On 14/06/11 6:13 PM, Adam Back wrote:
See also:
Auditable Anonymous Electronic Cash by Tomas Sander and Amnon Ta-Shma
in crypto 1998.
http://www.math.tau.ac.il/~amnon/Papers/ST.crypto99.pdf
...
In their setting Sander & Ta-Shma also can identify double-spenders because
their identity is included in one attribute of the DLREP that is
revealed by
simultaneous equation if two different shows are made for the same coin.
Maybe would be something useful you could do with that feature in the
bitcoin setting.
Yes, that feature puzzled me too (I'm working from long dim dark memory
here).... When I talked to Tomas back in that time, he gave me the
impression he was exploring how Central Banks would do digital cash.
The notion at the time was some sort of recoverable privacy.
Which, to my mind was the same sin as the alternate: obsession with
privacy, including to the extent of eliminating the core requirements of
money. The first law of money is that it has to be safe:
http://forum.bitcoin.org/index.php?topic=16457.0
This is the fundamental reason why we have reversable transactions in
systems to account for money ... (whatever we think of the result, there
is a reason why we have that feature).
This is also why nymous (public-key identified) transaction systems will
always beat out coin-based (blinded) systems in the long run.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
