Re: ecash, cut & choose and private credentials (Re: Jim Bell)
Ben wrote:
different process. I don't think you can do efficient offline ecash with Wagner et al's mechanism -- I'd guess it's more comparable with the functionality offered by Chaum's blind signature.
I'm not sure what you think the requirements for "efficient offline ecash" are, but I should note that the double-blinded version of lucre doesn't require the ZKP, and there's also a non-interactive variant of the ZKP for the single-blinded variant. They are both described in the current version of the paper (at least, I'm sure the first as, and somewhat sure the second is).
Offline means offline with fraud-tracing in event of double spending, so the efficiency refers to the computation and communication cost of the withdraw and deposit protocols which do the normal ecash thing, plus encode identity in the coin in the withdraw protocol in a way which will be revealed in a double spent show protocol. The protocols you list are online. Not that this is a bad thing -- I kind of prefer the online idea -- rather than the "and then you go to jail" implications of fraud tracing in the offline protocols. Plus you have a risk of accidentally double spending if your computer crashes or something. Adam
On Mon, 4 Dec 2000, Adam Back wrote:
The protocols you list are online. Not that this is a bad thing -- I kind of prefer the online idea -- rather than the "and then you go to jail" implications of fraud tracing in the offline protocols. Plus you have a risk of accidentally double spending if your computer crashes or something.
I think that would depend on the banker. "Bob spent this hundred dollars three times," muses Alice. "Check and see if he's got overdraft protection for the extra two hundred... if he doesn't, then put it on his credit card with a fifteen dollar loan orignation fee and charge him two percent a month...." Jail time, in most cases, probably just isn't profitable for the bankers. After all, how are you going to soak the guy for fees and interest if he's behind bars? Bear
At 11:24 PM -0800 on 12/3/00, Ray Dillinger wrote:
"Check and see if he's got overdraft protection for the extra two hundred... if he doesn't, then put it on his credit card with a fifteen dollar loan orignation fee and charge him two percent a month...."
Doesn't work like that. It's more like "Eediot. That's what you get for doing an offline transaction. No soup for you!" :-). Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
At 11:24 PM 12/3/00 -0800, Ray Dillinger wrote:
On Mon, 4 Dec 2000, Adam Back wrote:
The protocols you list are online. Not that this is a bad thing -- I kind of prefer the online idea -- rather than the "and then you go to jail" implications of fraud tracing in the offline protocols. Plus you have a risk of accidentally double spending if your computer crashes or something.
I think that would depend on the banker. "Bob spent this hundred dollars three times," muses Alice. "Check and see if he's got overdraft protection for the extra two hundred... if he doesn't, then put it on his credit card with a fifteen dollar loan orignation fee and charge him two percent a month...." Jail time, in most cases, probably just isn't profitable for the bankers. After all,
The issue isn't whether jail or just extra charges are the appropriate remedy for double-spending - it's that the offline methods generally rely on encoding a user's name in the coins so you can tell who did the double spending, which not only adds a lot of administrative overhead but requires that you have a system of identification of your users. Some online methods also do the "identify and punish" approach; others do the far simpler "first one to grab the money wins" approach to double-spending, which is better for anonymity, though it imposes different risks on the users. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (4)
-
Adam Back -
Bill Stewart -
R. A. Hettinga -
Ray Dillinger