[3674] in WWW Security List Archive
Re: anonymous e-cash
daemon@ATHENA.MIT.EDU (Darren Cook)
Tue Dec 3 23:23:45 1996
To: www-security@ns2.rutgers.edu
From: darren@factcomm.co.jp (Darren Cook)
Date: Wed, 4 Dec 1996 10:58:35 +0900
Errors-To: owner-www-security@ns2.rutgers.edu
>I work for a bank, and I am doing independent research at ASU.
>I am trying to come up to speed on Web security issues. After
>many long hours of reading definitions etc., I am confused by
>the Internet Payment ads that describe e-cash as "totally anonymous."
>
>QUESTION: How can a sender be totally anonymous to the receiver,
>especially when the receiver needs to return a response? The
>"note" can be disguised with blinding, but how can the sender's
>IP address be disguised?
AFAIK you cannot disguise the IP address, though an IP address only says
what machine you sent from, not who you are.
I think e-cash is only intended to be as anonymous as real cash. If I pay
for something in a shop the shopkeeper sees my face, and maybe knows who I am.
I suppose he could jot down the serial number on the note and my name each
time (plausible if the shopkeeper is a computer), and when he uses it to pay
for something, he could tell the next person this information. That person
would then have to track that: "I got this note from X who got in from Y".
But I fail to see why anyone would bother.
Darren
