lucre double-blinding? (Re: Crypto-making vs Crypto-breaking)
Adam Back
adam at cypherspace.org
Tue May 6 11:25:15 PDT 2003
It's been a while since I looked at the Lucre white paper but
extrapolating from the Chaum context doesn't double blinding mean the
payer and payee have to be simultaneously online with the bank?
Adam
On Tue, May 06, 2003 at 10:43:42AM +0100, Ben Laurie wrote:
> Anonymous wrote:
> > In order to avoid this, the bank can prove that it operated correctly
> > (that is, it raised its input to the same k power that g is raised to
> > in the public g^k value) using a zero-knowledge proof. I believe the
> > latest version of the Lucre software does this.
>
> Actually, Lucre uses the double-blinding method to avoid this. The paper
> discusses the ZK proof as an alternate way of doing it, but I chose not
> to use it because of its potential interpretation as a blind signature.
>
> There is an implementation of the ZK proof included in Lucre just for
> fun, though.
More information about the cypherpunks-legacy
mailing list