[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Chaum's cash: backup?


Hello Marcel van der Peijl,
> From: "Marcel van der Peijl" <[email protected]>
> Date:          Tue, 24 Oct 1995 14:10:58 +0100

Sorry about taking so long to reply... I'll quote more than usual
to make up for it.

> > > I could give a hint: your random state initializer is not the too-often 
> > > used srand( time( NULL ) ) but user-chosen during installation.

> > This sounds great... Will the bank be running crack against the proto-coins
> > it gets? (Say, at the behest of a LEA?)

> It is not the bank's intention to screw the clients, but mostly the 
> other way around.

I was referring to the claim that the system is payer-anonymous.

Thinking of it again now, what's to stop Eve the eavesdropper from spying
on the proto-coins, running crack against it, and then (later) 
eavesdropping on the bank-signed coins and unblinding/depositing them 
before Alice/Bob does?

(No, being encrypted by the bank's public key is not enough.)

> If the bank wants to screw the clients the easiest 
> way is to change their account balance. Remember, you trust them with 
> your money. That's why they're a bank.

Yes, but is the bank really interested in protecting privacy?

> > Is there any way for the user to re-initialize the random state?
> > > Write that initializer down and you can re-generate all coins.
> > ...
> > That's going to be one hell of a valuable piece of paper.
> > (Certainly to your enemies/prosecutors - it reveals the blinding factors
> > for every coin you ever spent.)

> You may choose to burn it or change random state and have no 
> recoverability. What do you value more? Your privacy or your money? 
> Each user will have too choose.

a) It would be nice if the protocol didn't require this choice.

b) This choice should be made explicit to the user.

c) As I noted above, wouldn't it also strongly reduce security?

See you!

- --
<[email protected]>     <[email protected]>     PGP 463A14D5

Version: 2.6.2i