double-spending prevention w. spent coins

[Adam Back]

On Thu, Apr 24, 2003 at 11:10:20PM -0400, Patrick Chkoreff wrote:
> All right, I can generally understand the purpose here, to make it 
> impossible to correlate an old coin with a new one issued in its place. 
> 
>   That I can see.  I was starting to get the impression that somehow the 
> Chaumian techniques were attempting to address the problem of 
> preventing double spends even when doing a long chain of spends without 
> contact with a server.  In fact they are trying to address a more 
> modest goal than that, and double spends are still something that must 
> be detected by contact with the server.

So actually using Brands credentials which have an off-line fraud
tracing option you could if you wished exchange coins peer-to-peer
amongst users, who eventually after some number of peer-to-peer spends
deposit their coin back at the bank.  The bank checks deposited coins
and can tell which users double spent coins if any after the fact.

What you do about double spending when you detect a given user has
done it is a policy question for the bank -- eg fine user, prosecute
user for fraud to recuperate costs etc.

(You can also use the same protocol for online checking, so the
recipient has the choice of covenience of using peer-to-peer without
going via the bank, or the choice to deposit now and get a fresh coin
and be sure there won't be any dispute resolution later.)

Adam

> With the Chaumian techniques, the random coin bits are generated on the 
> user side:
> 
> http://munitions.vipul.net/documents/cyphernomicon/chapter12/12.5.html
> 
> > "The way the process works, with the blinding, is like this.  The user 
> > chooses a random x. ...
> 
> So naturally the server cannot keep a list of the valid coins because 
> their specific bits appear to be invented out there in the wild.  Hence 
> keeping the list of spent coins, since keeping a list of unspent coins 
> is clearly impossible.
> 
> Well hell, that wasn't so hard.
> 
> -- Patrick
> http://fexl.com