[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] latest draft on the Taler cryptography
|
From: |
Richard Stallman |
|
Subject: |
Re: [Taler] latest draft on the Taler cryptography |
|
Date: |
Sat, 26 Sep 2015 18:21:57 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> No, it's the public key. The issue is that during spending/deposit, the
> public key is transmitted by the anonymous customer. What we thus need
> to prevent is the mint to be able to link this transaction to the
> original withdrawal interaction of the *authenticated* customer. So
> during withdrawal, the mint only sees the *blinded* public key, which it
> cannot later link to the unblinded public key, thus the customer stays
> anonymous. (This is the key idea behind the original Chaum system).
I think that passage needs clarification.
In RSA, the relationship between the two keys is symmetrical. When
using RSA encryption, you publish one key (thus reasonably called the
"public" key) and you keep the other key secret (thus it's reasonably
called the secret key).
Here, the uses of the two keys are different from that, so different names
would make their functions clearer.
Perhaps you should call them the "mint key" and the "coin key".
--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.