[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How can e-cash, even on-line cleared, protect payee identity?



-----BEGIN PGP SIGNED MESSAGE-----

Hello Hal <[email protected]>
  and [email protected]

H wrote:
> "Simon Spero" <[email protected]>  wrote:

[about fully-anon ecash]
 
...
> There could be an issue of fraud, though,
> where Bob insists that Alice's coin was no good even though it actually
> was.
...

Cut'n'choose between Alice and Bob? Ie Alice asks Bob for half the blinds
to check that the proto-coins are true?

Apart from no-good proto-coins, is there any other way the coin
could be no good?

As for no-good proto-coins, it's Bob's fault, isn't it? Alice has 
a record of what Bob sent, and what she sent back. Anybody can check
that the latter is a bank-signed version of the former. Given this,
there's no need (from this) for Alice to know that the proto-coins are
good (if they aren't, Bob's an idiot, but there's not much Alice
can do about it - I guess given all the blinding factors the bank
could replace the coin, seeing that it signed a worthless one).

So Bob can't really fraud - unless I've missed something.


An interesting question is whether Bob and Nick can now collude to
expose Alice. Therefore Alice would at least want to verify that the
proto-coins are true? Would that suffice? Or is that not necessary?

> Still, I think this scheme has considerable merit and is worth exploring
...

Certainly.


Jiri
- --
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMIyabyxV6mvvBgf5AQESsAP6AqZD+/nJVZxiV5UuPUTPvWNo/vOADAWz
cz65Iw4u9SyqpQfO/sRxZneVCdsDDHi9K+iRFtI+cc5NFCKUVUC2Cop6ExzuCClL
VgR5ILG+ECsw8V+FYHepkch96acgPtVVc3trYExWlr3lY5mYl4ccS9G3Mhn/PyPO
Dq5eP2GEBEA=
=8dxL
-----END PGP SIGNATURE-----