on your first glance, you may not get this.

I'll describe it a couple of time, because it's a really crazy scheme.

When I'm doing this with graduate students in, say, a classroom,

about half of them get it the first try, and than the second try, more get it.

You may have to stare at this a few times, but here's the idea.

In step 1, according to the Chaum blinding protocol, Alice creates,

say, 1,000 essentially duplicate notes.

Could be 10,000, could be 100,000, could be 100, but

let's just say it's 1,000 for now.

The only place they're different is that the serial numbers are different, and

the keys are different.

The amount is the same, it's still a valid, I sort of set up

the way the message is constructed, the way the note is constructed is the same.

Serial number, the amount which, in this case, is $2 and a key.

Serial number, different one, amount, same amount, different key.

Serial number, amount, key, all the way down from 1 to 1,000.

So they're all the same in structure, they all say $2,

but they have different serial numbers, different keys.

I send that whole blob over to Bob, I send all 1,000 to Bob,

he just got the whole group of them.

Now what Bob does is, at random, picks a number between 1 and 1,000.

So Alice couldn't possibly have known in advance what that number is going to be,

well, she guesses it.

That's why it could be 10,000, it could be a million, but let's say it's 1,000.

He pick some number, eh, whatever, 53 or

327 or some number, we'll just call it some Kn.

And says to Alice, give me all of the keys except,

let's say the number is 317, give me from 1 to 316.

Don't give me 317, that's the random number I picked,

but then give me 318 to 1,000.

So I'm asking you for every key, except one random key for one random

number that I picked, that you couldn't possibly have known about in advance.

So you get this request now for 999 keys, which you then provide to Bob.

But you hold back the one that Bob said to hold back,

hold back 317, don't give that to me.

So now Bob takes all these keys and

starts reading all the notes, to see if you cheated on any of them.

And if they all look reasonable, serial number, $2, all the way down?

Then he concludes, well, I asked for 999, I picked one at random.

If these 999 look good, then the chances are pretty good

that the one I didn't look at looks like the others.

He signs the note and sends it back to you.

What do you think of that, you follow?

It's like I give you a batch of envelopes, you make this big batch of them,

there's a thousand there, sitting in a big bucket somewhere.

And I'm asking you to sign one of them, I don't care which one.

They're all $2 notes, I'm telling you they're all $2 notes.

And you go, well, all right, so you open all of them.

But one, now, the way you open them is you ask me for the keys, but

the one that you don't open, you don't get the key for.

You rip them all open, they all look exactly the same, throwing them all out.

Until there's one envelope sitting there in the basket that you haven't opened,

every other one looks the same.

And you go, all right, I'll sign that,

I'm pretty confident that you did that right, boom.

You sign it, send it back, and you have anonymous signings, is that interesting?

It's kind of a form of anonymous cash on the Internet.

I always thought that was one of the most clever schemes I've ever seen.

It's different from onion routing, right,

onion routing is weaving a routing path, this is a different kind of anonymity.

This is using applied cryptography, in a sense, to produce a very similar effect.

You can use blinding for a lot of different things.

It always surprises me that a protocol was introduced, I think it was 1983 or

something, that this came out, hasn't seen a bigger run.

So hopefully this will inspire you to take your understanding now of how blinding

works, apply it to something.

Auctions, elections, banking, all kinds of different things could benefit from

David Chaum's fine work, which we refer to as blinding, or blinding signatures.

Now, as sort of an additional consideration, I would like you to sit and

think about, what are some applications, in your own mind,

besides banking, auction, and so on.

What are some things you may be involved in, where some anonymity would be useful?

Where would sort of signing something blindly be useful?

Try to think it through, I gave you a few of the obvious ones,

see if you can come with some that are little less obvious.

I will see you in a subsequent video.