Chaum on the good foot?

peter honeyman honey at citi.umich.edu
Tue Oct 5 21:25:07 PDT 1993


>   This could refer to observer based protocols. I don't see anything in the
> above paragraph to indicate that they have invented a digital coin. I don't
> see how offline non-observer based cash could possibly work. (e.g.
> I send a copy of my cash to someone in Europe and we "spend" them 
> simultaneously)

well, actually, it's very neat how this works.  here, i'll quote from
n. ferguson's paper  "single term off-line coins."

  The most difficult fraud to counter in electronic cash systems is
  the double-spending.  A user can always spend the same coin in two
  different shops.  This fraud cannot be detected at the time of
  spending as the payments are off-line.  The solution that all
  electronic cash systems use is to detect the double-spending after
  the fact.  At each payment the user is required to release some
  information in response to a challenge from the shop.  One such
  release of information provides no clue to the user's identity, but
  two such releases are sufficient to identify the user uniquely.

this is based on shamir's "how to share a secret" cacm v22n11 1979.

in the stefan brands quote ("the privacy of honest users cannot be
violated in any cryptanalytic way") the emphasis is on honest users.
dishonest users are traceable.

after reading these two papers, i really think off-line cash works -- it
offers divisibility, multi-party security, privacy, and untraceability. 
the major impediments seem to be the complexity of the protocols and the
large computational price to be paid.

	peter






More information about the cypherpunks-legacy mailing list