Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peppercorn Micropayments via better “Lottery Tickets” Ron Rivest (with Silvio Micali) MIT Laboratory for Computer Science Financial Cryptography Conference.

Published byJason Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "Peppercorn Micropayments via better “Lottery Tickets” Ron Rivest (with Silvio Micali) MIT Laboratory for Computer Science Financial Cryptography Conference."— Presentation transcript:

1 Peppercorn Micropayments via better “Lottery Tickets” Ron Rivest (with Silvio Micali) MIT Laboratory for Computer Science Financial Cryptography Conference Rump Session 2002 (See Proceedings RSA 2002)

2 Outline (English law says a peppercorn is smallest amount that can be paid in a contract) u Talk –Improve lottery tix with two ideas: »Non-interactivity via recipient signatures »User-fairness via serial numbers u Demo

3 The need for small payments u “Pay-per-click” purchases on Web: –Music, video, information u Mobile commerce ($20G by 2005) - Location-based info services, gaming, sodas, parking u Infrastructure accounting: –bandwidth

4 Payment Framework: Payment System Provider (PSP), Bank User Alice Merchant Bob Payment(s) Authori- zation Deposit(s)

5 Dimensions to consider: u Aggregation (global) u PSP on-line or off-line ? (off-line) u Interactive vs. non-interactive (non) u Computation Cost (cheap) u User-fairness (fair) u … (many other issues, too)

6 Aggregation u To reduce cost, micropayments should be aggregated into fewer macropayments. u Possible levels of aggregation: –None: PSP sees every payment –Session-level: aggregate all payments in one user/merchant session –Global: Payments aggregated across users and merchants u Can be deterministic or statistical.

7 On-line vs. Off-line u On-line PSP authorizes each payment or session. u Off-line PSP not needed to initiate session or make payment (e.g. pay taxi)

8 Interactive vs. Non-interactive u Interactive: Payment protocol is two-way : u Non-interactive: Payment protocol is one-way (e.g. anti-spam payment in email):

9 Computation Cost u Digital signatures are still relatively “expensive” --- but much cheaper than they used to be! u It now seems reasonable to base micropayments on digital signatures. (E.g. Java card in cell phone) u User and merchant are anyways involved with each transaction; digital signatures add only a few milliseconds. u On-line/Off-line signature can also help.

10 Previous Work: Lottery Tickets u “Electronic Lottery Tickets as Micropayments” – Rivest FC ’97 (similar to “Transactions using Bets” proposal by Wheeler ’96) u Payments are probabilistic u First schemes to provide global aggregation: payments aggregated across all user/merchant pairs.

11 “Lottery Tickets” Explained u Assume all payments are for one cent. u Merchant gives user y = hash(x) u User writes check: “Pay Merchant $1 if two low-order digits of hash -1 (y) are 75.” (Signed by user, with cert from PSP.) u Merchant “wins” $1 with probability 1/100. Expected value of payment is 1 cent. u Bank sees only 1 out of every 100 payments. (A plus for user privacy!)

12 Our “Peppercorn” Proposal u Peppercorn improves lottery ticket scheme, making it: –Non-interactive (by using merchant signatures) –Fair to user: user never “overcharged” (by using serial numbers)

13 Non-interactive u Revised check: “Pay Merchant $1 if two low-order digits of the hash of Merchant’s digital signature on this check are 75.” u Merchant’s deterministic signature scheme unpredictable to user. u Merchant can convince PSP to pay.

14 Optimization for less Signing u “Pay Merchant $1 if the two low- order digits of the hash of Merchant’s digital signature on the date of this check are 75.” u Merchant only signs once a day.

15 User Fairness: No “Overcharging” u Concern: unlucky user might pay $1 for his first one-cent payment! u A payment scheme is user-fair if user never pays more than he would if all payments were deterministic one-cent checks.

16 Achieving User-Fairness u User must sequence number his payments: 1, 2, … u When merchant turns in winner with sequence number N, user charged N – (last N seen) cents User charged three cents for

17 User-Fairness (continued) u Merchant is still paid $1 for each winning payment. u Users severely penalized for using duplicate sequence numbers.

18 Conclusion u Peppercorn micropayment scheme –Is highly scalable : bank supports trillions of micropayments by processing only billions of transactions –Provides global aggregation –Supports off-line non-interactive payments –Is user-fair and quite private –Uses digital signatures, but lightly.

19 (DEMO)

20 (The End)

Download ppt "Peppercorn Micropayments via better “Lottery Tickets” Ron Rivest (with Silvio Micali) MIT Laboratory for Computer Science Financial Cryptography Conference."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Internet payment systems

Internet payment systems
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Payments in E-Commerce Presentation to Conference on Entrepreneurship and E-Commerce Oklahoma City, OK by Richard J. Sullivan Payments System Research.

Payments in E-Commerce Presentation to Conference on Entrepreneurship and E-Commerce Oklahoma City, OK by Richard J. Sullivan Payments System Research.
Micropayments Revisited Written by Silvio Micali and Ronald Rivest Presented by Charles Song and Michael Wasser.

Micropayments Revisited Written by Silvio Micali and Ronald Rivest Presented by Charles Song and Michael Wasser.
Micropayments Revisited Ronald L. Rivest & Silvio Micali RSA Conference 2002 Seminar 89-957, CS Dept., Bar Ilan University By Sharon Haroni.

Micropayments Revisited Ronald L. Rivest & Silvio Micali RSA Conference 2002 Seminar , CS Dept., Bar Ilan University By Sharon Haroni.
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)

Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.

1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:

Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:
Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.

Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
ELECTRONIC PAYMENT SYSTEMS 20-763 SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 9: Micropayments II.

ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9: Micropayments II.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Similar presentations

Ads by Google