mpd at netcom.com
Fri Mar 25 07:33:08 PST 1994
> If Frank the Forger, to pick a standard sort of crypto
> example, takes a set of bits (possibly made with the
> elaborate system Mike Duvos described in an earlier posting)
> and copies that set of bits n times and then "spends" them n
> times, how can any of his recipients know that parallel
> transactions are happening, that the "same" money is being
> spent n times and that it is very likely that n - 1 of the
> recipients will be screwed?
I didn't mean to oversell the degree to which the scheme deters
multiple spending. It doesn't prevent multiple spending. It
merely breaks the anonymity of the perpetrator if two or more
people he has transacted the same note with break their own
anonymity and voluntarily cooperate with the bank.
There is nothing to prevent you from making N copies of your
floppy, spending each one, and hopping the next plane to
Argentina. Sad but true.
In the real world, there would have to be some sort of limit on
the number of times such a spoofed transaction could propagate
before being cleared with the central bank, much like
restrictions on multiple-party checks today. Merchant
cooperation would also be necessary. Probably easy to get with
the corner store than with the local cocaine dealer.
> The other main approach is to build in to the blinding
> protocols which protect anonymity ways to detect the
> identity of those who spend a unit of digital money more
> than the specified number of times. "Double spenders" is the
> common term. This can avoid online clearing, but at the
> expense of additional protocol complexity and some peculiar
> wrinkles which can develop.
This is really all I had in mind. Again, double spending is
discouraged but not prevented. If you are leaving town and never
returning, you can go on a shopping spree.
Mike Duvos $ PGP 2.3a Public Key available $
mpd at netcom.com $ via Finger. $
More information about the cypherpunks-legacy