Is Chaum's System Traceable or Untraceable?
Ian Goldberg
iang at cs.berkeley.edu
Wed May 22 15:20:27 PDT 1996
-----BEGIN PGP SIGNED MESSAGE-----
In article <199605201902.MAA16278 at netcom8.netcom.com>,
Bill Frantz <frantz at netcom.com> wrote:
>At 9:10 AM 5/20/96 -0700, Ian Goldberg wrote:
>>However, if you use the "fully anonymous" protocol, change becomes trivial.
>>You don't have to go online; the payer (the shop) does, which it assumedly
>>already is. Another benefit is that coins received in this way as change
>>are immediately spendable by you, without having to go online in between.
>
>Perhaps I am confused, but I see no need for change in the fully anonymous
>protocol. I see the fully anonymous protocol as:
>
>(1) The payee generates a coin for the amount of purchase, blinds it and
>gives it to the payer.
>(2) The payer blinds it again and gives it to the bank, which signs it
>debiting the payer's account.
>(3) The payer removes his blinding and gives the signed coin to the payee.
>(4) The payee removes his blinding and deposits the coin.
>
>Step 1 could be called a request for payment (an invoice), step 2 a
>withdrawal, step 3 the payment, and step 4 a deposit.
>
>Is there another version which allows the payee to have an unconnected
>wallet of coins and get change in return?
In the "normal" protocol, the payee has to go online. In the "anon" protocol,
the payer has to go online. Since you don't want to go online when you
walk into a shop, you can pay the shop with the "normal" protocol, and
the shop gives you change with the "anon" protocol.
That way, you never need to go online, and your identity is never compromised.
- Ian
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMaM4VkZRiTErSPb1AQF8tAQAktvqP2vIKx3igJyfQsFFfJ4PTydBpPrT
W1+uEBIFJgn9sKf+KFXojntn+CKjc6fx0pTBsutXH8UjJxVWZxC1VF7F5jFzCNq3
ZjjkxuX5WrREAZheCu2KydRKVazkEdXVLTPhPHP2D923ZBAOm7B6lCOJ/ykuEaUn
znYuAu1DaOQ=
=rodG
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list