Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Cash. p2. OUTLINE  Properties  Scheme  Initialization  Creating a Coin  Spending the Coin  Depositing the Coin  Fraud Control  Anonymity.

Published byDarleen Hannah Jennings Modified over 9 years ago

Similar presentations

Presentation on theme: "Digital Cash. p2. OUTLINE  Properties  Scheme  Initialization  Creating a Coin  Spending the Coin  Depositing the Coin  Fraud Control  Anonymity."— Presentation transcript:

1 Digital Cash

2 p2. OUTLINE  Properties  Scheme  Initialization  Creating a Coin  Spending the Coin  Depositing the Coin  Fraud Control  Anonymity

3 p3. Properties 1. Security The cash can be sent securely through computer network. 2. Can’t be copied and reused 3. Privacy (Untraceability or Anonymity) If the cash is spent legitimately, neither the recipient nor the bank can identify the spender. 4. Offline payment No communication with the bank is needed during the transaction. 5. Transferability The cash can be transferred to others. 6. Dividability A piece of cash can be divided into smaller amounts.

4 p4. T. Okamoto and K. Ohta, "Universal electronic cash," Advances in Cryptology-CRYPTO'91, LNCS 576, Springer-Verlag, pp. 324-337, 1991. (satisfies 1 ~ 6) S. Brands, "Untraceable off-line cash in wallets with observers," Advances in Cryptology-CRYPTO'93, LNCS 773, Springer- Verlag, pp. 302-318, 1994. (satisfies 1 ~ 4)

5 p5. Scheme Bank SpenderMerchant 1. Withdraw 2. Coin 3. Payment 4. Receipt 5. Deposit 6. Results

6 p6. Initialization (1/2) Publish: p : a large prime, s.t. q = (p – 1) / 2 is also prime. g : the square of a primitive root mod p. g 1 = g a mod p g 2 = g b mod p H : a hash function H : Z  Z  Z  Z  Z  Z q * H 0 : a hash function H 0 : Z  Z  Z  Z  Z q * (a and b are secretly chosen and discarded immediately)

7 p7. Initialization (2/2) Bank SpenderMerchant 3. Send I 4. Send z’  (Ig 2 ) x (mod p) 2. Register M 1. Choose an ID number M 1. Choose a secret number x 2. Compute h  g x, h 1  g 1 x, h 2  g 2 x (mod p) 3. Publish h, h 1, and h 2 1. Choose a secret number u 2. Compute I  g 1 u (mod p)

8 p8. Creating a Coin Bank Spender Withdraw Choose a random number w g w  g w,   (Ig 2 ) w (mod p) Compute c 1  cx + w (mod q) Compute r   1 c 1 +  2 (mod q) C = (A, B, z, a, b, r) Choose a secret random 5-tuple of integers (s, x 1, x 2,  1,  2 ), s  0 (mod q)

9 p9. Spending the Coin Spender Merchant Check whether g r  ah H(A, B, z, a, b) (mod p), A r  z H(A, B, z, a, b) b (mod p) d = H 0 (A, B, M, Timestamp) r 1  dus + x 1, r 2  ds + x 2 (mod q) Check whether Accept or reject (A, B, z, a, b, r) Pay

10 p10. Depositing the Coin Merchant Bank Check whether the coin has been previously deposited or not, and g r  ah H(A, B, z, a, b) (mod p), A r  z H(A, B, z, a, b) b (mod p), (A, B, z, a, b, r), (r 1, r 2, d) Deposit Results

11 p11. Fraud Control (1/7) Case 1: The Spender spends the coin twice. Merchant 1 Merchant 2 Spender C, (r 1, r 2, d)

12 p12. Fraud Control (2/7) Case 2: The Merchant tries submitting the coin twice. C, (r 1, r 2, d) Merchant Bank forged Impossible! Since it is very difficult to produce numbers such that (since the Merchant does not know u ).

13 p13. Fraud Control (3/7) Case 3: Someone try to make an unauthorized coin. Impossible! Since this requires finding numbers such that g r  ah H(A, B, z, a, b) (mod p), and A r  z H(A, B, z, a, b) b (mod p),

14 p14. Fraud Control (4/7) Case 4: Impossible! Bank Merchant 1 Merchant 2 Spender 1. Spend C 3. Spend C 2. Deposit C, (r 1, r 2, d) evil The Merchant 2 computes d’ (very likely != d ). It is very difficult for the evil merchant to produce numbers such that

15 p15. Fraud Control (5/7) Case 5: Someone working in the Bank tries to forge a coin. It is possible to make a coin satisfied g r  ah H(A, B, z, a, b) (mod p), and A r  z H(A, B, z, a, b) b (mod p), but he does not know u, thus unable to produce a suitable r 1. So, he cannot spend it.

16 p16. Fraud Control (6/7) Case 6: Someone steal the coin from the Spender and try to spend it. Impossible! The thief does not know u, thus unable to produce r 1.

17 p17. Fraud Control (7/7) Case 7: An evil merchant steals the coin and (r 1, r 2, d) before they are submitted to the Bank, and then deposits them to the Bank. Possible! This is a flaw of ordinary cash, too.

18 p18. Anonymity (1/3) During the entire transaction with the Merchant, the Spender never needs to provide any identification.

19 p19. Anonymity (2/3) Is it possible for the Bank to extract the Spender’s identity from knowledge of the coin (A, B, z, a, b, r) and the triple (r 1, r 2, d) ? No. A, B, z, a, b look like random numbers to everyone except the Spender. The Bank never sees A, B, z, a, b, r until the coin is deposited.

20 p20. Anonymity (3/3) When creating the coin, the Bank provides only g w and c 1, and has seen only c   1 –1 H(A, B, z, a, b) (mod q). the Bank cannot compute H(A, B, z, a, b) and deduce  1 at that time. The Bank can keep a list of all values c it has received, along with values of H for every coin that is deposited, and then try all combinations to find  1. (impractical for a system of millions of coins)

Download ppt "Digital Cash. p2. OUTLINE  Properties  Scheme  Initialization  Creating a Coin  Spending the Coin  Depositing the Coin  Fraud Control  Anonymity."

Similar presentations

Identity theft Protecting your credit identity. Identity Theft Three hundred forty three million was lost from consumers in 2002 The number of complaints.

Identity theft Protecting your credit identity. Identity Theft Three hundred forty three million was lost from consumers in 2002 The number of complaints.
Digital Cash Mehdi Bazargan Fall 2004.

Digital Cash Mehdi Bazargan Fall 2004.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
Ian Miers Christina Garman | Matthew Green | Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.

Ian Miers Christina Garman | Matthew Green | Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 11 Electronic Cash.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Presentation by Team 4.  What Is It?—Tim Johnson  How Does it Work—Javier Navarro  Different Kinds of Cryptocurrency—Idong  Challenges—Mark Weeks.

Presentation by Team 4.  What Is It?—Tim Johnson  How Does it Work—Javier Navarro  Different Kinds of Cryptocurrency—Idong  Challenges—Mark Weeks.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2004 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
ELECTRONIC PAYMENT SYSTEMS 20-763 SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 11 Electronic Cash.

ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O167 10 th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.

Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.

Similar presentations

Ads by Google