[2872] in cryptography@c2.net mail archive
Re: Microsoft patent
daemon@ATHENA.MIT.EDU (Wei Dai)
Thu Jun 25 22:47:43 1998
Date: Thu, 25 Jun 1998 17:15:11 -0700
From: Wei Dai <weidai@eskimo.com>
To: Robert Hettinga <rah@shipwright.com>, cypherpunks@cyberpass.net,
coderpunks@toad.com, dcsb@ai.mit.edu, cryptography@c2.net,
e$@vmeng.com
In-Reply-To: <v04011706b1b7f3381abc@[139.167.130.246]>; from Robert Hettinga on Thu, Jun 25, 1998 at 08:30:57AM -0400
Actually Dan Simon's system doesn't use blinding at all. The abstract
below specificly says the coin is in an unblinded form. I think you can
get Dan's Crypto '96 paper on the Microsoft Research web page at
research.microsoft.com, but it seems to be down right now. The paper has a
much better description of the system.
On Thu, Jun 25, 1998 at 08:30:57AM -0400, Robert Hettinga wrote:
> Microsoft patents blinding.
>
> Looks like we get to wait another 20 years...
>
> Cheers,
> Bob Hettinga
>
> --- begin forwarded text
>
>
> Sender: <dbs@philodox.com>
> Date: Thu, 25 Jun 1998 08:54:30 +0200
> From: Ian Grigg <iang@systemics.com>
> Organization: Systemics
> MIME-Version: 1.0
> To: dbs@philodox.com
> CC: "Muller, John D." <JMuller@brobeck.com>
> Subject: Microsoft patent
> Precedence: Bulk
> List-Subscribe: <mailto:requests@philodox.com?subject=subscribe%20dbs>
> X-Web-Archive: http://www.philodox.com/dbs-archive/
>
> Muller, John D. wrote:
>
> > And now for something completely different: Microsoft recently received
> > a U.S. patent for an untraceable electronic cash protocol. Check out
> > http://www.patents.ibm.com/details?patent_number=5768385.
>
> It has always been my view that the patents held by DigiCash afforded
> no protection to the company, it was all smoke and mirrors, which had
> even the most cynical befuddled and applauding.
>
> Now that Microsoft has a patent on "blinding" one wonders what next?
> Suing M$ is not really a rational option except as a prelude for a
> takeover. Having said that, a takeover by M$ of DigiCash would
> represent a very good solution for the company, in all respects.
>
> iang
>
> For reference, the salient details. Any cryptographers care to
> translate this into a human-readable description of the algorithm?
> ===================================
>
>
> INVENTORS: Simon; Daniel R., Redmond, WA
> ASSIGNEES: Microsoft Corporation, Redmond, WA
> ISSUED: June 16, 1998
>
> FILED: Aug. 29, 1995
> SERIAL NUMBER: 521124
> ...
>
>
> ABSTRACT: An electronic cash protocol including the steps of using a
> one-way function f1 (x) to generate an image f1 (x1) from a preimage
> x1 ; sending the image f1 (x1) in an unblinded form to a second party;
> and receiving from the second party a note including a digital
> signature, wherein the note represents a commitment by the second
> party to credit a predetermined amount of money to a first presenter
> of the preimage x1 to the second party.
>
> References {9 Chaum patents}
>
>
> What is claimed is:
>
> 27. A method of implementing an electronic cash protocol comprising
> the steps of:
>
> * obtaining a first image f(x1) and a first preimage x1, wherein
> said first preimage x1 has a predetermined monetary value associated
> therewith;
>
> * selecting a plurality of preimages xi, wherein I is an integer
> index that runs from 1 to n, where n is a positive integer;
>
> * using a second one-way function f2 (x) to generate a plurality of
> images f2 (xi) from the second preimages xi ;
>
> * sending the first preimage x1 and an unblinded form of all of the
> images f2 (xi) to the second party; and
>
> * receiving from the second party a plurality of each including a
> digital signature, said plurality of notes equal in number to the
> plurality of images f2 (xi) and representing a plurality of
> predetermined amounts, each of said plurality of notes representing a
> commitment by the second party to credit a corresponding different one
> of said plurality of predetermined amounts of money to a first
> presenter of the corresponding preimage xi to the second party,
> wherein the total of said plurality of predetermined amounts of money
> equals said predetermined monetary value.
>
> References, etc...
>
> --- end forwarded text
>
>
> -----------------
> Robert A. Hettinga
> Philodox Financial Technology Evangelism
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
> Philodox: <http://www.philodox.com>, e$: <http://www.shipwright.com/>
> <mailto: rah@philodox.com> <mailto: rah@shipwright.com>
