[Cryptography] Electronic currency revived after 20-year hiatus
Ray Dillinger
bear at sonic.net
Tue Aug 16 17:02:55 EDT 2016
On 08/16/2016 12:09 PM, Robert Hettinga wrote:
> Popped up in a standing google trawl I have out for “blind signature”.
>
> First one that’s hit in years.
>
> Cheers,
> RAH
> -------
>
>
> http://www.afr.com/brand/chanticleer/electronic-currency-revived-after-20year-hiatus-20160815-gqt3hz
I consider Chaum's scheme to be a weak form of digital
currency for several reasons.
These notes cannot circulate. Alice and Trent (the Bank)
cooperate to create one, Alice spends it to Bob, and then
there is absolutely nothing Bob can do with it except
bring it back to Trent. If Alice spends the note
multiple times, the spends cannot be detected until the
at least two copies of it are seen by Trent. So in
practice Bob isn't going to take the note unless he
has a 'live' connection to Trent. And that puts the two
parties who can cooperate to de-anonymize the note (not
cryptographically, but in practice Bob will know who's
making the purchase and will tell Trent) directly in
contact with each other at the moment of the spend.
At the very least Trent will know Bob redeemed it and
if the amount is at all significant, compliance with
most accounting laws will require Bob to know Alice
spent it.
The Trusted party, even if they don't cooperate with
Bob to deanonymize Alice, is also able to steal if
they so choose. This is normal with banks and checking
accounts, but not with any kind of cash.
And IIRC, the existence of a Trusted party was a significant
problem with most of the early attempts to deploy Chaumian
e-cash. In fact, the weakness and/or larceny displayed by
most of the issuing institutions was one of the main reasons
for failure at that time.
It doesn't have to be that way; a real bank handling these
digital notes with the same reliability that they handle
transactions in other accounts would be, in theory, no
more susceptible to such failure than it would in its
other accounts.
And there's a salient point here; Bitcoin-like solutions
with a block chain, while reasonable for some applications,
simply won't scale to (say) 20 billion transactions a day.
We still need to be thinking hard about e-cash, because it
is not a solved problem. If it's ever going to be
mainstream, something has to replace block chains.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160816/808da861/attachment.sig>
More information about the cryptography
mailing list