Privacy-enhancing uses for TCPA

Bill Frantz frantz at pwpconsult.com
Fri Aug 23 11:35:16 EDT 2002


At 1:55 PM -0400 8/3/02, AARG!Anonymous wrote:

>Here's one more example, which I think is quite amazing: untraceable
>digital cash with full anonymity, without blinding or even any
>cryptography at all! (Excepting of course the standard TCPA pieces like
>SSL and secure storage and attestation.)
>
>The idea is, again, trivial.  Making a withdrawal, the client sends the
>user's password and account ID to the bank (this information is kept in
>secure storage).  The bank approves, and the client increments the local
>"wallet" by that amount (also kept in secure storage).  To make a payment,
>use the anonymous network for transport, and just send a message telling
>how much is being paid!  The recipient increments his wallet by that
>amount and the sender decrements his.  Deposit works analogously to
>withdrawal.

Note that if the user can modify the wallet, a "fat, dumb, and happy"
implementation may be vulnerable to the following attacks.

Attack 1:

(1) Withdraw $0.01 from the bank.
(2) Change a random bit in the encrypted wallet.  (Picking the bit to
change will be easier if the storage format in known.)
(3) Fire up the application as see how much money you have.

Attack 2:

(1) Withdraw many $$$ from the bank.
(2) Copy the wallet.
(3) Deposit the $$$ back in the bank.
(4) Restore the wallet using the copy.

While there are certainly ways to notice modifications to the wallet, and
prevent the replay attack, they result in considerable additional
complexity for what was a very simple implementation

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/CBDTPA is to      | 16345 Englewood Ave.
frantz at pwpconsult.com | prevent fair use.      | Los Gatos, CA 95032, USA



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list