Well, Sameer is offering a "Hack DigiCash" promotion, in the same spirit as the hack Netscape and Microsoft offer. However, Chaum is a fairly experienced cryptographer, and I doubt that there are any major security flaws in the system. The trial version used RSAREF, so that code at least was open for your inspection. There is still the possibility of bugs creeping in when porting to different platforms tho... I think the most interesting hack to pursue is to eliminate the payee-nonanonymity problem. The current software uses the following protocol: The <--(blinding)--- Client Bank --(unblinding)-> Client --> Merchant(non-anonymous) --> deposit in bank The client is anonymous to the bank because of the blinding. What we want is for the client to be able to pay someone money, and have the recipient be able to spend the money anonymously. That is, there must be blinding between the payer and the payee: The <--(blinding)--- payer <--(blinding)--- payee Bank --(unblinding)-> payer --(unblinding)-> payee --> payee spends money The payee generates some digital coins, blinds them, and sends them to the payer. The payer then makes a withdrawl from his bank account, blinds the coins again (or not, it really doesn't matter) and sends them to the bank. The bank signs them, and returns them to the payer. The payer removes his blinding (if any) and sends them to the payee. The payee unblinds the coins and spends them at his leisure. Privacy for all involved.