On 10/28/05, Daniel A. Nagy <[EMAIL PROTECTED]> wrote:
> Irreversibility of transactions hinges on two features of the proposed
> systetm: the fundamentally irreversible nature of publishing information in
> the public records and the fact that in order to invalidate a secret, one
> needs to know i
>From: cyphrpunk <[EMAIL PROTECTED]>
>Sent: Oct 27, 2005 9:15 PM
>To: "James A. Donald" <[EMAIL PROTECTED]>
>Cc: cryptography@metzdowd.com, [EMAIL PROTECTED]
>Subject: Re: On Digital Cash-like Payment Systems
>On 10/26/05, James A. Donald <[EMAIL PROTE
On Fri, Oct 28, 2005 at 02:18:43PM -0700, cyphrpunk wrote:
> In particular I have concerns about the finality and irreversibility
> of payments, given that the issuer keeps track of each token as it
> progresses through the system. Whenever one token is exchanged for a
> new one, the issuer record
One other point with regard to Daniel Nagy's paper at
http://www.epointsystem.org/~nagydani/ICETE2005.pdf
A good way to organize papers like this is to first present the
desired properties of systems like yours (and optionally show that
other systems fail to meet one or more of these properties);
On 10/26/05, James A. Donald <[EMAIL PROTECTED]> wrote:
> How does one inflate a key?
Just make it bigger by adding redundancy and padding, before you
encrypt it and store it on your disk. That way the attacker who wants
to steal your keyring sees a 4 GB encrypted file which actually holds
about a
On 10/25/05, Travis H. <[EMAIL PROTECTED]> wrote:
> More on topic, I recently heard about a scam involving differential
> reversibility between two remote payment systems. The fraudster sends
> you an email asking you to make a Western Union payment to a third
> party, and deposits the requested a
John Kelsey wrote:
From: cyphrpunk <[EMAIL PROTECTED]>
Digital wallets will require real security in user PCs. Still I don't
see why we don't already have this problem with online banking and
similar financial services. Couldn't a virus today steal people's
passwords and command their banks to tr
--
Steve Schear <[EMAIL PROTECTED]>
> Yes, but unfortunately it is not clear at all that
> courts would find the opposite, either. If a lawsuit
> names the currency issuer as a defendant, which it
> almost certainly would, a judge might order the
> issuer's finances frozen or impose other meas
IL PROTECTED]
From: [EMAIL PROTECTED] (Daniel A. Nagy)
Subject:Re: [fc-discuss] Financial Cryptography Update: On
Digital Cash-like Payment Systems
> One intresting security measure protecting valuable digital assets (WM
> protects private keys this way) is "inflating" the
> If you have
> to be that confident in your computer security to use the payment
> system, it's not going to have many clients.
Maybe the trusted computing platform (palladium) may have something to
offer after all, namely enabling naive users to use services that
require confidence in their own
| U.S. law generally requires that stolen goods be returned to the
| original owner without compensation to the current holder, even if
| they had been purchased legitimately (from the thief or his agent) by
| an innocent third party.
This is incorrect. The law draws a distinction between recogniz
>From: cyphrpunk <[EMAIL PROTECTED]>
>Sent: Oct 24, 2005 5:58 PM
>To: John Kelsey <[EMAIL PROTECTED]>
>Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like
>Payment Systems
...
>Digital wallets will require real security in user PCs. S
One intresting security measure protecting valuable digital assets (WM
protects private keys this way) is "inflating" them before encryption.
While it does not protect agains trojan applications, it does a surprisingly
good job at reducing attacks following the key logging + file theft pattern.
T
On Mon, Oct 24, 2005 at 02:58:32PM -0700, cyphrpunk wrote:
> Digital wallets will require real security in user PCs. Still I don't
> see why we don't already have this problem with online banking and
> similar financial services. Couldn't a virus today steal people's
> passwords and command their
On 10/24/05, John Kelsey <[EMAIL PROTECTED]> wrote:
> More to the point, an irreversible payment system raises big practical
> problems in a world full of very hard-to-secure PCs running the
> relevant software. One exploitable software bug, properly used, can
> steal an enormous amount of money i
On 10/24/05, Steve Schear <[EMAIL PROTECTED]> wrote:
> I don't think E-gold ever held out its system as non-reversible with proper
> court order. All reverses I am aware happened either due to some technical
> problem with their system or an order from a court of competence in the
> matter at hand
From: cyphrpunk <[EMAIL PROTECTED]>
Sent: Oct 24, 2005 2:14 PM
Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like
Payment Systems
On 10/22/05, Ian G <[EMAIL PROTECTED]> wrote:
>Note that e-gold, which originally sold non-reversibility as a key
>ben
At 11:14 AM 10/24/2005, cyphrpunk wrote:
Note that e-gold, which originally sold non-reversibility as a key
benefit of the system, found that this feature attracted Ponzi schemes
and fraudsters of all stripes, and eventually it was forced to reverse
transactions and freeze accounts. It's not cle
On 10/22/05, Ian G <[EMAIL PROTECTED]> wrote:
> R. Hirschfeld wrote:
> > This is not strictly correct. The payer can reveal the blinding
> > factor, making the payment traceable. I believe Chaum deliberately
> > chose for one-way untraceability (untraceable by the payee but not by
> > the payer)
R. Hirschfeld wrote:
Date: Thu, 20 Oct 2005 11:31:39 -0700
From: cyphrpunk <[EMAIL PROTECTED]>
2. Cash payments are final. After the fact, the paying party has no
means to reverse the payment. We call this property of cash
transactions _irreversibility_.
