From: hughes@ah.com (Eric Hughes)
Chaum's arguments appear to apply to virtually any electronic cash system which can prevent double-spending. They suggest that traceable cash will be the rule in any digicash system.
That's true for transferable and off-line cash systems. The same argument doesn't hold for on-line systems. There you can have an exchange protocol to deposit a piece of digicash and immediately rewithdraw it, blinding it again in the process. There need be no account with the bank for this to happen.
This is a good point, although I think on-line systems are unlikely to be used for payments to private individuals such as in the scenarios I mentioned, because of the cost of accessing a centralized database for every transaction. In any case, this suggests that it might be unwise to carry cash issued by such a bank, because of your vulnerability to robbery. Chaum even considered (in another paper) the threat of being coerced into withdrawing cash from a bank in such a way that you don't see the blinded cash. He had an approach where you would get all of your "blinding certificates" when you opened your account, and these would be the only things you could use to blind cash. So any stolen cash could always be recognized. I suppose one risk is that the robber exchanges the cash so quickly that the robbee has no chance to warn the bank; and once exchanged the cash is certainly anonymous. Perhaps banks would instigate some minimum time for handling an exchange in order to protect their cash holders from this threat. Hal