On Mon, 20 May 1996 jamesd@echeque.com wrote:

Look up cypernomicon, "open encrypted books"

There is indeed a short section in the Cyphernomicon about encrypted open books. Unfortunately it doesn't describe it in detail, and since the hks.net archive is down, I can't look up Eric Hughes' original e-mail on the topic. If anyone has a copy of it in his personal archive, please repost it. I'm sure other people would be interested as well. Here is the section from Cyphernomicon: 12.16.1. Encrypted open books, or anonymous auditing - Eric Hughes has worked on a scheme using a kind of blinding to do "encrypted open books," whereby observers can verify that a bank is balancing its books without more detailed looks at individual accounts. (I have my doubts about spoofs, attacks, etc., but such are always to be considered in any new protocol.) - "Kent Hastings wondered how an offshore bank could provide assurances to depositors. I wondered the same thing a few months ago, and started working on what Perry calls the anonymous auditing problem. I have what I consider to be the core of a solution. ...The following is long.... [TCM Note: Too long to include here. I am including just enough to convince readers that some new sorts of banking ideas may come out of cryptography.] "If we use the contents of the encrypted books at the organizational boundary points to create suitable legal opbligations, we can mostly ignore what goes on inside of the mess of random numbers. That is, even if double books were being kept, the legal obligations created should suffice to ensure that everything can be unwound if needed. This doesn't prevent networks of corrupt businesses from going down all at once, but it does allow networks of honest businesses to operate with more assurance of honesty." [Eric Hughes, PROTOCOL: Encrypted Open Books, 1993-08-16] Wei Dai