Tim writes:
If Frank the Forger, to pick a standard sort of crypto example, takes a set of bits (possibly made with the elaborate system Mike Duvos described in an earlier posting) and copies that set of bits n times and then "spends" them n times, how can any of his recipients know that parallel transactions are happening, that the "same" money is being spent n times and that it is very likely that n - 1 of the recipients will be screwed?
I didn't mean to oversell the degree to which the scheme deters multiple spending. It doesn't prevent multiple spending. It merely breaks the anonymity of the perpetrator if two or more people he has transacted the same note with break their own anonymity and voluntarily cooperate with the bank. There is nothing to prevent you from making N copies of your floppy, spending each one, and hopping the next plane to Argentina. Sad but true. In the real world, there would have to be some sort of limit on the number of times such a spoofed transaction could propagate before being cleared with the central bank, much like restrictions on multiple-party checks today. Merchant cooperation would also be necessary. Probably easy to get with the corner store than with the local cocaine dealer.
The other main approach is to build in to the blinding protocols which protect anonymity ways to detect the identity of those who spend a unit of digital money more than the specified number of times. "Double spenders" is the common term. This can avoid online clearing, but at the expense of additional protocol complexity and some peculiar wrinkles which can develop.
This is really all I had in mind. Again, double spending is discouraged but not prevented. If you are leaving town and never returning, you can go on a shopping spree. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd@netcom.com $ via Finger. $