On Tue, Apr 09, 2002 at 01:35:03PM -0700, Morlock Elloi wrote: > > If you use the normal approach of putting the identity in the coin, > > you can't double-spend anonymously. > > And how will a regular consumer, with no math degree, verify that > her coins are indeed partially blinded ? Trust the bank ? No shit.
The regular consumer will rely on a third party to examine the source to see that they securely and correctly implement the protocols to assure privacy. In the smart card setting with Brands protocols there is a host computer (eg pda, laptop, mobile-phone main processor, desktop) and a tamper-resistant smart-card which computes part of the coin transfer and prevents double-spending (to the limit of it's tamper-resistance). You can't verify what the smart-card is doing so easily, however the computation by the host computer assures that the smart-card even if it is intentionally hostile to your privacy can not help the bank trace your payments as everything it says is blinded by the host computers calcluations which are more verifiable. > Dollar bills in plain white envelope wiith no return address beat > the crap out of all these convoluted schemes. It may seem convoluted, but by comparison assurance of security of algorithms used with credit-cards over SSL, or even the authentication framework used by card swipe credit cards also would appear complicated to many. All that matters at the consumer level is that it demonstrably works, the people running the system are confident enough in it to deploy it, fraud is low, and that consumers gain trust in it through whatever means. For acceptance of privacy features similar issues will hold. Do the privacy advocates, analysts, and experts agree that the system provides privacy. Adam