On 2/12/10 6:32 PM, James A. Donald wrote:
On 2010-12-01 11:18 PM, Ian G wrote:
On 1/12/10 6:12 AM, [email protected] wrote:
Can anyone give me a good rundown of the current anonymous payment
systems, technologies and/or algorithms?
OK, there are some issues here. There is technology, algorithms,
patents, techniques, protocols, applications, services, business models
... all lumped into one general term without care.
Anonymous payment systems are a bit of a contradiction, internally. What
you're probably talking about is untraceable payment systems, which
typically use Chaum or Brands or Wagner algorithms (there are a handful
of other variants). In this model, the "coin" is stripped of its
identifying information as it transfers from Ivan to Alice to Bob. When
Bob deposits the coin to Ivan (issuer) for credit to his account, or for
rollover to new coins, the chain of traceability is broken.
Then, there is another variation called nymous payment systems. This
model is typically done with a client-server public-private key
arrangement, where the client registers the public key, and signs
requests (including payments) which are sent to the server. The privacy
trick with this one is that the issuer doesn't need to know who holds
the private key; so while everything is traceable, it's also nymous.
For anonymous payments to actually be anonymous, we need both nymity and
untraceability.
Nymity means that anyone can have lots of different and seemingly
unrelated communication end points, such as, for example, email addresses.
With Pecunix, you can pay anyone who has an email address, with no
requirement for the recipient to demonstrate a true name known to the
state - but transfers between one email address and another are traceable.
For anonymity, one has to be able to have cheap and disposable nyms,
*and* be able to transfer funds between nyms without anyone being able
to discover that one nym is getting the money from the other nym.
Yep, this is where the definitions matter, at a first order analysis.
Change those definitions around and it gets a bit confusing.
However, beyond the "privacy" aspects, there are other requirements
which interfere in strange ways, but you'll only find this at a second
order analysis. Plenty of systems have failed because they've not
understood the laws of money & business; we or they have fielded
systems that were (e.g.) private but broken in other ways.
iang
PS: I know James knows all this; Note to travis: if you're just
interested in the crypto, you can ignore all of this, and research all
the various blinding methods. But if you are interested in running a
business, the crypto is more or less easy, the business is devilishly
complicated. To get a taste of the business aspects, have a look at the
FC7 model: http://iang.org/papers/fc7.html
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
