One distinguishing feature between account-based and pre-paid coin systems is the anonymity a (token-based) system can provide to its users.
In contrast to (Digital) Cash, account-based systems by design need to identify the system users and their transactions. As with identified eMoney, both off-line and on-line, the bank always can reconstruct the path the cash took through the economy.
Reasons for anonymity are manifold. Using fairCASH, customers prevent outsiders to compile a pattern of their spending habits: Two users can perform an eCommerce transaction, where both parties remain anonymous. Although anonymity is addressed by several payment mechanism schemes, nearly none of them provides this feature satisfactory. Only off-line anonymous eMoney has the ability to hide the transaction trail.
Most existing procedures to provide anonymity are based on digital blind signatures and offer only conditional anonymity in order to reveal it in case of multiple spending or even other cases and have further no multi-hop ability, i.e. after one transfer of an electronic token it has to be cleared with the bank, thereby revealing the movement of the electronic token to the bank and hence removing anonymity.
Because coins and bank notes reveal neither the payer's nor the payee's identity, cash is the preferred method of payment to fit many different needs. Since anonymity of payments is mentally traditionally connected with anonymity of Physical Cash, an anonymous token-based ePayment system is referred to a Digital Cash (eCash) system. In its minimum, anonymity can progressively viewed as attractive feature in economic transactions. On a more pragmatic side, massive compilation and misuse of personal user data is likely to lead to a general understanding of the danger to privacy originating from the lack of anonymity.
We propose a protocol that ensures anonymity for both protocol parties involved in the transaction, excluding the role of a merchant (ID disclosed by non-anonymous certificate) in the fairCASH system:
fairCASH eWallets have a serial number and they need a user certificate for operation. Personal users certificates are issued anonymously or identified chosen by the user, commercial user certificates are of the identified type only.
So if the acquisition of an eWallet is not revealing the identity of its owner and the user certificate is of the anonymous type, then it is technical impossible to reveal its identity.
fairCASH offers no deterministic way for de-anonymization of users with an anonymously issued certificate. It offers instead unconditional perfect anonymity (being untraceable and unlinkable).