Premer said that
Blockquote The Elders check the logic, that sufficient funds exist and that the Client’s signature is valid, and then each sends back a signed agreement. The Client collects these signed agreements and once a quorum has arrived (say 5 out of 7 Elders agree) sends them back to the Elders. The Elders now see a valid message “Please deduct from my account the sum of X” and carry out the command.
DBC, I think, consists of mint (or bank/elders), spendbook and blind signatures.
Clients can hide the contents of their DBC with their signature and get Mint’s signature. So Mint doesn’t know what the DBC is. I think that anonymity keeps the DBC’s sender, recipient and content unknown. If I’m wrong, let me know. If it is correct, the primer’s “sufficient funds” and “Please deduct from my account the sum of X” appear to be incorrect. Because elders cannot know the contents of the DBC. So it looks like it hasn’t been updated.
But sn_dbc/decode.txt at master · maidsafe/sn_dbc · GitHub and sn_dbc/reissue_ez.txt at master · maidsafe/sn_dbc · GitHub said that DBC consists of id, amount, output_number, owner, inputs and outputs. I don’t think the Elders can know amount of DBC. Is that right?
- Q1: so, how can we prevent double-spending when reissuing and splitting the DBC?
But Digital Money and DBCs • said that
The way to secure a Mint against this was usually to have the user provide many different blinded DBC candidates for signing, then the mint randomly requires the user to prove the content of all but one of those candidates, and then signing the remaining DBC if all other candidates were valid.
According to this, it looks like Q1’s double-spending can be resolved.
Q2: I would like to know if safe network actually checks the honesty of the clients in this way, i.e. prevents double spending.
Q3: From my understanding, DBCs seem to use a way of passing DBC directly to others, rather than managing the ledger, i.e. global state. If so, senders should transfer the DBC only to the receivers, rather than broadcasting on the blockchain. Then, because of anonymity, should Mint transfer the DBC without knowing the sender and the receiver? How?