[fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

Daniel A. Nagy nagydani at epointsystem.org
Wed Nov 23 16:54:24 PST 2005


I'm sorry for not answering to the last message in this thread for almost a
month. After systematically reviewing some of the issues that came up in
this discussion and talking to a friend of mine, it seems that it is
possible to make governable blinded cash, using some of the ideas from the
paper in question. In fact, blinded and non-blinded tokens (i.e. digital
"coins" and "notes") can be successfully and conveniently used together, as
they offer different advantages and different tradeoffs. A new paper,
tentatively titled "Digital Cash: Notes and Coins" is being written. If
there's going to be an FC++ issue in December or January, we might have a go
at it before publishing the paper using a more traditional channel.

The basic idea with coins (which are less traceable than notes, but are less
flexible, too, and may weigh your pocket down, if you keep large sums in
coins) is that the blind signature key is regularly changed (e.g. annually,
so it is possible to tell a 2005 ePoint coin from a 2006 ePoint coin, just
like in the "real world"), and while coins are accepted indefinitely, they are
only issued during the validity period of the key. This means that one can
limit the damage caused by a leaked secret key or a malicious issuer. After
the validity period of the key, it is possible to keep count of the coins in
circulation and accept only that limited amount (and sound alarms, if
unaccounted-for coins emerge).

Another important idea is that of spot-checks: from time to time (determined
partly by the users, partly by the issuer in such a way that the issuer
cannot control and the users cannot predict it) coins are accepted only with
the user identifiing the coin's (published) proto-coin and reveal the
corresponding blinding factor. If it happens rarely enough, it won't
compromise the general untraceability of coins, but it may catch a counterfeit
coin and thus reveal the compromise of the secret key.

At ePointSystem, may very well implement this kind of coins, which can be
used in conjunction with notes. I'd like to thank you for the thoughtful
discussion and the valuable ideas.


More information about the cypherpunks-legacy mailing list