That's because you are not educated on this subject: http://en.wikipedia.org/wiki/Blind_Signatures
I hope you are. Can you please help me understand? I've read the original paper by Chaum, David (1983). "Blind signatures for untraceable payments" -
http://www.hit.bme.hu/~buttyan/courses/BMEVIHIM219/2009/Chaum.BlindSigForPayment.1982.PDFAn example payment transaction in 13 steps is described on page 4 where blind signature usage is illustrated. The actors are a bank, a payer, and a payee.
1. In step (4) - Bank returns the signed note c'(c(x)), to payer. And there is a clarification after transaction is done - "the bank does not know which payer the note was originally issued to in step (4)". How is that possible to return something to somebody without knowing who he is?
Imagine that you withdrew $100 from the bank.
Now imagine you give it to your favorite prostitute, and she gives it to her pimp, and he gives it to his coke dealer, who gives it to a coyote, who spends it at 7/11.
Now: The bank can see that you WITHDREW $100, and the bank can see that 7/11 DEPOSITED $100...
but the bank can't see any of the people who had it in-between.Furthermore, the bank doesn't know if it's the SAME $100. It simply has no way of connecting the withdrawal to the deposit, since the cash is untraceable.
If you have several pseudonyms (public keys) registered at an OT server, and they are transacting in cash, the server can see their withdrawals and deposits, but it cannot see who is giving you that money, and it cannot see where you are spending it. Such is
untraceable. A server doesn't even know whether you have a hoard of coins which you are exchanging one-at-a-time, or whether you actually have only a single coin, which you are exchanging over and over again. A server can't tell the difference.
Furthermore, while the server can link a specific Nym's withdrawals to each other (by way of that Nym), it cannot link them to how they are spent, or to any of the activities of your other Nyms. Furthermore, if the server is run in cash-only mode, so that there is only a single Nym which performs only cash-token exchanges, then you lose even pseudonymity, and the system becomes completely anonymous.
How is it possible to return the cash notes anonymously to the user? ANSWER: Over an anonymous network.
How is it possible that the note itself cannot be traced as it is spent? ANSWER: Using blind signatures.
http://en.wikipedia.org/wiki/Blind_SignaturesIt works like this: The client generates the prototokens and blinds them using the server's public mint keys. These prototokens are sent to the server along with the withdrawal request. The server signs the prototokens using its private mint keys. For example, if I am withdrawing $100, then the $100 public mint key will be used on the client side to blind the prototoken, and the $100 private mint key will be used on the server sign to blind-sign the prototoken, and then when the client receives the server reply, the client will use the $100 public mint key to UNBLIND the prototoken, and it is now ready for spending.(This information is already available on my FAQ...)
Once the client has unblinded the prototoken, then it will have a valid server signature on its ID, even though the server doesn't know what that ID is,
since it was blinded when it was signed.The server is, nevertheless confident that if $100 was withdrawn from your account, that it used the $100 mint key to sign the request -- therefore, even though the server doesn't what what the ID
is, it still knows that it was signed with the $100 key, and that only the $100 key will successfully verify it in the future. When it IS verified, the server will know it was good, but it will not know where it originally came from, since this is
untraceable.2. There is a note prior to this example "The critical concept is that the bank will sign anything with its private key, but anything so signed is worth a fixed amount, say $1." This is pretty much in line with the carbon paper lined envelopes voting example where this concept is derived from - 1 vote 1 transaction. But what if payment transaction amounts to, say $12.36 or $0.84?
The answer is that digital cash uses denominations, just like real cash. In a certain mint file there might be, say, a 1c key, a 5c key, 10c key, 25c key, 50c key, $1 key, $5 key, $10 key, $20 key, and $100 key.
For an example of this, see the sample public mint file posted on the OT wiki:
https://github.com/FellowTraveler/Open-Transactions/wiki/Sample-MintThus, if you give cash to someone in a specific amount, you will not be giving him a token, but rather, a purse full of them, in the appropriate denominations to amount to your $12.63 or $0.84 etc.
3. To best of my knowledge there is no bank in the world currently offering blind signature payment transactions to their customers. Why do banks stick to "know everything about every transaction" practice about 30 years after blind signature concept was introduced by David Chaum?
Banks are bureaucracies responsible primarily for regulatory compliance and enforcement (related to their monopoly on the issuance of money.)
Their actions do not stem from natural market forces, but from the regulations related to the FDIC, money laundering and tax law, SEC compliance, and so on.
In answer to your question,
Why do banks stick to "know everything about every transaction"...? the answer is so they can watch for suspicious activities on your part, report on them to the authorities, and freeze your funds when asked to by the tax enforcement department in your jurisdiction.
Similarly, if you were to ask me why food is so superior to tree bark, since many in the North Korean economy continue to eat tree bark (even though they have known about food for at least several decades), my answer would be that North Koreans eat tree bark not because of natural market forces, but rather, due to the unavailability of good food as a result of government interference in the free market.