We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byIsabel Buchanan
Modified over 2 years ago
Trustee Tokens Simple and Practical Anonymous Digital Coin Tracing Ari Juels RSA Laboratories
Quick Review of Chaumian E-cash (DigiCash TM )
BANK Alice SK PK Signs Alice -$1 Anonymous digital $1 coin
BANK Alice r, x r 3 f(x) rf 1/3 (x) SK PK (x, f 1/3 (x)) Signs 3 = (x, Sig(x)) = mod n
An Application for Anonymous E-Cash Improved Computer Viruses (Young and Yung)
Improved Computer Virus Edgar r 3 f(x) u Generates unsigned, blinded coin u Generates encryption key pair
Improved Computer Virus r 3 f(x) PK
Files PK *&DUHF(&$YY$H&*^$RH(*&UH *&(#*R&(*&(*$&(*$&(*U(*F&(*&* *&HKJF(*$YHF(*H$(*^FH*($HF& J(*F&$(*HS(*&$JF*($&SH$*&F$ *(&$*(F&(*$F$(*F&S(*&*F(&*E$$ )*F&(*$&*$&F(*$&F(*$&(*&(#(*$ Encrypted under PK
I f you W ant SK, i.e., d yo u r files, with d ra w this Ransom Note
BANK Alice Oh, my files! Alice -$1
HETTINGA SUCCEEDS GREENSPAN AT FED
Anonymous coin Edgar
How can we prevent this? Answer: Trustee-based Tracing
The Idea: Trustee Tracing Anonymous coin
Tracing: Basic Idea Anonymous coin Judge Trustee I order the Trustee to trace this coin. Trustee Secret SK Edgar
Coin is anonymous unless trustee traces it
Many Trustee-based Tracing Schemes u Brickell et al. ( 95) u Stadler et al. (95) u Jakobsson and Yung (96, 97) u Camenisch et al., Frankel et al. (96) u Davida et al. (97)
Trend in schemes Security Features Simplicity Trustee Flexibility Computational Efficiency Our Scheme
How our scheme works
Two stages Alice Trustee 1. Token withdrawal Alice 2. Coin withdrawal BANK
Token withdrawal Alice Trustee Checks that coin contains [Alice] PK Trustee Token Proves identity
Trustee Token Alice Trustee Checks that x contains [Alice] PK Trustee Token r, x Sig SK (r 3 f(x)) Proves identity
BANK Alice SK Coin withdrawal Checks Signs, Conditionally anonymous digital coin
Observe: No change in coin structure or underlying withdrawal protocol
Tracing Trustee Token scheme guarantees that coins contain creator identity
Blackmail scenario u Edgar registers his coin and gets caught or u Alice cant make the withdrawal for Edgar
No coin storage u Alice can pseudo-randomly generate coins and blinding factors -- no coin storage
Bulk token withdrawal u Alice can withdraw many tokens at once and store prior to coin withdrawals
One token - multiple coins
Result of Enhancements u Little interaction with Trustee u Tokens fit on, e.g., smart card
Pros and Cons
Advantages over other schemes u Very simple u Provably secure u No change in coin structure, underlying protocol u Seamless incorporation with DigiCash TM
Disadvantages u Trustee interaction needed u Security with multiple trustees needs trusted dealer u Seamless incorporation with DigiCash TM - but no DigiCash TM
But... u Can be used for general blind RSA –E.g., X-cash u Method can perhaps be extended to other e-cash systems (?)
Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.
Ari Juels RSA Laboratories Executable Financial Instruments and MicroMint on the Cheap with Markus Jakobsson Bell Laboratories.
1 RSA. 2 Prime Numbers An integer p is a prime number if it has no factors other than 1 and itself. An integer which is greater than 1 and not a prime.
1 El Gamel Public Key Cryptosystem. 2 The Discrete Log Problem The El Gamel public key cryptosystem is based upon the difficulty of solving the discrete.
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.
Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES.
Error-Tolerant Password Recovery Niklas Frykholm and Ari Juels RSA Laboratories.
Quantum Money from Hidden Subspaces Scott Aaronson (MIT) Joint work with Paul Christiano A A.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Introduction to Protocols: Entity Authentication, Key Establishment, Integrity/Message Authentication, Confidentiality INFSCI 1075: Network Security –
Quantum Software Copy-Protection Scott Aaronson (MIT) |
Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories Mix and Match: A Simple Approach to General Secure Multiparty Computation +
New Developments in Quantum Money and Copy-Protected Software Scott Aaronson (MIT) Joint work with Paul Christiano A A.
PROOFS OF RETRIEVABILITY VIA HARDNESS AMPLIFICATION Yevgeniy Dodis, Salil Vadhan and Daniel Wichs.
CT-RSA'031 Two-Efficient and Provably Secure Schemes for Server- Assisted Threshold Signatures Ravi Sandhu Joint work with Shouhuai Xu.
Md. Kamrul Hasan Assistant Professor and Chairman Computer and Communication Engineering Dept. Network Security.
Quantum Double Feature Scott Aaronson (MIT) The Learnability of Quantum States Quantum Software Copy-Protection.
Quantum Money Scott Aaronson (MIT) Based partly on joint work with Ed Farhi, David Gosset, Avinatan Hassidim, Jon Kelner, Andy Lutomirski, and Peter Shor.
Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
1 Ravi Sandhu Chief Scientist SingleSignOn.Net & Professor, George Mason University Mihir Bellare Chief Cryptographer SingleSignOn.Net & Professor, Univ.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.
Cluster Security Encryption at Rest Andres Rodriguez, CTO File Services Hitachi Data Systems.
Prof.Dr.Victor PATRICIU, ROMANIA ITU- E-Commerce Centers for the CEE, CIS & Baltic States Regional Seminar on E-Commerce May, 14-17, 2002, Bucharest, ROMANIA.
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Asymptotically Optimal Communication for Torus- Based Cryptography David Woodruff MIT Joint work with Marten van Dijk Philips/MIT.
© 2016 SlidePlayer.com Inc. All rights reserved.