ecash, cut & choose and private credentials (Re: Jim Bell)

Adam Back adam at cypherspace.org
Sun Dec 3 21:59:45 PST 2000



Ben wrote:
> > different process.  I don't think you can do efficient offline ecash
> > with Wagner et al's mechanism -- I'd guess it's more comparable with
> > the functionality offered by Chaum's blind signature.
> 
> I'm not sure what you think the requirements for "efficient offline
> ecash" are, but I should note that the double-blinded version of lucre
> doesn't require the ZKP, and there's also a non-interactive variant of
> the ZKP for the single-blinded variant. They are both described in the
> current version of the paper (at least, I'm sure the first as, and
> somewhat sure the second is).

Offline means offline with fraud-tracing in event of double spending,
so the efficiency refers to the computation and communication cost of
the withdraw and deposit protocols which do the normal ecash thing,
plus encode identity in the coin in the withdraw protocol in a way
which will be revealed in a double spent show protocol.

The protocols you list are online.  Not that this is a bad thing -- I
kind of prefer the online idea -- rather than the "and then you go to
jail" implications of fraud tracing in the offline protocols.  Plus
you have a risk of accidentally double spending if your computer
crashes or something.

Adam





More information about the cypherpunks-legacy mailing list