Let's think out loud here for a minute... I am sending this to Cypherpunks to see if someone out there has already thought of a solution to this. Alice wants to get a file from Bob and wants to pay him $1 using some Digital Cash scheme. - Do we want Alice's identity to remain Anonymous (and Bob's too)? (Note that this means that neither party knows who the other really is. They could be using aliases to conceal their real identity.) - Do we want both Alice's & Bob's Privacy maintained in the interactions. (Note the seperation of Privacy and Anonymity with the former referring to the fact that the transaction detail is only known between the parties involved. The transaction detail includes, knowledge of what was purchased, how many, and in the ideal case between which parties! Those parties could have used an alias and therefore have remained Anonymous independent of whether their Privacy was maintained. Privacy also means more than simple confidentiality because it may involve having a merchant, for example, not maintain a database of purchasing habbits, or if it does maintain such a database, keep it to itself.) - Do we want to prevent Alice from double spending (and Bob too)? - Do we want to protect either party from cheating each other? - Do we want a self-enforcing protocol? (e.g. No need for Bob to verify the e-coins with a Bank every time.) - Do we want minimum book-keeping by each party for practical implementations? - Have I missed more? Tax, Export, etc (beyond the scope of this email ;-) The question is can all of the above requirements be achieved? AND Are they all required/desired? I know cryptography does wonders, but I ponder upon 1) the need to satisfy all the above requirements, as well as 2) the feasability of such a solution. At first glance, it appears that Anonymity and Double spending prevention are contradictory. You want to punish a double spender and you need to know their identity to do that. Also, Privacy covers a broader scope than cryptographic protocols can address (e.g. the merchant database.) Finally, to prevent/punish cheating using a third party requires the loss of both Privacy and Anonymity as the third party/judge is presented with the transaction details and asked to arbitrate. Nevermind the other requirements for now... :-) Please include me in all responses. Thanks. Ali