At 10:23 PM +0200 10/20/05, Daniel A. Nagy wrote:
>The referred 1988
>paper proposes an off-line system

Please. You can just as easily do an on-line system, and still have blind
signatures, including m=m=2 shared secret signature hiding to prevent
double spending.

In fact, the *only* viable way to do blind signatures with any security is
to have an *on-line* system, with redemption and reissue of certificates on
every step, and the underwriter not honoring any double spent transaction.

So, you still get the benefits of non-repudiation, you get functional
anonymity (because audit trails become a completely superfluous cost -- all
you need to keep is a single-field database of spent notes against a
possible second spend, deletable on an agreed-upon date), and (I claim :-))
you get the resulting transaction cost benefit versus book-entry
transactions as well.

Sigh. I really wish people would actually read what people have written
about these things for the last, what, 20 years now...

BTW, you can exchange cash for goods, or other chaumian bearer certificates
-- or receipts, for that matter, with a simple exchange protocol. Micali
did one for email ten years ago, for instance.


R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Reply via email to