[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Support for payer-trustlessness and merchant-auditing

From: Jeff Burdges
Subject: Re: [Taler] Support for payer-trustlessness and merchant-auditing
Date: Wed, 04 Oct 2017 15:39:25 +0200

On Tue, 2017-10-03 at 20:49 +0200, Rune K. Svendsen wrote:

> Have you considered a simpler design, where no blind signatures are
> used, but the customer simply connects to the exchange via Tor, in
> order to conceal its IP-address (in case it wants to maintain
> privacy)?

That provides no privacy because all users can be identified by
observing the history of their bitcoin addresses. [1] 

Also, any on-chain scheme is excruciatingly slow.  Taler is extremely
fast. [2,3]

> you're asking the customer to value private information .. higher than
> private property 

Information about individuals is cultural toxic waste that enables
manipulation or exploitation of people by advertisers, governments,
criminals, etc.  We should all hide our personal data like we should
throw trash into trash cans. 

> the customer needing to trust the exchange with its funds.

Sure, that's perfectly normal.  All banking works this way, including
cryptocurrency exchanges.  Also, if you want to make cryptocurrencies
faster or more scalable then you'll necessarily be adding notions of
trust through stake or whatever. 

We designed Taler to be used for actually making real purchases, not
asset management.  It's handles ordinary amounts of money well while
being fast, scalable, and private.  

Really, the amounts entrusted to Taler exchanges will be minuscule
compared with the amounts entrusted to ordinary financial institutions
like banks or cryptocurrency exchanges.  We're talking pocket money
here, so the trust required in trivial.  That trust buys us speed and
scalability impossible with any blockchain technology, and privacy with
every transaction.


[1]  There are schemes like ZCash and Monero that attempt to address
this with various trade offs.  Monero is not very private.  ZCash
requires considerable information about the blockchain.  Neither make
*all* transactions private.

[2]  I'd expect there are elliptic curve blind signature schemes that
permit multiple independent organizations to issue the denominations,
but doing so would slow Taler down.  In fact, we selected RSA over
elliptic curve blind signature schemes partially just do to the extra
round trip involved in issuing the coins.

[3]  Imagine trying to buy tickets to a festival that sells out in 30
seconds using a blockchain.  Ain't happening, well not unless you make
prospective buyers wait for hours while the transactions clear, or maybe
some etherium contracts that make everyone waste gas money for the
privilege of trying to buy.   lol

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]