Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ari Juels RSA Laboratories Executable Financial Instruments and MicroMint on the Cheap with Markus Jakobsson Bell Laboratories.

Published byDiana Hale Modified over 11 years ago

Similar presentations

Presentation on theme: "Ari Juels RSA Laboratories Executable Financial Instruments and MicroMint on the Cheap with Markus Jakobsson Bell Laboratories."— Presentation transcript:

1 Ari Juels RSA Laboratories Executable Financial Instruments and MicroMint on the Cheap with Markus Jakobsson Bell Laboratories

2 The Web provides an excellent means of communication with all kinds of people... Yeah! ``Hi. My name is Darlene. sometime? Im a model. Want to meet

3 Darlene He fell for it! Ha ha! …you know nothing about. The Web provides an excellent means of communication with all kinds of people...

4 The Web provides an excellent means of communication and commerce... Cool! ``Hi. Id like to buy your OK? car. Ill pay $106,000. For sale

5 Another sucker! …with people you know nothing about. The Web provides an excellent means of communication and commerce...

6 Aim: Flexible commerce with minimal trust ? Internet You

7 Two Ideas Today u X-cash : Executable financial instruments u MicroMint Outsourcing A $ $

8 MicroMint Want a scheme that mimics economics of physical mint u Verifying validity of a coin is easy u Base minting cost is high so... u Forgery is expensive

9 The minting process 1. Throw balls (jellybeans) into bins using random function h 2. Any bin with two balls (jellybeans) is a coin

10 Minting in MicroMint Bin 1 Bin 2 Bin 3 Bin 4 Bin 5 Bin 6 Bin 7 Bin 8 Bin 9 Collision = Coin h

11 Checking a coin Bin 2 h Valid coin?

12 Features u Many bins, so need to throw many balls (jellybeans) to mint successfully u Minting requires very intensive computation

13 Minting requires special, e.g., $250,000 computer Deep Crack

14 Another characteristic: Most balls are invalid Bin 1 Bin 2 Bin 3 Bin 4 Bin 5 Bin 6 Bin 7 Bin 8 Bin 9 h In fact, >99% of work goes to missed balls!

15 Idea: Make three stage process 1. Create valid balls, i.e., balls that wont miss (>99% of work) 2. Throw balls into bins usingrandom function h (<1% of work) 3. Any bin with two balls is a coin

16 Have many other (untrusted) people do Step 1

17 Now... u 99%+ of work is done for minter u No participant will get enough balls to do minting himself/herself ( or else participants know validity h but notthrowing h ) u Minting is cheap for minter!

18 Minter can use ordinary server

19 Application III: Secure multiparty computation

20 Questions? + ?

21 X-cash: Executable Digital Cash Ari Juels RSA Laboratories joint work with Markus Jakobsson, Bell Labs 23rd February 1998

22 The Internet: Many entities wishing to trade with one another Internet $

23 Peer-to-peer trading can be problematic Peer-to-peer interaction can create communications bottlenecks Peer-to-peer interaction can create communications bottlenecks Anonymity (both ways) is hard to protect in a peer-to-peer setting Anonymity (both ways) is hard to protect in a peer-to-peer setting Would like computational load involved with trading to be handled by servers, not clients Would like computational load involved with trading to be handled by servers, not clients

24 Therefore, we would like trade to occur in a distributed fashion.

25 A vehicle for distributed trade: Mobile agents Program + Documentation To Internet

26 A problem: Pick-pocketing Program

27 Other problems: u Maliciously modified code u Intercepted purchases u A different scenario than digital cash: multiple spending may be permissible

28 A solution: X-cash Idea: Make redemption of cash conditional on delivery of desired goods

29 First tool: A program that knows what it wants Mobile Agent includes a code segment P u P takes as input potential purchase items u P outputs amount user is willing to pay Paris P $300 E.g., airline tickets

30 Second tool: Negotiable certificate BANK Alice = SIG SK (PK A, $500) B A SIG SK A ($300, For Bob ), Bob A SK ($300, For Bob ), Bank holds (SK B, PK B ) Alice holds (SK A, PK A ) PK A Alice

31 Idea: Bind negotiable certificate to agent program P, SIG PK (P) A PK A X-cash...Then send off via mobile agent

32 When Bob receives the mobile agent Bob A, SIG PK (P) PK A

33 Bob can assess and authenticate Alice s offer for his tickets $300, SIG PK (P) A PK A Bob A PK A

34 The bank can verify and process the transaction BANK, SIG PK (P) A PK A $300 Bank gives $300 to Bob, deducting against the negotiable certificate Bank gives $300 to Bob, deducting against the negotiable certificate Bank receives and holds tickets for Alice, or sends them to her Bank receives and holds tickets for Alice, or sends them to her

