At 1:55 PM -0400 8/3/02, AARG!Anonymous wrote:
Here's one more example, which I think is quite amazing: untraceable digital cash with full anonymity, without blinding or even any cryptography at all! (Excepting of course the standard TCPA pieces like SSL and secure storage and attestation.)
The idea is, again, trivial. Making a withdrawal, the client sends the user's password and account ID to the bank (this information is kept in secure storage). The bank approves, and the client increments the local "wallet" by that amount (also kept in secure storage). To make a payment, use the anonymous network for transport, and just send a message telling how much is being paid! The recipient increments his wallet by that amount and the sender decrements his. Deposit works analogously to withdrawal.
Note that if the user can modify the wallet, a "fat, dumb, and happy" implementation may be vulnerable to the following attacks. Attack 1: (1) Withdraw $0.01 from the bank. (2) Change a random bit in the encrypted wallet. (Picking the bit to change will be easier if the storage format in known.) (3) Fire up the application as see how much money you have. Attack 2: (1) Withdraw many $$$ from the bank. (2) Copy the wallet. (3) Deposit the $$$ back in the bank. (4) Restore the wallet using the copy. While there are certainly ways to notice modifications to the wallet, and prevent the replay attack, they result in considerable additional complexity for what was a very simple implementation Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/CBDTPA is to | 16345 Englewood Ave. frantz@pwpconsult.com | prevent fair use. | Los Gatos, CA 95032, USA