[fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

Daniel A. Nagy nagydani at epointsystem.org
Wed Nov 23 20:07:29 PST 2005 

On Wed, Nov 23, 2005 at 08:31:46PM -0500, R. A. Hettinga wrote:
> At 1:54 AM +0100 11/24/05, Daniel A. Nagy wrote:
> >spot-checks
> 
> This also is not new.
>
> We were discussing this in relation to millidollar streaming cash at least
> 5 years ago. We've discussed this privately, and on public mail lists, with
> the likes of Nicko van Someren, Ron Rivest, Adi Shamir, and Mark Manasse.

Those two ideas are not new, and I know that. What is new is the publication
of a signed transaction log by the issuer; the splitting of public and
private information in such a way that allows for transparent issuer governance
without invading privacy.

In the electronic cash literature, governance issues have rarely been
raised, let alone properly addressed. Systematic treatment of transparent
governance in digital payments begun, AFAIK, with the research of Ian Grigg.

For a (long) while, both Ian and I were convinced that transparent
governance and blind signatures don't mix well. It was cyphrpunk in this
discussion, who pointed out the essential similarity between the proto-coin
in chaumian schemes and the cryptographic challenge in my paper. It came up
in the context of invoicing, but -- as we recently realized -- it can also
be used for governance, when coupled with these two old ideas.

In short, the basic idea is for the issuer to _publish_ in an undeniable
manner the responses (with some additional info) to exchange requests
instead of sending the information back to the requesting party using a private
channel. I do think (in agreement with several reviewers of my work) that
the setup proposed in the discussed paper, where the communication between
the users and the issuer is such that the issuer's responses to users'
requests are broadcast and archived in public records is novel.

> Even the delineation between universally-checked blind-signature "notes",
> and stochastically tested "coins" is at least five years old and has been
> discussed on most of the usual email lists.

We use "notes" and "coins" in a completely different sense. There are no
blind signatures in notes; notes are traceable to some extent, just like
IRL.

Cheers,

-- 
Daniel

More information about the cypherpunks-legacy mailing list