-----BEGIN PGP SIGNED MESSAGE----- Hello Marcel van der Peijl,
From: "Marcel van der Peijl" <bigmac@digicash.com> Date: Tue, 24 Oct 1995 14:10:58 +0100
Sorry about taking so long to reply... I'll quote more than usual to make up for it.
I could give a hint: your random state initializer is not the too-often used srand( time( NULL ) ) but user-chosen during installation.
This sounds great... Will the bank be running crack against the proto-coins it gets? (Say, at the behest of a LEA?)
It is not the bank's intention to screw the clients, but mostly the other way around.
I was referring to the claim that the system is payer-anonymous. Thinking of it again now, what's to stop Eve the eavesdropper from spying on the proto-coins, running crack against it, and then (later) eavesdropping on the bank-signed coins and unblinding/depositing them before Alice/Bob does? (No, being encrypted by the bank's public key is not enough.)
If the bank wants to screw the clients the easiest way is to change their account balance. Remember, you trust them with your money. That's why they're a bank.
Yes, but is the bank really interested in protecting privacy?
Is there any way for the user to re-initialize the random state?
Write that initializer down and you can re-generate all coins. ... That's going to be one hell of a valuable piece of paper. (Certainly to your enemies/prosecutors - it reveals the blinding factors for every coin you ever spent.)
You may choose to burn it or change random state and have no recoverability. What do you value more? Your privacy or your money? Each user will have too choose.
a) It would be nice if the protocol didn't require this choice. b) This choice should be made explicit to the user. c) As I noted above, wouldn't it also strongly reduce security? See you! Jiri - -- <jirib@cs.monash.edu.au> <jiri@melb.dialix.oz.au> PGP 463A14D5 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMJnEeCxV6mvvBgf5AQF2BwP/XdMn6ktMGjToDltqo014kT1i3Z/GGXPr HPW1gBN3RT3Ba9F2Ac+24IVVFqauo1sT+Ecc872UrlQzoF8S524oZfhjh3IW5xRF mpZX48tnQn5nJE/U4XgvcuQ6yw5JOhc2eEVPs2PnKT+RdUogNb9UDAXOKn6+EILc nqosNXK+aMU= =geHb -----END PGP SIGNATURE-----