Matthew J Ghio writes:
How about this:
Issue numbered stamps sequentially. Encrypt them and add a cryptographic checksum to each stamp. You then create a database such that one bit of data corresponds to one stamp. With a mere 64K database, you could issue and keep track of 524288 postage stamps. That ought to last you a few years. (At 100 letters a day, it would last over 14 years. Most cypherpunk remailers get considerably less than 100 emails a day.)
If the remailer constructs the stamp, rather than just signs it blindly, it could keep a log of which stamps were issued to which users. The remailer could then use this information to figure out the original sender of a stamped message regardless of how many other remailers the message passed through. To thwart this, users would have to purchase stamps anonymously. However, this begs the question: How does the user anonymously purchase stamps for the first remailer? I suppose you could use "free" remailers to send anonymous purchase requests to stamp-issuing remailers. The system I described does not require you to purchase stamps anonymously. You can purchase stamps directly from each remailer without giving the remailer the opportunity to record which stamp went to which user. To understand why this is true you need to understand how blind signatures work. The book "Applied Cryptography (Bruce Schneier)" gives a good description of the properties of blind signatures. That is how I learned about them. The remailer could still record the fact that you purchased stamps, thus alerting the bad guys that you plan to use the remailer system. However, I don't think it is possible to prevent the bad guys from learning that you use remailers. I assume the bad guys will be logging all traffic to the remailers and would learn about your use of remailers, stamps or no stamps. Jim_Miller@suite.com