This is a run through of Hal Finney's summary of the bank protocol. Here is what I envision the digital bank working like, with rough sketches of file formats, conspicuously similar to the remailer's :-): 1) Alice chooses x, r Alice computes B = r^3 * f(x) mod n Alice sends the following message to the bank via an anonymous remailer :: withdraw <account name> <B = r^3 * f(x) mod n> Reply-To: <an anonymous remailer> <remailing request to Alice encrypted with appropriate remailer public key> In the final version, this message will be encrypted as well 2) Bank computes D = B^(1/3) checks <account name> for balance, withdraws if ok Bank sends to appropriate remailer :: Encrypted: PGP <remailing request included in Alice's mail> <D> 3) Alice computes C = f(x)^(1/3) by dividing D by r. Alice gives Bob (x, C) - via anonymous mail, presumably :-) 4) Bob wants to verify (x, C) Bob mails to Bank via anonymous remailer :: verify <x> <C> Reply-To: <an anonymous remailer> <remailing request to Bob encrypted with appropriate remailer public key> In the final version, this message will be encrypted as well 5) Bank checks x to see if its been used Bank sends back to remailer :: Encrypted: PGP <remailing request included in Bob's mail> <usage status: used or unused> 6) Bob accepts the "cash" Bob sends to bank via anonymous remailer :: deposit <account name> <x> <C> Reply-To: <an anonymous remailer> <remailing request for Bob encrypted with appropriate remailer public key> 7) Bank checks x, C, account name; if everything OK, deposit Bank replies via anonymous remailer :: Encrypted: PGP <remailing request included in Bob's mail> <message indicating deposit accepted or rejected> Alice and Bob may send message to and receive messages from the bank via anonymous remailers. Or more than one... During the testing/development phase, account names and balances can be made public (available via finger command or something like that) for verification. Account names can be hashes of some user chosen string (Email address plus random text, etc.) Customers must be able to choose: two random numbers x, r compute: f(x) r^3 * f(x) mod n f(x)^(1/3) or C^3 solve: D = C r mod n for C Bank must be able to solve: D^3 mod n for D So, PGP has routines which can generate random number, calculate hashes, and be modified slightly to perform the necessary math. The Bank will be supported by a host of scripts and the math performing PGP routines. Sometime later I will post a run through of the digital bank protocol (all numbers and done with Mathematica) as an example for those who are interested in an example of the protocol. Any input or comments or help will be welcome. Or, if someone else is further along than me, I volunteer! Unfortunately, since the end of the semester draws near, I will be unable to work on this very much for the next few weeks. Besides, I've got to go pick up the O'Reilly and Associates Perl book to move this project along... --- /-----------------------------------\ | Karl L. Barrus | | barrus@tree.egr.uh.edu (NeXTMail) | | elee9sf@menudo.uh.edu | \-----------------------------------/