[Cryptography] GNU's "anonymous-but-taxable electronic payments system" Heh.

Phillip Hallam-Baker phill at hallambaker.com
Tue Jun 7 12:14:45 EDT 2016

On Mon, Jun 6, 2016 at 2:49 PM, Jeff Burdges <burdges at gnunet.org> wrote:

> Taler is basically a modernization of Chaum's original blind signature
> scheme from like 30 years ago.
> Taler drops Chaum's trick by which double spending results in
> deanonymization.  Instead, Taler does online detenction of double
> spending, and so does not support offline merchants like Chaum did.  It
> follows that a Taler exchange (mint) and merchant cannot be defrauded by
> customers in the way Chaum allowed, so a Taler exchange does not need a
> collections department the way Chaum and did, and Credit Cards do.
> This, along with not using wasteful proof-of-work, makes Taler suitable
> for "micro-transactions."  Of course, this also removed the most natural
> category of deanonymization attacks on customers in Chaum's scheme.

This is something that I see as a trend in modern crypto that is worth
reminding people of.

Back in the 1980s, we faced some really difficult deployment challenges:

1) Machines were slow. Even RSA1024 was slow enough to have a serious
impact on your application.

2) Network connectivity was the exception. Applications had to be written
so that someone could dial into their ISP, upload their outgoing mail and
download their incoming and disconnect without any user interaction.

3) Some idiots thought that ASN.1 was actually useful.

None of these restrictions apply to the vast bulk of machines and network
users today. Yes there are parts of rural Montana and remote parts of
Nigeria where connectivity is still 'batch mode'. But those folk are not
going to be early adopters for anything. Yes there are more 8 bit CPUs
being produced this year than at any time in the past. But those devices
never supported IP and never will.

It is very easy for people to look at the legacy crypto applications and
assume that those represent timeless design truths. They don't. Those
systems were designed around constraints that no longer exist.

Whit Diffie originally proposed a public key directory. Lauren Kohnfelder
invented certificates as a mechanism to make PKI practical with unreliable
connectivity. Now that we have reliable connections we have infrastructures
like OCSP and XKMS that are actually trying to bend the model back to
Diffie's directory.

Oh and BTW, CAs sell management of PKI credentials, not certificates.
Whatever you try to replace PKI with, there will be a market for services
that establish trust.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160607/836da8b0/attachment.html>

More information about the cryptography mailing list