anonymity and e-cash

Sean Roach roach_s at alph.swosu.edu
Wed Feb 12 22:26:27 PST 1997


At 04:59 PM 2/12/97 -0800, Hal Finney wrote:
>From: tcmay at got.net (Tim May)
>> You missed a very good talk by Ian Goldberg of UC Berkeley at the Saturday
>> Cypherpunks meeting at Stanford, where Ian talked for more than an hour on
>> just this issue. (He also talked for an hour on his crack of the RSA
>> challenge using 250 workstations...this was also a good talk.)
>
>I wish I could have heard that, it sounds good...
>
>A simple idea we have discussed for full anonymity uses the idea of
>exchanging coins at the bank.  You make an anonymous connection to
>the bank, supply some ecash you have received along with some blinded
>new ecash.  The bank verifies that the ecash is good and signs your
>blinded ecash, sending it back to you.  You unblind it and have good,
>fresh smelling ecash which you can keep, spend, or later deposit in
>your account.
>
>If the merchant performs this exchange operation on-line as soon as
>he receives ecash, then his anonynmity is protected.  The customer is
>protected too, by the blinding he used when he withdrew the ecash earlier.
>So both sides remain anonymous.
>
>It sounds like Ian may have worked out details of a system where third
>parties do these exchanges.  Banks may be reluctant to allow them for
>liability reasons, and the market, abhoring the vacuum, will supply
>intermediaries who perform exchanges for a fee.
>
>Resolving the various forms of cheating is the hard part.  When Lee asks
>about a signed receipt, it is hard to understand what is the point if the
>seller is fully anonymous!  A signed receipt from a freshly-minted key
>is not of much use to anyone.
>
>If the participants are using persistant pseudonyms then whatever
>reputation capital they have can be put on the line when cheating happens,
>although it still may be hard to tell who cheated whom.  Did the customer
>pass bad cash and claim it was good, or did the merchant deposit good
>cash and claim it was bad?
>
>The same thing could happen every day at the supermarket, of course.
>A customer insists they paid $20 but got change for a $10.  If dozens of
>customers say the same thing has happened to them, we start to mistrust
>the market, while if several businesses say this particular customer
>has made the same claim to them, we blame the customer.

Here is another idea.
The merchant and customer agree on a price, with the merchant knowing that
the "bank" will take a cut for their services.
The merchant and customer both LOG IN to the bank seperately, each type in
their agreed upon price and cut & paste in the services rendered
information.  If they match, the bank makes the necessary transaction
between the accounts, e-cash stash, etc.  The bank also supplies both
parties with a clear signed receipt.  The bank can now no longer alter the
receipt, as the merchant and customer both have a copy.  And the customer
and merchant can not alter the receipt, because then it would fail the test
on the signature.
If a receipt for a transaction number were used, then the only threat would
be the same one that exists for remailer operators.  This could be negated
by daisy-chaining banks in a similair manner.  If each bank took a cut of
non-customers of $.0002 or .02% of the transaction, whichever was greater,
then a suitable system could be set up.

Another idea that has been festering.  If we could get a CPA involved in
this forum, I would be willing to have h[im/er] sign my key, (which is
seldom used, mostly because this is the only place I use e-mail), for that
reasonable fee that CPA's can charge.  I know that it is not a standard, or
even legally recognized, post for CPA's, but I think that enough people
would trust them.
This would take care of some of the "newly minted" key problems.  Since
getting someone who is trusted to sign your key is a recognized method of
getting people to believe you are who you say you are.  Just an idea.
Actually two, one half thought out, one that has been bugging me.









More information about the cypherpunks-legacy mailing list