[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How can e-cash, even on-line cleared, protect payee identity?


Well I've decided that the best way to learn is to stick my neck out
and say something probably stupid in public.  So here I go again:

In an on-line clearing e-cash scheme, Chaum's "double-spender
identifier" fields are unnecessary, but a "serial number" type field
to uniquely identify the e-coin is still necessary.  Using blinding,
this serial number may be unknown to the bank, but it will be known
to the payer.  If the payer and the bank are collaborating to
identify the payee, then they can simply use this serial number to
identify the recipient of the coin.

Is there a scheme which will prevent this collusive payee 
identification, and if so where can I read about it?  (On-line is 
preferable of course, but I don't expect to be that fortunate.)

Now even if it were the case that the payee is always identifiable
by a collusion of the bank and the payer (such as is the case in
DigiCash Ecash), all this means is that you shouldn't accept a coin
using one nym, and deposit it in the bank using another.  You need
one bank account per nym, as well as one bank account per
anonymous transaction, and then you have complete control over
revelation of your identit(y/ies).

I can imagine a future in which this requirement is not difficult to
meet.  Perhaps it will be the case that you can accept a coin, open
up a new ("anonymous") account with the bank, deposit the coin, 
withdraw a new coin of the same amount, close the account, and now 
have an untraceable coin all in a fraction of a second.


signatures follow
            "To strive, to seek, to find and not to yield."   
    <a href="http://ugrad-www.cs.colorado.edu/~wilcoxb/Niche.html">

                          [email protected]                   </a>

Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01