At 08:53 AM 10/20/95 -0700, tomw@cthulhu.engr.sgi.com wrote:

...

I don't understand how this could happen? The two coins are identical (as I understood it from the tech backgound of ecash). what has a double- spended coin what a copied single-spended coin not has?

The process of spending a coin is not simply that of transfering data. There is a complicated protocol in which Alice decrypts some of the identity information in the coin.

There are several approaches - in the immediate-clearing model, you can tell if someone's spent coin 111111111111 because the bank keeps a record of which coins have been spent and refuses to pay anybody who tries to spend the same coin later; this almost forces you to use on-line clearing solutions. Chaum's blinding protocols make it possible for the bank to sign a coin without being able to trace it to the person withdrawing the coin, so she can spend it anonymously. Another model uses the protocols Tom described which place a random chunk of the spender's identity into the coin - one chunk gives away no information, but two chunks have an extremely high probability of doing so - so you can go prosecute the guilty double-spender later (or just debit her account twice...) Then there are the non-anonymous models. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---