Presentation is loading. Please wait.

Presentation is loading. Please wait.

2004-12-221 How to Make E-cash with Non-Repudiation and Anonymity Ronggong Song, Larry Korba Proceedings of the International Conference on Information.

Published byWinfred Russell Modified over 9 years ago

Similar presentations

Presentation on theme: "2004-12-221 How to Make E-cash with Non-Repudiation and Anonymity Ronggong Song, Larry Korba Proceedings of the International Conference on Information."— Presentation transcript:

1 2004-12-221 How to Make E-cash with Non-Repudiation and Anonymity Ronggong Song, Larry Korba Proceedings of the International Conference on Information Technology: Coding and Computing Vol. 2, Apr. 2004, pp. 167-172 Adviser: Dr. Min-Shiang Hwang Speaker: 鍾松剛

2 2004-12-222 The Motivations E-Cash: Easy duplicated  Bank needs to implement double-spending checking Double-spending checking does not provide a non-repudiation service  Non-repudiation service needs a signature  Signature violates the anonymous of e-cash Bank Thief ?!

3 2004-12-223 Partial Blind Digital Signature M. Abe and E. Fujisaki, “How to Date Blind Signatures”, Advances in Cryptology--ASIACRYPT '96, pp. 244-251 Allows a signer to sign a partially blinded message that include pre-agreed information such as expiry date or collateral conditions in unblinded form. Designed to protect the bank’s database from growing without limits  Expired e-cash can be removed

4 2004-12-224 Example: Partial blind digital signature Alice Bank v is a predefined message by the bank and contains an expiration date Randomly choose m, r in Z * n Compute α≡r ev H(m) mod n α,v Verify the correctness of v Compute t≡ α (ev) -1 mod n ≡ r H(m) (ev) -1 mod n Deduct w dollars t Compute s≡r -1 t mod n ≡H(m) (ev) -1 mod n e-cash (m, s, v) Deposit (m, s, v) Verify v s ev ≡H(m) mod n (m, s, v) Verify Add w dollars to payee’s account Merchant e, d

5 2004-12-225 Architecture Alice Bank CA Merchant

6 2004-12-226 Protocol’s Sketch Map Alice Bank (buy e-cash) (temporal PK) Blind_sign Deducts w dollars (e-cash) temporal SK verify … Reply (license) SK_M Merchant e-cash Useless

7 2004-12-227 E-cash Issue Protocol Alice ID A, Account A, PK A, α, v, Time A, Sign A ID A, ID P, β, Time B, Sign B PK T = (e t, n t ) SK T = (d t, p t, q t ) α≡r e b v H(e t ||n t ) mod n b Sign A = [H(ID A, Account A, PK A, α, v, Time A )] d A mod n A e b, d b Verify Account A, Time A, Sign A, v e A, d A β = α (e b v) -1 mod n b = r H(e t ||n t ) (e p v) -1 Sign B = [H(ID A, ID B, β, Time B )] d b mod n b Debit $$ from Account A Verify Time B, Sign B s≡r -1 β mod n b e-cash (e t, n t, v, s) e t, n t Expiration date Balance Sign B Bank dd/mm/yyyy $xxx.xx v’s format

8 2004-12-228 On-line Shopping Protocol Alice e-goods, Cost, Account M, e-cash, Time A, Sign t Receipt M, e-cash, RM, s’, Time B, Sign B PK T = (e t, n t ) SK T = (d t, p t, q t ) s=H(e t ||n t ) (e p v) -1 e-cash (e t, n t, v, s) Select e-goods Sign t = [H(Cost, Account M, e-cash, Time A ) || H(e-goods)] d t mod n t e P, d P Verify s’ = [H(e t, n t, v, s, RM)] d b mod n b Sign B = [H(Receipt M, e-cash, RM, s’, Time B )] d b mod n b e-cash (e t, n t, v, s, RM, s’) Merchant Bank Verify EMD=h(e-goods) Cost, Account M, e-cash, Time A, EMD, Sign t Verify Sign M = [H(License, Receipt A, e-cash, RM, s’, Time M )] d M mod n M License, Receipt A, e-cash, RM, s’, Time M, Sign M

9 2004-12-229 E-cash Renew Protocol Alice α, v, e t, n t, v’, s’, Time t Sign t Fill a new e-cash form v’ α≡r e b v’ H(e t ||n t ) mod n b Sign t = [ h(α, v, e t, n t, v’, s’, Time t ) ] d t mod n t e b, d b Verify e A, d A β = α (e b v ’) -1 mod n b = r H(e t ||n t ) (e p v ’) -1 Sign B = [H(e t, n t, v’, s’, β, Time B )] d b mod n b Verify Time B, Sign B s’’≡r -1 β mod n b e-cash (e t, n t, v’, s’’) Bank dd/mm/yyyy $xxx.xx v’s format s’ = [H(e t, n t, v, s, RM)] d b mod n b e t, n t, v’, s’, β, Time B Sign B

10 2004-12-2210 Protocol Characteristics Strong privacy protection  A anonymous temporary public key is embedded into the partial blind signature  Unlinkability: no one can determine the customer  The format and content of message v are same with other e-cashes. Non-repudiation  Signature is useful if there is a dispute later Strong safety protection  Other person cannot spend the e-cash without the private key

11 2004-12-2211 Security Analysis Passive attacks  All messages are protected with the SSL security channels Active attacks  Replay attacks Can be defeated by time stamp  Modification attacks Can be defeated by signature

12 2004-12-2212 Conclusion Customer Bank Merchant Denying Double- spending Losing misusing stealing

Download ppt "2004-12-221 How to Make E-cash with Non-Repudiation and Anonymity Ronggong Song, Larry Korba Proceedings of the International Conference on Information."

Similar presentations

Internet payment systems

Internet payment systems
Atomic Transactions CS523 - Spring 2006 - Brian Schmidt.

Atomic Transactions CS523 - Spring Brian Schmidt.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
Design and Security Analysis of Marked Blind Signature

Design and Security Analysis of Marked Blind Signature
Digital Cash Mehdi Bazargan Fall 2004.

Digital Cash Mehdi Bazargan Fall 2004.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 11 Electronic Cash.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
ELECTRONIC PAYMENT SYSTEMS 20-763 SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 11 Electronic Cash.

ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.

Similar presentations

Ads by Google