[4332] in cryptography@c2.net mail archive
Does any patent cover Wagner's ecash scheme?
daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Mar 13 17:34:50 1999
Date: Sat, 13 Mar 1999 09:35:00 -0800
To: cryptography@c2.net
From: "James A. Donald" <jamesd@echeque.com>
Cc: Wei Dai <weidai@eskimo.com>
In-Reply-To: <19990312183741.D79940@bitbox.follo.net>
--
On the coderpunks list Wei Dai suggested that a MAC based
scheme for unlinkable ecash would not be covered by existing
patents, and then interpreted Wagner's
<http://x9.dejanews.com/getdoc.xp?AN=3D145097228> scheme as MAC
based, an interpretation others disputed.
So I looked up the patent literature to see what I could see,
and I did not find any patent covering Wagner's proposal=20
Wagner's proposal has elements in common with the blind
undeniable signatures patented by Chaum
<http://www.patents.ibm.com/details?pn10=3DUS04947430>=20
In particular the blinding steps are identical to those
proposed in claim 9 of the above patent, and the signing step
identical to that proposed in claim 7 of the above patent,
however the above patent does not seem to me to cover
Wagner's method, because the relevant claims say
7. The method according to claim 3, wherein said
signing step comprises raising said unsigned
message to a signing power derived from said
private key, such exponentiation being performed
in a finite structure where the inverse of such
exponents is unknown.=20
8. The method according to claim 1 further including
the step of:=20
creating a public key and a
corresponding private key, and=20
distributing them so that the
private key is known to said=20
signing party and the public key
but not the private key is known to
a checking party.=20
9. The method as in claim 1, further comprising the
steps of:=20
blinding said unsigned message
responsive to a blinding key before
providing the resulting blinded
unsigned message to said signing
party in place of said unsigned
message; and unblinding said
undeniably signed message returned
by said signing party responsive to
said blinding key.=20
Wagner is not using anything resembling the method
according to claim 1 or claim 3, because he does not need to
use undeniable signatures.
So the question I asked on the coderpunks list, and am asking
here, is:
1. Is my interpretation of Chaum's patent reasonable? (I
interpret it as claiming all possible ways of implementing
undeniable signatures, including those that Chaum never
imagined, rather than claiming all possible uses of signing a
quantity with its exponential, including those that Chaum
never imagined.)
2. Is there some other patent that covers Wagner's method?=20
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
tF/h1fu4kgDfkfRc3D6xCuvFTUssLabKs/gUTsZm
4qmL5oSCgHl7ccuAF5Kfu7YDnRVxyDEoSWMJn6+al
-----------------------------------------------------
We have the right to defend ourselves and our property, because=20
of the kind of animals that we are. True law derives from this=20
right, not from the arbitrary power of the omnipotent state.
http://www.jim.com/jamesd/=A0=A0=A0=A0=A0 James A. Donald
