Hacker News new | ask | show | jobs
by nybble41 1447 days ago
> But, the youtuber would have no way to send them to a third random person.

Nothing in the Digicash blinded RSA signature scheme would prevent the tokens from being traded person-to-person any number of times before being presented back to the issuer. It requires some trust in the previous token holders, much like exchanging BTC by trading private keys in place of on-chain transactions, but it's perfectly doable given some other means of discouraging defection. And of course the blinding system itself ensures that the tokens being deposited can't be linked to any particular withdrawals.
1 comments
throwaway81523 1447 days ago
It would reveal your private key, which might be bound to your identity in other ways. The other person could then forge your signature on whatever they wanted.
link
nybble41 1447 days ago
You're thinking of Bitcoin. In the RSA blinded signature scheme the token holder doesn't need a private key, so there's nothing to reveal. The tokens are signed by the issuer (i.e. the bank), using the issuer's private key, and the blinding ensures that the issuer can't see the actual tokens at the time they're signed—that's revealed only when they're redeemed. The tokens themselves are just unique random numbers and not associated with anyone's identity. The issuer keeps track of which ones have been redeemed so that they can't be claimed twice. That's the risk you take by not turning them in immediately: anyone who had the token before you could claim it first, and then your copy of the token would be worthless.

Edit: In the case of off-chain exchange of Bitcoin wallets it would reveal the private key (naturally, since that's what you're exchanging) but for that reason you would only trade a wallet with a unique private key not used anywhere else. The only thing that key is useful for is spending the funds in that wallet. It's not linked to your identity. This is exactly like the "physical bitcoin" model (BitBills, Cascascius coins, etc.) except there is no tamper-evident hologram to prove that the private key hasn't been accessed—you're taking that on trust until you empty the wallet or hand it off to someone else.

link