Anonymous Credit
Ben Laurie
ben at algroup.co.uk
Sun, 02 Sep 2001 18:38:33 +0100
Pete Chown wrote:
>
> Ben Laurie wrote:
>
> > At the head of the stream, present a signature for X_0. X_0 is the hash
> > of the concenation of the first block of data and X_1. X_1 is the hash
> > of the concatenation of the second block and X_2, and so forth.
>
> A scheme a bit like this has been proposed for micropayments in mobile
> phone networks. You pick a random number t0, then:
>
> t1 = h(t0)
> t2 = h(t1)
>
> and so on. Finally you sign tn. To make a payment you release first
> tn, then tn-1, tn-2 and so on. The idea is that you don't have to
> release the value encapsulated in the signature all at once.
Slightly scary, in that losing any intermediate t_k would screw it up.
BTW, what sort of value payments are these intended to be (coz my
calculations over a year ago indicated that you could use Wagner-blinded
signatures down to .01p easily and I expect that has improved)?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff