[3664] in WWW Security List Archive
Re: anonymous e-cash
daemon@ATHENA.MIT.EDU (Dave Kristol)
Tue Dec 3 14:42:05 1996
Date: Tue, 3 Dec 96 12:19:31 EST
From: dmk@research.bell-labs.com (Dave Kristol)
To: diane.ellison@asu.edu
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Diane Ellison <dyann@ix.netcom.com> wrote:
> I work for a bank, and I am doing independent research at ASU.
> I am trying to come up to speed on Web security issues. After
> many long hours of reading definitions etc., I am confused by
> the Internet Payment ads that describe e-cash as "totally anonymous."
>
> QUESTION: How can a sender be totally anonymous to the receiver,
> especially when the receiver needs to return a response? The
> "note" can be disguised with blinding, but how can the sender's
> IP address be disguised?
Distinguish between the sender (user) and the sending machine.
It is sometimes, but not always, true that the sender uses but one
machine, and that only one user uses the sending machine. To the
extent there's a one-to-one correspondence, you are right that
anonymity may be compromised. But the e-cash contains no information
to identify a specific person (to the seller), so the best you can do
in that case is correlate buying patterns with an IP address.
With dial-up ISP's, IP addresses are often assigned dynamically, so a
given machine actually has different IP addresses for different
sessions.
It's also possible to interpose a proxy (or proxies) between the
sending machine and the seller that hides the original sending
machine's IP address, in which case you would need to have collusion
between seller and proxy operator even to identify the sending
machine's IP address.
Dave Kristol
P.S. http://www.bell-labs.com/www-buyinfo/ is a good resource for
electronic commerce.
