Still more on the Digicash protocol

David A Wagner daw at delhi.CS.Berkeley.EDU
Thu Dec 7 16:17:58 PST 1995


-----BEGIN PGP SIGNED MESSAGE-----

Just a clarification about my comments on privacy against eavesdroppers
with Digicash.  I admit I didn't express myself very well the first time.

In article <199512071610.KAA16536 at admin.starnet.net>,
Mark Twain Ecash Support <support at marktwain.com> wrote:
> 
> >Worse still, anonymity for the shop is worse with Digicash than with real
> >cash.  If I pay you real cash on a secluded street, you're fairly anonymous.
> >If I pay you Digicash over the Internet, any passive eavesdropper could be
> >recording your identy and the whole transaction.  Blech.
> 
> This is raising an issue that has nothing to do with Ecash. The complaint is
> in fact about the lack of a gereral link encryption on the Internet. I agree
> that this is needed, but providing it really isn't Ecash's job. I am eagerly
> anticipating the general use of IPSEC.
> 

Hrm, I think you misunderstood what I was trying to say.

Assume the attacker is not doing any traffic analysis.  The problem is
that even then, the shop's identity (and product info, and payment amount,
and bank ID, etc.) are still sent *in the clear* in the Digicash payment
protocol.  Thus all those items can be correlated to the payee's identity:
a complete loss of privacy for the shop.

There's no need to send that payment info in the clear -- why not encrypt?

If it is encrypted, a passive eavesdropper can only learn the payer's &
payee's identity if he uses traffic analysis, and even then he doesn't
know the payment amount, product description, etc.  For all he knows, the
transaction could've been a $0.01 cent donation to Sameer for his anonymous
remailer, or it could've been a $10,000 transfer to Sameer's machine in
(virtual) Anguila-space for a few dozen Apache servers.

(So this also has implications for payer anonymity & privacy, not just
payee privacy.  When payment info is sent in the clear, and the eavesdropper
is doing traffic analysis (e.g. by sniffing the link out from a small
business), the eavesdropper can correlate payer's identity with the
payment amount, product description, and other buying habit information.
When Digicash protocol messages are encrypted, this information isn't
released, and can't be correlated with payer identity, even when traffic
analysis is being done.)

That's why I really wish Digicash were encrypting all its messages.

And I'm very glad to hear that Digicash will support sending the entire
protocol over a SSL-protected link.  Great feature!  I'll be looking
forward to it.



> >* continue specifying the protocol at a deeper level, like you promised
> >  (and throw in source for security-critical modules too, eh? :-)
> 
> Writing all this down takes time. DigiCash may hire a tech writer soon. That
> should improve communications between all parties.

Excellent!

Thanks for all you're doing to improve Digicash's anonymity, privacy,
and security features, Lucky.  I think it's really important to get
this right in the pioneering work...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMMeEBCoZzwIn1bdtAQFzYAF/agJtA7eal+rEP0ki34FY/vyKc/EDqJ0p
QR1T+zJZ0tn6i1hwluqlmvigJpWNst41
=/NJW
-----END PGP SIGNATURE-----






More information about the cypherpunks-legacy mailing list