1 A practical off-line digital money system with partially blind signatures based on the discrete logarithm problem From: IEICE TRANS. FUNDAMENTALS, VOL.E83-A,No.1.

Slides:



Advertisements
Similar presentations
Internet payment systems
Advertisements

Digital Cash Mehdi Bazargan Fall 2004.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Information Assurance Management Key Escrow Digital Cash Week 12-1.
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 # Public/Private Keys = 2 n.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.
1 Blind Signatures 盲簽章 Chun-I Fan 范俊逸 E-Commerce & Security Engineering Lab. Department of Computer Science and Engineering National Sun Yat-Sen University.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.
WISA An Efficient On-line Electronic Cash with Unlinkable Exact Payments Toru Nakanishi, Mitsuaki Shiota and Yuji Sugiyama Dept. of Communication.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Brian Padalino Sammy Lin Arnold Perez Helen Chen
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.
Topic 22: Digital Schemes (2)
Clemente-Cuervo et al. A PDA Implementation of an Off-line e-Cash Protocol.
1 A Secure System Based on Fingerprint Authentication Scheme Author : Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu.
Digital Cash. p2. OUTLINE  Properties  Scheme  Initialization  Creating a Coin  Spending the Coin  Depositing the Coin  Fraud Control  Anonymity.
Chapter 6:Esoteric Protocols Dulal C Kar. Secure Elections Ideal voting protocol has at least following six properties 1.Only authorized voters can vote.
How to Make E-cash with Non-Repudiation and Anonymity Ronggong Song, Larry Korba Proceedings of the International Conference on Information.
1 Bitcoin A Digital Currency. Functions of Money.
Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:
Linkability of Some Blind Signature Schemes Swee-Huay Heng 1, Wun-She Yap 1 Khoongming Khoo 2 1 Multimedia University, 2 DSO National Laboratories.
1 一個新的代理簽章法 A New Proxy Signature Scheme 作 者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡 報 告者 : 郭淑娟.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date: Reporter :Chien-Wen Huang 出處: 2008 Second International Conference on Future.
A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,
A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.
Bidder Registration Process
Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Electronic Payment Systems Presented by Rufus Knight Veronica Ogle Chris Sullivan As eCommerce grows, so does our need to understand current methods of.
1 10/15/04CS150 Introduction to Computer Science 1 Reading from and Writing to Files Part 2.
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
Secure untraceable off-line electronic cash system Sharif University of Technology Scientia Iranica Volume 20, Issue 3, Pp. 637–646, June 2013 Baseri,
1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.
BZUPAGES.COM E-cash Payment System A company, DigiCash, has pioneered the use of electronic cash or e-cash. Anonymity of the buyer is the key feature of.
ICICS2002, Singapore 1 A Group Signature Scheme Committing the Group Toru Nakanishi, Masayuki Tao, and Yuji Sugiyama Dept. of Communication Network Engineering.
TOMIN: Trustworthy Mobile Cash with Expiration-date Attached Author: Rafael Martínez-Peláez and Francisco Rico-Novella. Source: Journal of Software, 2010,
多媒體網路安全實驗室 Private Information Retrieval Scheme Combined with E- Payment in Querying Valuable Information Date: Reporter: Chien-Wen Huang 出處:
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
1 Buyer 2. Account ID Valid? 3. Account OK! 5. Transaction Details 1. Account ID 4. Information Goods 6. Satisfied? 7. Accept/Reject or Fraud Indication.
CS580 Internet Security Protocols Huiping Guo Department of Computer Science California State University, Los Angeles 6. Blind Signature.
KNAPSACK公開金鑰密碼學 Algorithms FINITE DEFINITENESS INPUT/OUTPUT GENERALITY
第四章 數位簽章.
第四章 數位簽章.
Efficient Anonymous Cash Using the Hash Chain Member:劉岱穎,吳展奇,林智揚
A flexible date-attachment scheme on e-cash
Practical E-Payment Scheme
eCommerce Technology Lecture 13 Electronic Cash
Presentation transcript:

1 A practical off-line digital money system with partially blind signatures based on the discrete logarithm problem From: IEICE TRANS. FUNDAMENTALS, VOL.E83-A,No.1 JANUARY 2000 Authors: Shingo MIYAZAKI and Kouichi SAKURAI Presented by : Kuo Shu Chuan

2 Outline Introduction Their proposed system Concluding remarks

3 Introduction Chaum proposed an anonymous untraceable e-money system in Chaum et al. presented an off-line e- money in Abe and Fujisaki proposed the partially blind signature (PBS) in This paper applies Brand’s idea of the secret key certificate.

