[cryptography] sander & ta-shma + bitcoin, b-money, hashcash (Re: Is BitCoin a triple entry system?)
James A. Donald
jamesd at echeque.com
Tue Jun 14 05:40:10 EDT 2011
On 2011-06-14 6:13 PM, Adam Back wrote:
> See also:
> Auditable Anonymous Electronic Cash by Tomas Sander and Amnon Ta-Shma
> in crypto 1998.
> Its basically the idea of using non-interactive zero knowlede proof of
> membership in a list of coins as an alternative to blinding.
> The interesting thing is then the bank doesnt need a private key and doesnt
> much need to be trusted. Anyone can audit the list of coins, it is
> published; same for double spend database. The ZKP is a representation
> problem (like Stefan Brands ecash/credentials).
> They use Merkle trees to improve the computation efficiency (reduce the
> of the representation problems that have to be presented and verified).
> Like bitcoin it provides auditability, but better than bitcoin it provides
> cryptographically secure anonymity. With bitcoin it is not anonymous, just
> pseudonymous but traceable - because there is publicly auditable signature
> chain showing transfers between pseudonyms.
> Sander & Ta-Shma propose using it with a physical bank providing exchange,
> but that could be replaced with variable cost hashcash like bitcoin.
> I dont understood why bitcoin didnt use it
It is not a design, but an idea for a design.
There is no efficient zero knowledge proof that has the required properties.
More information about the cryptography