double-spending prevention w. spent coins
Patrick Chkoreff
patrick at fexl.com
Thu Apr 24 20:10:20 PDT 2003
On Thursday, April 24, 2003, at 06:47 PM, Adam Back wrote:
>> OK, that sounds like a potential problem, but I don't see how you
>> can hide this information from the server ITSELF. When you present
>> a coin to the server, it is going to know from which IP address it
>> came, and I don't see a way around that.
>
> That's where blinding comes into the picture.
> ...
This is helpful, Adam, thanks.
Bill Frantz wrote:
> The server is in a position to keep track of the money transfer by
> recording the serial numbers of the old and new coins as the exchanges
> take
> place. The server is perfectly capable of making the linkage. If you
> don't trust the server, then you must believe that all your transfers
> are
> know.
This is good too, Bill.
All right, I can generally understand the purpose here, to make it
impossible to correlate an old coin with a new one issued in its place.
That I can see. I was starting to get the impression that somehow the
Chaumian techniques were attempting to address the problem of
preventing double spends even when doing a long chain of spends without
contact with a server. In fact they are trying to address a more
modest goal than that, and double spends are still something that must
be detected by contact with the server.
With the Chaumian techniques, the random coin bits are generated on the
user side:
http://munitions.vipul.net/documents/cyphernomicon/chapter12/12.5.html
> "The way the process works, with the blinding, is like this. The user
> chooses a random x. ...
So naturally the server cannot keep a list of the valid coins because
their specific bits appear to be invented out there in the wild. Hence
keeping the list of spent coins, since keeping a list of unspent coins
is clearly impossible.
Well hell, that wasn't so hard.
-- Patrick
http://fexl.com
More information about the cypherpunks-legacy
mailing list