Blind Diffie-Hellman Key Exchange (blind ecash)
- generates a key-pair (private, public) and makes the public key available to its
Clients- there can be more key-pairs, each one being used for a fixed, power of
2amount (1,2,4,8...9223372036854775808)
- there can be more key-pairs, each one being used for a fixed, power of
A = a*G
return A // all clients can see this
secretMessage = choosen by the user, but must be hard to guess
Y = hashToCurve(secretMessage) // a Point on the curve
r = random blinding factor // a valid private key
B' = Y + r*G // a Point on the curve
return B'
- if some conditions are met (invoice paied for example) then the
Mint"signs":
C' = a * B' = a * (Y + r*G)
return C'
- stores this data. It represents eCash tokens
- it proves the invoice was paid
- if lost or stollen the tokens cannot be accessed anymore
C = C' - r*A // remove the blinding factor
= a * (Y + r*G) - r*A
= a*Y - a*r*G - r*A = a*Y - r*A - r*A
= a*Y // proves that the `Mint` has "signed"
- makes a payment to another
MintClient (Carol) by sharing this data somehow:
return (C, secretMessage)
- redeems the funds by sending
(C, secretMessage)to theMint
- checks if the redeem data is valid (it was signed by the
Mint) - if true, it releases the funds to
Carol
Y = hashToCurve(secretMessage)
if (C == a*Y) return true
- has ownership of the tokens now