Controlled nymity
James A. Donald
jamesd at echeque.com
Fri Aug 15 21:38:06 PDT 2003
--
James A. Donald:
> > What we want of a payment system, is that Alice can prove
> > she paid Bob, even if Bob wants to deny it, but no one else
> > can prove that Alice paid Bob unless Alice takes special
> > action to make it provable.
Major Variola (ret)
> Does it help if: Alice generates a secret key for each
> payment Alice *anonymously* deposits an *encrypted* message
> containing payment details into Bob's acct Only Alice can
> reveal the key for a particular transaction in Bob's account,
> thereby stripping anonymity but also revealing payment. For
> only that transaction.
Presumably Alice prepares a bunch of unblinded tokens, marks
them "for Bob" and encrypts them so that only the bank can read
them.
Bob then gives that message to the bank, and the bank then
tells Bob "yes, its a valid payment for 25 grams of gold to
Bob"
Since Alice knows the secrets embedded in that message, she can
prove that she originated that message, so she can prove she
paid Bob, but no one else can prove it. She can prove that to
Bob, or to anyone, assuming the bank cooperates.
Of course this means the bank knows how much money everyone is
paying Bob, even if it does not know who is paying Bob.
Also Alice cannot prove that the money was accompanied by the
message "OK Bob, here is the twenty five grams of gold, deliver
the Maltese falcon tonight." and thus cannot prove that Bob, by
accepting the tokens valid for the gold, agreed to deliver the
Maltese Falcon.
Perhaps these two problems can be fixed.
Alice encrypts a message to the bank containing the unblinded
tokens. It also contains instructions 'accept this deposit
only if accompanied by a number whose hash is X, and only if
the message is signed with the private key corresponding to
this public key 89798759754.
Alice puts this encrypted message to the bank inside a a
message to the Bob, which contains the instructions: "OK Bob,
here is the twenty five grams of gold, deliver the Maltese
falcon tonight. Here is a cheque made out to cash, for 25
grams of gold, valid if accompanied by the hash of this
message, and signed with private key 1764383486*b, where b is
whatever your private key is. Signed Alice."
Bob delivers the cheque, (an encrypted message to the bank) and
the bank validates it as correctly formed and containing valid
unspent unblinded tokens, and gives him blinded tokens for 25
grams of gold.
To prove that it was Bob who did indeed deposit this money,
Alice reveals to the bank the message corresponding to the
hash, and thus reveals that 89798759754.= B^1764383486, where B
is Bob's public key, and thus, if the bank keeps a record of
the exchange, proves that it was Bob who made the exchange, and
that the money was from Alice, and was for the Maltese falcon.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
t9GmbLxgymh192YQzp+e8St5v1yhN1n014TZ3Fyf
4k6B1/EGsY+IBb0q+xTsr05v3am+86d6UlAzY51Cz
More information about the cypherpunks-legacy
mailing list