taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Wallet to wallet transfers


From: Jeff Burdges
Subject: Re: [Taler] Wallet to wallet transfers
Date: Mon, 17 Jul 2017 16:41:26 +0200


On Mon, 2017-07-17 at 16:55 +0530, Noufal Ibrahim wrote:

>    I need to think about these before I ask a more specific question. 

It think the basic functionality requires (1) a method to transfer
coins, and (2) attaching some metadata to the coin to give a better
error message.  

Also, there are interesting deanonymization attacks users this way
too:  

Attack 1.  Alice lives under a repressive regime and accepts anonymous
wallet-to-wallet gifts.  Now police could gift her coins and themselves
spend those same coins on something.  They monitor local online
merchants whose internet traffic with the exchange looks like a double
spend detection.  They make the local online merchant hand over the
deposit permissions, which contain Alice's shipping address.  Now they
know Alice is the one they gave coins to, so maybe they can arrest her
for whatever that was for.  And maybe they can convince the courts that
Alice did the double spend, so maybe they could've done the double spend
on something illegal, like porn in some countries. 

Attack 2.  Alice lives under a repressive regime and anonymously runs a
website critical of the regime.  Alice accepts wallet-to-wallet gifts
for another innocent website she operates under her real name.  Now the
regime's police can gift her coins that they can deanonymize.  We
imagine her hosting provider operates outside the regime, but the police
might hack into it, get a spy hired there, etc.  Assuming so, they can
identify if any coins they gifted to the innocent site were spent on the
site for which they want to arrest the operator, thus providing proof
that Alice runs the website.

In the above, Alice can largely protect herself by using different
wallets for different sorts of activities, but someone needs to explain
this to her somehow if the wallet-to-wallet transfer option exists.

Our scheme for doing single hop coin transfers does not suffer from
these sorts of attacks. 

Jeff

Attachment: signature.asc
Description: This is a digitally signed message part


reply via email to

[Prev in Thread] Current Thread [Next in Thread]