diff options
author | Jeff Burdges <burdges@gnunet.org> | 2016-11-08 15:41:06 +0100 |
---|---|---|
committer | Jeff Burdges <burdges@gnunet.org> | 2016-11-08 15:41:06 +0100 |
commit | 71cf852ab5e05f7ee495b6b334dad1d3c18a0c46 (patch) | |
tree | 5b8456a041a1f8c418d866b7a66cf67c35b347d9 | |
parent | c5f3c7c144ca5960c854ce036891d199a1fa8d49 (diff) |
Compact E-Cash discussion
-rw-r--r-- | doc/paper/taler.bib | 32 | ||||
-rw-r--r-- | doc/paper/taler.tex | 28 |
2 files changed, 49 insertions, 11 deletions
diff --git a/doc/paper/taler.bib b/doc/paper/taler.bib index 67bf07c25..663309259 100644 --- a/doc/paper/taler.bib +++ b/doc/paper/taler.bib @@ -99,14 +99,30 @@ @inproceedings{Camenisch05compacte-cash, - author = {Jan Camenisch and Susan Hohenberger and Anna Lysyanskaya}, - title = {Compact e-cash}, - booktitle = {In EUROCRYPT, volume 3494 of LNCS}, - year = {2005}, - pages = {302--321}, - publisher = {Springer-Verlag} - url = {http://cs.brown.edu/~anna/papers/chl05-full.pdf}, - url_citeseerx = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.136.4640} + author = {Jan Camenisch and Susan Hohenberger and Anna Lysyanskaya}, + title = {Compact e-cash}, + booktitle = {In EUROCRYPT, volume 3494 of LNCS}, + year = {2005}, + pages = {302--321}, + publisher = {Springer-Verlag}, + url = {http://cs.brown.edu/~anna/papers/chl05-full.pdf}, + url_citeseerx = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.136.4640} +} + + +@Inbook{ST99, + author="Sander, Tomas and Ta-Shma, Amnon", + editor="Wiener, Michael", + title="Auditable, Anonymous Electronic Cash", + bookTitle="Advances in Cryptology --- CRYPTO' 99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15--19, 1999 Proceedings", + year="1999", + publisher="Springer Berlin Heidelberg", + address="Berlin, Heidelberg", + pages="555--572", + isbn="978-3-540-48405-9", + doi="10.1007/3-540-48405-1_35", + doi_url="http://dx.doi.org/10.1007/3-540-48405-1_35", + url = {http://www.cs.tau.ac.il/~amnon/Papers/ST.crypto99.pdf"} } diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex index 19b1b19f5..c1b38ae12 100644 --- a/doc/paper/taler.tex +++ b/doc/paper/taler.tex @@ -292,15 +292,37 @@ multiple transactions can be linked to each other. Performing fractional payments using $k$-show signatures is also rather expensive. -% For longer non-conference version : -% -Add note on Carmenisch's compact e-cash withdrawals \cite{Camenisch05compacte-cash} -% -Add note on Merkle tree based scheme that inspired Zerocash +In pure blind signature based schemes like Taler, withdrawal and spend +operations require bandwidth logarithmic in the value being withdrawn +or spent. In \cite{Camenisch05compacte-cash}, there is a zero-knoledge +scheme that improves upon this, requiring only constant bandwidth for +withdrawals and spend operations, but sadly the exchanges' storage and +search costs become lienar in the total value of all transactions. +In princile, one could correct this by adding multiple denominations, +an open problem stated already in \cite{Camenisch05compacte-cash}. +As described, the scheme employs offline double spending protection, +which inherently makes it fragile and create an wholey unneccasry +deanonymization risk. We believe the offline protection from double +spending could be removed, thus switching the scheme to only protection +against online doulbe spending, like Taler. +Along with fixing these two issues, an interesting applied research project +would be to add partial spending and a form of Taler's refresh protocol. +At present, we feel these relatively new cryptographic techniques incur +unacceptable financial risks to the exchange, due to underdeveloped +implementation practice. + +In this vein, there are pure also zero-knoledge proof based schemes +like \cite{ST99}, and subsequently Zerocash~\cite{zerocash}, and maybe +varations on BOLT~\cite{BOLT}, that avoid using any denomination-like +constructs, slightly reducing metadata leakage. At present, these all +incur excessive bandwidth or computational costs however. %Some argue that the focus on technically perfect but overwhelmingly %complex protocols, as well as the the lack of usable, practical %solutions lead to an abandonment of these ideas by %practitioners~\cite{selby2004analyzing}. +% FIXME: Move to top of section? % FIXME: ask OpenCoin dev's about this! Then make statement firmer! To our knowledge, the only publicly available effort to implement Chaum's idea is Opencoin~\cite{dent2008extensions}. However, Opencoin |