Pseudo-anon Ecash with GAK -- Sandia Proposal

L. McCarthy lmccarth at ducie.cs.umass.edu
Tue Jan 24 03:49:05 PST 1995 

While browsing through the program for the 6th annual ACM-SIAM SODA
(http://www.netlib.org/confdb/soda95/prog.html), which concludes today in SF,
I noticed the following scheduled for this morning:

8:55 
   Trustee-based Tracing Extensions to Anonymous Cash and the Making of
   Anonymous Change 
   Ernie Brickell, Peter Gemmell and David Kravitz, Sandia National
   Laboratories, Albuquerque 

I haven't been able to find a pointer to an actual paper, but I did find an
abstract of sorts at http://www.cs.sandia.gov/HPCCIT/el_cash.html. Their
proposal purports to elaborate the notion of GAK ("key escrow") to cover
an otherwise-anonymous ecash system, according to my reading of this.
Caveat emptor.

Here's an extended excerpt of the doublespeech:

"We introduce the first electronic cash system that incorporates trustee-based
tracing, while provably protecting user anonymity. This effort expands on
provably anonymous electronic cash systems. Our system maintains completely
provable user anonymity with the exception that, only with the cooperation of
several publicly appointed trustees (e.g. key-escrow agents), the government 
can trace a user's spending with certainty, determining to whom the user gave
his/her money and how much s/he gave. The trustees can answer the question of
whether a particular payment was made by a particular user, without revealing
any additional information. This allows for authorized forward and backward
tracing that does not impinge on the privacy of anyone other than the parties 
of the one transaction in question. Some of our trustee-based tracing require 
no tamper-resistant hardware, and all can be implemented as either on-line or
off-line systems."

Electronic cash is a subject of great economic, political, and research
importance. With advances in computer networks, in processor speed, and in
databases, and with advances in note counterfeiting technology and with both
individuals' and businesses' desire for remote and more convenient financial
transactions, some forms of electronic cash are likely to become widespread
within 5 to 10 years. Although unconditionally anonymous electronic cash 
systems have been proposed in the literature, governmental and financial 
institutions are unwilling to back a completely anonymous system. Their 
reasons for opposing complete untraceability have to do with the containment 
of user fraud and the desire to restrict the new kinds of crime that 
unrestricted, remotely withdrawable, and spendable electronic cash could 
facilitate. Because of the necessary concern over crime control, they have 
previously proposed systems with little or no protection for the users' 
privacy. Our system provides the capability required by government for crime 
control while maintaining privacy for all other users."

 -L. Futplex McCarthy; PGP key by finger or server; I'm seeking an internship/
  job for summer 1995 --- BS CS Cornell / 2 yrs. MS-level work in algebraic
  algorithms, Ph.D. planned --- send private email for resume etc.

More information about the cypherpunks-legacy mailing list