[Cryptography] algorithm for offline spend?
Natanael
natanael.l at gmail.com
Sat Sep 12 10:24:21 EDT 2020
Den lör 12 sep. 2020 07:46 <jamesd at echeque.com> skrev:
> Some time ago, someone constructed an algorithm for offline on the spot
> spending of a coin.
>
> Assume all participants have a valuable secret key that they do not want
> to reveal.
>
> Every time you spend the coin to someone else, it accumulates more data
> (and must eventually spent online to strip off the excess data.
>
> If anyone double spends the coin, he reveals his secret key.
>
> Does anyone recollect a link or cite for that algorithm?
>
> That algorithm might make it possible to fix the lightning network
> to work as it should.
>
David Chaum built this. Think it was called digital gold, or something. The
main technique used for signing these transactions is called chaumian
blinding. There's variants of this signing algorithm that don't reveal the
key when signing double, but the variant used here was specifically
designed to do so as a disincentive against acting maliciously.
Keep in mind that designs that rely on incentives where you do not have a
clear estimate of the true cost & reward of each option are very likely to
fail because people will always end up behaving in unpredictable ways, and
some of these ways might break your assumptions so bad that the whole
system fails.
For example, it's not guaranteed that the private key disclosure will be
discovered before the adversary has managed to run off with the money.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200912/fd9f87bd/attachment.htm>
More information about the cryptography
mailing list