Certainly Chaum ecash has this prope
At 11:17 AM -0700 10/21/05, someone who can't afford a vowel, Alex, ;-)
expressed his anal glands thusly in my general direction:
>You're such an asshole.
My, my. Tetchy, this morning, oh vowelless one...
At 11:17 AM -0700 10/21/05, cyphrpunk wrote:
>This is what you characterized as a "unitary
On 10/20/05, Daniel A. Nagy <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 20, 2005 at 03:36:54PM -0700, cyphrpunk wrote:
> > As far as the issue of receipts in Chaumian ecash, there have been a
> > couple of approaches discussed.
> >
> > The simplest goes like this. If Alice will pay Bob, Bob supplies A
On 10/20/05, R.A. Hettinga <[EMAIL PROTECTED]> wrote:
> At 12:32 AM +0200 10/21/05, Daniel A. Nagy wrote:
> >Could you give us a reference to this one, please?
>
> Google is your friend, dude.
>
> Before making unitary global claims like you just did, you might consider
> consulting the literature.
> Date: Thu, 20 Oct 2005 11:31:39 -0700
> From: cyphrpunk <[EMAIL PROTECTED]>
> > 2. Cash payments are final. After the fact, the paying party has no
> > means to reverse the payment. We call this property of cash
> > transactions _irreversibility_.
>
> Certainly Chaum ecash has this property.
At 2:36 AM +0200 10/21/05, Daniel A. Nagy wrote:
>With all due respect, this was unnecessarily rude, unfair and unwarranted.
This is the *cypherpunks* list, guy... :-)
>Silvio Micali is a very prolific author and he published more than one paper
>on more than one exchange protocol
And I just got
On Thu, Oct 20, 2005 at 07:34:34PM -0400, R.A. Hettinga wrote:
> At 12:32 AM +0200 10/21/05, Daniel A. Nagy wrote:
> >Could you give us a reference to this one, please?
>
> Google is your friend, dude.
>
> Before making unitary global claims like you just did, you might consider
> consulting the
On Thu, Oct 20, 2005 at 03:36:54PM -0700, cyphrpunk wrote:
> As far as the issue of receipts in Chaumian ecash, there have been a
> couple of approaches discussed.
>
> The simplest goes like this. If Alice will pay Bob, Bob supplies Alice
> with a blinded proto-coin, along with a signed statement,
At 12:32 AM +0200 10/21/05, Daniel A. Nagy wrote:
>Could you give us a reference to this one, please?
Google is your friend, dude.
Before making unitary global claims like you just did, you might consider
consulting the literature. It's out there.
Cheers,
RAH
--
-
R. A. Hetting
As far as the issue of receipts in Chaumian ecash, there have been a
couple of approaches discussed.
The simplest goes like this. If Alice will pay Bob, Bob supplies Alice
with a blinded proto-coin, along with a signed statement, "I will
perform service X if Alice supplies me with a mint signature
On Thu, Oct 20, 2005 at 05:19:49PM -0400, R.A. Hettinga wrote:
> BTW, you can exchange cash for goods, or other chaumian bearer certificates
> -- or receipts, for that matter, with a simple exchange protocol. Micali
> did one for email ten years ago, for instance.
Could you give us a reference to
At 10:23 PM +0200 10/20/05, Daniel A. Nagy wrote:
>The referred 1988
>paper proposes an off-line system
Please. You can just as easily do an on-line system, and still have blind
signatures, including m=m=2 shared secret signature hiding to prevent
double spending.
In fact, the *only* viable way t
On Thu, 20 Oct 2005, cyphrpunk wrote:
system without excessive complications. Only the fifth point, the
ability for outsiders to monitor the amount of cash in circulation, is
not satisfied. But even then, the ecash mint software, and procedures
and controls followed by the issuer, could be des
Thank you for the detailed critique!
