Now... u 99%+ of work is done for minter u No participant will get enough balls to do minting himself/herself ( or else participants know validity h but notthrowing h ) u Minting is cheap for minter!
X-cash: Executable Digital Cash Ari Juels RSA Laboratories joint work with Markus Jakobsson, Bell Labs 23rd February 1998
The Internet: Many entities wishing to trade with one another Internet $
Peer-to-peer trading can be problematic Peer-to-peer interaction can create communications bottlenecks Peer-to-peer interaction can create communications bottlenecks Anonymity (both ways) is hard to protect in a peer-to-peer setting Anonymity (both ways) is hard to protect in a peer-to-peer setting Would like computational load involved with trading to be handled by servers, not clients Would like computational load involved with trading to be handled by servers, not clients
Therefore, we would like trade to occur in a distributed fashion.
A vehicle for distributed trade: Mobile agents Program + Documentation To Internet
Other problems: u Maliciously modified code u Intercepted purchases u A different scenario than digital cash: multiple spending may be permissible
A solution: X-cash Idea: Make redemption of cash conditional on delivery of desired goods
First tool: A program that knows what it wants Mobile Agent includes a code segment P u P takes as input potential purchase items u P outputs amount user is willing to pay Paris P $300 E.g., airline tickets
Second tool: Negotiable certificate BANK Alice = SIG SK (PK A, $500) B A SIG SK A ($300, For Bob ), Bob A SK ($300, For Bob ), Bank holds (SK B, PK B ) Alice holds (SK A, PK A ) PK A Alice
Idea: Bind negotiable certificate to agent program P, SIG PK (P) A PK A X-cash...Then send off via mobile agent
When Bob receives the mobile agent Bob A, SIG PK (P) PK A
Bob can assess and authenticate Alice s offer for his tickets $300, SIG PK (P) A PK A Bob A PK A
The bank can verify and process the transaction BANK, SIG PK (P) A PK A $300 Bank gives $300 to Bob, deducting against the negotiable certificate Bank gives $300 to Bob, deducting against the negotiable certificate Bank receives and holds tickets for Alice, or sends them to her Bank receives and holds tickets for Alice, or sends them to her
Alice needs ticket to important conference in Caribbean u She will pay $300 for business class to St. Martin u She will pay $600 for first class fare to St. Martin u She will pay $400 for business class to Anguilla u She will pay $700 for first class to Anguilla
Alice creates a program P u Input to P: An airline ticket –Airline ticket may include certificates and signatures, e.g., airline certificate, travel agent certificate, etc. –P includes root certificates u Output of P: Amount Alice will pay –Conditional on correct dates, transferability of ticket, etc.
Alice gets a negotiable certificate u Alice generates key pair (PK A, SK A ). u Alice withdraws a negotiable certificate. = SIG SK (PK A, $700). B PK A
Alice creates X-cash and sends mobile agent, SIG PK (P) A PK A
Bob s Travel has a business class ticket T to Anguilla for sale
Bob does the following u Checks certificates and signatures in Alices mobile agent u Generates signatures t A transferring ownership of ticket T to Alice u Runs P(T,t A ) on a ticket T and signatures t A transferring ownership to Alice u Sees output $400 u Sends and T, t A to bank, SIG PK (P) A PK A
The Bank does the following u Verifies certificates and signatures in Alices agent u Sees that P(T,t A )=$400 Then: u Deducts $400 against Alices negotiable certificate u Gives $400 to Bob u Holds T,t A for Alice and notifies her, SIG PK (P) A PK A $400
Double spending How does Alice know that Bob didnt sell the ticket twice? An issue with any digital cash system. Solutions: u On-line verification u Penalization after fact u Tamper resistance (for Bob)
Anonymity X-cash can be rendered anonymous using the following ideas: u Blind withdrawal of certificates with conditional revocation of anonymity u Anonymous re-mailers for delivery of goods (e.g., airline tickets)
Stateful offers In the examples above, Alices program P had no external state. This need not be the case.
Example of stateful offer Alice wants to sell 100 ounces of gold at the market price u Alices program P contacts a Web site to get the current price of gold u Bob includes in his response C a value G B -- the maximum price he is willing to pay u When the Bank runs P(C), Bank checks that transaction cost is at most G B, as per Bobs response.
Multiple banks We assume above a single, universally trustworthy bank. X-cash can be adapted for infrastructures with multiple, mutually suspicious banks.
Conclusion X-cash is a simple means of achieving trusted commerce in a distributed setting like the Internet. To Internet X-cash
Your consent to our cookies if you continue to use this website.