I read some of the docs and ecache appears to be based on HMAC
tickets, plus mixes.  The problem I see is that you have to trust the
mix.  Now the documentation does mention that they anticipate 3rd
party mixes, but still you have to trust those mixes also.

And as we know from mixmaster etc., there are attacks on mixes such as

So it seems to me they would achieve much stronger anonymity, using a
blinding based ecash system such as Chaum (patent expired) or Brands.

In this way the anonymity set would be with all of the coins issued
since coin-epoch start, rather than with the mixes used.  And there
would be no trust concerns as the blinding protocols dont require
trust in any servers (even the bank and merchant in collusion cant
identify a coin with its withdrawer).


On Wed, Feb 21, 2007 at 09:28:03AM -0800, Steve Schear wrote:
> With the expiration of Chaum's key patents it was assumed that someone 
> would step up an try their hand at launching a DBC-based financial 
> service.  Some time has passed and I'm happy to announce that this has 
> finally happened.  Taking a cue from the lively Digital Gold Currencies, 
> eCache's first denomination if gold backed.  Unlike Digicash's instruments, 
> eCache is using a mixing technique, rather than blinding, to help preserve 
> unlinkability.  Its mint is located on a hidden server in TOR-land.  More 
> information at: https://ffij33ewbnoeqnup.onion.meshmx.com/doc.php
> Comments are invited about the technology and governance aspects that such 
> financial services invoke.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to