4 Their proposed system Registration Withdrawal Payment Deposit Tracing a double-spender

5 diagram Bank User Shop Withdrawal protocol Payment protocol Deposit protocol Registration Center (RC) Obtain the certificate of its own secret key

6 Registration Each user obtains the certificate (r,s) of its own secret key. System parameters: A large prime p A prime factor q (p=2q+1) A generator g in Z* p of order q (S A0, S A1 ) is a secret key of user A (S R0, S R1 ) is a secret key of RC S A1 is preserved as the ID of A on the RC’s database.

7 Registration (cont.) A’s public key P A =g S A0 h 1 S A1 (mod p) RC’s public key h 0 =g S R0 and h 1 =g S R1 (mod p) A get certificate (r, s) from RC Step1(RC): RC selects   R Z q and computes a=g  mod p RC sends a to A Step2(A): A chooses ,   R Z q Computers r=H(ag  (h 0 h 1 S A1 )  mod p ŕ=r+  mod q, sent ŕ to RC

8 Registration (cont.) Step3: RC computes ś= ŕ (S R0 + S R1 S A1 )+  mod p Sends ś to A Step4: Verify if a=g ś (h 0 h 1 S A1 ) - ŕ mod p A computes s= ś+rS A0 +  The verification formula for the certificate (r,s) of A’s key is : H(g s (h 0 P A ) -r ) mod p) =r ?

9 Withdrawal Bank(B)‘s secret key (x 1, x 2 ), and public key y 1 =g x 1 mod p; y 2 =g x 2 mod p Step1: A generates k 0,k 1  R Z q, computes t=g k 0 h 1 k 1 mod p A requests B’s signature on message (m,I) through the PBS protocol m=(P A ||t) is a blind part for B I is a clear part including the amount of money and the date

10 Withdrawal (cont.) Step2: B, after deducting the amount of the money withdrawn from A’s account B sends its own signature Sig (I) B [m] on (m,I) through the PBS protocol. Step3: A verifies B’s signature Sig (I) B [m]

11 Payment User A makes a payment to shop S as follows Step l: A sends (Sig (I) B [m],m) and the certificate (r,s) to shop S Step 2: S verifies B’s signature on the e-money and the certificate (r,s). If it is correct, S generates a challenge M S sends M to A

12 Payment (cont.) Step 3: A signs on the challenge M with its own secret key Sends S a 3-tuple(t,u,v) u=h(M)k 0 +S A0 t mod q v=h(M)k 1 +S A1 t mod q Step 4: S verifies A’s signature on challenge M with g u h 1 v =t h(M) P A t mod p

13 Deposit S sends B the e-money ((Sig (I) B [m],m),(r,s),(t,u,v,M). Step1:B verifies (Sig (I) B [m],m) Step2:compare (Sig (I) B [m],m) to the list of previously deposited money stored in the database of B. If the (Sig (I) B [m],m) is the first visit to B’s database, B adds it to the list as linking the money to S. And increasing the amount of S’ account.

14 Tracing a double spender In a deposit, if discovering the corresponding money with deposited Coin on the database. Check by v 1 =h(M 1 )k 1 +S A1 t mod q ……………(1) v 2 =h(M 2 )k 1 +S A1 t mod q…………….(2) B computes v 1 -v 2 to obtain k 1 Then get S A1 from (1) or (2). Detect the double-spender (by asking RC about his name).

15 Concluding remarks Two challenging problems: To discuss the provable security of the proposed system. To design a divisible e-money system with the partially blind signature.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.