Verifiable Mixing Protocol How can a mixer prove its integrity?

Slides:



Advertisements
Similar presentations
Service Bus Service Bus Access Control.
Advertisements

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Bitcoin Proof of Payment Andy Ofiesh Senior Software Engineer Armory Technologies, Inc. MIT Bitcoin Expo, March 7 & 8th, 2014 © Armory Technologies, Inc.
Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Lesson 6-6 Example Solve. BUDGET The Martz family paid $10 per week towards a bill of $120. After 5 weeks, how much money do they still owe? Understand.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
Ian Miers Christina Garman | Matthew Green | Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
One-out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin Jens Groth University College London Markulf Kohlweiss Microsoft Research TexPoint fonts.
Privacy and Anonymity Using Mix Networks* Nitesh Saxena CS392/6813 Some slides borrowed from Philippe Golle, Markus Jacobson.
1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Lecture 20: April 12 Introduction to Randomized Algorithms and the Probabilistic Method.
K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.
Antonio Lara. Founded: 1852; Roots in banking dating to before the Civil War  PNC has grown into one of the leading financial services organizations.
How to get your free Windows Store Access
Ecommerce Applications 2009/10 Session 31 E-Commerce Applications E-payment.
Accepting Credit Cards on your Website. If you are building an online shop, you will need to address the question of taking payments for orders. You can,
©2009 HP Confidential TUNGSTEN NETWORK AND PAPER INVOICING.
An Anonymous Fair- Exchange E-Commerce Protocol Indrajit Ray Computer Science Department Colorado State University
Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.
1. INDEX 2 A signature is a handwritten depiction of someone’s name or nickname that a person writes on documents as proof of identity and intent. Signature.
(Usually have to be 18 years old to open & get ATM or debit card)
WISA An Efficient On-line Electronic Cash with Unlinkable Exact Payments Toru Nakanishi, Mitsuaki Shiota and Yuji Sugiyama Dept. of Communication.
Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Datacenter LOB web service LOB app Partner Mobile Device.
Chris Olston, cs294-7, Spring Atomicity in Electronic Commerce J. D. Tygar -- UCB presented by Chris Olston.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Chapter 4: Intermediate Protocols
Checking Accounts Chapter 9. Basics Check: ▫Written order to bank to pay the amount stated to the person or business named on it. Demand deposit: ▫Money.
PayPal™ Options Basic description for utilizing PayPal™ for payment options for your chapter The following PayPal™ information was graciously provided.
Computerized Accounting Systems The new ways we “PLAY” with money.
Wonders of the Digital Envelope Avi Wigderson Institute for Advanced Study.
Topic 22: Digital Schemes (2)
Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.
CryptoNote v 2.0 Nicolas van Saberhagen. One-time public keys © cryptonote.org Linkable transactions CryptoNote solves this problem by an automatic creation.
Reputation Based Trust The using of reputation to accomplish trust between users on the Internet M.Vološin, R.Gore, Ibe2roč. PF UPJŠ, Košice, Slovakia.
WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.
Privacy and Anonymity Using Mix Networks* Slides borrowed from Philippe Golle, Markus Jacobson.
OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.
Umans Complexity Theory Lectures Lecture 7b: Randomization in Communication Complexity.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
The Silk Road: An Online Marketplace
Corporate Customers Basic Services Intuit Financial Services University Business Financial Solutions Certification.
Electronic Payment Systems Presented by Rufus Knight Veronica Ogle Chris Sullivan As eCommerce grows, so does our need to understand current methods of.
Almost Entirely Correct Mixing With Applications to Voting Philippe Golle Dan Boneh Stanford University.
BITMINGLE REID BIXLER AND CARTER HALL. BACKGROUND Unlinkability – Input and Output must be unlinkable Verifiability – Attacker must not be able to steal.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Meeting Reports  A new delegation-based authentication protocol for use in portable communication systems IEEE Transactions on Wireless Communications,
Bit Commitment, Fair Coin Flips, and One-Way Accumulators Matt Ashoff 11/9/2004 Cryptographic Protocols.
Ian Miers, Christina Garman, Matthew Green, Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.
Feige-Fiat-Shamir Zero Knowledge Proof Based on difficulty of computing square roots mod a composite n Given two large primes p, q and n=p * q, computing.
Topic 36: Zero-Knowledge Proofs
Anonize “Large Scale Anonymous System”
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
Enabling Full Transactional Privacy with
Privacy Coins CS1952 L Spring 2019 Maurice Herlihy Brown University.
Presentation transcript:

Verifiable Mixing Protocol How can a mixer prove its integrity?

Basics VMP allows the mixer to prove that it paid the address specified by the user. It provides a way for mixing services to: Build trust quickly Resist fraudulent claims of failure to pay VMP does NOT improve anonymity.

Setup The mixer has to give up some info: Input addresses the mixer uses Output addresses (T) paid by the mixer Signatures of T: Φ Keys g, h 1. User sends coins to mixer, specifies address m 2. Mixer picks random r (prevents exploitation) 3. Transaction includes commitment C = g m h r

Caveats User's choice of m should be unique Protocol gets more complicated otherwise If user fails to follow protocol, return money Protects mixer from intentionally unverifiable payments

Verify Verifier wants to check that the address specified in input transaction i was paid. Public knowledge: g, h, C, T, Φ Mixer knows: m, r Prove: m T and C commits to m Don't need to reveal m

Verify Zero-knowledge set membership proof By Camenisch, Chaabouni, and Abhi Shelat

Confirming Value How do we know that the mixer payed enough? Have T only include transactions in correct range. This would require outrageous volume to be safe. Traditional mixing solutions still apply.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.