[Cryptography] Krugman blockchain currency skepticism

Benjamin Kreuter brk7bx at virginia.edu
Thu Aug 9 19:19:48 EDT 2018


On Thu, 2018-08-09 at 12:33 -0700, Ray Dillinger wrote:

> On 08/06/2018 07:55 AM, Patrick Chkoreff wrote:
> > Benjamin Kreuter wrote on 08/05/2018 07:38 PM:
> > 
> > > Which is why I said at least one offline hop.  Once you have a 
> > > certificate from the bank, your ability to use the system cannot
> > > be revoked unless you are caught cheating.  With one offline hop,
> > > you can receive and spend money without communicating with the
> > > bank.
> 
> See, this just isn't true.  What happens when you get caught
> cheating?
> The issuer sees that you have cheated and revokes your key.  How do
> the
> other users of the system know your key has not yet been
> revoked?  They
> access a key server that gets updates and knows when the issuer has
> revoked your key.  So how does someone kick you off the system?  They
> go
> to the issuer's key server and remove your key.

Sorry, but I do not follow.  I will have a certificate from the bank,
signed with the bank's public key that everyone uses to verify that my
certificate is real.  I can present that certificate to whoever I am
trying to pay, and they can check that my key is not on the most recent
copy of the CRL they have (and if we really wanted to, we could have
the users distribute CRL updates to each other, so that even users who
for some reason cannot receive the CRL directly from the bank can get
updates).  For the CRL to be valid, revocations would have to include
evidence that the key was used for invalid transactions (double
spending).

So where is the part where the bank can target a specific user and deny
them the ability to use the system (assuming they had already received
a certificate at some previous point in time)?

> If the protocol allows a valid revocation to be formed without a
> recorded proof of cheating, they'll do that too.

This is not allowed by the security definition for offline e-cash as
far as I know.

-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180809/1a6662d1/attachment.sig>


More information about the cryptography mailing list