I think, we're not talking about the same Chaumian cash. The referred 1988
paper proposes an off-line system, where double spending compromises
anonymity and results in transaction reversal. I agree with you that it was
a mistake on my part to deny its peer-to-
Let's take a look at Daniel Nagy's list of desirable features for an
ecash system and see how simple, on-line Chaum ecash fares.
> http://www.epointsystem.org/~nagydani/ICETE2005.pdf
>
> One of the reasons, in the author s opinion, is that payment systems
> based on similar schemes lack some ke
cyphrpunk wrote:
If this is the model, my concern is that in practice it will often be
the case that there will be few intermediate exchanges. Particularly
in the early stages of the system, there won't be that much to buy.
Someone may accept epoints for payment but the first thing he will do
is
I will provide a detailed answer a bit later, but the short answer is that
anonymity and untraceability are not major selling points, as experience
shows. After all, ATMs could easily record and match to the user the serial
numbers of each banknote they hand out, yet, there seems to be no preferenc
am strongly convinced that banks cannot, will not and should not be the
> principal issuers of digital cash-like payment vehicles. If you need
> explaination, I'm willing to provide it. I do not expect payment tokens to
> originate from withdrawals and end their life cycles being depo
cast them in a slightly different light.
In my paper, I am explicitly and implicitly challenging Chaum's assumptions
about the very problem of digital cash-like payment. One can, of course,
criticize my proposal under chaumian assumptions, but that would miss the
point entirely. I think, a decade
> Just presented at ICETE2005 by Daniel Nagy:
>
> http://www.epointsystem.org/~nagydani/ICETE2005.pdf
>
> Abstract. In present paper a novel approach to on-line payment is
> presented that tackles some issues of digital cash that have, in the
> author s opinion, contrib
--- begin forwarded text
From: [EMAIL PROTECTED]
To: undisclosed-recipients: ;
Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like
Payment Systems
Sender: [EMAIL PROTECTED]
Date: Sat, 8 Oct 2005 18:30:56 +0100 (BST)
(( Financial Cryptography Update: On Digital Cash
from the old-wine-in-new-bottles dept.
Cheers,
RAH
---
At 11:24 AM + 9/17/03, [EMAIL PROTECTED] wrote:
>++
>| Post-copyright: Digital Cash and Compulsory Licensing? |
>| from the drea
On Tuesday, September 9, 2003, at 11:47 AM, Steve Schear wrote:
At 09:28 AM 9/9/2003 -0700, Tim May wrote:
Why are you not addressing the more direct attack, the one I
described yesterday?
"The contributions you receive for $87.93 came from our members."
Unless the amounts are consolidated by
At 09:28 AM 9/9/2003 -0700, Tim May wrote:
On Monday, September 8, 2003, at 08:39 PM, Steve Schear wrote:
At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote:
- Original Message -
From: "Steve Schear" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
[anonymous funding of poli
On Monday, September 8, 2003, at 08:39 PM, Steve Schear wrote:
At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote:
- Original Message -
From: "Steve Schear" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
[anonymous funding of politicians]
> Comments?
Simple attack: Bob tal
On Tuesday, September 9, 2003, at 09:58 AM, ken wrote:
Tim May wrote:
In any case, campaign finance reform is essentially uninteresting and
statist.
Yes Tim, but as we happen to live in places where states make laws and
employ men with guns to hurt us if we disobey those laws then we do
have
Tim May wrote:
In any case, campaign finance reform is essentially uninteresting and
statist.
Yes Tim, but as we happen to live in places where states make laws
and employ men with guns to hurt us if we disobey those laws then
we do have an interest (in the other sense) in who gets to run the
, if you're talking about *real* campaign finance reform,
as in permitting people to engage in free speech even if it requires
money to transmit that speech to their intended recipients,
fully anonymous digital cash is useful for that, in the obvious ways,
and payer-anonymous payee-disclosing d
On Monday 08 September 2003 14:34, Ian Grigg wrote:
> Steve Schear wrote:
> How would you audit such a system? I'm not that up
> on political cash, but I would have expected that there
> would be a need to figure out where money was coming
> from, by some interested third party at least.
Would
Steve Schear wrote:
> By combining a mandated digital cash system for contributions, a cap on the
> size of each individual contribution (perhaps as small as $100), randomized
> delays (perhaps up to a few weeks) in the "posting" of each transaction to
> the account of the c
there has
been little real progress. The challenge is to encourage "neutral"
campaign contributions. Perhaps technology could lend a hand.
One of the features of Chaimian digital cash is unlinkability.
Normally, this has been viewed from the perspective of the payer and
payee not
encourage "neutral" campaign contributions. Perhaps
technology could lend a hand.
