Efficient Anonymous Cash Using the Hash Chain Member:劉岱穎，吳展奇，林智揚

Slides:

Advertisements

Similar presentations

Internet payment systems

Advertisements

Design and Security Analysis of Marked Blind Signature

Digital Cash Mehdi Bazargan Fall 2004.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Combating Double-Spending Using Cooperative P2P Systems Author : Ivan Osipkov, Eugene Y. Vasserman, Nicholas Hopper, Yongdae Kim Source : International.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.

1 Blind Signatures 盲簽章 Chun-I Fan 范俊逸 E-Commerce & Security Engineering Lab. Department of Computer Science and Engineering National Sun Yat-Sen University.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

1 A practical off-line digital money system with partially blind signatures based on the discrete logarithm problem From: IEICE TRANS. FUNDAMENTALS, VOL.E83-A,No.1.

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科教授 (Prof. Jinn-Ke Jan) 陳育毅.

Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.

E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.

WISA An Efficient On-line Electronic Cash with Unlinkable Exact Payments Toru Nakanishi, Mitsuaki Shiota and Yuji Sugiyama Dept. of Communication.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.

Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.

An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.

Lecture 8 e-money. Today Secure Electronic Transaction (SET) CyberCash On line payment system using e-money ECash NetCash MilliCent CyberCoin.

Topic 22: Digital Schemes (2)

Clemente-Cuervo et al. A PDA Implementation of an Off-line e-Cash Protocol.

Digital Cash. p2. OUTLINE  Properties  Scheme  Initialization  Creating a Coin  Spending the Coin  Depositing the Coin  Fraud Control  Anonymity.

Chapter 6:Esoteric Protocols Dulal C Kar. Secure Elections Ideal voting protocol has at least following six properties 1.Only authorized voters can vote.

2/16/001 E-commerce Systems Electronic Payment Systems.

Security Digital Cash Onno W. Purbo

Five Types of Payment Systems Cash Checking Transfer Credit Card Stored Value Accumulating Balance.

Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Electronic Payment Systems Presented by Rufus Knight Veronica Ogle Chris Sullivan As eCommerce grows, so does our need to understand current methods of.

Secure untraceable off-line electronic cash system Sharif University of Technology Scientia Iranica Volume 20, Issue 3, Pp. 637–646, June 2013 Baseri,

BZUPAGES.COM E-cash Payment System A company, DigiCash, has pioneered the use of electronic cash or e-cash. Anonymity of the buyer is the key feature of.

TOMIN: Trustworthy Mobile Cash with Expiration-date Attached Author: Rafael Martínez-Peláez and Francisco Rico-Novella. Source: Journal of Software, 2010,

多媒體網路安全實驗室 Private Information Retrieval Scheme Combined with E- Payment in Querying Valuable Information Date： Reporter: Chien-Wen Huang 出處:

1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.

1 Buyer 2. Account ID Valid? 3. Account OK! 5. Transaction Details 1. Account ID 4. Information Goods 6. Satisfied? 7. Accept/Reject or Fraud Indication.

CS580 Internet Security Protocols Huiping Guo Department of Computer Science California State University, Los Angeles 6. Blind Signature.

Ian Miers, Christina Garman, Matthew Green, Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.

KNAPSACK公開金鑰密碼學 Algorithms FINITE DEFINITENESS INPUT/OUTPUT GENERALITY

Chapter 4 a - X.509 Authentication

Lesson 05-I E-commerce Payments

E-Commerce Daniel Chromek.

Proxy Blind Signature Scheme

Read to Learn Discuss the functions and characteristics of money. Discuss three main functions of a bank.

Key Substitution Attacks on Some Provably Secure Signature Schemes

Author : Guilin Wang Source : Information Processing Letters

Personal Finance (part II)

第四章數位簽章.

第四章數位簽章.

Onno W. Purbo Security Digital Cash Onno W. Purbo

A secure and traceable E-DRM system based on mobile device

Bitcoin - a distributed virtual currency system

BY GAWARE S.R. DEPT.OF COMP.SCI

A flexible date-attachment scheme on e-cash

Chair Professor Chin-Chen Chang Feng Chia University

Practical E-Payment Scheme

Welcome To Money pad November 23, 2018 Sample footer.

Secure Electronic Transaction (SET) University of Windsor

Click here to advance to the next slide.

Date:2011/09/28 報告人：向峻霈出處: Ren-Chiun Wang Wen-Shenq Juang

PKI (Public Key Infrastructure)

Debit vs. Credit.

eCommerce Technology Lecture 13 Electronic Cash

A Distributed Sign-and-Encryption for Anonymity

Presentation transcript:

Efficient Anonymous Cash Using the Hash Chain Member:劉岱穎，吳展奇，林智揚近代電腦密碼學 Efficient Anonymous Cash Using the Hash Chain Member:劉岱穎，吳展奇，林智揚 Source: IEICE TRAN. COMMUN., VOL. E86-B, NO.3 2003 Author: Sangjin KIM and Heekuck OH

Outline Introduction Electronic Cash System Security Analysis Account Setting Withdrawal Protocol Initial payment protocol Subsequent payment protocol Anonymity Control Security Analysis Conclusion

Introduction Credit-based and vendor-specific Debit-based and vendor-independent

Advantage Debit-based Vendor-independent Provide trace mechanisms to counter illegal use

The flow User use withdrawal protocol to get money from bank(withdrawal protocol) User use the money that is provide by the bank to buy some things in a shop(payment protocol) The shop store the money to the shop’s account(deposit protocol) Authority can trace the coins and owners

Blind Signature signs coins database Bank 2. t 7. Coin 3. td mod N 1. t=SN×ke mod N SN: Serial # k: random number 2. t 7. Coin 3. td mod N Consumer Merchant 5. Coin 4. s=(td)/k mod N=SNd mod N 6. Verify the signature s Coin: SN＋s

System Setup Four types of players Clients Shops Bank Trusted authority

Initialization Bank: TA: Choose five generators of Gq: gb, gu,gs,gr,gl Secrete key: xb Public key: TA: Choose gt of Gq Secrete key: xct, xot Public key: ,

Initialization User: Secret key: xu , blind factor: r Public key: Compute: CT: , OT: hash chain (c0,c1,…,cl) of length L where ci = H(ci+1)

Withdrawal Protocol

Proof(E)

BlindSig Sig(C) =

Initialization Shop: Secrete key: xs Public key:

Initial payment protocol

Subsequent payment protocol

Anonymity Control Coin tracing Owner tracing Provide a way to deanonymize withdrawn cash so that the bank can recognize the cash at the time of deposit. Bank send CT to the trusted authority Authority computes CTxct =gbr Bank computes C/gbr=C Owner tracing Provide a way to deanonymize deposited cash so that the identity of the withdrawn is revealed Bank send OT to the trusted authority Authority computes OTxot =guxu Bank computes C/grcogllgtr=guxu ~

Security of the System Impersonation Unforgeability Manipulation Anonymity Straling Double spending

Conclusion This system is the only vendor-idependent one that provides full anonymity and variable payments