ecash & remailers
It occurs to me that there is a problem with remailers using Chaum's ecash as offered by MT bank and others. The attacker could coerce the sender of an anonymous message into revealing his blinding value, and use this to obtain the identity of each remailer hop by colluding with the bank. (The bank keeps a database of the blinded coins minted against who they were given to; unblinding reveals the coin which can then be compared against those deposited by remailers, tallying sender with remailer, all the way to the exit remailer.) To stop this, the sender should discard the blinding values, thereby removing his ability to be later coerced, or to later trace the recipient of his cash. Is there a way to purge blinding values from the ecash directory? Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
-----BEGIN PGP SIGNED MESSAGE----- At 06:03 PM 5/22/97 +0100, Adam Back wrote:
To stop this, the sender should discard the blinding values, thereby removing his ability to be later coerced, or to later trace the recipient of his cash.
Is there a way to purge blinding values from the ecash directory?
Coins are removed from the cash db when they are paid out. They are then stored in the payments db along with the payment headers, etc. The blinding factors are not stored once the coins have been paid. Regardless, removing the payments db will not cause any ill effect (that I have noticed, except for the obvious loss of payment records), so you can do that anyway if you like. (Note, this is based on a hex dump of the payments db, so it's possible I'm wrong. Anyone from Digicash who knows otherwise, please correct me.) Jeremey. -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQCVAwUBM4UopS/fy+vkqMxNAQFuawQAqtFVoaWjAZ3RK7HktI21T9UP5IEkB+Rt m/KkCM6xwh8VA9NUPM53et1MoPLd0qeeVqzCX7KQuY6hpo7fLku1EnkXXB6VQBeq wGYhZ3cdalRAFNtFIKj0cKqF+hlhT5uQ1UtxwHKKMtAdtHygLR94yt98Co64trBh CTGygT7lQus= =RB8s -----END PGP SIGNATURE----- -- Jeremey Barrett VeriWeb Internet Corp. Crypto, Ecash, Commerce Systems http://www.veriweb.com/ PGP key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64
participants (2)
-
Adam Back -
Jeremey Barrett