[3671] in WWW Security List Archive
Re: anonymous e-cash
daemon@ATHENA.MIT.EDU (Nick Szabo)
Tue Dec 3 18:39:07 1996
From: szabo@netcom.com (Nick Szabo)
To: dmk@research.bell-labs.com (Dave Kristol)
Date: Tue, 3 Dec 1996 12:52:01 -0800 (PST)
Cc: diane.ellison@asu.edu, www-security@ns2.rutgers.edu, ecash@digicash.com
In-Reply-To: <9612031719.AA03006@aleatory> from "Dave Kristol" at Dec 3, 96 12:19:31 pm
Errors-To: owner-www-security@ns2.rutgers.edu
There are several different kinds of "anonymity" that may or
may not be provided by digital cash. They depend
on both the cash protocol itself and on the communications
medium in which it is employed.
The main privacy feature of ecash-style digital cash
(as opposed to various pseudo-cash systems such as CyberCash
coins) is to prevent the clearinghouse (bank) from creating master
lists linking buyers and sellers. Withdrawal of
a coin by a payer cannot be linked by the bank via the
serial number to a clearing of that coin by a payee.
Whether the buyer and seller want to identify each other, or
demand identification as a contractual condition, is up to
them. It is not required by the digital cash protocol.
Under practical Internet commerce circumstances they indeed
already know each others' IP addresses. Mail order requires
a mailing address, which under typical postal regulations
implies identity.
The main privacy feature, protection against routine
buyer/seller information gathering by the clearing
house, is maintained unless parties get in the habit of
forwarding their counterparties' IP addresses to the clearing
house -- presumably not something that DigiCash's software does
or encourages. There are various protocols to prevent or allow
collusion in the linking of counterparties' serial numbers to
bank account identitites, but these are largely irrelevant
when standard IP is used as the communications medium.
Nick Szabo
szabo@netcom.com
http://www.best.com/~szabo/
