Getting ecash without an MTB account

Mark M. markm at
Fri Aug 15 14:30:37 PDT 1997


On Fri, 15 Aug 1997, Alan wrote:

> > I thought that in this scenario, Bob can spend the coin before he gives
> > it to Alice, so she runs the risk of receiving a coin that has already
> > been spent. Is it impossible to spend a blinded coin if you can't
> > unblind it? Or are you thinking of something totally different?
> My understanding of the protocol is that the identity of the purchacer is
> revealed only if the coin is double spent.  What prevents the person
> wanting to find out the identity of Bob from just spending the cash more
> than once?

There are two ways of handling the double spending problem.  One is online
clearing where the bank keeps a database of all deposited coins.  The
merchant immediately deposits the coin and the bank compares it to a
database of all spent coins.  If the coin has already been spent, the bank
sends an error message to the merchant, and presumably, the transaction
is halted.  If the coin has not been spent, the bank adds the coin to its
database of spent coins and credits the merchant's account.  This simply
prevents double spending and does not attempt to identify the person

The other protocol is very complex and involves an interactive protocol
to reveal one half of the payer's identity which is split using a simple
XOR.  When a coin is double spent using this protocol, the payer's identity
is revealed.  I don't know if this protocol can be used for double-blinded
coins, but even if it could, there wouldn't be many advantages over
online clearing.

Version: 2.6.3i
Charset: noconv


More information about the cypherpunks-legacy mailing list