[Cryptography] On the 'regulation proof' aspect of Bitcoin
Jeff Burdges
burdges at gnunet.org
Thu Mar 31 15:36:53 EDT 2016
Just a note on ransomware that might help get the discussion back on
cryptography :
Blind signature based transactions are traceable by the sender. GNU
Taler provides "taxability" this way : http://taler.net/
In Taler, there is a "hole" that issuing initial tokens could be done
fraudulently if the tax evading merchant or extortionist blinds the
tokens and tells their collaborator or victim to run software to mint
them. We can defeat that for established accounts using a cut n' choose
protocol, just like we use to prevent giving change from providing
untaxable transactions. It's harder if the extortionist can force their
victim to hand over their whole account, or make them open a new
account, but several tricks still work. In any case, it's easiest to
plug this whole by simply having withdrawal limits like an ATM.
At present, the refresh protocol reduces customers' anonymity from the
information theoretic security of the RSA blind signatures on the
initial tokens to merely curve25519, making it no longer post-quantum.
That's okay for giving change, well trash your small change if you
believe in quantum computers. It's more concerning if we want to plug
the initial issuing hole too. We could achieve post-quantum security
for both using Merkle trees of symmetric keys in a scheme inspired by
stateless hash based signatures. I found this amusing because this
actually uses a Merkle trees for encryption, but it makes sense because
the encryption is ultimately for more signature like properties.
Anyways..
On Wed, 2016-03-30 at 13:21 -0400, Phillip Hallam-Baker wrote:
> I would like to be able to make use of a BitCoin like transfer scheme
> without the mining bit. I don't think that is actually necessary to
> maintain the integrity of the chain.
There is no question that public block chain signed by notaries would
work better than our current financial system. That's great for large
transactions, but..
Individuals need privacy though, at least when spending typical amounts
money. And blind signatures can provide privacyy guarantees of
information theoretic security, post-quantum security, or ECC security,
depending upon your concerns about taxability, extortion, etc.,
simplicity, and quantum computers.
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160331/d514b42c/attachment.sig>
More information about the cryptography
mailing list