One of the features of Chaimian digital cash is unlinkability. Normally,
this has been viewed from the perspective of the payer and payee not
wishing to be linked to a transaction. But it also follows tha
transfers, checks or money orders for online betting, "gambling site
operators are scrambling for [options], such as digital cash, that can't be
easily blocked", MSNBC reports. Consultant Melody Wigdahl, confirms that in
"the next six months major players are going to step fo
http://www.infoanarchy.org/story/2002/11/11/4183/2039
Yodel Bank: Anonymous Digital Cash
By Anonymous Hero, Section New Releases
Posted on Mon Nov 11th, 2002 at 04:18:03 AM GMT
Thanks to developments in anonymous communication, such as Freenet and
the invisible irc project, anonymous digital
n buying some good or service with digital
> cash, the customer first forwards the cash to the vendor
> in some transformed way such that the vendor can't yet
> spend it, but can verify that it is good cash of the
> correct amount, and that the customer will no longer be
> abl
On Mon, 10 Dec 2001, David Honig wrote:
> this *corroborates* the stuff Hettinga has been saying about it being
> cheaper to use certain kinds of payment than others.
Actually Hettinga's observation is rather obvious. The concept that all
exchanges will cost the same is rather self-destructing.
At 09:48 PM 12/10/01 -0600, Jim Choate wrote:
>On Tue, 11 Dec 2001, Anonymous wrote:
>
>> To rip the coin, the passenger gives the taxi driver t = s^e1, along
>> with x. The driver can verify that t^e2 = s^(e1*e2) = s^e1 = x mod n
>> which tells him that it is a real coin. He also sends (t, x) t
> Sealand's claim to statehood rests on the following argument:
Using alta-vista to convert from libbertwaddle to English:
] 1) A group of pixies visited the grand wizard Snarlpuff under
] the dumm-dumm bush at the end of baggley-bong. Here screech the
] ...
My suggestion is that the UK govt.
No, it's the lack of a credible threat of such a system being put in
place. Once the system is in place it is too late to impliment crypto to
recover.
There are other similar cause-effect logic errors in your arguments as
well.
On Sat, 22 Sep 2001, Ryan Lackey wrote:
> The greatest enemy of s
Quoting Phillip Hallam-Baker <[EMAIL PROTECTED]>:
> I never thought much of the idea at the time. In todays climate I
> suspect that E-Gold, ZeroKnowledge and Sealand might as well
> start packing up their servers before they get busted.
(it's "HavenCo" not "Sealand", just as ZKS is ZKS and not
> You say that now, but what if the day comes when digital
> currency schemes have been in successful operation for years,
> and there are goods or services you desire that can be had far
> cheaper (or only) if you use digital currency?
Hmmm ... this sounds like a dot-com business plan :-))
>
> Then we have an issuer of one use (and hence unlinkable) credentials
> representing the reputation of the mint. So these are reputation credential
> issuers. My thought was that there would similarly be reputation credential
> issuers -- (potentially) everyone a reputation credential issuer.
more likely to be sent to minimum
security prison rather than bludgeoned to death.
> b) The competition (government) will pulp the pulpable mint.
>
Possibly. Or there's another possibility, that maybe the
government officials who have "pulping" authority will become
On Thu, Jul 12, 2001 at 03:41:57PM -0700, Morlock Elloi wrote:
> > Probably people would be willing to accept other issuers currencies even if
> > they don't know the issuer so long as they had the reputation rating for the
> > currency / issuer.
> >
> > But anonymous reptuations alone aren't any
> Probably people would be willing to accept other issuers currencies even if
> they don't know the issuer so long as they had the reputation rating for the
> currency / issuer.
>
> But anonymous reptuations alone aren't any use as a rational issuer would
> refuse to redeem if the action didn't a
On Thu, 12 Jul 2001, Morlock Elloi wrote:
> b) The competition (government) will pulp the pulpable mint.
Not if they can't find it.
> So, n-way blind e-cash will never happen. It may be a nice thing to bullshit
> about and to do PhD thesis and patents on and thus attract chicks, but it will
>
Have you looked at Plan 9? It would allow you to run the 'mint' as a
independent distributed service for all users that actually runs as no
user. It would require a 'virtual filespace' so the requisite binaries and
such don't reside on any one machine, not native but that's doable as
well. Once s
,[ On Wed, Jul 11, at 01:30PM, Ray Dillinger wrote: ]--
| Can anybody recommend appropriate reading?
|
|
| Bear
`[ End Quote ]---
its not too much, in fact, it is not precisely what you are looking for.
but check this paper out:
I've been attempting to design a decentralized auction/
exchange system that permits pseudonymous participants.
By 'decentralized', I mean that NO central server, or
subset of individual servers, controls access to any
resource the system cannot work without; that there
is no single point o
69 matches
Mail list logo
