PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI
INTRODUCTION Micropayments were introduced when Internet boomed in 1990’s Many Micropayment implements have failed with the burst of Internet bubble. It get attention again recently with the change of economic environment
Characters of Micropayment The amount of each transaction is very small The efficiency and low cost of transaction are extremely important. The relation between the payer and payee intends to be transient The security of transaction can be comprised a little in order to achieve the efficiency and reduce cost
Payword - Algorithm Credit-based schema. User needs to get a certificate from broker first User use a hash function to create payword chain in reverse order based on certificate The public hash function: w i = h(w i+1 ) The payword chain is user and vendor specific. User needs to send certificate and the root of the payword chain to vendor at the beginning of payment. The user user the chain in order. Based on the last payword w l received, the vendor can decide the total payment. The vendor submit the payword received and get redeem from broker at the end of the day
Payword - Advantages Can prevent forgery and double spending Use off-line schema to minimize communication with broker Do not need to sign every payment and can reduce the public key operation dramatically. It is specially good if a user pay a special vendor many times a day The relationship between user and vendor is transient
Payword - Disadvantages The user must set up an account with a broker. The relationship between them is long-term Still need public key operation Not very good in the scenario that a user needs to pay many vendors. The vendors must adopt brokers’ protocols. There exists a bond between vendors and brokers
MicroMint – Algorithm I The broker use so-called “k-way hash collisions” to produce coin. Each coin has the property that they will have the same hash result under a special hash function. It is very difficult to find the first “hash collisions” result. After then, the growth rate of the number of such results will be exponential. So the unit cost of each coin for broker is low when the broker make high volume of coins. On the other hand, the unit cost will be too high to worth for a hacker to try. Over the time, the coin will become more and more vulnerable to attack. Therefore, the coins need to be changed from time to time.
MicroMint – Algorithm II A user buy coins from broker. Then, the user buy contents from an vendor with coins. The vendor collect the coins and get redeem from broker at the end of the day. The broker needs to trace the users’ records in order to prevent the “double-spending” The broker also need to replaced the unused coins with the new coins at the end of the month
MicroMint – Advantages Not public key operation at all. Can prevent forgery and double-spending effectively Broker is off-line The hash function and criteria are public. The vendor can verify coins easily.
MicroMint – Disadvantages Need big one-time investment and need high demand for coin Broker need to keep users’ records to prevent “double spending” The security is not guaranteed because it is based on some assumptions The coins need to be changed from time to time.
Properties of a good Micropayment Good Transaction Security. The system should be able to prevent from any forging Low Cost. The total security operation cost and transaction cost should be very low Anonymous. Ideally, the relationship between vendor and user is transient. A vendor can work with any broker, and vice versa. Easy to use. The transaction should be very efficient. Ideally, it should be an “one-click” procedure