Re: Voice/Fax Checks
solman@MIT.EDU writes:
On a more important note, I believe that in one of the papers on my to-read list for this weeked, Chaum demonstrates that e-cash can not be transferable unless it grows bigger. Otherwise you have to give it back to the bank and get a new one each time it is used. Given this, I think that it is highly desireable for us to accept the increasing size of the e-cash and maintain its transferability.
I had the impression from that paper that with transferred ecash, a person earlier on the trail could always recognize the cash even at a later point. This followed, Chaum claimed, from the need to detect double-spending. I'd be interested to hear whether you get this from that paper as well. In the real world, I'd guess that most cash is not transferred very much before it goes back to the bank. I get money from the ATM and spend it at the grocery store, which takes it to the bank every day. The smaller bills may circulate a few times because they go back out as change, but even there I'd guess there are not many transfers. So there are two possible lessons from this: one is that perhaps transferrable cash is not very necessary; or the other is that it's not a significant problem if cash grows somewhat each time it is transferred because it probably won't get very big. Hal
solman@MIT.EDU writes:
On a more important note, I believe that in one of the papers on my to-read list for this weeked, Chaum demonstrates that e-cash can not be transferable unless it grows bigger. Otherwise you have to give it back to the bank and get a new one each time it is used. Given this, I think that it is highly desireable for us to accept the increasing size of the e-cash and maintain its transferability.
I had the impression from that paper that with transferred ecash, a person earlier on the trail could always recognize the cash even at a later point. This followed, Chaum claimed, from the need to detect double-spending. I'd be interested to hear whether you get this from that paper as well.
Well I've skimmed the paper because this is non-intuitive to me, and I'm impressed by the level of security that Chaum requires from his protocols. He treats the absolutely impossible and the computationally infeasible seperately. Determining whether the coin is one of yours falls into the second category. In order to determine whether you have used a coin previously (in a maximally secure scheme) you need the bank's secret key. So you just wind up your 4096 bit number factoring machine, dump in the modulus, and presto, out come your factors from which you compute the secret key. Now I don't know about you, but if I had the bank's key, figuring out if I've seen a digital coin before is NOT the first thing I would do. JWS
participants (2)
-
Hal -
solman@MIT.EDU