norm at netcom.com
Fri Dec 4 15:51:08 PST 1992
As I understand Chaum's Digi-Cash scheme the bank customer is
protected both against bank fraud and merchant fraud but not
against collusion between the two. The customer need not be
unknown to the bank in order that her purchases with bank notes be
unknown to the bank. This is where blind bank signatures come in.
Neither need the merchant be unknown to the bank. Remailers are
unnecessary to hide connection between the merchant and his
customers. The bank knows both but has no way to associate them.
This being the case, the bank customer is protected against a
false denial of deposit. When one deposits Digi-Cash in a bank he
presumably waits for an indication from the bank that the cash was
still valid (not previously deposited). The customer retains this
indication as a receipt which is signed by a private bank key. A
bank's positive reputation is useful but not necessary at this
Another concern is the false denial of payment by the merchant. If
the merchant's customer is willing to reveal to a judge that she
paid the merchant, and she retained the note with which she paid,
and the bank retains a record of the merchant's deposits then she
can argue that it was she that caused the bank to mint the note
since only the person for whom the note was minted and the
merchant who had cashed it (and the bank) should know its bits.
This would require that the bank respond to the judicial query
"has bank customer M deposited note x?".
More information about the cypherpunks-legacy