At 7:48 PM 10/19/95, Bryce wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Someone claiming to be the nym calling itself tcmay@got.net (Timothy C. May) wrote:
As Hal notes, there are a lot of issues and attacks to consider. I'm sorry that my brief section on Chaumian digital cash in the Cyphernomicon doesn't adequately cover the issues (and as the debates here show, confusion still reigns, and no doubt some of my points are misleading, wrong, or incomplete).
Boy, if I were you I would want to fix the inadequacy in C'nomicon in order to protect my positive rep...
To each their own. There's not enough time in my life to fix all the things that are wrong, even if I knew what they all were. My "positive rep," such as it is with certain people, does not depend on producing flawless documents. In fact, there are different kinds of people. Some favor "closely reasoned" arguments (A implies B implies C implies D....), some favor "imaginative leaps." Where I am depends on my mood. -
it tends to make identity-revealing attacks possible (such as the attack I alluded to, and that Hal more completely describes),
I hesitate to pipe up in such august company, but one of us is confused. The attack that we have been discussing is possible because Chaumian Ecash allows the payer to identify the payee. This would be true whether or not there were any protocols related to double-spending. (i.e., because the payer knows the actual ID number of the bill, she can choose to relate it to the bank and then the bank can identify who turns in that bill. Has nothing to do with double-spending. If the protocol provided for re-blinding before depositing the bill then this would not be possible, I think, and would still have nothing to do with double-spending.)
Oh, but it does. Suppose Alice pays out the same piece of digital cash to Bob, Charles, Ellen, Dave, etc. Each thinks they've been paid, each gets to the bank, each finds the bank will not honor the digital cash, as Alice has double spent. (Note: Any schemes for "re-blinding" must still allow "uniqueness"...and must still point back to Alice. Else the scheme/scam above will work. Online clearing, in which only the _first_ to present a digital cash claim gets paid, does not have this problem.)
Announcement: I'm about to fade out from c'punks list for a while, so be sure and Cc: me if you want me to see your post.
I will this time, but people generally should not expect out-of-band cc:ings. --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."