35 An Example

36 Alice needs ticket to important conference in Caribbean u She will pay $300 for business class to St. Martin u She will pay $600 for first class fare to St. Martin u She will pay $400 for business class to Anguilla u She will pay $700 for first class to Anguilla

37 Alice creates a program P u Input to P: An airline ticket –Airline ticket may include certificates and signatures, e.g., airline certificate, travel agent certificate, etc. –P includes root certificates u Output of P: Amount Alice will pay –Conditional on correct dates, transferability of ticket, etc.

38 Alice gets a negotiable certificate u Alice generates key pair (PK A, SK A ). u Alice withdraws a negotiable certificate. = SIG SK (PK A, $700). B PK A

39 Alice creates X-cash and sends mobile agent, SIG PK (P) A PK A

40 Bob s Travel has a business class ticket T to Anguilla for sale

41 Bob does the following u Checks certificates and signatures in Alices mobile agent u Generates signatures t A transferring ownership of ticket T to Alice u Runs P(T,t A ) on a ticket T and signatures t A transferring ownership to Alice u Sees output $400 u Sends and T, t A to bank, SIG PK (P) A PK A

42 The Bank does the following u Verifies certificates and signatures in Alices agent u Sees that P(T,t A )=$400 Then: u Deducts $400 against Alices negotiable certificate u Gives $400 to Bob u Holds T,t A for Alice and notifies her, SIG PK (P) A PK A $400

43 X-cash extensions

44 Double spending How does Alice know that Bob didnt sell the ticket twice? An issue with any digital cash system. Solutions: u On-line verification u Penalization after fact u Tamper resistance (for Bob)

45 Anonymity X-cash can be rendered anonymous using the following ideas: u Blind withdrawal of certificates with conditional revocation of anonymity u Anonymous re-mailers for delivery of goods (e.g., airline tickets)

46 Stateful offers In the examples above, Alices program P had no external state. This need not be the case.

47 Example of stateful offer Alice wants to sell 100 ounces of gold at the market price u Alices program P contacts a Web site to get the current price of gold u Bob includes in his response C a value G B -- the maximum price he is willing to pay u When the Bank runs P(C), Bank checks that transaction cost is at most G B, as per Bobs response.

48 Multiple banks We assume above a single, universally trustworthy bank. X-cash can be adapted for infrastructures with multiple, mutually suspicious banks.

49 Conclusion X-cash is a simple means of achieving trusted commerce in a distributed setting like the Internet. To Internet X-cash

Download ppt "Ari Juels RSA Laboratories Executable Financial Instruments and MicroMint on the Cheap with Markus Jakobsson Bell Laboratories."

Similar presentations

Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES.

Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES.
Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.
Simple and Practical Anonymous Digital Coin Tracing

Simple and Practical Anonymous Digital Coin Tracing
Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
Introducing yourself and Others

Introducing yourself and Others
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.
Buying a Car By Haris Mohamedy. My Budget If I get $300 a week I should get $15,600 per year. ($300 per week)(52 weeks in a year)

Buying a Car By Haris Mohamedy. My Budget If I get $300 a week I should get $15,600 per year. ($300 per week)(52 weeks in a year)
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
How Credit Works Against Me Citizens For Responsible Lending www.citizensforresponsiblelending.org www.citizensforresponsiblelending.org.

How Credit Works Against Me Citizens For Responsible Lending
PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.

PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.

Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
Sam didn't have his report ready on time. He is apologizing to the teacher and wants to make it up. S: Uh..., Ms. Lin, do you have a minute? I'd like.

Sam didn't have his report ready on time. He is apologizing to the teacher and wants to make it up. S: Uh..., Ms. Lin, do you have a minute? I'd like.
Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)

Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)
Scripts for Success.

Scripts for Success.
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.

Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 10 Micropayments II.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 10 Micropayments II.
Listening – Friends and Family  1.What’ s the matter? I am feeling homesick.  Homesick  2.How do you keep in touch with your friends?  Keep in touch.

Listening – Friends and Family  1.What’ s the matter? I am feeling homesick.  Homesick  2.How do you keep in touch with your friends?  Keep in touch.
ELECTRONIC PAYMENT SYSTEMS 20-763 SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 9: Micropayments II.

ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9: Micropayments II.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments II.
Click here to advance to the next slide.

Click here to advance to the next slide.

Similar presentations

Ads by Google