Why ecash is traceable

Dar Scott dsc at swcp.com
Fri Sep 15 10:13:36 PDT 1995 

Timothy May wrote,
>I don't think all systems must be able to deal with double spending.
>
>For example, the first person to read this number: 45%2)d[12ks&Qmdx and to
>then submit it any form--in person, by e-mail, via remailer, etc.--to The
>First Bank of Cyberspace will have $10 sent to him or her, as cash or as a
>spendable amount of digicash (untraceable to recipient, of course).

I would expect that services might emerge that would strengthen this
without the bank getting involved and without loss of anonymity.

It might emerge that because of the bank's lack of handling of double
spending that in some transactions some payees would request a money order
from a trustee.  The payee might supply the list of money order suppliers
allowed for that day.  If the payee does not want the money order addressed
with a public key, he can supply a set of alternate keys each encrypted for
an acceptable trustee.  The money order allows the payee to be as sure that
the cash is good as he trusts the trustee (and the bank).

With or without the use of a remailer this can add to hiding the payer.
However, unless the payee provides a hidden key, the trustee does know who
received some payment.  The trustee is highly motivated to operate a
memoryless system (except for the trustee's own cash) and might be audited
to ensure this to both customers and potential physical raiders.

The cash bundled in the money order need not be that returned from
exchanging the money order payment.  Some trustees might return a money
order containing cash that has other properties, too.

If the payee really trusts the trustee, then no race to exchange the cash
is needed--hiding the payee further.  The payee can exchange it over a
period of time or as needed.  Exchange includes indirect exchange as in
buying money orders.

I'm new to protocols and I mention details below only to add hopefully
clarifying material, not to suggest that I have any idea of the right ways
to do these things.  These can be implemented using PGP.

Money Order:
The automated trustee checks the money (for money order amount and fee).
If it is bad the trustee sends it back.  Otherwise, the trustee exchanges
the cash and then selects from cash on hand cash of the amount of the money
order.  This is encrypted for the payee.  (The buyer must supply something
the trustee would know how to use to encrypt for the payee: public key or
message addressed to the trustee containing information on how to encrypt
for the payee.)  The money is encrypted with that.  A description is added
to this and it is signed by the trustee and sent back to the payer.  The
description may or may not mention the payee depending on whether the money
was wraped with a public key or not.

Escrowed Money Order:
The trustee creates a money order that can be opened by either the payer or
payee and encrypts that for the escrow agent.  A description and signature
is added.

Generalization:
Payees and escrow agents can be abstract recipients such as and/or lists.

I wonder how much I could charge for this.

Dar

===========================================================
Dar Scott               Home phone: +1 505 299 9497

Dar Scott Consulting         Voice: +1 505 299 5790
8637 Horacio Place NE        Email: darscott at aol.com
Albuquerque, NM  87111              dsc at swcp.com
                               Fax: +1 505 898 6525
http://www.swcp.com/~correspo/DSC/DarScott.html
===========================================================

More information about the cypherpunks-legacy mailing list