including one recently by
> me, about a month ago--go into the differences between the types of
> clearing.)
I also suggest taking a look at Stefan Brands' solution, which, while
requiring hardware, has some favorable properties. Among these are:
- prior restraint of double spending through hardware-based
"secret-key certificates"
- in the case of hardware tampering, double spenders are traceable
as in Chaum's system; however, the protocol used to achieve this is
much more efficient than Chaum's "cut-and-choose"
- no possibility of a subliminal channel between the
tamper-resistant device and the payee or bank
--
Mark Chen
[email protected]
415/329-6913
finger for PGP public key
D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D