[cryptography] sander & ta-shma + bitcoin, b-money, hashcash (Re: Is BitCoin a triple entry system?)

Ian G iang at iang.org
Tue Jun 14 11:29:45 EDT 2011

On 14/06/11 6:13 PM, Adam Back wrote:
> See also:
> Auditable Anonymous Electronic Cash by Tomas Sander and Amnon Ta-Shma
> in crypto 1998.
> http://www.math.tau.ac.il/~amnon/Papers/ST.crypto99.pdf
> In their setting Sander & Ta-Shma also can identify double-spenders because
> their identity is included in one attribute of the DLREP that is
> revealed by
> simultaneous equation if two different shows are made for the same coin.
> Maybe would be something useful you could do with that feature in the
> bitcoin setting.

Yes, that feature puzzled me too (I'm working from long dim dark memory 
here)....  When I talked to Tomas back in that time, he gave me the 
impression he was exploring how Central Banks would do digital cash. 
The notion at the time was some sort of recoverable privacy.

Which, to my mind was the same sin as the alternate:  obsession with 
privacy, including to the extent of eliminating the core requirements of 
money.  The first law of money is that it has to be safe:


This is the fundamental reason why we have reversable transactions in 
systems to account for money ... (whatever we think of the result, there 
is a reason why we have that feature).

This is also why nymous (public-key identified) transaction systems will 
always beat out coin-based (blinded) systems in the long run.


More information about the cryptography mailing list