[fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

R. Hirschfeld ray at unipay.nl
Fri Oct 21 03:43:55 EDT 2005

> Date: Thu, 20 Oct 2005 11:31:39 -0700
> From: cyphrpunk <cyphrpunk at gmail.com>

> >  2. Cash payments are final. After the fact, the paying party has no
> >  means to reverse the payment. We call this property of cash
> >  transactions _irreversibility_.
> Certainly Chaum ecash has this property. Because deposits are
> unlinkable to withdrawals, there is no way even in principle to
> reverse a transaction.

This is not strictly correct.  The payer can reveal the blinding
factor, making the payment traceable.  I believe Chaum deliberately
chose for one-way untraceability (untraceable by the payee but not by
the payer) in order to address concerns such as blackmailing,
extortion, etc.  The protocol can be modified to make it fully
untraceable, but that's not how it is designed.

> >  3. Cash payments are _peer-to-peer_. There is no distinction between
> >  merchants and customers; anyone can pay anyone. In particular, anybody
> >  can receive cash payments without contracts with third parties.
> Again this is precisely how Chaum ecash works. Everyone can receive
> ecash and everyone can spend it. There is no distinction between
> buyers and vendors. Of course, transactions do need the aid of the
> issuer, but that is true of all online payment systems including
> Daniel's.

Apart from the transferability issue, I think there are some systems
that do not rely on an issuer at all (in effect any payee is an
issuer).  Manasse's Millicent comes to mind, but I confess that I
don't fully remember the details.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list