On 10/22/05, Ian G <iang@systemics.com> wrote:
R. Hirschfeld wrote:
This is not strictly correct. The payer can reveal the blinding factor, making the payment traceable. I believe Chaum deliberately chose for one-way untraceability (untraceable by the payee but not by the payer) in order to address concerns such as blackmailing, extortion, etc. The protocol can be modified to make it fully untraceable, but that's not how it is designed.
Huh - first I've heard of that, would be encouraging if that worked. How does it handle an intermediary fall guy? Say Bad Guy Bob extorts Alice, and organises the payoff to Freddy Fall Guy. This would mean that Alice can strip her blinding factors and reveal that she paid to Freddy, but as Freddy is not to be found, he can't be encouraged to reveal his blinding factors so as to reveal that Bob bolted with the dosh.
Right, that is one of the kinds of modifications that Ray referred to. If the mint allows (de-facto) anonymous exchanges then a blackmailer can simply do an exchange of his ecash before spending it and he will be home free. Another mod is for the blackmailer to supply the proto-coin to be signed, in blinded form. One property of Daniel Nagy's epoint system is that it creates chains where each token that gets created is linked to the one it came from. This could be sold as an anti-abuse feature, that blackmailers and extortionists would have a harder time avoiding being caught. In general it is an anti-laundering feature since you can't wash your money clean, it always links back to when it was dirty. U.S. law generally requires that stolen goods be returned to the original owner without compensation to the current holder, even if they had been purchased legitimately (from the thief or his agent) by an innocent third party. Likewise a payment system with traceable money might find itself subject to legal orders to reverse subsequent transactions, confiscate value held by third parties and return the ill-gotten gains to the victim of theft or fraud. Depending on the full operational details of the system, Daniel Nagy's epoints might be vulnerable to such legal actions. Note that e-gold, which originally sold non-reversibility as a key benefit of the system, found that this feature attracted Ponzi schemes and fraudsters of all stripes, and eventually it was forced to reverse transactions and freeze accounts. It's not clear that any payment system which keeps information around to allow for potential reversibility can avoid eventually succumbing to pressure to reverse transactions. Only a Chaumian type system, whose technology makes reversibility fundamentally impossible, is guaranteed to allow for final clearing. And even then, it might just be that the operators themselves will be targeted for liability since they have engineered a system that makes it impossible to go after the fruits of criminal actions. CP