“Doubts are the ants in the pants of faith. They keep it awake and moving.”

― Frederick Buechner

The Tor project was created by DARPA

*(Defense Advanced Research Projects Agency)* and currently receives

**80%** of their funding from the US Government.

- - - -

**ROOTS IN THE NSA**NSA paper, 1996: “How To Make A Mint: The Cryptography of Anonymous Electronic Cash”.

CONTENTS

INTRODUCTION

1. WHAT IS ELECTRONIC CASH?

1.1 Electronic Payment

1.2 Security of Electronic Payments

1.3 Electronic Cash

**1.4 Multiple Spending**

2. A CRYPTOGRAPHIC DESCRIPTION

**2.1 Public-Key Cryptographic Tools**

2.2 A Simplified Electronic Cash Protocol

**2.3 Untraceable Electronic Payments**

2.4 A Basic Electronic Cash Protocol

3. PROPOSED OFF-LINE IMPLEMENTATIONS

3.1 Including Identifying Information

**3.2 Authentication and Signature Techniques**

3.3 Summary of Proposed Implementations

4. OPTIONAL FEATURES OF OFF-LINE CASH

4. 1 Transferability

**4.2 Divisibility**

5. SECURITY ISSUES

**5.1 Multiple Spending Prevention**

**5.2 Wallet Observers**

5.3 Security Failures

**5.4 Restoring Traceability**

CONCLUSION

REFERENCES

- - - -

An Efficient Divisible Electronic Cash Scheme

A “divisible” coin worth some amount of money, say $x, is a coin that can

be spent many times as long aa the sum total of all its the transactions does

not exceed $x. This property, divisibility, is very useful and convenient for a

**Bit Commitment** Schemes

Finally U proves to B that a **value is correctly generated without revealing **

committed information, by using some protocols to be described later.

To set up the commitment scheme, B generates prime P satisfying P - 1 =

2-Prime (Prime is a prime number), G and g whose orders in the multiplicative

group 25 are Prime. B sends P, G and g. U checks whether Prime = (P- 1)/2

is a prime by a probabilistic primality (or composite) test, and whether the orders

of G and g are Prime by checking that they are not 1 and GPrime E 1 (mod P)

U can commit to any integer s E Zprime by choosing R uniformly at random

and gPrime = - 1. (mod P).

in ZPrime and **computing the commitment**

What the fuck does this sound like? A computationally complex calculation, that anyone can easily verify, yet as it is a hash of the block other people cannot use your proof of work.

Detection of Overspending

Although, formally, the security including the detection of overspending is de-

scribed in Section 6, in this subsection, we will describe the detection procedure

of overspending.

You will shit your pants if you look at who wrote this paper:

An Efficient Divisible Electronic Cash Scheme

**Tatsuaki Okamoto**