[fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

Mon Oct 24 11:14:08 PDT 2005

On 10/22/05, Ian G <iang at systemics.com> wrote:
> R. Hirschfeld wrote:
> > This is not strictly correct.  The payer can reveal the blinding
> > factor, making the payment traceable.  I believe Chaum deliberately
> > chose for one-way untraceability (untraceable by the payee but not by
> > the payer) in order to address concerns such as blackmailing,
> > extortion, etc.  The protocol can be modified to make it fully
> > untraceable, but that's not how it is designed.
>
> Huh - first I've heard of that, would be
> encouraging if that worked.  How does it
> handle an intermediary fall guy?   Say
> Bad Guy Bob extorts Alice, and organises
> the payoff to Freddy Fall Guy.  This would
> mean that Alice can strip her blinding
> factors and reveal that she paid to Freddy,
> but as Freddy is not to be found, he can't
> be encouraged to reveal his blinding factors
> so as to reveal that Bob bolted with the
> dosh.

Right, that is one of the kinds of modifications that Ray referred to.
If the mint allows (de-facto) anonymous exchanges then a blackmailer
can simply do an exchange of his ecash before spending it and he will
be home free. Another mod is for the blackmailer to supply the
proto-coin to be signed, in blinded form.

One property of Daniel Nagy's epoint system is that it creates chains
where each token that gets created is linked to the one it came from.
This could be sold as an anti-abuse feature, that blackmailers and
extortionists would have a harder time avoiding being caught. In
general it is an anti-laundering feature since you can't wash your
money clean, it always links back to when it was dirty.

U.S. law generally requires that stolen goods be returned to the
original owner without compensation to the current holder, even if
they had been purchased legitimately (from the thief or his agent) by
an innocent third party. Likewise a payment system with traceable
money might find itself subject to legal orders to reverse subsequent
transactions, confiscate value held by third parties and return the
ill-gotten gains to the victim of theft or fraud. Depending on the
full operational details of the system, Daniel Nagy's epoints might be
vulnerable to such legal actions.

Note that e-gold, which originally sold non-reversibility as a key
benefit of the system, found that this feature attracted Ponzi schemes
and fraudsters of all stripes, and eventually it was forced to reverse
transactions and freeze accounts. It's not clear that any payment
system which keeps information around to allow for potential
reversibility can avoid eventually succumbing to pressure to reverse
transactions. Only a Chaumian type system, whose technology makes
reversibility fundamentally impossible, is guaranteed to allow for
final clearing. And even then, it might just be that the operators
themselves will be targeted for liability since they have engineered a
system that makes it impossible to go after the fruits of criminal
actions.

CP