[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How can e-cash, even on-line cleared, protect payee identity?


Hello Hal <[email protected]>
  and [email protected]

H wrote:
> "Simon Spero" <[email protected]>  wrote:

[about fully-anon ecash]
> There could be an issue of fraud, though,
> where Bob insists that Alice's coin was no good even though it actually
> was.

Cut'n'choose between Alice and Bob? Ie Alice asks Bob for half the blinds
to check that the proto-coins are true?

Apart from no-good proto-coins, is there any other way the coin
could be no good?

As for no-good proto-coins, it's Bob's fault, isn't it? Alice has 
a record of what Bob sent, and what she sent back. Anybody can check
that the latter is a bank-signed version of the former. Given this,
there's no need (from this) for Alice to know that the proto-coins are
good (if they aren't, Bob's an idiot, but there's not much Alice
can do about it - I guess given all the blinding factors the bank
could replace the coin, seeing that it signed a worthless one).

So Bob can't really fraud - unless I've missed something.

An interesting question is whether Bob and Nick can now collude to
expose Alice. Therefore Alice would at least want to verify that the
proto-coins are true? Would that suffice? Or is that not necessary?

> Still, I think this scheme has considerable merit and is worth exploring


- --
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

Version: 2.6.2i