Apologies for replying to a reposted article; I wasn't subscribed when the (very interesting!) open books protocol was originall proposed. In article <adc6b62a1a02100403da@[205.199.118.202]>, Timothy C. May <tcmay@got.net> wrote:
Date: Mon, 16 Aug 93 13:57:51 -0700 From: Eric Hughes <hughes@soda.berkeley.edu> Subject: PROTOCOL: Encrypted Open Books
One criticism I do wish to address now. I don't think it matters if the bank manufactures fake transactions. The customer can reveal the sum of all the blinding factors for transactions on that account, in public, and can thus prove what should have been there. Since the blinding factors were committed to in public, there is a strong assurance that these blinding factors are what they are claimed to be. This in itself can be made into an actual proof of liability. Note that even this revelantion does not compromise individual transactions. It only reveals the aggregate value change, which is exactly what is at issue with the bank.
Yes, if the bank manufactures a fake transaction to a customer's account, I see that the customer can discover the discrepancy & step forward to identify the bank. But what if the bank manufactures a fake account, without a real customer, and fakes a transfer into that account, pocketing the money that should have gone into that account? There is no real customer corresponding to that account to check up on the open books, so it seems to me like a bank employee can embezzle money undetectably this way. Did I miss an important part of the protocol, or does some extra mechanism need to be added to counter this threat?