Presentation is loading. Please wait.

Presentation is loading. Please wait.

VarietyCash: A Multi-purpose Electronic Payment System By M. Bellare, J. Garay, C. Jutla, M. Yung --- 1998 By Liang Li Chris March 29th.

Similar presentations

Presentation on theme: "VarietyCash: A Multi-purpose Electronic Payment System By M. Bellare, J. Garay, C. Jutla, M. Yung --- 1998 By Liang Li Chris March 29th."— Presentation transcript:

1 VarietyCash: A Multi-purpose Electronic Payment System By M. Bellare, J. Garay, C. Jutla, M. Yung --- 1998 By Liang Li Chris March 29th

2 Introduction What is Electronic Payment System? −Essential Component of Electronic Commerce Widely Used in the World Then … Secure???

3 Issues Concerned Anonymity −Payment Untraceable to a third party Account-based or Account-less −Account-based is more expensive in order to maintain the accounts Network versus card-based −Transactions across the network Atomicity −Fair and Robust in the sense of network failure

4 System Proposed Trust-Based Anonymity Account-less Network-Based & Card-Based Atomicity

5 System Proposed - More What is new here? −Coins and Tokens authenticated under an issuer master key −Spent coins can be erased (Improve the scalability) −Combine symmetric-key cryptography for performance with public-key systems

6 Cryptographic Primitives Used

7 Model & System Architecture

8 Security & Design Goals Protocol Security −Safety guarantees, no adversaries can compromise or spoil the system Internal Security −Withstand insider attacks, no cheaters Network Security −Prevent attacks through “break-ins”. Need careful design of interface to the external network User Security −Protect its own database (E-coin)

9 Parties & Roles Participant −A generic name for a party involved in the system Issuer −Party who issues the coins Coin Holder * −A party who holds the money Payee −A party who is willing to accept coins as payment Bank −A number of banks will be involved in moving funds due to conversions between electronic and real money Certification Authority −The Party who can certify the public keys of the participants

10 Coin-Holder Coin Purchaser −Purchase coins from the issuer Redeemer −Turn coins into real money Payer −The party who pays for the good/service Refresher −Get new coins for old Changer −Make changes

11 Others Register −Register a public key at the issuer Enroller −Enroll for a particular role such as coin purchaser or merchant

12 E-coin The most basic component in the whole system An object consisting of a unique identifier (coin ID), amount, expiry date and an authenticating cryptographic tag

13 E-coin Unique Identifier Value (Amount) Expiry Date Authenticating Cryptographic Tag Fig 1. Structure of an un-encrypted coin

14 E-coin - More Unique Identifier Value (Amount) Expiry Date Authenticating Cryptographic Tag Search Tag Coin Status Fig 2. Encrypted coin in the Issuer’s database

15 Protection from Forgery Coin Tag is computed in protected, tamper- proof hardware Tag computing algorithm is strong Coin Database is protected

16 Coin Purchase Request Take form of a list of denominations −For example, (2, $2.50), (1, $1.25), (3, $2) means 2 coins of value $2.50, 1 coin of value $1.25, 3 coins of value $2. The total sum is 12.25

17 Process & Protocols

18 Operations Involved Registration – Register ID and Get own PK Enrollment – A Participant enrolls for a role Coin Purchase * - Buy E-coin from Issuer Payment * - Deal Transaction Change – Make Changes from Issuer Redeem – Get Real Money Refresh – Keep freshness of E-coins Refund – Ask for E-coins if network failure

19 Coin Purchase Protocol More Detail Design Requirement −Valid Transaction go through −Cannot get coins free −No false debit

20 Coin Purchase Protocol More Detail Terminology Overview

21 Coin Purchase Protocol How Does ACH Work? 1.A company/individual (Receiver) authorizes a company/individual (Originator) to initiate a transaction to their financial institution account. 2.The Originator prepares information about the transactions that are to be automated for its customers or employees and passes it along to an Originating Depository Financial Institution (ODFI). 3.The ODFI collects ACH transactions from participating companies, consolidates the information and presents it to the ACH Operator. (The ODFI may retain entries for its own account holders) 4.ACH Operator processes transaction files from submitting ODFIs and distributes it to Receiving Depository Financial Institutions (RDFls). 5.The RDFI receives entries for its customer accounts and posts entries on the settlement date. Transactions are also reported on account statements

22 Coin Purchase Protocol More Detail Coin Request

23 Coin Purchase Protocol More Detail Execution Issuance

24 Coin Purchase Protocol Message Integrity −Plaintext Awareness Encryption Scheme Correct Decryption convinces the decryptor that the transmitter knows the plaintext encrypted Prevent from tampering with a ciphertext but no authentication guaranteed

25 Payment Protocol - More Detail Design Requirement −Valid Payment go through −Accepted payments are valid −Payment is paid to the correct party −No double spending

26 Payment Protocol - More Detail Overview

27 Payment Protocol - More Detail Terminology

28 Payment Protocol - More Detail Invoice Send Coins

29 Payment Protocol - More Detail Validation Request Issuance

30 Payment Protocol - More Detail Receipt

31 More Applications Used Integrate with Card Cash Card-Based System −Pseudo-anonymous −Offline −Non-circulating

32 Integrate with Card Based System Load Protocol −On-line Account-based load Terminology

33 Integrate with Card Based System Protocol Flows

34 Blind Signature A signature scheme that the signer signs it with no idea of what the content is Properties −Cannot prove that he signed it in that particular protocol −The signature is valid Use cut-and-choose technical

35 Blind Signature General Process 1.Takes a document and multiplies it by a random value which is called a blinding factor. 2.Send the blinded document 3.Sign the blinded document 4.Divide out the blinding factor, leaving the original document signed

36 Implementation Scenario −There is a group of counterintelligence agents. They want to the counterintelligence agency sign a document for them for diplomatic immunity. Even the counterintelligence agency have no idea of who they are. The document should insert agent’s cover name that each agent has a list of them. −?What will he do then?

37 Protocol Assumption −The signature function and multiplication are commutative Parties −ALICE – Agency’s Large Intelligent Computing Engine −BOB – Bogota Operations Branch

38 Protocol - More 1.BOB prepares n documents each using a different cover name giving himself diplomatic immunity 2.BOB blinds each of these documents with a different blinding factor 3.BOB sends n documents to ALICE 4.ALICE chooses n-1 documents at random and ask ZBOB for the blinding factor for each of them

39 Protocol - More 5.BOB sends ALICE the appropriate blinding factor 6.ALICE opens n-1 documents, makes sure they are correct --- and not pension authorizations 7.ALICE signs the remaining document and sends it to BOB 8.The agent removes the blinding factor and reads the new cover name in the document. It is “James Bond”

40 Attack on Blind Signature Probability Guess −Choose n/2 documents rather than n-1 one Tricky Twin Document −Choose 2 different blinder factor so that transform 2 different document into the same blinded document.

41 ?Questions? Thank you

42 Acknowledgement Prof. C. Lynch Applied Cryptography – Bruce Shneier Blind Signature for Untraceable Payments --- 2005 Mar 29th

43 Text

Download ppt "VarietyCash: A Multi-purpose Electronic Payment System By M. Bellare, J. Garay, C. Jutla, M. Yung --- 1998 By Liang Li Chris March 29th."

Similar presentations

Ads by Google