summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJeff Burdges <burdges@gnunet.org>2016-11-08 15:41:06 +0100
committerJeff Burdges <burdges@gnunet.org>2016-11-08 15:41:06 +0100
commit71cf852ab5e05f7ee495b6b334dad1d3c18a0c46 (patch)
tree5b8456a041a1f8c418d866b7a66cf67c35b347d9 /doc
parentc5f3c7c144ca5960c854ce036891d199a1fa8d49 (diff)
downloadexchange-71cf852ab5e05f7ee495b6b334dad1d3c18a0c46.tar.gz
exchange-71cf852ab5e05f7ee495b6b334dad1d3c18a0c46.tar.bz2
exchange-71cf852ab5e05f7ee495b6b334dad1d3c18a0c46.zip
Compact E-Cash discussion
Diffstat (limited to 'doc')
-rw-r--r--doc/paper/taler.bib32
-rw-r--r--doc/paper/taler.tex28
2 files changed, 49 insertions, 11 deletions
diff --git a/doc/paper/taler.bib b/doc/paper/taler.bib
index 67bf07c25..663309259 100644
--- a/doc/paper/taler.bib
+++ b/doc/paper/taler.bib
@@ -99,14 +99,30 @@
@inproceedings{Camenisch05compacte-cash,
- author = {Jan Camenisch and Susan Hohenberger and Anna Lysyanskaya},
- title = {Compact e-cash},
- booktitle = {In EUROCRYPT, volume 3494 of LNCS},
- year = {2005},
- pages = {302--321},
- publisher = {Springer-Verlag}
- url = {http://cs.brown.edu/~anna/papers/chl05-full.pdf},
- url_citeseerx = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.136.4640}
+ author = {Jan Camenisch and Susan Hohenberger and Anna Lysyanskaya},
+ title = {Compact e-cash},
+ booktitle = {In EUROCRYPT, volume 3494 of LNCS},
+ year = {2005},
+ pages = {302--321},
+ publisher = {Springer-Verlag},
+ url = {http://cs.brown.edu/~anna/papers/chl05-full.pdf},
+ url_citeseerx = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.136.4640}
+}
+
+
+@Inbook{ST99,
+ author="Sander, Tomas and Ta-Shma, Amnon",
+ editor="Wiener, Michael",
+ title="Auditable, Anonymous Electronic Cash",
+ bookTitle="Advances in Cryptology --- CRYPTO' 99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15--19, 1999 Proceedings",
+ year="1999",
+ publisher="Springer Berlin Heidelberg",
+ address="Berlin, Heidelberg",
+ pages="555--572",
+ isbn="978-3-540-48405-9",
+ doi="10.1007/3-540-48405-1_35",
+ doi_url="http://dx.doi.org/10.1007/3-540-48405-1_35",
+ url = {http://www.cs.tau.ac.il/~amnon/Papers/ST.crypto99.pdf"}
}
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex
index 19b1b19f5..c1b38ae12 100644
--- a/doc/paper/taler.tex
+++ b/doc/paper/taler.tex
@@ -292,15 +292,37 @@ multiple transactions can be linked to each other.
Performing fractional payments using $k$-show signatures is also
rather expensive.
-% For longer non-conference version :
-% -Add note on Carmenisch's compact e-cash withdrawals \cite{Camenisch05compacte-cash}
-% -Add note on Merkle tree based scheme that inspired Zerocash
+In pure blind signature based schemes like Taler, withdrawal and spend
+operations require bandwidth logarithmic in the value being withdrawn
+or spent. In \cite{Camenisch05compacte-cash}, there is a zero-knoledge
+scheme that improves upon this, requiring only constant bandwidth for
+withdrawals and spend operations, but sadly the exchanges' storage and
+search costs become lienar in the total value of all transactions.
+In princile, one could correct this by adding multiple denominations,
+an open problem stated already in \cite{Camenisch05compacte-cash}.
+As described, the scheme employs offline double spending protection,
+which inherently makes it fragile and create an wholey unneccasry
+deanonymization risk. We believe the offline protection from double
+spending could be removed, thus switching the scheme to only protection
+against online doulbe spending, like Taler.
+Along with fixing these two issues, an interesting applied research project
+would be to add partial spending and a form of Taler's refresh protocol.
+At present, we feel these relatively new cryptographic techniques incur
+unacceptable financial risks to the exchange, due to underdeveloped
+implementation practice.
+
+In this vein, there are pure also zero-knoledge proof based schemes
+like \cite{ST99}, and subsequently Zerocash~\cite{zerocash}, and maybe
+varations on BOLT~\cite{BOLT}, that avoid using any denomination-like
+constructs, slightly reducing metadata leakage. At present, these all
+incur excessive bandwidth or computational costs however.
%Some argue that the focus on technically perfect but overwhelmingly
%complex protocols, as well as the the lack of usable, practical
%solutions lead to an abandonment of these ideas by
%practitioners~\cite{selby2004analyzing}.
+% FIXME: Move to top of section?
% FIXME: ask OpenCoin dev's about this! Then make statement firmer!
To our knowledge, the only publicly available effort to implement
Chaum's idea is Opencoin~\cite{dent2008extensions}. However, Opencoin