Eric Hughes writes
Jim Miller writes
If I failed to reply with a signed receipt, the bank could invalidate the
digital coin.
Unfortunately for this idea, when the bank uses a blind signature to issue coins, it doesn't know what coin it just issued actually looks like. The bank signs a blinded form of the coin. The blinded form is unblinded by the withdrawer, and the bank cannot know what it looks like.
I just got "Applied Cryptography" so now I know what you mean by "blinded form of the coin". I was thinking that the bank actually constructed the coin, but in fact the bank merely signs one of my blinded money orders. This signed blinded money order becomes the "coin" (at least in this scheme). That being the case, I still not sure how I am protected from a bank that cheats by bring the protocol up to the point where I unblind 99 of the money orders and the bank deducts the amount from my account but never sends me the money. I have some more reading to do, it seems. Perhaps I can simply trust the bank not to do this because it wants my future business. Still, if it were possible, I'd prefer not to have to trust the bank. After all, the bank doesn't have to trust me. Jim_Miller@suite.com