why ecash is traceable

Timothy C. May tcmay at got.net
Fri Sep 15 18:20:21 PDT 1995


At 10:49 PM 9/15/95, Nick Szabo wrote:
>Hal & Tim have made some interesting comments about payee untraceability.
>I suspect it will clarify things to point out the orthogonality in
>two of the major design choices:
>
>* Clearing: Offline vs. online
>* Settlement: Deposit to payee's account vs. sending new cash to payee
>
>Because DigiCash wants their product to have payer, but not payee, privacy,
>the current ecash(tm) software from DigiCash uses online clearing
>and deposit to payee's account, but the three other combinations are
>also quite doable if somebody wanted to implement them.  The design that
>allows symmetric untraceability combines online clearing with sending new
>cash.  This way the bank need not ID the payee Bob in order to credit

Thanks, Nick, for summarizing this clearly in terms of these two axes. This
symmetric untraceability is what I was getting at with my point about Bob
clearing the transaction and getting back blinded cash. It's apparent that
if Alice can get untraceable cash, and she tells her bank to go ahead and
give the same kind of untraceable cash to Bob, then Bob can also get
untraceable cash.

....
>Offline clearing requires the potential to ID the payer in
>order to punish double-spending after the fact.

Offline clearing has many hurdles to overcome, and this "True Name" (ID)
issue is not very attractive. Fortunately, the vast increases in Net speeds
are on the side of online clearing, even for relatively small transactions.

>Online systems without observers (such as ecash(tm)) don't
>need to worry about trying to find multiple spenders, because this is
>prevented by the online clearing.  In fact, purposeful second-spending
>is used to recover from some error conditions, specifically to determine
>whether the payee in fact received the "coin" or not when there has been a
>network error in the middle of a transaction.   Distinguishing between
>mistaken  and fraudulent double spending is a very complex, not completely
>tractable problem, so the current ecash(tm) punts it, which is reasonable
>because it is online.  An offline system would need an elaborate

Sounds pretty compelling to me to concentrate on online clearing systems....

I can imagine limited needs for offline clearing, such as road toll
systems, or parking tokens, etc. The amounts of money there can be somewhat
limited, and the implications of double spending revealing identity are
less serious. (Though I can imagine a worrisome scenario where a highway
toll system "deliberately double spends" received tokens to track
motorists...there may be precautions built into such systems that I just
don't know about.)

--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."








More information about the cypherpunks-legacy mailing list