[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No, it's PayWord, no, it's MicroMint, no, it's...



In article <[email protected]>,
Hal Finney  <[email protected]> wrote:
> It appears that MicroMint is jointly by Rivest and Shamir.  It is described
> at:
> 
> http://theory.lcs.mit.edu/~rivest/RivestShamir-mpay.ps
> 
> This also describes PayWord.  Both schemes are designed for lightweight
> payments.  PayWord uses a chained hash concept similar to s/key and to
> Micali's lightweight signature revalidations.  MicroMint is as I described,
> literally a "minting" of coins, with similar economies of scale to real
> mints.
> 
> Neither one appears suitable for anonymous payments.

Wow, a perfect straight line.  I couldn't ask for better.

Actually, I posted to sci.crypt.research a while ago about how to adapt
Rivest and Shamir's PayWord scheme to do anonymous micropayments; see
	http://www.cs.berkeley.edu/~daw/my-posts/anon-micropayments

In short, instead of asking the bank for a hash stick and a signature on
the top of the stick, you get a blind signature on a top of a stick you've
generated yourself.  Then you patch up some issues (like double-spending)
that the anonymity raises.

Sadly, it's got a problem that'd probably be a killer for practical
deployment -- it's got the same patent problems that ecash has.  Sigh.