To provide payee anonymity: Enterprising cypherpunk, Ed sets up the Ecash Remailer. Alice pays Bob e$15. Alice is anonymous. Bob sends Ed the e$15 Ed cashes the e$ into his ecash mint account, withdraws e$13.50 then pays Bob those e$14 .. Bob can now spend those e$ at will. Bob is now anonymous. This requires some trust-in-Ed, but Bob could be anonymous from Ed just as Ed is anonymous. Perhaps this is the scheme lucky mentioned. I will have to get an account and implement it. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
sameer <sameer@c2.org> writes:
To provide payee anonymity:
Enterprising cypherpunk, Ed sets up the Ecash Remailer.
Alice pays Bob e$15. Alice is anonymous. Bob sends Ed the e$15 Ed cashes the e$ into his ecash mint account, withdraws e$13.50 then pays Bob those e$14 .. Bob can now spend those e$ at will.
Bob is now anonymous.
This requires some trust-in-Ed, but Bob could be anonymous from Ed just as Ed is anonymous.
Perhaps this is the scheme lucky mentioned. I will have to get an account and implement it.
I think this is basically the scheme Lucky mentioned. A more elaborate version would have Bob sending Ed blinded proto-coins to be used in the withdrawal. However this would require hacking the ecash protocols to work differently than intended, which would probably infringe the patents. What about this, though: Alice did not mean to pay Bob, but rather Charlie, and Bob stole the coins. He launders them through Ed's service. Charlie never got the cash, and Alice complains to the bank that the coins were stolen. The bank says, fine, we can identify the perpetrator, let's see... it's Ed. Ed is now charged with theft and has an expensive and uncertain legal experience ahead of him. Are you sure you want to put yourself in this position? You might win, but it could still be expensive (ask PRZ). And if your service is seen as a fencing operation to receive stolen goods with the legitimate uses just a "cover", you could lose. Also, I believe in normal use Digicash coins are marked as being for a specific recipient. This is not certain since no details have been released. And apparently it can be worked-around by the spender by marking the recipient as just "@" (or some such string). If this feature is present in the Mark Twain cash then the payee-anonymity service may not be very effective. Hal
Hal writes: [suggesting a problem with Ed the Currency Cleaner]
What about this, though: Alice did not mean to pay Bob, but rather Charlie, and Bob stole the coins. He launders them through Ed's service. Charlie never got the cash, and Alice complains to the bank that the coins were stolen. The bank says, fine, we can identify the perpetrator, let's see... it's Ed. Ed is now charged with theft and has an expensive and uncertain legal experience ahead of him.
Jumping in hastily: It seems to me that Ed faces a larger problem if the above scenario turns out to be a viable attack. Consider the following sequence: Alice and Charlie decide to get some (payee-anonymous) currency laundromat in hot water. Alice (payer-anonymously) washes some coins at the laundromat. Con-man Charlie claims he didn't get paid for some fictional transaction with Alice. Alice complains to the bank, and the rest proceeds as before. The Alice-frames-Ed situation is functionally equivalent to the Bob-robs-Charlie situation from the bank's perspective. -Futplex <futplex@pseudonym.com>
perpetrator, let's see... it's Ed. Ed is now charged with theft and has an expensive and uncertain legal experience ahead of him.
Alice-frames-Ed situation is functionally equivalent to the Bob-robs-Charlie situation from the bank's perspective.
I suppose the word "receipt" might be handy to introduce into the entire scheme. A dispute over who payed & who stole is solved with paperwork of some sort. Although a digital signature is not necessarily valid (I don't even know what the Utah Digital Signature Law does) but the bank, as rule-setter is allowed to say that a digital receipt DOES bind the parties in some way. Don
Now I am fully confused. I thought a property of Chaumian DigiCash was that a coin *had* to go back to the bank before it could be spent again. Yet all "coin exchange" schemes discussed here recently involve Alice paying Bob who then sends the coin to Carol's Exchange who then sends it to the bank while sending some other value, maybe a Carol coin, to Bob. Logically, I can see at least four possibilities: 1) payee data is encoded onto the coin at time of payment, making it impossible for Carol to bank the coin. I see no evidence of this in the docs at the Digicash site, but I just rechecked quickly and may have missed it. 2) No payee data as such is encoded on the coin but it is marked "spent" to prevent multiple uses by payee to the detriment of payor. ditto on the evidence. 3) the Digicash software only allows you to send a "spent" coin to the bank. You have to hack the software to send the coin to Carol (do you have to break your own key?). 4) nothing in the DigiCash software or protocol prevents you from sending a coin to Carol so long as you trust Carol not to get you in trouble by misusing the coin in some way. That's why Chaum is interested in hardware based agents that would keep you from respending coins you receive. No doubt there are others. Anyone know what the reality is? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
Ahh yes, but but Ed would not spend those coins, he would use them to launder others peoples coins such that any person laundering coins thrugh Ed may randombly get a coin, even Alice and Charlie! Whats the bank to do when they see the coins bein spent by a few hundred diferent people. Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Tue, 31 Oct 1995, Futplex wrote:
Jumping in hastily:
It seems to me that Ed faces a larger problem if the above scenario turns out to be a viable attack. Consider the following sequence: Alice and Charlie decide to get some (payee-anonymous) currency laundromat in hot water. Alice (payer-anonymously) washes some coins at the laundromat. Con-man Charlie claims he didn't get paid for some fictional transaction with Alice. Alice complains to the bank, and the rest proceeds as before. The Alice-frames-Ed situation is functionally equivalent to the Bob-robs-Charlie situation from the bank's perspective.
-Futplex <futplex@pseudonym.com>
participants (6)
-
Aleph One -
Don M. Kitchen -
futplexï¼ pseudonym.com -
Hal -
Michael Froomkin -
sameer